PEAP-GTC does not work with external token server over WLC
Funk Odyssey and Cisco ADU PEAP-GTC clients successfully authenticate with an Airespace controller running 3.0 or 3.1 software if using a static password, but not when authenticating through a one-time password to a token server.
This problem is documented in Cisco bug ID CSCsb64519.
Funk Odyssey and Cisco ADU PEAP-GTC clients are seen successfully
to authenticate with an Airespace controller running 3.0 or 3.1 software
if using a static password, but not when authenticating via a one-time
password to a token server.
The resolution of this issue will be done via an implementation of four
new CLI configuration options under "config advanced eap":
identity-request-timeout Configures EAP-Identity-Request Timeout in seconds.
identity-request-retries Configures EAP-Identity-Request Max Retries.
request-timeout Configures EAP-Request Timeout in seconds.
request-retries Configures EAP-Request Max Retries.
The default values for these options are as shown below. These values
were chosen to retain as default the controller's current behavior:
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 2
Known Fixed Releases:
To resolve the issue, upgrade the controller to the latest version. The upgrade can be done through the GUI or the CLI, as shown:
transfer download serverip
transfer download filename
transfer download datatype code
transfer download path /
transfer download start
Cisco Aironet Client Utility Installation and Configuration
Cisco Aironet Client Utility (ACU) software version 5.05 or later includes Cisco PEAP (EAP-GTC) supplicant functionality within the client software. When using ACU version 5.0x for PEAP, you must manually upgrade the client adapter drivers and firmware. For the required driver and software versions, refer to the "Prerequisites" section.
Note All bundled Cisco client adapter software (InstallWizard version 1.0 and later) automatically upgrade the driver and firmware upon installation.
Note The PEAP supplicant option must be selected from the InstallWizard upon initial installation. When you are using non-Cisco EAP supplicants with PEAP authentication, such as Microsoft 802.1X EAP-MSCHAP v2 in Windows XP Service Pack 1, only the appropriate client driver and software must be installed, because the authentication is handled by the EAP supplicant software incorporated into the operating system. The ACU can still be installed and used for diagnostics, statistics, or both, but the client adapter must be configured using the Microsoft (or other) utility.
All versions of the ACU after version 5.05 includes support for several EAP types including LEAP, EAP-TLS, and types that operate over EAP-TLS, such as EAP-TTLS and PEAP. Refer to the Cisco Aironet Client Utility Release Notes for additional information.
WLAN adapters (wireless card) / ACU (Aironet Client Utility)
Hello Experts, The configuration for malicious rogues that are discovered on wire is clearly explained with regards to setting the containment level. However when it comes to containment of Malicious rogues that are not discovered on wired, I do...
Cisco Access point 1142N-A-K9 is not joining controller giving below message.previously this AP was having static IP and was removed and kept and never used.i have done factory reset and now its not joining controller.Please assist, Thanks in advance.&nbs...
I've setup 1 x Controller and and 2 x APs. All of them are Cisco 3802 and all of them have same software 126.96.36.199 and Mobility Express capable. All of the APs are connected to same switch with and same access Vlan. These APs were bench tested and no...
Hi,There are several methods an Access Point can join the Wireless controller e.g DHCP option 43, DNS, AP HA tab etc. If an access point has joined a controller, how can we find which joining step was successfull for it join the controller ? Thanks.&...