PEAP-GTC does not work with external token server over WLC
Funk Odyssey and Cisco ADU PEAP-GTC clients successfully authenticate with an Airespace controller running 3.0 or 3.1 software if using a static password, but not when authenticating through a one-time password to a token server.
This problem is documented in Cisco bug ID CSCsb64519.
Funk Odyssey and Cisco ADU PEAP-GTC clients are seen successfully
to authenticate with an Airespace controller running 3.0 or 3.1 software
if using a static password, but not when authenticating via a one-time
password to a token server.
The resolution of this issue will be done via an implementation of four
new CLI configuration options under "config advanced eap":
identity-request-timeout Configures EAP-Identity-Request Timeout in seconds.
identity-request-retries Configures EAP-Identity-Request Max Retries.
request-timeout Configures EAP-Request Timeout in seconds.
request-retries Configures EAP-Request Max Retries.
The default values for these options are as shown below. These values
were chosen to retain as default the controller's current behavior:
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 2
Known Fixed Releases:
To resolve the issue, upgrade the controller to the latest version. The upgrade can be done through the GUI or the CLI, as shown:
transfer download serverip
transfer download filename
transfer download datatype code
transfer download path /
transfer download start
Cisco Aironet Client Utility Installation and Configuration
Cisco Aironet Client Utility (ACU) software version 5.05 or later includes Cisco PEAP (EAP-GTC) supplicant functionality within the client software. When using ACU version 5.0x for PEAP, you must manually upgrade the client adapter drivers and firmware. For the required driver and software versions, refer to the "Prerequisites" section.
Note All bundled Cisco client adapter software (InstallWizard version 1.0 and later) automatically upgrade the driver and firmware upon installation.
Note The PEAP supplicant option must be selected from the InstallWizard upon initial installation. When you are using non-Cisco EAP supplicants with PEAP authentication, such as Microsoft 802.1X EAP-MSCHAP v2 in Windows XP Service Pack 1, only the appropriate client driver and software must be installed, because the authentication is handled by the EAP supplicant software incorporated into the operating system. The ACU can still be installed and used for diagnostics, statistics, or both, but the client adapter must be configured using the Microsoft (or other) utility.
All versions of the ACU after version 5.05 includes support for several EAP types including LEAP, EAP-TLS, and types that operate over EAP-TLS, such as EAP-TTLS and PEAP. Refer to the Cisco Aironet Client Utility Release Notes for additional information.
WLAN adapters (wireless card) / ACU (Aironet Client Utility)
I have an access point "AIR-AP2802I-I-K9" and I need a power injector for it. It is very hard for me to wait till import process. I need to operate it within a week urgent. Is there any other injectors (non-Cisco) could be used temporary?
Hiwe have three offices all running with their own 5508's. I plan on replacing those WLC's with newer ones. Is there a design were I can replace they with a pair in our CoLo data center and have all the AP's talk back to them? I used to do this with HREAP...
Hi,We have 5520 wlc and we are using RTU license.Currently we are using 100 license and trying to add some more licenses , while trying add more license getting an error like "licenses cannot added/removed on secondary HA /SKU cont...
Hello,I have a AIR-AP1852I-E-K9 set up as a Primary Controller and I'm having trouble connecting the other AP which is an AIr-AP1832I-E-K9 to the network. I can't see the other AP in Rogue APs or anywhere else.Both of them have Mobility Express insta...