PEAP-GTC does not work with external token server over WLC
Funk Odyssey and Cisco ADU PEAP-GTC clients successfully authenticate with an Airespace controller running 3.0 or 3.1 software if using a static password, but not when authenticating through a one-time password to a token server.
This problem is documented in Cisco bug ID CSCsb64519.
Funk Odyssey and Cisco ADU PEAP-GTC clients are seen successfully
to authenticate with an Airespace controller running 3.0 or 3.1 software
if using a static password, but not when authenticating via a one-time
password to a token server.
The resolution of this issue will be done via an implementation of four
new CLI configuration options under "config advanced eap":
identity-request-timeout Configures EAP-Identity-Request Timeout in seconds.
identity-request-retries Configures EAP-Identity-Request Max Retries.
request-timeout Configures EAP-Request Timeout in seconds.
request-retries Configures EAP-Request Max Retries.
The default values for these options are as shown below. These values
were chosen to retain as default the controller's current behavior:
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 2
Known Fixed Releases:
To resolve the issue, upgrade the controller to the latest version. The upgrade can be done through the GUI or the CLI, as shown:
transfer download serverip
transfer download filename
transfer download datatype code
transfer download path /
transfer download start
Cisco Aironet Client Utility Installation and Configuration
Cisco Aironet Client Utility (ACU) software version 5.05 or later includes Cisco PEAP (EAP-GTC) supplicant functionality within the client software. When using ACU version 5.0x for PEAP, you must manually upgrade the client adapter drivers and firmware. For the required driver and software versions, refer to the "Prerequisites" section.
Note All bundled Cisco client adapter software (InstallWizard version 1.0 and later) automatically upgrade the driver and firmware upon installation.
Note The PEAP supplicant option must be selected from the InstallWizard upon initial installation. When you are using non-Cisco EAP supplicants with PEAP authentication, such as Microsoft 802.1X EAP-MSCHAP v2 in Windows XP Service Pack 1, only the appropriate client driver and software must be installed, because the authentication is handled by the EAP supplicant software incorporated into the operating system. The ACU can still be installed and used for diagnostics, statistics, or both, but the client adapter must be configured using the Microsoft (or other) utility.
All versions of the ACU after version 5.05 includes support for several EAP types including LEAP, EAP-TLS, and types that operate over EAP-TLS, such as EAP-TTLS and PEAP. Refer to the Cisco Aironet Client Utility Release Notes for additional information.
WLAN adapters (wireless card) / ACU (Aironet Client Utility)
Hi Guest ssid, wlan, and policy are configured based on cisco document attached link. it uses internal web server. Client PC can get correct ip address from the c9800, but auth web page does not show up. I notice I did not have chance to setup password du...
Hello,I temporarily set up WiFi for users in a remote location. I'm using 2702 APs and running WLC 8.5.The uplink we have is not great and has a FUP, so I'd like to limit unnecessary data usage. Nowadays, mobile phone hotspots can use Vendor Specific Info...
Dear allCan i update NBAR2 Advanced Protocol Pack WLC to version 38 ?I have WLC 5520 version 8.2 . I try to download NBAR2 on website cisco but it only have download version 24.I would like to download version 38 it for suuport zoom meetingthank you
Hi, In c9800 wlc, looks like there are two sites for configuring dhcp relay. One is at Vlan SVI---> Advanced, second is at Policy ----> Advanced ----> DHCP. What is difference between the two location for configuring dhcp relay? I think the final...
Hi i have routed access layer design as im running L3 to the access and OSPF as IGP ( Core - Distribution - Access ) thw WLC 3504 connected to the Core the the APs 1800 connected to the Access Sw each with different subnetsi could register the A...