Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
1
Replies

Eap-Fast PAC issue on secondary controller

foreidd1962
Level 1
Level 1

‎10-16-2012 02:36 PM - edited ‎07-03-2021 10:51 PM

Folks,

Have a controller based depolyment with (2) 5508s and an 1121 ACS appliance running 5.1 code. Controllers are setup identically and we are radius authenticating users to AD via the ACS. Everything works great on the primary controller, but when I test failover to the secondary controller, my authentication fails and I get the following error message in my ACS logs:

12126  EAP-FAST cryptobinding verification passed

12147  Machine Authentication is disabled

12161  Cannot provision Authorization PAC when the stateless session resume is disabled

12106  EAP-FAST authentication phase finished successfully

11503  Prepared EAP-Success

Also, I never get prompted to accept a pac from the secondary controller. Any ideas?

Thanks in advance.....

Labels:
0 Helpful
1 Reply 1

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎10-16-2012 02:54 PM

That sounds like the option is not enabled under the EAP Fast config.  You should be able to enabld it and test.

As for the PAC, that comes from the ACS not the WLC, so you shouldn't be prompted for a new PAC.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card