Autonomous AP, 12.3.8JE3. EAP-FAST on local radius failure

alvin1976 · ‎04-05-2011

Hi all,

I've been trying to configure EAPFAST on Autonomous AP 1242 with the above firmware using local radius. Here are the config:

aaa new

aaa group server radius rad_eap

server x.x.x.x auth 1812 acct 1813

aaa authentication login eap_methods group rad_eap

dot11 ssid EAPFAST

vlan 10

authentication open eap eap_methods

authentication key wpa

int d0

encryption vlan 10 mode cipher aes

ssid EAPFAST

no shut

int d0.10

en do 10

bridge 10

int f0.10

en do 10

bridge 10

int f0.100

en do 100 na

bridge 1

int bvi

ip add x.x.x.x 255.255.255.0

radius-server local

eapfast authority info XYZ
eapfast server-key primary auto

nas x.x.x.x key ####

group FAST

eapfast pac expiry 2 grace 2

username eapfast password eapfast group FAST

radius-server host x.x.x.x auth 1812 acct 1813 key ####

For all my tests, I can get the 7921 phone to work. But using CSSC or even win7 supplicant, I can never get the authentication to go through. I think the eap authentication is stuck at pac provisioning. If i am to manual provision the pac using tftp, it will work. Any clue?

Alvin

dmantill · ‎04-05-2011

why dont you try a new IOS version for testing? something like 12.4 ?

alvin1976 · ‎04-06-2011

Hi,

I was thinking it might be a firmware issue because during some debugs with pac provisoning, there are some errors reporting of some missing cipher suites. I shall try with a new firmware.

Alvin

dmantill · ‎04-06-2011

Sure, let us know what did you go with 12.4 code