EAP-Fast with local authenticator + auto-provisioning

dhusand · ‎07-29-2005

Hi,

I have been experimenting with the local radius server on the 1200 AP. Been using LEAP and now I wanted to try Eap-Fast authentication.

Ive followed a guide on Cisco´s webpage and everything seems correct. However when my client try to authenticate it asks me if I accept auto-provisioning of the pac, then it just hangs.

The client is running a HP WLAN 802.11b/g W400 card, using the latest driver and ACU. (says in the releasenotes that Eap-Fast support is added)

Ive run some debugs but cant figure out the problem. Im guessing it has to do with this though:

Jul 29 12:55:09.150: RADSRV EAP-FAST: verify Tunnel ID response, 000f.2094.27a1

Jul 29 12:55:09.150: RADSRV EAP-FAST: missing EAP TLV, 000f.2094.27a1

Jul 29 12:55:09.151: RADSRV EAP-FAST: sending alert level 2, desc 40

Any suggestions are greatly appreciated.

**********************************************************

EDIT: Found a bug that seems to describe my problem.

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeh54673

**********************************************************

Report Inappropriate Content · ‎08-04-2005

You are not able to authenticate in this case because EAP-FAST authentication is not possible with the AP serving as a local radius authenticator at this time. The current options for the AP serving as local radius authenticator are listed at

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12215ja/i12215sc/s15local.htm

dhusand · ‎08-04-2005

It is indeed possible. I have communicated with TAC regarding this issue and the solution until a new software has been released is detailed in the BUG report.

The TAC engineer has also made a request for the 1100-series docs to be updated as they are incorrect.