Showing results for 
Search instead for 
Did you mean: 

EAP-TLS and Fast Secure Roaming?

Jason Aarons
Level 6
Level 6

We use EAP-TLS with Windows XP/SP2(802.1x). What "show" commands would verify/troubleshooting that Fast Secure Roaming (via WDS) is working?

From the below output, we think something is broke;

JAX-CR1B-AP-2#show wlccp wds stat

WDS Statistics for last 5d21h:

Current AP count: 17

Current MN count: 5

AAA Auth Attempt count: 279985

AAA Auth Success count: 450

AAA Auth Failure count: 276365

MAC Spoofing Block count: 242

Roaming without AAA Auth count: 16

Roaming with full AAA Auth count:256

Fast Secured Roaming count: 0

MSC Failure count: 0

KSC Failure count: 0

MIC Failure count: 0

RN Mismatch count: 0

2 Replies 2

Level 6
Level 6

You can use the commands "show wlccp ap" and "show wlccp wds { ap | mn} " to verify if the WDS service is working as expected. You can also use some of the debug commands like "debug wlccp ap" to view online WDS interaction. For more information on this read the document available at the following URL.

Level 1
Level 1

Jason, you will never get Fast Secured Roaming count increase if you use EAP-TLS as WLSM do not currently support Fast Secure Roaming with EAP-TLS. If you try EAP-FAST or LEAP you will see the FSR feature working fine and the counter will increase.

Review Cisco Networking for a $25 gift card