Where can I find the normal EAP-FAST configuration guide for iPAD's? I should state, we have EAP-FAST working for our Vista and XP clients, but those all run the Cisco CSSC supplicant so that was east. iPad is just using the native wireless client, configured for EAP-FAST, and ACS keeps having an issue with the supplicant. I am just wondering if anyone has gotten this to work?

Hello,

did you ever get this working? I'm trying to get an ipad to authenticate via eap-fast to an 877w router acting as a radius-server local. I've had some success using the iphone configuration utility (google it and find the latest version for mac or pc). You basically create a wifi configuration profile and then email it to the ipad. At least by creating a profile, the ipad can now see the ssid but it keeps failing when trying to authenticate. I've ticked all the PAC options under EAP-FAST (use pac, provision pac and provision pac anonymously), and using anonymous as the outer identity under the Authentication tab, but it doesn't work. Any other device (mac, smartphone etc) can connect to the ssid via eap-fast 802.1x, so there's something amiss with the config on the ipad I think

HTH

Tim

Yes and no. For 2 weeks my iPad would fail every time I tried to connect to the wireless, and I would get the same error message in ACS stating that the supplicant did not respond correctly. Yesterday, I noticed it was connected. I checked the logs in ACS, and saw a successful connection using EAP-FAST. So it did work, but I have no idea why. Nothing changed on either system config wise. Maybe a new PAC file was generated? I need to check the logs to see if that was the case. Regardless, my iPad can now connect using EAP-FAST. Excited about this news, I pushed the profile from the iPhone config utility to 2 additional devices, another iPad, and an iPhone. Both failed, with the same supplicant did not respond correctly message in ACS. So the 3 apple devices have the exact same config on them - 1 now works after 2 weeks of failing, and 2 failed upon first day attempts yesterday. Very odd, and very frustrating. ACS provides very little in the way of help (the supplicant did not respond correctly, but in what way did it not respond correctly??), and the iPad logs even less. So it seems to be impossbile to really know what is going on here. If you or anyone has any suggestions I am definetly open to hearing them.

Option A) leave it for 2-3 weeks and see if it works. (LOL)

Option B) Contact APPLE... (LOL)

Option C) Perform debug client for each client ... if needed run radius debugs on the WLC too.. and then compare a good authentication vs the failing one.

couldn't wait for apple support.....:-)

so meanwhile after a few debugs and messing around I found out what the problem is..On the 877w router, one of the ssid's is configured as guest-mode, and so it broadcasts itself all the time. On a macbook it's not an issue - you can you select the ssid configured for EAP-FAST and it will authenticate and associate to that ssid no problem, even if it sees a guest-mode ssid as well. However on the IPAD, if it sees a guest-mode ssid broadcasting itself, it will keep flipping over to that one, even though you select the other ssid which has been correctly configured for  EAP-FAST. So the solution in my case was just to disable the guest-mode under the ssid on the cisco router. Nice one Apple 😞

HTH

Tim

:-s apple way....

WEll at least its working now.