Re: WLSM, FWSM in transparent mode, VRF's , EAPFAST and LEAP

sleeson · ‎03-17-2005

Has anyone got any experience of all of the above.

Some background - The FWSM is in transparent mode, using virtual contexts between the VRF and the main routing table to ensure relevant mobility traffic passes through the relevant security context.

I can authenticate with LEAP via RADIUS, then obtain an IP through DHCP, ping my gateway from wireless client but not outside my VRF. If I remove the VRF from the tunnel interface associated with my mobility group all connectivity OK.

With EAPFAST I can authenticate via RADIUS, but do not get an address through DHCP. If I use a static ( and use mobility trust on tunnel interface )I can not ping my gateway. If I remove the VRF off the tunnel interface associated with this type of users mobility group, I receive an address through DHCP, and can ping merrily everywhere.

Has anybody got any thoughts if I am missing something here?

ebreniz · ‎03-23-2005

The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html

aarato · ‎04-18-2005

I am not sure if transparent mode is supported with your configuration. Can you please post or send me the config of your SUP720 and FWSM?

If you found your answer in the meantime, please let me know.

Thanks,

Andras

aarato · ‎04-18-2005

I am not sure if transparent mode is supported with your configuration. Can you please post or send me the config of your SUP720 and FWSM?

If you found your answer in the meantime, please let me know.

Thanks,

Andras