Kristjan Don't confuse the EAP authentication method (LEAP, EAP-FAST) with the 802.11 authentication algorithm required prior to EAP taking place. Look at http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml#NetEAP.
There is also a bit more information at http://pluscom.ru/cisco_product/cc/td/doc/product/wireless/airo1200/accsspts/techref/eapfast/eapfast.htm (search for 802.11 authentication algorithm). Here it adds the use of EAP-FAST with Network-EAP. While LEAP will tend to require the use of network-EAP, it will depend on the client connecting. Also, note that the WLC solution (which supports LEAP) does not, to my knowledge, have a place to set the 802.11 authentication algorithm to Network-EAP. Hope this didn't make things more confusing. Also, that is a true statement about using EAP-FAST with local RADIUS for Cisco clients (APs and bridges.) LEAP must be allowed so that it can be offered. If not, the AP won't offer EAP-FAST as an EAP authentication algorithm. Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: *[email protected] * 2011/2/17 Kristján Ólafur Eðvarðsson <[email protected]> > > 3. Re: Autonomous AP Eap-fast with 7921 phone (Brendon Hwang) > > > Kara and Brendon, I don´t agree. EAP-FAST requires only open eap > network-eap is only left on for legacy LEAP. > This is for the phone and clients using EAP-FAST, it is open standard. > Test it ! and then beleive ! :) > > unless for Root to WGB schenario. The leap needs to be open > for net negotiation to work. The negotiation goes something like Root: "do > you support LEAP ?" > Bridge: "Yes I do, but can we speak EAP-FAST?" Root: "sure we can..." > > > regards. Kristjan > > > ------------------------------ > > Message: 3 > Date: Thu, 17 Feb 2011 18:06:15 +1100 > From: Brendon Hwang <[email protected]> > To: "Kara Muessig (kmuessig)" <[email protected]>, > <[email protected]> > Subject: Re: [CCIE Wireless] Autonomous AP Eap-fast with 7921 phone > Message-ID: <c98312ab.698c%[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hi Kara, > > That is correct. > Use both open eap and network-eap. I remember if you configure network-eap > only then you get an warning msg that said you should enable open eap as > well for eap-fast. > > Cheers, > Brendon > > > From: "Kara Muessig (kmuessig)" <[email protected]> > Date: Wed, 16 Feb 2011 20:33:39 -0800 > To: <[email protected]> > Subject: [CCIE Wireless] Autonomous AP Eap-fast with 7921 phone > > Hi all, > > I just wanted to verify that when configuring a 7921 to connect to an > autonomous AP with EAP-FAST that you had to use Network EAP along with Open > EAP. I guess the phone is similar to a Cisco WGB where you have to use > both > open and network eap to use eap-fast?? > > Thoughts? > > Thanks, > > > > Kara Muessig > CONSULTING SYSTEMS ENGINEER.SALES > Wireless South Team > [email protected] <mailto:[email protected]> > Phone: 512-791-2870 > > > Cisco.com <http://www.cisco.com> > Think before you print. This email may contain confidential and privileged > material for the sole use of the intended recipient. Any review, use, > distribution or disclosure by others is strictly prohibited. If you are not > the intended recipient (or authorized to receive for the recipient), please > contact the sender by reply email and delete all copies of this message. > For > corporate legal information go to: > http://www.cisco.com/web/about/doing_business/legal/cri/index.html > <http://www.cisco.com/web/about/doing_business/legal/cri/index.html> > > > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20110217/f9ee5191/attachment.html> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image001.jpg > Type: image/jpeg > Size: 18944 bytes > Desc: not available > URL: </archives/ccie_wireless/attachments/20110217/f9ee5191/attachment.jpg> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image002.gif > Type: image/gif > Size: 87 bytes > Desc: not available > URL: </archives/ccie_wireless/attachments/20110217/f9ee5191/attachment.gif> > > ------------------------------ > > _______________________________________________ > CCIE_Wireless mailing list > [email protected] > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > > > End of CCIE_Wireless Digest, Vol 23, Issue 18 > ********************************************* > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
