Hi All,
I couldn't seem to get a 7920 to authenticate with local-eap,
eap-fast. The layer 2 security of the SSID is setup with
wpa/tkip/cckm+dot1x. The aaa server was configured to perform
local-eap with a eap-profile with eap-fast chosen (only setting, no
other check box ticked) against vendor cert. Local net user was
configured. My other 7921 has no problem authenticating and
associating while the 7920 is stuck with pac provisioning followed by
an authentication failure. Debugging with "aaa local-auth eap method
all", showed that the authentication went all the way to Phase 2 where
the local net user id was called up in the inner authentication
methods (mschapv2). Very peculiar as the minute i change from
local-eap to radius/ACS4.2, the phone was able to authenticate and
associate. The eap request timeouts are already set higher than 20s.
Any clue?
Alvin B
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
