Hi Alvin,
I would need to test I don't believe that the EAP request timeout applies to local radius server, so maybe the 7920 does not respond in time and the 7921 does. I'm sure I have read this somewhere?? Phil -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: 14 March 2011 14:56 To: [email protected] Subject: [CCIE Wireless] 7920 V3.02, Local EAP, EAP-FAST Hi All, I couldn't seem to get a 7920 to authenticate with local-eap, eap-fast. The layer 2 security of the SSID is setup with wpa/tkip/cckm+dot1x. The aaa server was configured to perform local-eap with a eap-profile with eap-fast chosen (only setting, no other check box ticked) against vendor cert. Local net user was configured. My other 7921 has no problem authenticating and associating while the 7920 is stuck with pac provisioning followed by an authentication failure. Debugging with "aaa local-auth eap method all", showed that the authentication went all the way to Phase 2 where the local net user id was called up in the inner authentication methods (mschapv2). Very peculiar as the minute i change from local-eap to radius/ACS4.2, the phone was able to authenticate and associate. The eap request timeouts are already set higher than 20s. Any clue? Alvin B _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
