Hi Jason,
This lab asked for local eap to be authenticated with MS LDAP using
EAP-FAST-GTC and PEAP-GTC since ms ldap doesn't support mschapv2. For
PeapV1, this is pretty straight forward, both phone and laptop
connects as long as the CA root cert is installed. However, for
EAP-FAST I noticed that I need to setup the phone and notebook to
receive an auto-generated PAC from the WLC using local net users
before I can swing over to authenticate via LDAP. If i do the other
way round, authenticating via LDAP 1st without authenticating through
local net user, both the phone and notebook will fail authentication.
Can anyone verify this as this affects the sequence of configuration
and testing of the connectivity during an actual lab.
Alvin
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
