Was the roaming between APs on the same WLC or different WLCs? And, where was the authentication taking place? This does seem strange, since this what you would normally see on initial connection for anonymous PAC creation. It's almost as if the client doesn't have a PAC created by the EAP-FAST server.
Jason Boyers - CCIE #26024 (Wireless) Technical Instructor - IPexpert, Inc. Mailto: *[email protected] * 2011/5/26 Kristján Ólafur Eðvarðsson <[email protected]> > Funny, I also ran into a bug with 7921 > and WLC4400 with Local EAP and EAP-FAST. > > It worked on one AP (yeah wpa tkip and CCKM) > but when roaming WLC returned error log > "user anonymous failed authentication" > Got a bugID after filing a TAC Case. > > It was code 5.x if I remember correctly. > WLC seems to be trying to cache the outer identity > "anonymous" user but not the correct inner one. > But I am not sure. > > I am soon going to do a extensive test with 7920 > and 7921 phones on WLC and see if I can fit this one > in. > > regards. Kristjan > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 26 May 2011 15:58:01 +1000 > From: Leigh Jewell <[email protected]> > To: [email protected] > Subject: [OSL | CCIE_Wireless] Workbook1: Lab 8.3 Phone Security > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1252" > > In the solution guide for configuring local-eap for 7920's you reference a > bug CSCsj11323. I did a bit of reading and according to the release > notes< > http://www.cisco.com/en/US/partner/docs/wireless/controller/release/notes/crn411810.html > >this > bug was fixed in v4.1.181 > > *Resolved* > CSCsj11323?The 7920 phone fails EAP-FAST authentication when using local > EAP > authentication on the controller. > > So I am proposing that given the lab version is 4.2 we don't need to be > concerned and local-eap with eap-fast for 7920's is in fact ok. > > Thoughts ? > > Regards, > Leigh. > > -- > CCIE Blog - http://leigh-cciewireless.blogspot.com/ > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20110526/426f3ec4/attachment-0001.html> > > ------------------------------ > > ------------------------------ > > Message: 3 > Date: Thu, 26 May 2011 09:32:42 -0400 > From: Jason Boyers <[email protected]> > To: Leigh Jewell <[email protected]> > Cc: [email protected] > Subject: Re: [OSL | CCIE_Wireless] Workbook1: Lab 8.3 Phone Security > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1252" > > Interesting. The Bug Toolkit notes don't list a fixed version, so I was > going with that. I'll need to lab it up! > > > Jason Boyers - CCIE #26024 (Wireless) > Technical Instructor - IPexpert, Inc. > Mailto: *[email protected] > * > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com <http://www.platinumplacement.com/> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
