EAP-FAST local authentication example on a Cisco 1231 AP

Discussion in 'Cisco' started by Chris_D, May 10, 2005.

  1. Chris_D

    Chris_D Guest

    I can get EAP-LEAP to work fine using the access point as the
    authenticator and I can get EAP-FAST to work using Cisco Secure as the
    authenticator.

    I cannot get EAP-FAST to work using the access point as the
    authenticator.

    I am using the latest IOS (Version 12.3(2)JA)

    I get the following output from a "debug radius local-server eapfast
    events"

    (XXXX.XXXX.XXXX = MAC Address)

    Radius server TEAP events debugging is on
    Local_Authentication#
    *Mar 1 00:38:37.465: RADSRV EAP-FAST: Add teap client XXXX.XXXX.XXXX
    *Mar 1 00:38:37.465: RADSRV EAP-FAST: Sending TEAP start
    *Mar 1 00:38:39.195: RADSRV EAP-FAST: verify client_hello
    *Mar 1 00:38:39.195: RADSRV EAP-FAST: Build (provision) Server Hello,
    XXXX.XXXX.XXXX
    *Mar 1 00:38:39.195: RADSRV EAP-FAST: Calculting DH Server public..
    XXXX.XXXX.XXXX
    *Mar 1 00:38:39.526: RADSRV EAP-FAST: DH public number generation
    failed
    *Mar 1 00:38:39.526: RADSRV EAP-FAST: Sending Server Hello,
    XXXX.XXXX.XXXX
    *Mar 1 00:38:39.879: RADSRV EAP-FAST: verify client_finished,
    XXXX.XXXX.XXXX
    *Mar 1 00:38:39.879: RADSRV EAP-FAST: Calculting premaster secret..
    *Mar 1 00:38:40.297: RADSRV EAP-FAST: Calculating Master secret...
    *Mar 1 00:38:40.302: RADSRV EAP-FAST: Build Server Finished,
    XXXX.XXXX.XXXX
    *Mar 1 00:38:40.302: RADSRV EAP-FAST: Sending Server Finished,
    XXXX.XXXX.XXXX
    *Mar 1 00:38:40.307: RADSRV EAP-FAST: Verify Client ACK
    *Mar 1 00:38:40.307: RADSRV EAP-FAST: Build Tunnel ID request
    *Mar 1 00:38:40.308: RADSRV EAP-FAST: Sending Tunnel ID req
    *Mar 1 00:38:40.312: RADSRV EAP-FAST: verify Tunnel ID response,
    XXXX.XXXX.XXXX
    *Mar 1 00:38:40.312: RADSRV EAP-FAST: missing EAP TLV, XXXX.XXXX.XXXX
    *Mar 1 00:38:40.312: RADSRV EAP-FAST: sending alert level 2, desc 40
    *Mar 1 00:38:55.312: RADSRV EAP-FAST: Timer expired, teap client
    XXXX.XXXX.XXXX
    *Mar 1 00:38:55.312: RADSRV EAP-FAST: Delete teap client
    XXXX.XXXX.XXXX
    Drop the ZZZ to reply

    Cheers ...
     
    Chris_D, May 10, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    2,261
    b1-100
    Aug 27, 2011
  2. piefje

    fast eap witjh local radius

    piefje, Aug 11, 2005, in forum: Cisco
    Replies:
    1
    Views:
    712
    Chris_D
    Aug 12, 2005
  3. Replies:
    4
    Views:
    683
    Joe Matuscak
    Mar 27, 2006
  4. frank

    EAP SIM and EAP AKA methods with WZCSVC

    frank, Nov 24, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    715
    frank
    Nov 24, 2006
  5. VENZY

    Missing EAP Type = Protected EAP (PEAP)

    VENZY, Nov 19, 2009, in forum: Wireless Networking
    Replies:
    5
    Views:
    4,808
    Peter Foldes
    Feb 23, 2010
Loading...

Share This Page