[cisco-voip] Fixed: RE: 7925G and EAP-FAST connection failed
Jason Aarons (US)
jason.aarons at us.didata.com
Tue Apr 13 18:20:54 EDT 2010
Fixed. My old WLC 4404 code was the problem. I remember this issue with Symbol Handhelds 2 years ago.
In the 7925G Deployment Guide page 55 it said the eap timeout is set to low and fixed in later versions WLC.
(Cisco Controller) >config advanced eap request-timeout 30
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 20
EAP-Identity-Request Max Retries................. 20
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 4
(Cisco Controller) >
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jason Aarons (US)
Sent: Tuesday, April 13, 2010 5:50 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] 7925G and EAP-FAST connection failed
Everything works great with a Lenovo T61 laptop running EAP-FAST using the IBM Access Connections client.
However a new out of box 7925G SCCP 1.3(3) phone shows "! connection failed" onscreen.
Here is what the RADIUS log on Cisco Secure ACS 5.1 shows. TAC verified ACS is setup properly. Next step is call into 7925G team.
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
Evaluating Service Selection Policy
15004 Matched rule
15012 Selected Access Service - 7925s
11507 Extracted EAP-Response/Identity
12100 Prepared EAP-Request proposing EAP-FAST with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12102 Extracted EAP-Response containing EAP-FAST challenge-response and accepting EAP-FAST as negotiated 12800 Extracted first TLS record; TLS handshake started.
12805 Extracted TLS ClientHello message.
12806 Prepared TLS ServerHello message.
12808 Prepared TLS ServerKeyExchange message.
12810 Prepared TLS ServerDone message.
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
5411 EAP session timed out
Jason Aarons
Consultant
904-338-3245 Mobile
Dimension Data
________________________________
Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
-----------------------------------------
Disclaimer:
This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100413/a45025b8/attachment.html>
More information about the cisco-voip
mailing list