E63: WLAN; EAP (PEAP) settings.

I am a student at UCT. They use a WLAN, with a WPA security mode. The EAP settings i have tried are not working and neither I nor the computer guy could figure it out.
The WLAN settings I have set are as follows:
WPA/WPA2 is EAP.
WPA2 only mode is OFF.
The EAP plug-in settings are:
All types of EAPs are disabled apart from the EAP-PEAP.
those settings are then as follows.
Personal certificate is NOT DEFINED.
Authority certificate is Thawte Premium.
user name in use is USER DEFINED.
User name is my user name.
Realm in Use is USER DEFINED.
Realm is the relevant realm.
Allow PEAPv0 is yes.
Allow PEAPv1 is yes.
Allow PEAPv2 is no. 
The EAPs: the only one which is active is the EAP-MSCHAPv2.
Those settings are my user name 
Prompt password YES
My password is entered.
The in terms of Ciphers I have 5 which are selected. I don't know what they do so I have not played with them too much.
The enabled ones are:
 RSA, 3DES, SHA
DHE-RSA,3DES, SHA
DHE-DSS,3DES,SHA
RSA, AES, SHA
DHE-RSA, AES, SHA
 I have also tried connecting leaving all else the same but activating all ciphers and then again with no ciphers active.
The problems i experience are either a endless cycle where i have to enter my user name and password or it simply says 'no gateway reply'.
Assistance in this would be greatly appreciated as this is one of the primary functions I bought this phone for. 
Thanks H 

Are you sure you are using the right certificates and why dont you allow PEAPv2? You might need a personal certificate. Switch off the automatic settings in the advanced settings of your WLAN, scroll down to Power saving and disable to avoid "no gateway".
‡Thank you for hitting the Blue/Green Star button‡
N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

Similar Messages

  • Cannot connect to wlan eap-peap athentication fail...

    Hi all
    I have A nokia N97 which I tried to connect to my work WLAN but I get  eap-peap athentication failed. We do user a certificate which I have installed on the phone but it does not connect. It does not even promt for user name or password. I can connect to my home wireless which just ask for a security key which i enter and it works please please help.
    Please help

    I got it working please read my How to
    /t5/Connectivity/How-to-connect-to-wlan-with-n97-u​sing-ca-certificate/td-p/659372

  • WPA2 EAP-PEAP error, may be Windows Server 2008 or...

    I've studied posts like /t5/Connectivity/Not-able-to-connect-to-company-WLAN-WPA2-AES-PEAP-with-E71/m-p/420301/highlight/tru... , updated firmware, no joy. On E71, get
    WLAN: EAP-PEAP authentication failed
    In the event log of the domain controller+NPS server, get:
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          5/19/2010 10:24:18 AM
    Event ID:      6274
    Task Category: Network Policy Server
    Level: Information
    Keywords: Audit Failure
    User: N/A
    Computer: Actinium.s********.com
    Description: Network Policy Server discarded the request for a user. Contact the Network Policy Server administrator for more information.
    User:
         Security ID: S****\****
         Account Name: d***@*****.com
         Account Domain: S*******
         Fully Qualified Account Name: S******\*****
    Client Machine:
         Security ID: NULL SID
         Account Name: -
         Fully Qualified Account Name: -
         OS-Version: -
         Called Station Identifier: 000B8651*****
         Calling Station Identifier: 0021FE3****
    NAS:
         NAS IPv4 Address: 10.0.1.253
         NAS IPv6 Address: - NAS Identifier: 10.0.1.253
         NAS Port-Type: Wireless - IEEE 802.11
         NAS Port: 1
    RADIUS Client:
         Client Friendly Name: OAW-4308
         Client IP Address: 10.0.1.253
    Authentication Details:
         Connection Request Policy Name: Secure Wireless Connections
         Network Policy Name: Secure Wireless Connections
         Authentication Provider: Windows Authentication Server: Actinium.s********.com
         Authentication Type: EAP
         EAP Type: -
         Account Session Identifier: -
         Reason Code: 1
         Reason: An internal error occurred. Check the system event log for additional information.
    I get a different "Reason" when I deliberately use the wrong certificate, so that part is probably OK. Tried many combinations of sAMAccountName, userPrincipalName, etc. in user and realm fields. I saw a perhaps related issue with somebody using a maemo device that stopped working when they upgraded to Windows Server 2008 on the back end. No problem with iPhones, Blackberry Storms, laptops.
    Help...

    In the SCVMM world a 'template' is composed of the following: a VHD with an OS that has been generalized (sysprep), virtual hardware profile (settings), and an OS profile.
    The OS profile is required to have a product key.  A MAC activation key at the minimum.  But the key is required.
    If you deploy a VM from a VHD, the same customization assumptions are not at play.  Which is why it succeeds.  (there is no template in this case, there is also no requirement that the OS in the VHD be sysprep'd).
    SCVMM has rules.  And lots of things don't make sense until you begin to understand them and play within them. (I am not saying that the SCVMM rules are a good thing, just saying they exist)
    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

  • 802.1x EAP PEAP MSCHAPv2 on Windows 7 Client.

    I have problems autenticate a w7 client at our Enterprice WiFi network. XP, Apple clients and all SmartPhones works fine...  We use Radius assigned Vlans based on username and ream routed on our Meru Network to Navis radius as centralied point of
    autentication. Navis proxes client autenticatinon recuest to the customers Radiuses based on the realm.
    Windows 7 32 client use the radius CA (installed and ticked) and EAP PEAP MSCHAPv2 in the SSID settings. The customer radius is an Freeradius. In autentication logs we se that the client sends the Maschinename, eg. Machine-x200/username@realm
    even we in the client settings, under SSID Propirties, Security, MS Protected EAP(PEAP), Settings and EAP-MSCAPv2 Configuration, have removed tick on the default setting:
    Use Autom. Windows-username... AND under Security Advanced (back one step), in the 802.1X Settings, choose User autentication only! (not user and maschine, mascine only or guest) and we have saved corectly username@reame =(username here) and password...
    in the username password Setting.
    Is it possible edit or change the way the client PC is sett up to prevent this?
    Is there any way make a policy setting? or is there other solutions?
    I have teste te Cisco: PEAP option too, but stil noe autenticatoin from Radius
    Thanks

    Hi,
    As I know, this goal cannot be achieved.
    Reference:
    Use the 802.1X Wizard to Configure NPS Network Policies
    For authentication using Extensible Authentication Protocol – Transport Layer Security (EAP-TLS), select
    Microsoft: Smart Card or other certificate, click
    Configure, click
    OK, and then click
    Next.
    For authentication using Protected Extensible Authentication Protocol – Transport Layer Security (PEAP-TLS), select
    Microsoft: Protected EAP (PEAP). In
    Eap Types, click
    Add, click
    Smart Card or other certificate, click the
    Move Up button to position a smart card or other certificate at the top of the list, click
    OK, and then click
    Next.
    For secure password authentication using Protected Extensible Authentication Protocol – Microsoft Challenge Handshake Authentication Protocol
    version 2 (PEAP-MS-CHAP v2), select Microsoft: Protected EAP (PEAP). In
    Eap Types, click
    Add, click
    Secured password (EPA-MSCHAP v2), click the
    Move Up button to position the secured password authentication type at the top of the list, click
    OK, and then click
    Next.
    Regards,
    Sabrina
    TechNet Subscriber Support
    in forum.
    If you have any feedback on our support, please contact
    [email protected]
    This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
    This can be beneficial to other community members reading the thread.

  • EAP-PEAP setting on Nokia E6 crashes!

    I just updated my Nokia E6 to Symbian Belle. When I try to edit the EAP-PEAP settings for my corporate WPA2 secured network, the settings simply crashes and returns to the home screen.

    Hi Eelke,
    I've had the same problem as you for two days now, but finaly solved it ...
    The important thing is to NOT use the Option -> Edit (just craches ... must be a bug)
    Instead tap on the EAP-PEAP option. Also when disabeling/enabeling I pressed the screen and held finger there and an option menu will appear (or if not enabled it will enable the option).
    Hope this works for you as well. I just created an account to be able to post this for you :-), since the post came up on a google search I did.
    Surfin' Swede

  • E61i, Acces point config with WPA2, EAP-PEAP and ...

    How can you activate the AES encryption on a Nokia E61i.
    I'm running the 1.0633.62.05 firmware.
    In documentation I've found there is mentioned I need to disable the TKIP encryption but this option is not available
     Select “WLAN security sett.”
    • In “WPA mode” choose EAP
    ● In “TKIP encryption” choose Not allowed (thus enabling AES encryption)
     Disable everything except EAP-PEAP
     Highlight EAP-PEAP
    • Choose “EAP plug-in settings”le
    They mention firmware above 2.xxx but this one is not available
    Any hints ?

    Hey all, It seems I have the same problem!!! I don't know whats the problem. I asked the guys in IT support in my school about this problem and they told me that the phone has to support PEAP-Enterprise in order to be able to connect.. I don't know what does that mean but if anyone guys can help here, it will be soooo respected!! I am using the new firmware ,by the way. TKIP is not exist in the connection settings anywhere!!! and the message is exactly "Unable to Connect. WPA authentication failed" .... help help pleaseeeeeeeeeeeeeeeee

  • EAP-PEAP on N80 ?

    Hi,
    Are there ANYBODY, who has this working on N80 latest fw ?
    I simply can not get this to work.
    Its the same as with LEAP: I get user auth ok, but doesnt receive any IP, and static IP on phone doesnt work eighter.
    I would like to hear if you personally have EAPPEAP/MSCHAPv2 running on N80's ?
    And if yes, what settings you run ?

    I have a new N80 (firmware version 4.0623.0.42 RM-92,
    not IE edition) and have successfully used it with
    EAP-PEAP and EAP-MSCHAPv2 on our University network.
    I have the following settings:
    Connection Name: Whatever you like
    Data Bearer: Wireless LAN
    WLAN netw. name: your network ssid
    Network Status: public
    WLAN network mode: Infrastructure
    WLAN security mode: WPA/WPA2
    WLAN security settings =>
    WPA mode: EAP
    TKIP encryption: allowed
    EAP plug-in settings =>
    EAP-PEAP selected and first. All others disabled.
    EAP-PEAP configure =>
    User Certificate: not defined
    CA Certificate: Thawte Premium Server CA
    User Name in Use: from Certificate
    User Name: empty
    Realm in Use: from Certificate
    Realm: Empty
    Allow PEAPv0: yes
    Allow PEAPv1: yes
    Allow PEAPv2: yes
    EAP-types: =>
    EAP-MSCHAPv2 selected and first. All others disabled.
    EAP-MSCHAPv2 configure: =>
    User Name: Your user name
    Prompt Password: Your choice
    Password: Your password
    Ciphers:
    RSA,3DES,SHA selected and first. All other selected.
    I have also successfully used WEP shared key with
    MAC filtering on my home network.
    home network

  • E6 EAP-PEAP MSCHAPv2 authority certificate

    I am unable to connect to our company WLAN. I tried various username/domain/realm combinations for the EAP-PEAP MSCHAPv2 settings but it keeps giving message authentication failed. Our ocmpany does not have authority certificate and hence I select "not defined". I was told by our network admin that Nokia phones have this problem that they cannot connect without authority certificate.
    Is there any work around? I tried excporting an interim certificate of our company from my laptop but to no avail. Pls help.

    If there is actual workaround to get EAP-PEAP MSCHAPv2 to use with WLAN to use Eduroam, that would help me and many other people.
    Maybe Nokia has not build it to Nokia E6 phones.
    But if there would be an update for Belle OS to use this security authentication with WLAN that would help as well.
    greetings
    IT Support, helpdesk (not for Nokia).

  • Big problem with Nokia E60 and EAP-PEAP connection

    At our University we have Wlan now.
    The Lan based on the standart 802.11 b/g with 54 Mbit/s
    The Authentifikation based on the standart 802.1x (Peap) with the connection WPA/TKIP.
    My Firmware:
    V3.0633.09.04
    20-11-06
    RM-49
    Nokia E60
    My Configuration:
    Connection Name: FH-Hof
    Data Bearer:Wireless LAN
    WLAN netw.Name: FHHof
    Network status: Hidden
    WLAN netw.mode: Infrastructure
    WLAN security Mode: WPA/WPA2
    WLAN security settings:
    WPA mode: EAP
    TKIP-Security: allowed
    EAP plugin settings:EAP-PEAP
    User Cert: not defined
    CA Cert: CA-FH-Hof
    username in use: User configured
    username: aschmidt
    real in use: user configured
    realm: FH-Hof
    Allow PEAPv0: yes
    Yes for v1 and v2
    EAP: EAP-mschapv2
    Username: aschmidt
    prompt password: Yes
    password: entered my password
    Extended Settings:
    IPv4-Settings: No Changes
    IPv6-Settings: No Changes
    Proxserver-Address: proxy.fh-hof.de
    Prxy-Port-Number: 3128
    If I started to try the connection I have to enter my Username and my password. After that the handy asked me about my username and password again after a time.
    Now it takes circa one minute and the connection failed.
    The Error-Message ist: No Connection! WPA authentification failed.
    My´account is not blocked.
    Have I to enter any Ciphers?
    Thanks for every help and sorry for my bad English!
    EDIT: Removed non english linkMessage Edited by sailer_one on 27-Apr-200710:07 AM
    Message Edited by sailer_one on 27-Apr-200710:07 AM
    Message Edited by sailer_one on 27-Apr-200710:12 AM
    Message Edited by ajak on 27-Apr-2007 10:21 AM

    also try change "WLAN security Mode" from WPA to 802.1x
    I think Nokia referrs to WPA as WPA-PSK, but when you say TKIP then it also could be 802.1x as TKIP is the encryption used.
    So infact your wireless domain might be a 802.1x/EAP-PEAP/MS-CHAPv2 network.Message Edited by mbil on 30-Apr-200702:58 PM

  • WIFI: EAP-PEAP

    Hi everybody,
    I'm in a US university and i'm trying to set up my E65 to connect to their wireless network in order to contact my family in belgium through VOIP. unfortunately, I'm unable to connect to the network. Can someone please help me out?
    This is a screenshot of how my computer is configured (sorry it's in french):
    http://img57.imageshack.us/img57/8995/wlanbl8.jpg
    After that I have to put my username and password and i have to leave the domain field blank.
    this is the configuration on my E65:
    Connection Name: msu1x
    Data Bearer: Wireless LAN
    WLAN netw. name: msu1x
    Network Status: hidden
    WLAN network mode: Infrastructure
    WLAN security mode: WPA/WPA2
    WLAN security settings =>
    WPA/WPA2: EAP
    WPA2 only: disabled
    EAP plug-in settings =>
    EAP-PEAP selected and first. All others disabled.
    EAP-PEAP configure =>
    User Certificate: not defined
    CA Certificate: none
    User Name in Use: User-configured
    User Name: my_user_name
    Realm in Use: User-configured
    Realm: Empty
    Allow PEAPv0: yes
    Allow PEAPv1: yes
    Allow PEAPv2: yes
    EAP-types: =>
    EAP-MSCHAPv2 selected and first. All others disabled.
    EAP-MSCHAPv2 configure: =>
    User Name: my_user_name
    Prompt Password: no
    Password: my_user_name
    Ciphers:
    RSA,3DES,SHA selected and first. All other selected.
    I'm really sad because I wanted this phone to use VOIP and now I can't use it...
    I'd really appreciate if any of you could help me out !
    Thanks in advance

    I used these setting a while back on several model:
    /discussions/board/message?board.id=connectivity&message.id=6472&query.id=153958#M6472
    WLAN security mode: 802.1X
    WLAN security settings:
    WPA mode: EAP
    EAP plug-in settings: EAP-PEAP (only one checked, top of the priority list)
    EAP-PEAP->Options->Configure:
    [General] tab
    User Certificate: (not defined)
    CA certificate: (Cisco ACS CA)
    User name in use: From Certificate
    User name: (Blank)
    Realm in use: From Certificate
    Realm: (Blank)
    Allow PEAPv0: Yes
    Allow PEAPv1: No
    Allow PEAPv2: No
    [EAP] tab
    EAP-MSCHAPv2 (only one checked, top of priority list)
    TKIP encryption: disabled (not displayed)
    EAP-MSCHAPv2 ConfigurationUsername: (AD Domain name)\(Username)
    Prompt password: No
    Password: (domain password)
    [Encryption] tab
    (All algorithms are checked)
    Remember to choose hidden in network status, if you have hidden SSID !
    Also I use DHCP and a web-proxy.
    You may wonder why there is notthing in username and realm, but this is since PEAP doesnt verify the certificate, hence you do not need any.
    Allthough must of my other tests I did have user name and domain, but this failed ! Wierd.
    A note: When I installed the ACS CA Certificate I shoose Internet=Yes and Cer-control online = No
    (Find this under tools-security-Certificate control - choose the Cert and choose "trust settings"
    Anyway the above settings works.
    So the E60,E61,E70 and N80 works with LEAP and PEAP !!

  • 802.1x EAP-PEAP over Ethernet need help !!!

    I am trying to get wired 802.1x EAP-PEAP to work and after spending about 8 hours
    troubleshooting this, I am not sure what else to do.  Need help.  Here
    is the scenario:
    - Cisco Catalyst 3350 switch running IOS versionc3550-ipservicesk9-mz.122-44.SE6.bin,
    - Steelbelted/JUniper Radius Server version 6.1.6 on a windows 2003 server
    with IP address of 129.174.2.7.  This device is connected to the same switch above.
    Firewall is OFF on the server, allow ALL,
    - Windows 2003 Enterprise Server supplicant with the latest Service pack and patches.  Again,
    Firewall is OFF on the server, allow ALL.  Juniper has verified the configuration settings
    on the Supplicant machine.  The supplicant has a static IP address of 129.174.2.15, same subnet
    as the radius server, I just want enable EAP-PEAP so that user is forced to authenticate before
    the port is activate to be "hot".
    - Juniper TAC has verified the configuration on the Steelbelted radius for eap-peap
    and that everything is looking fine,
    I have verified that the switch can communicate fine with the radius server.
    - Configuration on the switch for 802.1x:
    aaa new-model
    aaa authentication dot1x default group radius
    radius-server host 129.174.2.7 auth-port 1812 acct-port 1813 key 123456
    interface FastEthernet0/39
      description windows 2003 Supplicant
      switchport access vlan 401
      switchport mode access
      dot1x port-control auto
      no spanning-tree portfast (does not matter if this is enable or disable)
    lab-sw-1#
    .May 20 07:52:47.334: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
    .May 20 07:52:47.338: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
    .May 20 07:52:47.338: EAPOL pak dump Tx
    .May 20 07:52:47.338: EAPOL Version: 0x2  type: 0x0  length: 0x0005
    .May 20 07:52:47.338: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
    .May 20 07:52:47.338: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
    lab-sw-1#
    lab-sw-1#sh dot1x interface f0/39
    Dot1x Info for FastEthernet0/39
    PAE                       = AUTHENTICATOR
    PortControl               = AUTO
    ControlDirection          = Both
    HostMode                  = SINGLE_HOST
    Violation Mode            = PROTECT
    ReAuthentication          = Disabled
    QuietPeriod               = 60
    ServerTimeout             = 30
    SuppTimeout               = 30
    ReAuthPeriod              = 3600 (Locally configured)
    ReAuthMax                 = 2
    MaxReq                    = 2
    TxPeriod                  = 30
    RateLimitPeriod           = 0
    lab-sw-1#
    I am at a complete lost here.  don't know what else to do.  Someone with expertise in this realm please
    help me how to make this work.
    Many thanks in advance,

    #1:  dot1x system-auth-control is already in the switch configuration
    #2:  Not sure if you're already aware, the minute I entered "dot1x port-control auto", the command "dot1x pae authenticator" automatically appears on the interface configuration
    The case is being worked on by Cisco TAC.  One of the issues is the windows 2003 server supplicant refuses to work.  Windows XP supplicant uses machine-authentication instead of user-authentication.  Cisco TAC is looking into this issue.

  • How to connect to AP with WPA2, EAP-PEAP, MSCHAPv2...

    I am trying to connect to the company network, but it always shows "PEAP authentication failed".
    There are only instructions for iPhone and PC.
    security : WPA2-Enterprise
    authority certificate : None
    Security Type : PEAP
    Inner Link Security : EAP-MSCHAPv2
    additionally MAC address filtering.
    The access point I set is as follows:
    network status: public
    wLAN network mode: infrastructure
    security: WPA/WPA2
    WPA2 only mode: off
    EAP plug-in setting: EAP-PEAP enable only
    personal certificate: not defined
    authority certificate: not defined
    user name: user-defined   BLANK
    realm in use: user-defined   BLANK
    allow PEAPv0
    MSCHAPv2
    user name: username
    password: mypassword
    We have domain, but there are no command about domain in iPhone guide. 
    Is there anything wrong of my setting?

    WPA2-Enterprise is not supported on your device.
    ‡Thank you for hitting the Blue/Green Star button‡
    N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

  • Cisco ISE - eap-peap and eap-tls

    Hi,
    Does anybody have an example of an ISE authentication policy where authentication requests coming from a WLC can be handled by TLS and PEAP?
    I dont seem to get that working, I do however make the ISE application crash with my config which is not the idea.
    If peap use this identity source, if tls use 'this certificate authentication profile'.
    Thx

    OK,
    so I have just fired up my lab and I actually created an Identity Sequence which contained my AD & my certificate profile.
    The authentication policy was allowing EAP-TLS & EAP-PEAP.
    I then created 2 authorization rules, 1 for users and 1 for machines permitting access based on windows AD group.
    What i found out was that the Windows 802.1x supplicant can only support 1 method of authentication, so if you want this to work properly, you need a different supplicant. I think Cisco do a more advanced one, not sure. You can then specifically choose that for machine auth you use EAP-TLS and for User Auth you use EAP-PEAP.
    In my setup. Machine auth ONLY happens when the user logs off the machine and it is sitting at Ctrl+alt+del so that it can still talk to the network and get all relevant updates etc. I found that not only did the machine authenticate using EAP-PEAP, it also authenticated using TLS... I think that is because of the wireless settings I had. I chose EAP-PEAP for wireless settings
    When the user then logs in, the user account authenticates using EAP-PEAP. I dont think you can authenticate both the logged on user and the machine at the same time. Not with the native windows supplicant anyway. Windows either sends authentication request for the user or the machine but not both.
    Hope that helps.
    Mario

  • WLC 5508 Web Auth and EAP / PEAP

       Morning all, I'm looking for some clarification.
    Current setup:
    I work in a school, a few years age I installed a 4400 WLC and several APs as a proof of concept exercise to see whether wireless technology would be of benefit to teaching and learning. It was deemed to be so.
    This summer I installed 2 x 5508 WLCs and increased AP coverage to 50 - copied over the configs from the old controller - all works fine.
    Currently only the staff can access the WLANs with the exception of a public WLAN in the canteen area.
    Because there are a limited number of devices, WPA2 in conjunction with MAC filtering was used. However the school wants to open the wireless network to all of the students - potentially this means up to 1000 devices that will no doubt change on a regular basis so MAC filtering is out.
    In line with child protection policies I need an 'auditable' trail when students access wireless resources.
    Planned setup:
    I have setup a test WLAN that uses Web Auth - the WLC is configured to pass authentication requests  ( through an ASA ) onto a RADIUS server which is tied into AD. I have a CA setup as well as a NAP server.
    There is no layer 2 security set on the test WLAN and layer 3 is just web authentication. From any mobile device I can authenticate against AD and gain access to the Internet.
    Clarification:
    With no layer 2 security the WLAN is exposed so I need to introduce some form of end to end encryption - so I am looking at deploying EAP / PEAP.
    Would the introduction of EAP / PEAP keep the network as secure as if I was using WPA2 ?
    Many thanks.

    If you are web authentication you cannot use dot1x as L2 security , so EAP is not an option.
    But you can use preshared security , like WPA2 AES with web auth to insure that the traffic is encrypted.
    or you can define a wlan profile with dot1x security on l2 and nothing on l3 , by doing so you would definetely hit the utmost security poossible.
    Check the following link which contain couple of EAP config examples:
    http://www.cisco.com/en/US/partner/tech/tk722/tk809/tech_configuration_examples_list.html
    Please make sure to rate correct answers

  • EAP-PEAP, CCKM & WPA2 AES

    Hi Guys,
    Can someone advise on the pros/cons implementing both WPA2 (AES) and CCKM to a single WLAN running 802.1x (EAP-PEAP)?
    There appears to multiple conflicting docs about it.
    Cheers,
    Nick

    Hi Nick,
    1. WPA2 (AES) and CCKM do NOT work together properly as most of the experts say like this. (but I have this scenario and still i did not herad any issue from employees)
    2. Most of the clients don't support WPA2 with CCKM combined because they have overlapping roaming mechanism(this is the reason provides by expert).
    3. WPA with cckm works perfectly (as cisco recommanded)
    Regards
    Dont forget to rate helpful posts

Maybe you are looking for