EAP-TLS & ACE Appliance "EAP-TLS or PEAP authentication failed"

Hello - I have a version 3.2 of the ACS appliance and I am trying to set up a successful test of EAP-TLS. I have a W2K server for a CA and I believe I have the certificate install properly. However, I get the "EAP-TLS or PEAP authentication failed during SSL handshake" error message in my failed attempts log. The troubleshooting document tells me to look at the CSAuth.log file but I can't seem to find in on the ACS Appliance.
Does anyone have any ideas how to troubleshoot this problem with the appliance?

If the client's certificate on the ACS is invalid (which depends on the certificate's valid "from" and "to" dates, the server's date and time settings, and CA trust), then the server will reject it and authentication will fail. The ACS will log the failed authentication in the web interface under Reports and Activity > Failed Attempts > Failed Attempts XXX.csv with the Authentication Failure-Code similar to "EAP-TLS or PEAP authentication failed during SSL handshake." If the ACS rejects the client's certificate because the ACS does not trust the CA, the expected error message in the CSAuth.log file is similar to the following.
AUTH 06/04/2003 15:47:43 E 0345 1696 EAP: ProcessResponse:
SSL handshake failed, status = 3 (SSL alert fatal:unknown CA certificate)If the ACS rejects the client's certificate because the certificate has expired, the expected error message in the CSAuth.log file is similar to the following.
AUTH 06/04/2005 15:02:08 E 0345 1692 EAP: ProcessResponse:
SSL handshake failed, status = 3 (SSL alert fatal:certificate expired)
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

Similar Messages

  • EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake

    Hi All ,
                 I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of  EAP_TLS under golbal authentication setup .
                 I have downloaded client supplicant certficate file for my windows XP machine .
    When i tried to authenticated i am finding following error message under  failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
    Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
    Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..

    Hello,
    I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
    Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
    -          Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification                      Authorities\Certificates
    -          Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
    -          Delete the wireless network from the computer
    -          REBOOT!!
    -          Open the Microsoft Management Console, “mmc”.
    -          Go FILE\Add Remove SnapIn. Select Certificates ..
    -          If promoted, do it for “My User Account”.
    -          Make sure the certificates are where you put them. 
    -          If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification                      Authorities\Certificates, remove them.
    -          Redo wireless network setup again
    I hope this helps you.
    Mike

  • EAP-TLS or PEAP authentication failed during SSL handshake

    Hi Pros,
                   I am a newbie in the ACS 4.2 and EAP-TLS implementation, with that being said. I face an issue during a EAP-TLS implementation. My search shows that this kind of error message is already certificate issue;However, I have deleted and recreated the certificate in both ACS and the client with the same result. I have deleted and re-install the certchain as well.
    When I check my log in the failed attemps, there is what I found:
    Date
    Time
    Message-Type
    User-Name
    Group-Name
    Caller-ID
    Network Access Profile Name
    Authen-Failure-Code
    Author-Failure-Code
    Author-Data
    NAS-Port
    NAS-IP-Address
    Filter Information
    PEAP/EAP-FAST-Clear-Name
    EAP Type
    EAP Type Name
    Reason
    Access Device
    Network Device Group
    06/23/2010
    17:39:51
    Authen failed
    000e.9b6e.e834
    Default Group
    000e.9b6e.e834
    (Default)
    EAP-TLS or PEAP authentication failed during SSL handshake
    1101
    10.111.22.24
    25
    MS-PEAP
    wbr-1121-zozo-test
    Office Networ
    06/23/2010
    17:39:50
    Authen failed
    [email protected]
    Default Group
    000e.9b6e.e834
    (Default)
    EAP-TLS or PEAP authentication failed during SSL handshake
    1098
    10.111.22.24
    25
    MS-PEAP
    wbr-1121-zozo-test
    Office Network
    [email protected] = my windows active directory name
    1. Why under EAP-TYPE it shows MS-PEAP not EAP-TLS? I did configure EAP-TLS....
    2. Why sometimes it just shows the MAC of the client for username?
    3. Why  it puts me in DEFAULT-GROUP even though i belongs to a group well definy in the acs?
    2. Secondly, When I check in pass authentications... there is what i saw
    Date
    Time
    Message-Type
    User-Name
    Group-Name
    Caller-ID
    NAS-Port
    NAS-IP-Address
    Network Access Profile Name
    Shared RAC
    Downloadable ACL
    System-Posture-Token
    Application-Posture-Token
    Reason
    EAP Type
    EAP Type Name
    PEAP/EAP-FAST-Clear-Name
    Access Device
    Network Device Group
    06/23/2010
    17:30:49
    Authen OK
    groszozo
    NOC Tier 2
    10.11.10.105
    1
    10.111.22.24
    (Default)
    wbr-1121-zozo-test
    Office Network
    06/23/2010
    17:29:27
    Authen OK
    groszozo
    NOC Tier 2
    10.11.10.105
    1
    10.111.22.24
    (Default)
    wbr-1121-zozo-test
    Office Network
    In the output below, it says that the user is authenticate and it puts the user in the right group with the right username, but the user never really authenticate. Maybe for the first few seconds when I initiate the connection.
    Before I forget, the suppliant is using WIN XP and 802.1x is enable. I even uncheck not verify the server and the ACS under External User Databases, I did  check ENABLE EAP-TLS machine authentication.
    Thanks in advance for your help,
    Crazy---

    Any ideas on this guys?? In my end, i've been reading some docs... Things started to make sens to me, but I still cannot authenticate, still the same errors. One more thing that catch my  attention now is the time it takes to open a telnet session to cisco device which has the ACS for auth server.
    My AD(Active Direct) and the ACS server are local same subnet(server subnet). Ping to the ACS from my desktop which is in different subnet is only take 1ms. To confirm that the issue is the ACS server, I decided to use another server in remote location, the telnet connection is way faster than the local ACS.
    Let's brain storm together to figure out this guys.
    Thanks in advance,
    ----Paul

  • EAP-TLS or PEAP authentication failed during SSL handshake to the ACS serve

    We are running the LWAPP (2006 wlc's and 1242 AP's) and using the ACS 4.0 for authentication. Our users are
    experiencing an issue, where they are successfully authenticated the first time, however as the number of them is increasing, they're starting to drop the connections and being prompted to re-authenticate. At this point, they are not being able to authenticate again.
    We're using PEAP for the authentication and Win XP SP2 clients as the supplicants. The error message that we are seeing on the ACS for that controller is "EAP-TLS or PEAP authentication failed during SSL handshake to the ACS server"...Not sure if this error msg is relevant since we have other WLC's that are working OK and still generating the same error msg on the ACS...
    Thanks..

    Here are some configs you can try:
    config advanced eap identity-request-timeout 120
    config advanced eap identity-request-retries 20
    config advanced eap request-timeout 120
    config advanced eap request-retries 20
    save config

  • EAP-TLS or PEAP authentication failed during SSL handshake error

    I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
    The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
    Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
    Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
    Thanks for the help

    My experience suggests that the problem is the certificate.
    I'm running ACS 3.3.
    I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
    Correctly following the instructions led to a successful connection and no more error message.

  • PEAP authentication failed for wireless users

    Dears
    Hello
    i'm receiving this error when i'm trying to authenticate wireless users using PEAP MSCHAPv2. can anyone please support me.
    thanks 

    Dear Neno
    the customer has sent me this in aruba
    aaa authentication dot1x "dot1xProfile"     
       termination eap-type eap-peap                                                                                                                                                                                                                                             
       termination inner-eap-type eap-mschapv2       
    aaa authentication-server radius "SERVER"
       host x.x.x.x
       key xxxx
       nas-ip x.x.x.x
    aaa server-group "RADIUS-GROUP"
      auth-server “SERVER”
    aaa profile "KSAU-JED-AAA-Profile"
       authentication-dot1x "dot1xProfile"
       dot1x-server-group "RADIUS-GROUP"
    wlan virtual-ap "SSID-NAME"
       aaa-profile "KSAU-JED-AAA-Profile"
       ssid-profile "SSID-NAME"
       vlan <VLAN ID>

  • WLC PEAP authentication

    Hi
    I've created a local EAP profile for PEAP authentication and configured user accounts in the WLCs. When I tried to connect to the SSID via my iPhone, popped up a certificate (local WiSM) and I accepted it then it failed with incorrect username/password. The same username/password works fine with Windows Vista laptop. Any help?
    Thanks

    May be just show local-auth config, show wlan x, show local-auth statistics.?
    I am assuming you have only peap checked . ( and nothing else enabled like Server cert etc ). IPhone is it running latest code ?
    Thanks..Salil

  • Authentication failed using EAP-TLS and CSSC against ACS

    Hi.
    Playing with a trial version of CSSC (Cisco secure services client) I had a problem that really I don´t understand.
    Any 802.1x configuration work fine but when I use anything involving the use of certificates (EAP-TLS or PEAP using a certificate instead a password to autenticate) I always see the same log message in ACS:
    "Authen session timed out: Challenge not provided by client" It seems that my client supplicant does not repond to the ACS when the first one proposed an EAP method.
    First I discart a certificate error because the same certificate works fine with Intel Proset Wireless supplicant and Windows Zero Configuration. EAP Fast works fine using auto provisioning or manual provisioning.
    Any idea? I red the CSSC administration guide but I did not find anything that explains this behaviour or defines the right configuration for this EAP method.
    I´m using Windows XP SP3, Intel Wireless 4965AGN and CSSC 5.1.1.18; My CA is a Windows CA.ACS version 4.2
    Thanks in advanced.
    Best regards.

    Today is not mmy day.
    It´s still failing and maybe I will open a TAC case.
    I´m looking at the log file of the CSSC and I don´t like what I have seen.
    2125: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-6-INFO_MSG: %[tid=344][mac=1,6,00:1d:e0:9f:05:ef]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: EAP suggested by server: leap
    2126: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-6-INFO_MSG: %[tid=2044][mac=1,6,00:1d:e0:9f:05:ef]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: EAP requested by client:  eapTls
    2127: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: EAP methods sent : sync=8
    2128: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request completed, response sent : sync=8
    2129: portable-9b7161: oct 28 2010 20:34:29.156 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Authentication state transition: AUTH_STATE_UNPROTECTED_IDENTITY_SENT_FOR_FULL_AUTHENTICATION -> AUTH_STATE_UNPROTECTED_IDENTITY_ACCEPTED
    2130: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Credential callback, type=AC_CRED_SERVER_VERIFY, sync=9
    2131: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Calling acCredDeferred
    2132: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request deferred : sync=9
    2133: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Server verification sent : sync=9
    2134: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request completed, response sent : sync=9
    2135: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Credential callback, type=AC_CRED_USER_CERT, sync=10
    2136: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: Calling acCredDeferred
    2137: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=344]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request deferred : sync=10
    2138: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Impersonating user
    2139: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Loading client certificate private key...
    2140: portable-9b7161: oct 28 2010 20:34:29.171 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Calling acCertLoadPrivateKey()...
    2141: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: ...acCertLoadPrivateKey() returned
    2142: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-3-ERROR_MSG: %[tid=140]: Internal error 204, contact software manufacturer
    2143: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: acCertLoadPrivateKey() error -20 [c:\acebuild\bldrobot_cssc_5.1.1.21_view\monadnock\src\ace\certificate\certificateimpl.cpp:239]
    2144: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-3-ERROR_MSG: %[tid=140]: Internal error 4, contact software manufacturer
    2145: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: CssException for function 'acCertLoadPrivateKey' => -20{error} [certificateimpl.cpp:240]
    2146: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-3-ERROR_MSG: %[tid=140]: Internal error 7, contact software manufacturer
    2147: portable-9b7161: oct 28 2010 20:34:29.187 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Assertion 'CSS exception - should this be logged instead?' failed at [cssexception.cpp:114]
    2148: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Client certificate private key has not been loaded
    2149: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=140]: Deimpersonating user
    2150: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Client certificate 239f43fdcde8e190540fab2416253c5660c0d959 has been processed: ERR_INTERNAL_ERROR(7)
    2151: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Certificate 239f43fdcde8e190540fab2416253c5660c0d959 is unusable
    2152: portable-9b7161: oct 28 2010 20:34:29.218 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: {764C6E35-2FFF-47CF-A0CA-5B90E9483367}: Credential Request completed, no response sent : sync=10
    2153: portable-9b7161: oct 28 2010 20:34:30.078 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Checking for new configuration
    2154: portable-9b7161: oct 28 2010 20:34:32.078 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Checking for new configuration
    2155: portable-9b7161: oct 28 2010 20:34:34.078 -0100: %CSSC-7-DEBUG_MSG: %[tid=2044]: Checking for new configuration
    It seems that It found a valid certificate, starts the Authentication proccess and when it must request the ACS challenge it fails when loading the private key and crash the supplicant 
    Do you think the same??
    Thanks.
    Best Regards.

  • EAP-TLS authentication failed

    I have recently purchased the E71 and am trying to connect to my WLan at work. It uses 802.1x authentication and I have now installed the correct security certificate. It seems that no matter what EAP plugin I use, TLS TTLS PEAP FAST etc I get an authentication error. There are a whole lot of settings that I don't understand. Can anyone walk me through the setup who has been there before.
    Much appreciated
    ian S
    Christchurch, NZ

    I had this message recently. The first issue I found was that the username entered into the laptop was not correct (I had djohnson, need to have DJohnson)
    The second issue I had was that my AP's were not authenticating to my WDS access point. I had turned off LEAP on my ACS server by accident causing the WDS authentication to fail. Once I turned this back on, my AP's authenticated to my WDS device and my users authenticated to the AP's.
    Otherwise, the meaning of this is that the certs are not matching up correctly with the server either due to expiered certs, incorrect cert type on the users machine or incorrect information in the cert.
    Hope this helps.

  • Eap tls authentication fails if bluetooth device connected

    Hi All, I'm new to Macs but was tasked with getting a MacBook Air connected to our AD integrated, 802.1x wifi network. After a lot of trial and error with certificates I finally got this working but now have a rather bizarre problem. With the MBA on it's own it will connect to the wifi network, sucessfully authenticate and work perfectly well. However, if my Apple bluetooth mouse or keyboard are connected to the MBA the EAP-TLS authentication fails. A packet capture of the connection process shows that at the same point every time the process take a while then a packet shows as "Unknown Error Ignored", then loops thorugh the process. Turning off the keybpard and mouse at this point and the MBA will connect. Once connected I can then connect the keyboard and mouse and continue to stay connected for a while before, I assume, the AP forces a re-auth and the connection drops again.
    Has anyone come across this elsewhere?
    Thanks

    I have a Macbook Pro Retina 15" from 2012 and it has the same issue. Running 10.8.4. I have spent probably 5-6 hours trying to troubleshoot cert's network settings, did a complete fresh install (then restored from timemachine when that did not work) with no luck this solution worked but obviously is not a real solution as it should not confilct in this way. Great job on finding a workaround! I will be contacting apple about this ASAP under my applecare.

  • 802.1x eap-tls machine + user authentication (wired)

    Hi everybody,
    right now we try to authenticate the machines and users which are plugged to our switches over 802.1X eap-tls. Works just fine with windows.
    You plug a windows laptop to a switchport and machine authenticates over eap-tls with computer certificate. Now the user logsin and our RADIUS (Cisco ACS) authenticates the user as well, with the user certificate. After eap-tls user-authentication the RADIUS checks if the workstation on which the user is currently logged in is authenticated as well. If yes = success, if no the switchport will not allow any traffic.
    Now we have to implement the same befaviour on our MacBooks Pro. Here the problems start. First of all I installed user and computer certificates issued by our CA (Win 2008 R2). So far so good. Now I have no idea how to implement the same chain of authentication. I was reading countless blogs, discussions, documentations etc. about how to create .mobileconfig profiles. Right now im able to authenticate the machine, and _only_ if I login. As soon as I logout eap-tls stops to work. It seems that loginwindow does not know how to authenticate.
    1) how do I tell Mavericks to authenticate with computer certificate while no user is loged in ? already tried profiles with
    <key>SetupModes</key>
    <array>
        <string>System</string>
        <string>Loginwindow</string>
    </array>
    <key>PayloadScope</key>
        <string>System</string>
    but it does not work
    2) How do I tell Mavericks to reauthenticate with user certificate when user logs in ?
    Thanks

    Unfortunatelly this documents do not describe how to do what I want.
    I already have an working 802.1x. But the mac only authenticates when the user is loged in. I have to say that even this does not work like it should. If Im loged in sometimes i need to click on "Connect" under networksettings and sometimes it connects just automatically. Thats really strange.
    I set the eapolclient to debugging mode and see following in /var/log/system.log when I logout.
    Feb 20 18:39:09 MacBook-Pro.local eapolclient[734]: [eaptls_plugin.c:189] eaptls_start(): failed to find client cert/identity, paramErr (-50)
    Feb 20 18:39:09 MacBook-Pro.local eapolclient[734]: en0 EAP-TLS: authentication failed with status 1001
    Feb 20 18:39:22 MacBook-Pro.local eapolclient[734]: [eaptls_plugin.c:189] eaptls_start(): failed to find client cert/identity, paramErr (-50)
    Feb 20 18:39:22 MacBook-Pro.local eapolclient[734]: en0 EAP-TLS: authentication failed with status 1001
    this are only debugging messages I get. Looks to me like eapolclient is not able to find a certificate (?)
    The certificates are in my System keychain.
    Unfortunatelly apple also changed the loging behaviour of eapolclient, I dont see any eapolclient.*.log under /var/log
    Any ideas ?

  • Eap tlas and peap

    Dear
    How can i configure the both security tls and peap
    but first the client must enter the user name and password (peap) then check the tls (certification)
    that?s mean using the two way to authentication in the same time
    Am already configured the tls and peap but how to add both together that?s not
    Thanks in advance

    Hi,
    I'm not sure why you want to have both EAP type. If you set up TLS that is itself two way authentication.
    In TLS you install CA on both server and on client, so
    Client verify server
    Server verify client
    Regards,
    ~JG

  • Cannot connect to wlan eap-peap athentication fail...

    Hi all
    I have A nokia N97 which I tried to connect to my work WLAN but I get  eap-peap athentication failed. We do user a certificate which I have installed on the phone but it does not connect. It does not even promt for user name or password. I can connect to my home wireless which just ask for a security key which i enter and it works please please help.
    Please help

    I got it working please read my How to
    /t5/Connectivity/How-to-connect-to-wlan-with-n97-u​sing-ca-certificate/td-p/659372

  • EAP Authentication Configuration for EAP-FAST and PEAP

    Hi Everyone,
    I pretty much got EAP working, however using LEAP 
    When I get to EAP-FAST and PEAP, I just can't seem to get it to work
    What am I missing, I do know that EAP-FAST and PEAP involve certificates. However, how do i set them up on the client side?
    Hope you guys can help me on this, stuck on this part xD

    EAP is a complicated subject for sure. But it shouldn't be really once you know the foundation. 
    EAP-PEAP can use server side and client side and EAP-FAST can as well. It all depends how its deployed. 
    Generally speaking, most deployments of PEAP use server side only and EAP-FAST uses PACS only.
    The cert that you install on the radius server for PEAP is passed to the wireless supplicant and is used by the supplicant to hash the logon and password from the user. This hash is passed back to the radius server who has the private key who can decode the hash and pass the user ID and password  back to AD for example. 
    Hope this helps .. 

  • Security and Network Management: EAP-PEAP AUTHENTICATION

    Hi,
    does someone has the example of the implementation of EAP-PEAP authentication on a Cisco Aironet 1242 AP?
    I'm trying to make the configuration of one, but not succeeding.
    Jorge

    example with eap:
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml
    Do not forget: Check Open Authentication (With EAP).

Maybe you are looking for

  • NET8의 LOGGING과 TRACE 관련 PARAMETER에 대한 Q & A

    제품 : SQL*NET 작성날짜 : 2002-05-07 NET8의 LOGGING과 TRACE 관련 PARAMETER에 대한 Q & A ================================================= PURPOSE Net8을 이용하면서 발생하는 문제를 추적 하기위해 oracle의 configuration file에 들어갈 수 있는 parameter와 logging과 tracing을 하는 방법에 대해 질의/응답을 통해 알아

  • Set Default Tab For A Step

    We have a system that has been installed at a couple of affiliate sites in Japan and Romania (we've been developing in Australia).  It runs on TestStand 4.2 with supporting code written in LabVIEW 8.6 (although the Romanian site uses TS4.2.1 and LV20

  • Creating a job and schedule

    Hi, working in oracle database 9i. I need to know how to create a job that runs a stored pl sql procedure and schedule it. I have created a job via toad but it doesn't run by itself. . what am i missing?

  • Having problems downloading or updating apps, because of new service agreement. What's causing this?

    Anyone else having this problem?

  • Incorrect countdown timer

    I have a GSM iPhone 5 on iOS 7.  I recently set a timer to an hour and 20 minutes, and started it without having a second thought.  A few minutes later, I went to unlock my phone, and saw some numbers counting down.  I assumed this was an addition in