Local RADIUS trusting external database

Is there any way for the IOS local RADIUS to authenticate against a NT or AD domain account list? I understand I can use ACS, IAS or similar to do this, just looking for a cleaner solution for a small site. I'd be willing to use LEAP for client authentication if it were possible. My dilema is we use ACS to authenticate our larger locations. It is hard to justify a separate ACS install for this "island" site. They have a local AD domain which could be used. I'm considering IAS, but I'd also love to incorporate this AP into our WLSE environment. Any suggestions?

Thanks for your input. Maintaining a duplicate local user database just doesn't seem viable long term. I'd have to work with users every time their password expires, or not have them expire which is not acceptable. The site is only a couple dozen users, but at that volume I'd be dealing with a password change every few days.
My plan in the interum is to remotely authenticate them against my main site ACS which will authenticate them against their local domain. Certainly the long way to go, but I can extend the password cache for a longer than normal period to cut down on delay. I'll see how this operates for awhile and then adjust from there.
It seems that it would not be diffecult to have the AP directed toward a AD server. Cisco's VPN hardware does this nicely already. I'll put a feature request into our SE and see where it goes.
Thanks for the reply.

Similar Messages

Authenticating Guest Users Using External Database.

Folks, greetings.
Due to the limitations imposed by wlc's database size, we decided to go for an external authentication server.
Since this external database is for guest access, we are considering in using a Linux box with LDAP, along with a web-based application which will be presented to the user for authentication purposes. This way, the user would type in his/her credentials on this portal and the same box would process the authentication.
In such a scenario, we would buid an application for the "Lobby Amabassadors" input the guest data (for auditing purposes we need to enter the user's SSN, passport # or any other official ID), and this application would generate the password to be used during the authentication process.
I've used web-auth before, with the users database loaded on the WLC (local net users). Even using an external web-auth portal, the user is still authenticated by the controller that in turn, will control whether the traffic is to be allowed or not, based on the authentication results.
That's exactly where our question lies: how should we configure the WLAN so that the WLC would receive the access request and forward it to the authentication portal/server? Would it envolve radius?
This same Linux would be the DHCP server for this guest WLAN.
WLC vesion: 4.2.130.0
Regards,
AL

Using the Web Authentication feature on a Cisco wireless LAN controller, we can authenticate a guest user on the wireless LAN controller, on an external web server or on an external database on a RADIUS server. We can configure the wireless LAN used for guest traffic to authenticate the user from an external RADIUS server.
To enable an external RADIUS server to authenticate traffic using the GUI, follow this link.
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001207

Configuring a 1230 AP as a "Local Radius Authenticator"

Configuring a 1230 AP as a "Local Radius Authenticator"
CCO-URL: Configuring an Access Point as a Local Authenticator
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184a9b.html
this is the minimal config, i think:
AP# configure terminal
AP(config)# radius-server local
AP(config-radsrv)# nas 1.1.1.1 key 111
AP(config-radsrv)# group clerks
AP(config-radsrv-group)# vlan 2
AP(config-radsrv-group)# ssid batman
AP(config-radsrv-group)# reauthentication time 1800
AP(config-radsrv-group)# lockout count 2 time 600
AP(config-radsrv-group)# exit
AP(config-radsrv)# user jsmith password twain74 group clerks
AP(config-radsrv)# end
whereas 1.1.1.1 is the IP of the AP himself ?
is there a must for additional config commands like this:
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 111
aaa group server radius rad_eap
server 1.1.1.1 auth-port 1812 acct-port 1813
aaa group server radius rad_admin
server 1.1.1.1 auth-port 1812 acct-port 1813
all attempts didn't work
"station <MAC> authentication failed"
is there anything else nessecary ???

You seem to be missing the following commands;
authentication network-eap eap_methods
authentication key-management cckm optional
The following commands are useful for diagnosis;
Show radius local statistics
show interface dot11Radio 0 aaa client
Debug dot11 aaa dot1x state
Debug dot11 mgmt interface
Local authentication is designed as a fall-back service for when the primary RADIUS server fails. We not encourage the use of Local authentication as a replacement for a radius server.
* With an ACS you get Authentication, Authorization and Accounting. With Local authentication you only get Authentication.
* ACS scales, supports external user-databases, supports multiple authentication types, supports database backup and replication, etc, etc... Local authentication supports a maximum of 50 users, internal static configuration only, and LEAP only.
Following is an IOS configuration, that I have tested, and works on an AP1200 (should work on an 1100 too, I just havent tested it);
· This configuration enables a single AP to do local authentication. No WDS is included for fast roaming.
· This configuration can be cut-and-pasted into an AP that has been write-erased (blank config), and it will configure all the parameters to allow a client to LEAP authenticate to it (even if no Ethernet cable is connected to it)
· Replace usernames/passwords with your own usernames/passwords
· Replace ip-addresseswith the APs IP address
· I added DHCP configuration so you can connect to a stand-alone AP with your DHCP-enabled laptop (with a profile that matches the test APs SSID and LEAP settings).
conf t
host loc-auth-ap-name
enable secret cisco
no ip domain-lookup
line vty 0 4
password cisco
exec-timeout 0 0
login
int bvi 1
ip address 10.11.12.13 255.255.255.0
Interface dot11 0
no ssid tsunami
encryption mode ciphers ckip-cmic
ssid test-loc-auth
authentication network-eap eap_methods
authentication key-management cckm optional
ip dhcp excluded-address 10.11.12.13
ip dhcp pool temp
network 10.11.12.0 255.255.255.0
interface BVI1
ip address 10.11.12.13 255.255.255.0
no ip route-cache
aaa new-model
aaa group server radius rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
server 10.11.12.13 auth-port 1812 acct-port 1646
aaa authentication login eap_methods group rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
radius-server host 10.11.12.13 auth-port 1812 acct-port 1646 key 0 l0cal-key-secret
radius-server deadtime 10
dot11 holdoff-time 1
ip radius source-interface BVI1
radius-server local
nas 10.11.12.13 key 0 l0cal-key-secret
user testuser password 0 testuser-key-secret
exit
exit
wri

Local Radius Authentication - Fails

Hello all,
Access Point 1230AG (c1200-k9w7-mx.123-2.JA)
Client Adapter ABG (PCI)
I am new to Wireless Lan configuration with Aironet products (first project). I am configuring an Access Point for a small LAN and i can not get local radius authentication working. The password always fails if I try:
test aaa group radius xxxxx port 1812 new-code
although the password is matching..........
another thing is that in the configuration, it always defaults to 'nthash' mode. is this normal? in other words if i type:
radius-server local
user dgarnett password xxxx
when i do a 'show run' it displays as
user xxxx
I also get the following during a debug:
There is no RADIUS DB Some Radius attributes may not be stored
any help greatly appreciated
ap#test aaa group radius dgarnett 123456789 port 1812 new-code
Trying to authenticate with Servergroup radius
User rejected
ap#
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): Config NAS IP: 10.14.14.14
Feb 19 20:57:44.535: RADIUS(00000000): sending
Feb 19 20:57:44.535: RADIUS(00000000): Send Access-Request to 10.14.14.14:1812 id 21645/14, len 64
Feb 19 20:57:44.535: RADIUS: authenticator 9C C4 E8 64 80 8B 64 8A - E7 5F 0A 64 14 2F 5D B6
Feb 19 20:57:44.536: RADIUS: User-Password [2] 18 *
Feb 19 20:57:44.536: RADIUS: User-Name [1] 10 "dgarnett"
Feb 19 20:57:44.536: RADIUS: Service-Type [6] 6 Login [1]
Feb 19 20:57:44.536: RADIUS: NAS-IP-Address [4] 6 10.14.14.14
Feb 19 20:57:44.536: RADIUS: Nas-Identifier [32] 4 "ap"
Feb 19 20:57:44.537: RADSRV: Client dgarnett password failed
Feb 19 20:57:44.537: RADIUS: Received from id 21645/14 10.14.14.14:1812, Access-Reject, len 88
Feb 19 20:57:44.538: RADIUS: authenticator 3C B3 9A 7F 61 27 3A A6 - 84 39 B6 DF 22 DF 45 26
Feb 19 20:57:44.538: RADIUS: State [24] 50
Feb 19 20:57:44.538: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF [????????????????]
Feb 19 20:57:44.539: RADIUS: 6B 7C 18 EA F0 20 A4 E5 B1 28 0E BD 57 61 24 9A [k|??? ???(??Wa$?]
Feb 19 20:57:44.539: RADIUS: Message-Authenticato[80] 18 *
Feb 19 20:57:44.539: RADIUS(00000000): Received from id 21645/14
Feb 19 20:57:44.539: RADIUS(00000000): Unique id not in use
Feb 19 20:57:44.540: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored

Just as an update.......I set this up authenticating to an external (ACSNT) Radius server and it authenticates successfully. But still will not for the local dbase. My goal is to use the Corporate ACS as primary and the local as backup. I think my problem has to do with the Radius attributes 24 (State) and 80 (Message Auth). I also think that it points back to the NTHash stuff. Please advise as I am not new security practices and wireless, but I am new to Cisco Wireless networking.

Connecting AIR with external database

Is it possible to connect AIR application to the external database in MySQL technology?

Are you trying to connect to a MySQL database on a web server somewhere? If so, by far the easiest way to do so is to use some sort of application server layer (e.g. PHP, ColdFusion, Java) on the web server, and have the AIR application call the PHP (or whatever) code to get the data. That is the approach that all the links Greg has given you are talking about.
Of course, in order to make that work you need to know enough PHP/Java/ColdFusion to write that middle layer. In the example you're asking about, the information it wants to know is the name of the server that the MySQL database is running on, and the MySQL username and password for the MySQL account that your PHP code is supposed to use. There are tons of resources on the web for writing PHP code that accesses MySQL, so you'll find much more and better information in other places than what you'll find in the Adobe AIR forums.
However, maybe you want to have the MySQL server running directly on the user's computer rather than on a web server somewhere. In that case you would have a few options:
Run a web server and application server (e.g. Apache and PHP) on the user's computer and use those to connect between the AIR application and the MySQL server.
Write Java code to communicate between the MySQL server and the AIR app, and call that code using Merapi (http://merapiproject.net/)
Run the MySQL server on the user's computer and call the server directly from AIR using ActionScript. While there is no built-in support for MySQL in AIR, there is a third-party (open source) library for calling MySQL directly from ActionScript available here: http://code.google.com/p/assql/. I haven't tested it so I have no idea how complete it is, but it's a solution to consider.
However, in all three cases you're depending on some external pieces that have to be installed and loaded separate from your AIR application. (For instance, most users probably don't want a MySQL server running on their computer all the time if they aren't using your AIR app all the time -- so you'd want a way to start and stop the server, which also couldn't be done directly in AIR.) People do write applications that use external resources like this, but it's not the easiest thing to implement.
If you're really wanting to run the database locally, the best solution (assuming it works for your needs) is to use AIR's built in local SQL database engine (based on SQLite). If you've looked at that option already, and found that it doesn't work for you, I'd be interested to know more about what you're trying to accomplish that you can't accomplish with the AIR local database.

Connecting and Updating External Database from SAP

Connecting and Updating External Database from SAP
How can i connect SAP Database to External database?
How can i update external databas from SAP withouting using BI/BW, Workflow or Net Weaver?
If anyone know please let me inform.
Thanks in Advance.
Jahnavee Trivedi

Steps
1. Create an entry in tnsnames.ora for the remote oracle DB
2. Test sqlplus user/pass@remote
3. create a synonym which points to a table at remote DB check docs.oracle.com
4. user ABAP code execute SQL to insert data into local synonym which inturn updates the remote DB.
I have done this in the past, it works great.
It requries, DBA skills + ABAP programming
-AJ

Updating tables in external database

Is there a way to update tables in an external database using an HTML-DB process?
I want to make my "Apply Changes" button process script update an external table in database x.
Example:
update x.tracking_locations@x
set location = :P7_LOCATION,
description = :P7_DESCRIPTION,
IN_USE = :P7_IN_USE
where tracking_location_num = :P7_TRACKING_LOCATION_NUM;
I get the following error:
ORA-01461: can bind a LONG value only for insert into a LONG column ORA-02063: preceding line from x
None of these columns is type long! (they're varchar2)
Both databases are 9iR2.
I had a similar problem INSERTING the data (CREATE button) which I got around by posting to a table in my HTML-DB schema, inserting into the database x table as select from the HTML_DB table then deleting from the HTML-DB table all within the "on submit" process script.
example:
insert into tracking_locations
(DESCRIPTION, LOCATION,IN_USE)
values(:P7_DESCRIPTION,:P7_LOCATION,:P7_IN_USE);
insert into x.tracking_locations@x
(DESCRIPTION, LOCATION,IN_USE)
select description, location, 'Y' from tracking_locations;
delete from tracking_locations;
This INSERT trick works, but seems like it should be easier! Nevertheless, I can't get updates to work.
Any ideas?

hey tony--
neat issue. i just reproduced it on our development box and will log it in a minute. for now, though, an easier way to get around it would be to assign the values from your page items to local variables declared in your update procedure and use those local vars for your update. so instead of...
update x.tracking_locations@x
set location = :P7_LOCATION,
description = :P7_DESCRIPTION,
IN_USE = :P7_IN_USE
where tracking_location_num = :P7_TRACKING_LOCATION_NUM;
...you could set it up like so...
declare
l_location varchar2(200) default :P7_LOCATION;
l_description varchar2(200) default :P7_DESCRIPTION;
l_in_use default :P7_IN_USE;
begin
update x.tracking_locations@x
set location = l_location,
description = l_description,
in_use = l_in_use
where tracking_location_num = :P7_TRACKING_LOCATION_NUM;
end;
...and things should work fine. i'm also pretty sure that you could avoid having to declare the local variables if you referred to your items in your update statement using the v('ITEM_NAME') syntax, but you'd have to have global_names set to true and it might not be as performant a workaround.
hope this helps,
raj

How to Link to External Database

I can't figure out a good way to keep track of photos within Lightroom that I submit for contests, sales, etc. I could make comments in the caption metadata field, but that would mess up my caption field and is not that flexible. I could color code, but that's very limited. It seems like the ideal way would be to create an external database with something such as Microsoft Access. Using the Filename as the primary field, I would link it to additional fields, date submitted, where sent to, type (contest, stock sale, gift, etc.), price obtained, published date, etc. Then I could see the history of any given image, run queries for all images submitted to a particular place where amount is > $0, etc.
As this is just a hobby and the numbers are small, I could just enter all the data by hand, but if I ever enjoy a lot of commerical success it would be nice if the database integrated with Lightroom. Ideally the queries run would not only show the Filename, but also show photos, perhaps as a Collection in Lightroom. It seems there must be professionals that track such information. Perhaps there is a third party program that does this. I'd appreciate any suggestions.
Dan

I think Access would be better in the event a given photo is used multiple times. Suppose a particular photograph sold at iStockPhoto.com for $1 on 22 occasions, at a local gallery as a 5 x 7" print for $2 on 14 occasions, as an 8 x 10" print for $8 on 9 occasions, and on one's own web page for $3 on 9 occasions, plus published in Pop Photo on 4/17/03. To make custom fields in Lightroom would be onerous, and it couldn't do the math for you. In Access one could use one to many tables (tblPrintSize, tblWebSite, tblSellerType, etc.) to track this fairly easily. The only time consuming part would be entering each sale if one had a lot of them. Of course one could choose to enter quarterly or yearly sales instead if desired.
Queries and reports would show where one's income is derived, what formats sell best, etc. It might help in tax preparation.
This may be more power than professional photographers would ever want. It's probably a fantasy that won't come true that it will ever be an issue for me, but I like to be proactive on data management before it becomes unmanageable.

Local radius + mac-filter ?

Hi all,
could someone tell me how to configure a local radius plus mac-filter?
The config with the local radius is running perfekt, but I dont't know how to configure a filter addition ?
any ideas are welcome
Carsten

yes, you can do that, but you don't actually need those two first "authentication" commands. These two:
authentication open mac-address mac_methods eap EAP_LOCAL
authentication network-eap EAP_LOCAL mac-address mac_methods
will overwrite these two:
authentication open eap EAP_LOCAL
authentication network-eap EAP_LOCAL
so you'll just be left with:
dot11 ssid wlan-ap
authentication key-management wpa
authentication open mac-address mac_methods eap EAP_LOCAL
authentication network-eap EAP_LOCAL mac-address mac_methods
Yes, you can also use "dot11 association", but you'd have to keep track of your access-list 700 on each access-point independently for each client. With RADIUS-based MAC authentication you will have a centralized mac address database on the RADIUS server.
You can also do local AP RADIUS authentication for this too ("radius-server local")
By the way, it is recommended to use two separate RADIUS servers for EAP and for MAC authentication. For example, ACS for EAP and LOCAL for MAC. The problem with using the same RADIUS server is that a user can now do EAP authentication by supplying WLAN NIC's MAC address as username and password and both EAP and MAC auth will pass!!

Cross Reference within external Database using XREF API

Hi Experts,
Can we do Cross Reference within external Database using XREF API uses JDBC to access the Oracle Database Stored Procedures in SAP PI? How to use a JNDI Data source to access the DB and how to do the Connection Pooling will be done by the SAP J2EE server? Kindly let me know step by step proceedings.
Regards
Archana

Hello Archana,
It can be done with a Lookup call in a mapping.
Here's a little article about the topic in the SAP wiki:
http://wiki.sdn.sap.com/wiki/display/XI/HowtouseCrossReferencewithinexternal+Database
With kind regards
Sebastian

EAP-FAST on Local Radius Server : Can't Get It Working

Hi all
I'm using an 877w router (flash:c870-advsecurityk9-mz.124-24.T4.bin) as local radius server and have followed various config guides on CCO. LEAP works fine but I just can't get EAP-FAST to work.
I'm testing with win7 client using anyconnect secure mobility client, and also a mac book pro but without luck.
the router sees unknown auth type, and when I run some debugs it talks of unknown eap type 3
sh radius local-server s
Successes              : 1           Unknown usernames      : 0
Client blocks          : 0           Invalid passwords      : 0
Unknown NAS            : 0           Invalid packet from NAS: 17
NAS : 172.27.44.1
Successes              : 1           Unknown usernames      : 0
Client blocks          : 0           Invalid passwords      : 0
Corrupted packet       : 0           Unknown RADIUS message : 0
No username attribute : 0           Missing auth attribute : 0
Shared key mismatch    : 0           Invalid state attribute: 0
Unknown EAP message    : 0           Unknown EAP auth type : 17
Auto provision success : 0           Auto provision failure : 0
PAC refresh            : 0           Invalid PAC received   : 0
Can anyone suggest what I might be doing wrong?
Regs, Tim

Thanks Nicolas, relevant snippets from config:
aaa new-model
aaa group server radius rad_eap
server 172.27.44.1 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local
aaa session-id common
dot11 ssid home
vlan 3
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
ip dhcp pool home
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 194.74.65.68 194.74.65.69
ip inspect name ethernetin tcp
ip inspect name ethernetin udp
ip inspect name ethernetin pop3
ip inspect name ethernetin ssh
ip inspect name ethernetin dns
ip inspect name ethernetin ftp
ip inspect name ethernetin tftp
ip inspect name ethernetin smtp
ip inspect name ethernetin icmp
ip inspect name ethernetin telnet
interface Dot11Radio0
no ip address
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 2 mode ciphers aes-ccm tkip
encryption vlan 3 mode ciphers aes-ccm tkip
broadcast-key vlan 1 change 30
broadcast-key vlan 2 change 30
broadcast-key vlan 3 change 30
ssid home
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0.3
encapsulation dot1Q 3
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface Vlan3
no ip address
bridge-group 3
interface BVI3
ip address 192.168.1.1 255.255.255.0
ip inspect ethernetin in
ip nat inside
ip virtual-reassembly
radius-server local
no authentication mac
nas 172.27.44.1 key 0 123456
user test1 nthash 0 B151E8FF684B4F376C018E632A247D84
user test2 nthash 0 F2EEAE1D895645B819C9FD217D0CA1F9
user test3 nthash 0 0CB6948805F797BF2A82807973B89537
radius-server host 172.27.44.1 auth-port 1812 acct-port 1813 key 123456
radius-server vsa send accounting

ABAP report from fields connecting to an external database

Hi All,
The requirement is to connect some GL data with external audit data which is stored in an oracle database. These two table data has to be merged and a report has to be generated.
I heard we could connect to the external database from the R/3 4.7 version through DBconnect. Has anyone come across any such requirement and done a similar report, could you give me the inputs please.
regards
Girish

Questions like yours are best asked over at the webOS Developer's Forum. The Palm Support Community here is geared to answering end-user questions about devices, not programming information.
https://developer.palm.com/
WyreNut
I am a Volunteer here, not employed by HP.
You too can become an HP Expert! Details HERE!
If my post has helped you, click the Kudos Thumbs up!
If it solved your issue, Click the "Accept as Solution" button so others can benefit from the question you asked!

How to connect external database(Ex:SQL Server/Tivoli) from ABAP Webdynpro

Hi,
Any one have idea how to connect external database like SQL Server/Tivoli to access tables from WebDynPro ABAP.
Please point to me some links if you have
Thanks
Praveen

Hi,
Please check out this link -
FETCH DATA FROM ORACLE DATABASE USING Web Dynpro
Regards,
Lekha.

How to access tables/views of an external database provider..

After much trouble I finally managed to setup a second Database Provider that doesn't display the "0 out of 0 connections are good" error by filling in the "Configuration Class" field with "intradoc.server.DbProviderConfig".
But now the problem is actually accessing the tables/views in my newly configured external database provider...
In the Configuration Manager applet when I try to add a new Table or View it only lists the tables contained in the schema of the SystemDatabase database provider (the original one), I've tried running Queries via components trying stuff like SELECT * FROM provider_name.table_name and other similar but obviously it doesn't work...
So... with that said, I just want to know how I access tables or views in my "supposedly" well conected (15 out of 15 connections are good, no errors on the Test Query) Oracle external Database Provider - After searching I was unable to find any information regading any post-provider-setup actions in the Content Server documentation - Does anyone know how to do this?
On a side note, if the database is SQLServer instead of Oracle, with the same configuration and apparently no errors on the database side (other clients access it well) the Query Test of the new database provider returns the following error:
"The provider 'TestSqlSrv' is in error. Unable to create database connection for JDBC:ODBC:SqlSrv. Unable to create result set for query 'select * from dummy'. Invalid Fetch Size Unable to create result set for query 'select * from dummy'. Invalid Fetch Size java.sql.SQLException: Invalid Fetch Size".But I won't even go there yet.... for now I would settle with just knowing how to reference information in the Oracle external database provider...
Message was edited by:
user602700

if you are able to, pick up Bex Huff's book the Definitive Guite to Stellent Content Server Development (amazon link: http://www.amazon.com/Definitive-Stellent-Content-Server-Development/dp/1590596846/ref=sr_1_1?ie=UTF8&s=books&qid=1196365101&sr=8-1)
chapter 11 is all about this.

EAP-FAST with local radius on 1242AG

I'm trying to get EAP-FAST working using the local radius server on a 1242AG autonomous AP using the latest firmware from Cisco. The cypher I'm using is CCMP. LEAP works fine with all my clients, however if I move to EAP-FAST in the radius config my clients fail to authenticate
I know I need to set PAC to automatic somewhere, but the EAP-FAST configuration in the 1242AG GUI doesn't make this clear what to do.
Any help or a basic example you be great.
thanks,
Simon

I think this is what you're looking for;
Local EAP Authentication on the Wireless LAN Controller with EAP-FAST and LDAP Server Configuration Example
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml
HTH
Regards,
Jatin
Do rate helpful posts~

Local RADIUS trusting external database

Similar Messages

Maybe you are looking for