6 Nov
2015
6 Nov
'15
6:03 p.m.
hi, your server is configured to use md5 as the initial EAP method. do you use MD5 ...at all? I would suggest that you change that to PEAP to 1) improve performance and 2) to deal with clients that dont like the NAK and fall-through to peap.. secondly, the debug shows the client timing out due to not liking the RADIUS server cert....ensure your clients are properly configured and know/trust the CA of the RADIUS server and the commonname in the server cert of the RADIUS server sort those 2 bits out, then see behaviour... its very likely that the EAP failure is causing some other kit in the chain (eg access point or wireless controller for example) to block the EAP for XX seconds due to repeated failures. alan