Hi, > - each user performing 7 authentications during EAP negotiation ummm, why? with correctly configured server and 'protection' of the authentication type, you should only hit your authentication server just once inside the EAP tunnel when the identity is set/known. alan