I can get EAP-LEAP to work fine using the access point as the authenticator and I can get EAP-FAST to work using Cisco Secure as the authenticator.
I cannot get EAP-FAST to work using the access point as the authenticator.
I am using the latest IOS (Version 12.3(2)JA)
I get the following output from a "debug radius local-server eapfast events"
(XXXX.XXXX.XXXX = MAC Address)
Radius server TEAP events debugging is on Local_Authentication#
*Mar 1 00:38:37.465: RADSRV EAP-FAST: Add teap client XXXX.XXXX.XXXX *Mar 1 00:38:37.465: RADSRV EAP-FAST: Sending TEAP start *Mar 1 00:38:39.195: RADSRV EAP-FAST: verify client_hello *Mar 1 00:38:39.195: RADSRV EAP-FAST: Build (provision) Server Hello, XXXX.XXXX.XXXX *Mar 1 00:38:39.195: RADSRV EAP-FAST: Calculting DH Server public.. XXXX.XXXX.XXXX *Mar 1 00:38:39.526: RADSRV EAP-FAST: DH public number generation failed *Mar 1 00:38:39.526: RADSRV EAP-FAST: Sending Server Hello, XXXX.XXXX.XXXX *Mar 1 00:38:39.879: RADSRV EAP-FAST: verify client_finished, XXXX.XXXX.XXXX *Mar 1 00:38:39.879: RADSRV EAP-FAST: Calculting premaster secret.. *Mar 1 00:38:40.297: RADSRV EAP-FAST: Calculating Master secret... *Mar 1 00:38:40.302: RADSRV EAP-FAST: Build Server Finished, XXXX.XXXX.XXXX *Mar 1 00:38:40.302: RADSRV EAP-FAST: Sending Server Finished, XXXX.XXXX.XXXX *Mar 1 00:38:40.307: RADSRV EAP-FAST: Verify Client ACK *Mar 1 00:38:40.307: RADSRV EAP-FAST: Build Tunnel ID request *Mar 1 00:38:40.308: RADSRV EAP-FAST: Sending Tunnel ID req *Mar 1 00:38:40.312: RADSRV EAP-FAST: verify Tunnel ID response, XXXX.XXXX.XXXX *Mar 1 00:38:40.312: RADSRV EAP-FAST: missing EAP TLV, XXXX.XXXX.XXXX *Mar 1 00:38:40.312: RADSRV EAP-FAST: sending alert level 2, desc 40 *Mar 1 00:38:55.312: RADSRV EAP-FAST: Timer expired, teap client XXXX.XXXX.XXXX *Mar 1 00:38:55.312: RADSRV EAP-FAST: Delete teap client XXXX.XXXX.XXXX Drop the ZZZ to replyCheers ...