The WiSM log shows many messages similar to “Unable to delete username anonymous for mobile xx:xx:xx:xx:xx:xx” while some wireless clients (especially those authenticated by Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling [EAP-FAST]) fail in their authentication. Why?
The WiSM log shows many messages similar to “Unable to delete username anonymous for mobile xx:xx:xx:xx:xx:xx” while some wireless clients (especially those authenticated by Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling [EAP-FAST]) fail in their authentication. Why?
A. Authentication methods like EAP-FAST undergo two phases of authentication. In phase 1, the client and authentication, authorization, and accounting (AAA) server use Protected Access Credential (PAC) to authenticate each other and establish a mutually authenticated tunnel. This PAC is provisioned and managed dynamically by EAP-FAST through the AAA server. In other words, the first phase of authentication uses generic anonymous external identity in order to establish the tunnel. In phase 2, client authentication is done in the established tunnel. The client sends the original username and password to authenticate and establish a client authorization policy. As this authentication method hides the original user name at the first phase of authentication, the controller does not have a way to add the correct username to the authenticated user list. So the controller uses the anonymous username. The reason you see this error message might be due to Cisco bug ID CSCse53024 ( registered cus
Related Questions
- When Im using my emulator, I dont see my regular logon prompt the screen is blank or only shows portions of some logon messages. How do I log onto my host?
- Do I use the same log on credentials (Username, Password and Security Key) for HSBCs Mobile Banking that I use for the Personal Internet Banking?
- Can I change my log on credentials (Username, Password and/or Security Key) in Mobile Banking?
