Local EAP is an authentication method that allows users and wireless clients to be authenticated locally. It is designed for use in remote offices that want to maintain connectivity to wireless clients when the backend system is disrupted or the external authentication server is unavailable. When you enable local EAP, your device serves as the authentication server and the local user database, which removes dependence on an external authentication server. Local EAP retrieves user credentials from the local user database or the LDAP backend database to authenticate users.

Local EAP supports LEAP, EAP-FAST, EAP-TLS, P EAPv0/MSCHAPv2, and PEAPv1/GTC authentication between the device and wireless clients.

1. In the Local EAP Profilestab, click Add.
2. In the Create Local EAP Profiles window that is displayed, enter a profile name.
3. Check the LEAP, EAP-FAST, EAP-TLS, and/or PEAP check boxes to specify the EAP type that can be used for local authentication.
4. Choose a trust point you want to associate with the EAP-FAST, EAP-TLS, and/or PEAP profiles.
5. Click Save & Apply to Device.

1. In the EAP-FAST Parameters tab, click Add.
2. In the Create EAP-FAST Parameters window that is displayed, enter a profile name.
3. Specify a server key (in hexadecimal characters) used to encrypt and decrypt certificates. Confirm the server key again.
4. In the Time to Live field, specify the time, in seconds, for the certificate to remain viable. The valid range is 1 to 1000 days, and the default setting is 10 days.
5. In the Authority ID field, enter the authority identifier of the local EAP-FAST server in hexadecimal characters. You can enter up to 32 hexadecimal characters, but you must enter an even number of characters.
6. In the Authority ID Information field, enter the authority identifier of the local EAP-FAST server in text format.
7. Enter a description.
8. Click Save & Apply to Device.