ACS v5.1 - EAP-TLS not allowed under PEAP?

Unanswered Question

Hello again!


As mentioned in another post here, I'm trying to set up both machine authentication and user authentication. But I'm puzzled by one of the Failure Reasons ACS gives me:


Failure Reason :



12752 Failed to negotiate EAP for inner method because EAP-TLS not allowed under PEAP configuration in Access Service.


"The client's supplicant sent an EAP-Response/NAK packet rejecting the  EAP-based protocol that was previously proposed for the inner method,  and requested to use EAP-TLS instead. However, ACS does not allow  EAP-TLS under PEAP configuration in the Allowed Protocols section of the  corresponding Access Service."


Resolution Steps


"Ensure  that the EAP-TLS protocol is allowed by ACS under PEAP configuration in  the Allowed Protocols section of the relevant Access Service."

The problem is; how do I turn on EAP-TLS under Peap? I'm not able to find any place where I can do that. Sure, I can enable PEAP, but there are no EAP-TLS choice under there, just MS-CHAP v2 and GTC.

Any tips?

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Tue, 09/14/2010 - 10:59
User Badges:
  • Gold, 750 points or more

ACS v5.1 does not support EAP-TLS.

In v5.0, you can see only PEAP with MSCHAPv2 is supported in the link below.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/migrate.html#wp1052549


In ACS5.1, PEAP with GTC is added.

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp113551


I did not see EAP-TLS is in ACS 5.1.

Actions

This Discussion