Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
dal
Community Member

ACS v5.1 - EAP-TLS not allowed under PEAP?

Hello again!

As mentioned in another post here, I'm trying to set up both machine authentication and user authentication. But I'm puzzled by one of the Failure Reasons ACS gives me:

Failure Reason :

12752 Failed to negotiate EAP for inner method because EAP-TLS not allowed under PEAP configuration in Access Service.

"The client's supplicant sent an EAP-Response/NAK packet rejecting the  EAP-based protocol that was previously proposed for the inner method,  and requested to use EAP-TLS instead. However, ACS does not allow  EAP-TLS under PEAP configuration in the Allowed Protocols section of the  corresponding Access Service."


Resolution Steps

"Ensure  that the EAP-TLS protocol is allowed by ACS under PEAP configuration in  the Allowed Protocols section of the relevant Access Service."

The problem is; how do I turn on EAP-TLS under Peap? I'm not able to find any place where I can do that. Sure, I can enable PEAP, but there are no EAP-TLS choice under there, just MS-CHAP v2 and GTC.

Any tips?

Thank you.

2 REPLIES

Re: ACS v5.1 - EAP-TLS not allowed under PEAP?

ACS v5.1 does not support EAP-TLS.

In v5.0, you can see only PEAP with MSCHAPv2 is supported in the link below.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.0/user/guide/migrate.html#wp1052549

In ACS5.1, PEAP with GTC is added.

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/release/notes/acs_51_rn.html#wp113551

I did not see EAP-TLS is in ACS 5.1.

dal
Community Member

Re: ACS v5.1 - EAP-TLS not allowed under PEAP?

Hi, and thanks for answering.

Yes, there seems to be a lot missing in this peace of software, I'm *this* close to letting it go, and find another RADIUS server to use.

1233
Views
0
Helpful
2
Replies
CreatePlease to create content