Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE 1.2 and EAP-MD5

Hi,

I have HP procurve switches that need to get authenticated with EAP-MD5 but I cant get it to work in ISE 1.2 with patch 2.

We have tried all combination for EAP-MD5 in allowed protocols but get the same message when trying to authenticate.

The ISE deployemnt do not run in FIPS-140 2 mode.

And when using the switch with NPS we get this to work, so switch configuration is ok.

Failure Reason:  12003 Failed to negotiate EAP because EAP-MD5 not allowed in the Allowed Protocols


Resolution: Ensure that the EAP-MD5 protocol is allowed by ISE in Allowed Protocols.


Root cause :The client's supplicant sent an EAP-Response/NAK packet rejecting the previously-proposed EAP-based protocol, and requesting to use EAP-MD5 instead. However, EAP-MD5 is not allowed in Allowed Protocols.

Any thoughts on this?

Cheers

Everyone's tags (2)
2 REPLIES
Cisco Employee

ISE 1.2 and EAP-MD5

Choose Policy > Policy Elements > Results >Authentication > Allowed Protocols

Select EAP-MD5—Check the Allow EAP-MD5 check box and check Detect EAP-MD5 as Host Lookup check box.

.

Save the Allowed Protocol service.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

ISE 1.2 and EAP-MD5

Hi,

I forgot to say that its username and password configured on the swicthes, not MAB.

Cheers

543
Views
0
Helpful
2
Replies
CreatePlease to create content