User tries to do EAP Chaining with PEAP but this is not working. How can we make this work?
EAP chaining works with EAP-FAST and does not work with PEAP. It will be a bit more complex than using PEAP as we will be using EAP-FAST, EAP-MS-CHAPv2 and EAP-TLS. EAP Chaining requires both a supplicant on the client device and a RADIUS server that support the technology.
In Cisco ISE, Release 1.1.1, Extensible Authentication Protocol (EAP) chaining solution allows you to authenticate both the machine and user in the same EAP-FAST authentication in a configurable order. When an EAP-FAST authentication result is determined, Cisco ISE allows you to apply an authorization policy, depending on the result of both authentications. When EAP chaining is turned off, Cisco ISE performs the usual EAP-FAST authentication.