This problem was first seen with CiscoSecure ACS for Windows version 3.2(1.20). This issue occurs due to the presence of Cisco bug ID CSCec26584.
CiscoSecure ACS for Windows currently supports EAP for only four RADIUS types (Internet Engineering Task Force [IETF], Cisco IOS /PIX Firewall, Cisco VPN 3000, and Cisco Aironet). The only way to add EAP support for other RADIUS types is through the registry.
When an imported RADIUS Vendor-specific Attribute (VSA) is used as the Network Access Server (NAS) type for 802.1x, EAP requests are rejected. The CiscoSecure ACS for Windows logs show that there is no association between X vendor and the GenericEAP.dll.
As a workaround, verify that the IETF RADIUS NAS type is used. If so, everything works fine. If it is not used, create an association in the CiscoSecure ACS for Windows registry between the NAS vendor and the Generic EAP.dll, as such: