https://community.cisco.com/t5/network-access-control/quot-peap-inner-methods-quot-in-ise/m-p/4917510#M583900 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/462631">@JustTakeTheFirstStep</a>&nbsp;- PEAP uses an outer TLS tunnel in which the "inner" methods are transported - e.g. MSChap-v2 and also, EAP-TLS. But I have not seen Windows supplicants using EAP-TLS as the inner method when EAP-PEAP is chosen during a connection to an SSID. But when you manually configure the WLAN, EAP-TLS is an option, as shown below from Windows 11.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PEAP.png" style="width: 534px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/196131iD7F18F62F85C0F46/image-size/large?v=v2&amp;px=999" role="button" title="PEAP.png" alt="PEAP.png" /></span></P> <P>&nbsp;</P> Mon, 04 Sep 2023 20:53:03 GMT Arne Bier 2023-09-04T20:53:03Z https://community.cisco.com/t5/network-access-control/quot-peap-inner-methods-quot-in-ise/m-p/4917185#M583893 <P>The PC attempts to connect wirelessly using PEAP-MSCHAPv2.</P> <P>However, if you check the failure log in ISE, the authentication protocol is EAP-TLS.</P> <P>Does it have something to do with EAP-TLS in PEAP Methods being allowed in ISE?</P> <P>What are the risks of unchecking EAP-TLS?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tls2.png" style="width: 652px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/196099i5AB5E227030EA7F7/image-size/large?v=v2&amp;px=999" role="button" title="tls2.png" alt="tls2.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tls.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/196098i537FAA13230C94D8/image-size/large?v=v2&amp;px=999" role="button" title="tls.png" alt="tls.png" /></span></P> Mon, 04 Sep 2023 12:18:32 GMT https://community.cisco.com/t5/network-access-control/quot-peap-inner-methods-quot-in-ise/m-p/4917185#M583893 JustTakeTheFirstStep 2023-09-04T12:18:32Z https://community.cisco.com/t5/network-access-control/quot-peap-inner-methods-quot-in-ise/m-p/4917510#M583900 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/462631">@JustTakeTheFirstStep</a>&nbsp;- PEAP uses an outer TLS tunnel in which the "inner" methods are transported - e.g. MSChap-v2 and also, EAP-TLS. But I have not seen Windows supplicants using EAP-TLS as the inner method when EAP-PEAP is chosen during a connection to an SSID. But when you manually configure the WLAN, EAP-TLS is an option, as shown below from Windows 11.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PEAP.png" style="width: 534px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/196131iD7F18F62F85C0F46/image-size/large?v=v2&amp;px=999" role="button" title="PEAP.png" alt="PEAP.png" /></span></P> <P>&nbsp;</P> Mon, 04 Sep 2023 20:53:03 GMT https://community.cisco.com/t5/network-access-control/quot-peap-inner-methods-quot-in-ise/m-p/4917510#M583900 Arne Bier 2023-09-04T20:53:03Z