02-20-2018 03:30 AM - edited 02-21-2020 10:46 AM
We have a corporate Wireless network With 802.1x authentication. The AAA-server is an ACS1121 running 5-6-0-22-7 (latest patch for ver 5.6). I am trying to configure a HP Laserjet MFP M477 to get authenticated using AD username and password. I have done this before and it did work. However, I'm unable to get this printer authenticated. The error Message from the ACS is "12851 Received unexpected EAP NAK message. Client rejected the conversation". There's not many options to configure on the printer, I am enclosing the config-screen.
More info about the error Message; "ACS expects for regular conversation continuation but client sent outer EAP method NAK message. It means that client rejected conversation for some reason that is unknown to ACS. Known issue: CSSC 5.1.1.10 sends outer EAP method NAK during EAP-FAST/EAP-GTC conversation to reject the conversation according to input of the user".
If I enable only EAP-TLS instead of PEAP the ACS reports The supplicant of the client sent an EAP-Response/NAK packet rejecting the previously-proposed EAP-based protocol, and requesting to use EAP-TLS instead. However, EAP-TLS is not allowed in the Allowed Protocols section of the relevant Access Service.". However, I checked the access service, and TLS is enabled (see ACS.png).
Solved! Go to Solution.
12-03-2019 06:46 AM
Hi.
I don't know if you found a solution for this, but I think you need to install a root ca when using PEAP. Same as with EAP-TLS
Username and password only is not enough.
If you want to use username / password only, you need to choose MD5 as authentication protocol.
03-20-2019 07:46 AM
Does anyone have a solution?
12-03-2019 06:46 AM
Hi.
I don't know if you found a solution for this, but I think you need to install a root ca when using PEAP. Same as with EAP-TLS
Username and password only is not enough.
If you want to use username / password only, you need to choose MD5 as authentication protocol.
04-02-2021 01:03 PM - edited 03-17-2022 05:40 PM
Has anyone actually resolve this problem? I've tried a few different settings now and installed the root ca but still no luck.
**Update**
we finally got ours to work after upgrading our cisco ise servers.
04-07-2021 01:51 AM
As Dal said you have to install root ca. It was solution for me
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide