Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1988
Views
0
Helpful
3
Replies

ACS 5.6 with PEAP-GTC: Unsupported EAP Type?

Alex Kitaichik
Level 1
Level 1

‎03-25-2015 06:32 AM - edited ‎03-10-2019 10:35 PM

Hello everybody,

 

I've ran into strange issue - PEAP-GTC is enabled on my ACS 5.6 box (under "allowed protocols" obviously), but the moment an Android phone is trying to authenticate using it, the phone got rejected and ACS log says: "Extracted EAP-Response/NAK packet requesting to use unsupported EAP protocol; EAP negotiation failed".

 

Could it be that ACS 5.6 isn't fully supports PEAP-GTC?

Labels:
0 Helpful
3 Replies 3

jan.nielsen
Level 7
Level 7

‎03-25-2015 09:48 AM

Is GTC the only thing you have in your allowed protocol definition ?

0 Helpful

Alex Kitaichik
Level 1
Level 1
In response to jan.nielsen

‎03-25-2015 11:17 AM

Hello jan.nielsen,

and thank you for replying.

In fact, we have all the protocols allowed. We already successfully got this phone authenticated with many additional EAP flavors. It's just the GTC gives that strange message.

0 Helpful

Alex Kitaichik
Level 1
Level 1
In response to Alex Kitaichik

‎04-01-2015 01:22 AM

OK, there's an update to that issue which might be helpful for figuring this thing out. I'll post here a question (I've posted on bug toolkit - support forum page) after trying to authenticate to the same ACS 5.6 with PEAP-HTC using Windows 7 PC (instead of the Androd phone) using Cisco's AnyConnect Secure Mobility Client:

 

CSCty91667 - Can this bug affect ACS 5.6.0.22?

-------------------------------------------------------------------------

Hello everybody,

 

I ran exactly into behavior described by this bug.

I my case, I'm using ACS 5.6.0.22 newly installed (and therefore almost empty). The only rule is for authenticating a standalone Cisco AP and the only user authenticating is my Windows 7 PC using Cisco's "AnyConnect Mobile Secure Client 3.1.07021'. The user repository is 'local users' and there's only 1 user for testing. I'm using PEAP-GTC.

PEAP-GTC is enabled under 'allowed protocols' and recognized as such in each and every log entry. The error basically goes as following:

 

...
toward the end
12624 EAP-GTC authentication attempt passed
11519 Prepared EAP-Success for inner EAP method
12314 PEAP inner method finished succesfully
...
12323 PEAP cryptobinding verification failed
12307 PEAP authentication failed
...

 

What's going on? May CSCty91667 affect ACS 5.6 also?

0 Helpful
Customers Also Viewed These Support Documents