Showing results for 
Search instead for 
Did you mean: 

EAP_chaining - ISE 1.4 - anyconnect 3.1.11004 issue

Level 1
Level 1

Hi all

I am trying to deploy a new eap chaining authentication for machine and user authentication with certificate.


Tunnel EAP_FAST and authentication EAP_TLS


I would like to perform 4 policies:

Machine and user has the certificate: It is working

Machine has the certificate and user not: It is ok.

Machine not have certificate and user has the cert. It is working too.


But when machine and user not have the certificate, anyconnect is trying EAP_PEAP.

My profile is not set to use EAP_PEAP.


11001  Received RADIUS Access-Request
11017  RADIUS created a new session
15049  Evaluating Policy Group
15008  Evaluating Service Selection Policy
15048  Queried PIP - DEVICE.Wired
15048  Queried PIP - Radius.Service-Type
15048  Queried PIP - Radius.NAS-Port-Type
15004  Matched rule - wired_test
11507  Extracted EAP-Response/Identity
12100  Prepared EAP-Request proposing EAP-FAST with challenge
12625  Valid EAP-Key-Name attribute received
11006  Returned RADIUS Access-Challenge
11001  Received RADIUS Access-Request
11018  RADIUS is re-using an existing session
12301  Extracted EAP-Response/NAK requesting to use PEAP instead
12303  Failed to negotiate EAP because PEAP not allowed in the Allowed Protocols
11504  Prepared EAP-Failure
11003  Returned RADIUS Access-Reject  


Do you have any idea about it ?







1 Reply 1

Cisco Employee
Cisco Employee

Can you post screen shots of the NAM profile?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: