cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2774
Views
5
Helpful
2
Replies

IPhones problem with ISE authentication

Hi all,

I have a problem with iphones about authenticating them against ISE. I have recently deployed wireless with Mobility Express Access Points. I have created several SSIDs one for corporate computers for authenticating using Chaining and another for mobile phones just with enterprise authentication. The problem is Androids pass authentication successfully but Apple devices not. I see in ISE strange error. Below you can see it as well. I was going to open TAC case but thought to ask from the forum beforehand.

Capture.JPG

I am not sure why IPhones try to authenticate using EAP-Fast isntead of PEAP. 

Hope someone will help.

Thanks in advance!

2 Accepted Solutions

Accepted Solutions

Surendra
Cisco Employee
Cisco Employee
Looks like your IPhones are not configured to send crypto binding TLV. Suggest you to check the EAP-FAST settings on the IPhone. If you have provisioned the settings through apple configurator 2, please send the screenshots of the profile as well. If you think that your IPhone is supposed to do PEAP and not EAP-FAST, then it definitely is a configuration issue on the IPhone.

View solution in original post

Yes, that is surely configuration error of Apple devices. Unfortunately, I do not have MAC in hand so that I will use configurator. Instead I created separate Policy Set with condition of particular SSID which accepts only PEAP in allowed protocols. In that way I could force Iphones use PEAP not EAP-FAST. Sometimes just posting question here makes me find solution :) Thanks anyway

View solution in original post

2 Replies 2

Surendra
Cisco Employee
Cisco Employee
Looks like your IPhones are not configured to send crypto binding TLV. Suggest you to check the EAP-FAST settings on the IPhone. If you have provisioned the settings through apple configurator 2, please send the screenshots of the profile as well. If you think that your IPhone is supposed to do PEAP and not EAP-FAST, then it definitely is a configuration issue on the IPhone.

Yes, that is surely configuration error of Apple devices. Unfortunately, I do not have MAC in hand so that I will use configurator. Instead I created separate Policy Set with condition of particular SSID which accepts only PEAP in allowed protocols. In that way I could force Iphones use PEAP not EAP-FAST. Sometimes just posting question here makes me find solution :) Thanks anyway

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: