cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1729
Views
5
Helpful
2
Replies

IPhones problem with ISE authentication

Hi all,

I have a problem with iphones about authenticating them against ISE. I have recently deployed wireless with Mobility Express Access Points. I have created several SSIDs one for corporate computers for authenticating using Chaining and another for mobile phones just with enterprise authentication. The problem is Androids pass authentication successfully but Apple devices not. I see in ISE strange error. Below you can see it as well. I was going to open TAC case but thought to ask from the forum beforehand.

Capture.JPG

I am not sure why IPhones try to authenticate using EAP-Fast isntead of PEAP. 

Hope someone will help.

Thanks in advance!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Surendra
Cisco Employee

Looks like your IPhones are not configured to send crypto binding TLV. Suggest you to check the EAP-FAST settings on the IPhone. If you have provisioned the settings through apple configurator 2, please send the screenshots of the profile as well. If you think that your IPhone is supposed to do PEAP and not EAP-FAST, then it definitely is a configuration issue on the IPhone.

View solution in original post

Yes, that is surely configuration error of Apple devices. Unfortunately, I do not have MAC in hand so that I will use configurator. Instead I created separate Policy Set with condition of particular SSID which accepts only PEAP in allowed protocols. In that way I could force Iphones use PEAP not EAP-FAST. Sometimes just posting question here makes me find solution :) Thanks anyway

View solution in original post

2 REPLIES 2
Surendra
Cisco Employee

Looks like your IPhones are not configured to send crypto binding TLV. Suggest you to check the EAP-FAST settings on the IPhone. If you have provisioned the settings through apple configurator 2, please send the screenshots of the profile as well. If you think that your IPhone is supposed to do PEAP and not EAP-FAST, then it definitely is a configuration issue on the IPhone.

Yes, that is surely configuration error of Apple devices. Unfortunately, I do not have MAC in hand so that I will use configurator. Instead I created separate Policy Set with condition of particular SSID which accepts only PEAP in allowed protocols. In that way I could force Iphones use PEAP not EAP-FAST. Sometimes just posting question here makes me find solution :) Thanks anyway

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube