Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1699
Views
0
Helpful
2
Replies

ISE 1.2 and EAP-MD5

Mikael Gustafsson
Level 5
Level 5

‎10-13-2013 09:27 PM - edited ‎03-10-2019 08:59 PM

Hi,

I have HP procurve switches that need to get authenticated with EAP-MD5 but I cant get it to work in ISE 1.2 with patch 2.

We have tried all combination for EAP-MD5 in allowed protocols but get the same message when trying to authenticate.

The ISE deployemnt do not run in FIPS-140 2 mode.

And when using the switch with NPS we get this to work, so switch configuration is ok.

Failure Reason:  12003 Failed to negotiate EAP because EAP-MD5 not allowed in the Allowed Protocols


Resolution: Ensure that the EAP-MD5 protocol is allowed by ISE in Allowed Protocols.


Root cause :The client's supplicant sent an EAP-Response/NAK packet rejecting the previously-proposed EAP-based protocol, and requesting to use EAP-MD5 instead. However, EAP-MD5 is not allowed in Allowed Protocols.

Any thoughts on this?

Cheers

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎10-13-2013 10:02 PM

Choose Policy > Policy Elements > Results >Authentication > Allowed Protocols

Select EAP-MD5—Check the Allow EAP-MD5 check box and check Detect EAP-MD5 as Host Lookup check box.

.

Save the Allowed Protocol service.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Mikael Gustafsson
Level 5
Level 5
In response to Jatin Katyal

‎10-13-2013 10:41 PM

Hi,

I forgot to say that its username and password configured on the swicthes, not MAB.

Cheers

0 Helpful
Customers Also Viewed These Support Documents