01-26-2024 05:32 AM
We have successfully deployed the TEAP policy using Cisco's documentation . The challenge seems to be that the Machine Compliant policy is the only hit we are getting. Never hits the Fully Compliant policy.
We are seeing this in the log - any ideas on what to look for?
11627 | Starting EAP chaining | |
11573 | Selected identity type 'User' | |
11564 | TEAP inner method started | |
11521 | Prepared EAP-Request/Identity for inner EAP method | |
11596 | Prepared EAP-Request with another TEAP challenge | |
11006 | Returned RADIUS Access-Challenge | |
11001 | Received RADIUS Access-Request | |
11018 | RADIUS is re-using an existing session | |
11595 | Extracted EAP-Response containing TEAP challenge-response | |
11567 | Identity type provided by client is equal to requested | |
11522 | Extracted EAP-Response/Identity for inner EAP method | |
11806 | Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge | |
11596 | Prepared EAP-Request with another TEAP challenge | |
11006 | Returned RADIUS Access-Challenge | |
11001 | Received RADIUS Access-Request | |
11018 | RADIUS is re-using an existing session | |
11595 | Extracted EAP-Response containing TEAP challenge-response | |
11515 | Supplicant declined inner EAP method selected by Authentication Policy but did not proposed another one; inner EAP negotiation failed | |
11520 | Prepared EAP-Failure for inner EAP method | |
11566 | TEAP inner method finished with failure | |
22028 | Authentication failed and the advanced options are ignored |
01-26-2024 09:36 AM
Yes, but if the cert has multiple, and maybe the one that ISE picks doesn't match the identity on the AD. To avoid this, you can select the right attribute manually in the certificate authentication profile and see if that fixes the issue.
08-11-2024 01:02 AM
did you solve this problem?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide