cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

968
Views
0
Helpful
2
Replies
Highlighted
Beginner

PEAP TLS Wired

Hi guys

I have a big problem in my envirenment.

I installed Cisco ise 2.7 and upgarded to patch2.

my scenario is peap tls. our clients are non domain join so users login locally.(windows 10)

we have a windows certificate server that generate certficate for users and users installed it on his certificate store.

other methods such as PEAP mschapv2-EAPFast works but PEAPTLS and EAPTLS dosent work.

after configure windows native supplicant for user authentication we get this error in ise:

Endpoint abandoned EAP session and started new
 
Also I migrated to use cisco anyconnect with peaptls but i got below error during authtication
cisco anyconnect no valid certificates available. please insert a smart card
 

 

2 REPLIES 2
Highlighted
Cisco Employee

Re: PEAP TLS Wired

It sounds like you're trying to use a certificate for 802.1x on a client that either does not have the correct certificate requirements or for which the client does not have the private key. The supplicant (native or AnyConnect NAM) will not present a certificate for 802.1x if that certificate does not meet the requirements or the client does not have the private key.

See the following link for some info on minimum certificate requirements:

Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS 

 

Highlighted
Beginner

Re: PEAP TLS Wired

I met all the requirements but I get below error

5440 Endpoint abandoned EAP session and started new

after almost 2 minutes I get below error

12942 Supplicant stopped responding to ISE during conducting inner EAP-TLS method

 

My user has client authentication purpose certificate and ise has server authetication purpose certificate

I have a user with name ise and below certificate (Attachments)

Windows event viewer error is attached