03-29-2019 03:53 AM - edited 04-01-2019 02:28 AM
Hi,
I recently set up a Cisco ISE 2.4 install for my company. We are using Cisco Anyconnect 4.7 (with NAM component) on WIndows10.
PEAP(EAP-MSCHAPv2) and EAP-TLS are working well but if I try to use EAP-FAST(EAP-MSCHAPv2) it fails. I tried with User Auth only and with Eap-Chaining but both failed. I keep having the following error message:
"12116 Client sent Result TLV indicating failure"
Did you allready meet this issue ?
Regards.
Solved! Go to Solution.
03-30-2019 02:54 PM
CSCvm03681 most likely. See
The other bug is for network devices (e.g. a Cisco IOS switch) to retrieve TrustSec policies from ISE.
03-29-2019 05:49 AM
03-29-2019 06:33 AM
Hi Mike,
I used the NAM profile editor and made this configuration, I use PACs:
The EAP-FAST configuration is the following (I enabled "pac-less resume" but I do not think I need it):
The logs from the NAD are not very handy, here is the switch output:
Mar 29 14:26:20 GMT: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (XXXX.XXXX.XXXX) with reason (Cred Fail) on Interface Gi1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E Mar 29 14:26:27 GMT: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (XXXX.XXXX.XXXX) with reason (Cred Fail) on Interface Gi1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E Mar 29 14:26:35 GMT: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (XXXX.XXXX.XXXX) with reason (Cred Fail) on Interface Gi1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E Mar 29 14:26:35 GMT: %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (XXXX.XXXX.XXXX) on Interface GigabitEthernet1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E. Failure reason: Authc fail. Authc failure reason: Cred Fail.
Regards.
03-29-2019 07:18 AM
03-29-2019 08:50 AM
Mike,
03-29-2019 09:21 AM
03-30-2019 02:54 PM
CSCvm03681 most likely. See
The other bug is for network devices (e.g. a Cisco IOS switch) to retrieve TrustSec policies from ISE.
04-01-2019 02:27 AM
Hi Mike, Hslai,
After upgrading to 2.4 Patch 6, EAP-Fast and EAP-Chaining are now working well.
Thank you for your help.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide