03-29-2019 03:53 AM - edited 04-01-2019 02:28 AM
Hi,
I recently set up a Cisco ISE 2.4 install for my company. We are using Cisco Anyconnect 4.7 (with NAM component) on WIndows10.
PEAP(EAP-MSCHAPv2) and EAP-TLS are working well but if I try to use EAP-FAST(EAP-MSCHAPv2) it fails. I tried with User Auth only and with Eap-Chaining but both failed. I keep having the following error message:
"12116 Client sent Result TLV indicating failure"
Did you allready meet this issue ?
Regards.
Solved! Go to Solution.
03-30-2019 02:54 PM
CSCvm03681 most likely. See
The other bug is for network devices (e.g. a Cisco IOS switch) to retrieve TrustSec policies from ISE.
03-29-2019 05:49 AM
03-29-2019 06:33 AM
Hi Mike,
I used the NAM profile editor and made this configuration, I use PACs:
The EAP-FAST configuration is the following (I enabled "pac-less resume" but I do not think I need it):
The logs from the NAD are not very handy, here is the switch output:
Mar 29 14:26:20 GMT: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (XXXX.XXXX.XXXX) with reason (Cred Fail) on Interface Gi1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E Mar 29 14:26:27 GMT: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (XXXX.XXXX.XXXX) with reason (Cred Fail) on Interface Gi1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E Mar 29 14:26:35 GMT: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (XXXX.XXXX.XXXX) with reason (Cred Fail) on Interface Gi1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E Mar 29 14:26:35 GMT: %SESSION_MGR-5-FAIL: Switch 1 R0/0: sessmgrd: Authorization failed or unapplied for client (XXXX.XXXX.XXXX) on Interface GigabitEthernet1/0/2 AuditSessionID 10FEFE0A00000114C9A1077E. Failure reason: Authc fail. Authc failure reason: Cred Fail.
Regards.
03-29-2019 07:18 AM
03-29-2019 08:50 AM
Mike,
03-29-2019 09:21 AM
03-30-2019 02:54 PM
CSCvm03681 most likely. See
The other bug is for network devices (e.g. a Cisco IOS switch) to retrieve TrustSec policies from ISE.
04-01-2019 02:27 AM
Hi Mike, Hslai,
After upgrading to 2.4 Patch 6, EAP-Fast and EAP-Chaining are now working well.
Thank you for your help.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: