I have an IAP-103. I am trying to configure an SSID that allows devices to authenticate to a Cisco ISE server. On my end I believe that I have configured everything properly. The ISE administrators believe that there is a change that I can make to the IAP-103 configuration. Currently, the only EAP that is allowed is EAP-TLS. For devices connected to the IAP-103 the ISE server is showing the following authentication failure:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
15006 Matched Default Rule
11507 Extracted EAP-Responsibility/Identity
11509 Allowed Protocols does not allow any EAP protocols
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
When wired devices connected to a Cisco server attempt to authenticate, the ISE server shows the following successful authentication:
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
15004 Matched rule
15006 Matched Default Rule
11507 Extracted EAP-Responsibility/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
To authenticate to an ISE sever using EAP-TLS, is there anything that I must configure on an IAP-103 that is different then authenticating to a ClearPass sever?