I get a RADIUS reject w/ reason:
EAP: Client doesn't support configured EAP methods
In the access tracker details, the client authentication method is just "EAP" and there are no certificate details under computed attributes.
I've been having trouble distinguishing the differences between EAP-PEAP and EAP-TTLS. As you said the tunnel is setup different. With EAP-PEAP, I know that the RADIUS server sends its certificate to the client so the client can verify the RADIUS server, but I had assumed the cert was also used to build the tunnel.
I'd like to avoid having multiple CPPM policies and multiple Onboard Network Settings w/different authentication methods if I can have one policy to handle them all.