diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index d7643e19b..6a3bcf7b5 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -40,6 +40,8 @@ extern "C" {
 #define WPA_EVENT_EAP_NOTIFICATION "CTRL-EVENT-EAP-NOTIFICATION "
 /** EAP authentication started (EAP-Request/Identity received) */
 #define WPA_EVENT_EAP_STARTED "CTRL-EVENT-EAP-STARTED "
+/** EAP method proposed by the server */
+#define WPA_EVENT_EAP_PROPOSED_METHOD "CTRL-EVENT-EAP-PROPOSED-METHOD "
 /** EAP method selected */
 #define WPA_EVENT_EAP_METHOD "CTRL-EVENT-EAP-METHOD "
 /** EAP authentication completed successfully */
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 0630f9a5a..b337d89fd 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -228,9 +228,15 @@ SM_STATE(EAP, GET_METHOD)
 	if (!eap_sm_allowMethod(sm, sm->reqVendor, method)) {
 		wpa_printf(MSG_DEBUG, "EAP: vendor %u method %u not allowed",
 			   sm->reqVendor, method);
+		wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
+			"vendor=%u method=%u -> NAK",
+			sm->reqVendor, method);
 		goto nak;
 	}
 
+	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
+		"vendor=%u method=%u", sm->reqVendor, method);
+
 	/*
 	 * RFC 4137 does not define specific operation for fast
 	 * re-authentication (session resumption). The design here is to allow