Scribd Logo
Upload

Welcome to Scribd!

  • Cisco Identity Services Engine

    Uploaded by

    Carmen Pumaguayo Picon
    9K views3 pages
    This document summarizes an authentication failure event recorded by a Cisco Identity Services Engine. It describes the failed authentication attempts of an endpoint with username "DF\avasquez" and MAC address 78:AF:08:6B:83:16. The failure occurred during the TLS handshake stage of the PEAP authentication negotiation due to an unexpected TLS alert message, likely because the client did not trust the server certificate.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes an authentication failure event recorded by a Cisco Identity Services Engine. It describes the failed authentication attempts of an endpoint with username "DF\avasquez" and MAC address 78:AF:08:6B:83:16. The failure occurred during the TLS handshake stage of the PEAP authentication negotiation due to an unexpected TLS alert message, likely because the client did not trust the server certificate.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    9K views3 pages

    Cisco Identity Services Engine

    Uploaded by

    Carmen Pumaguayo Picon
    This document summarizes an authentication failure event recorded by a Cisco Identity Services Engine. It describes the failed authentication attempts of an endpoint with username "DF\avasquez" and MAC address 78:AF:08:6B:83:16. The failure occurred during the TLS handshake stage of the PEAP authentication negotiation due to an unexpected TLS alert message, likely because the client did not trust the server certificate.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    5/16/2023 Cisco Identity Services Engine

    Steps
    Overview

    11001 Received RADIUS Access-Request


    5434 Endpoint conducted several failed authentications of
    Event
    the same scenario 11017 RADIUS created a new session
    15049 Evaluating Policy Group
    Username DF\avasquez
    15008 Evaluating Service Selection Policy
    Endpoint Id 78:AF:08:6B:83:16
    15048 Queried PIP
    Endpoint Profile 11507 Extracted EAP-Response/Identity
    Prepared EAP-Request proposing EA
    Authentication Policy Wireless - Dot1X 12500
    challenge
    Authorization Policy Wireless - Dot1X 12625 Valid EAP-Key-Name attribute receiv
    11006 Returned RADIUS Access-Challenge
    Authorization Result
    11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing sess
    Authentication Details Extracted EAP-Response/NAK reque
    12301
    instead
    Source Timestamp 2023-05-16 11:03:05.919
    12300 Prepared EAP-Request proposing P
    Received Timestamp 2023-05-16 11:03:05.919 12625 Valid EAP-Key-Name attribute receiv
    11006 Returned RADIUS Access-Challenge
    Policy Server isedfgye01
    11001 Received RADIUS Access-Request
    5434 Endpoint conducted several failed authentications of the
    Event 11018 RADIUS is re-using an existing sess
    same scenario
    Extracted EAP-Response containing
    12302
    12511 Unexpectedly received TLS alert message; treating as a response and accepting PEAP as ne
    Failure Reason
    rejection by the client
    12318 Successfully negotiated PEAP versio
    Ensure that the ISE server certificate is trusted by the client, by 12800 Extracted first TLS record; TLS hand
    configuring the supplicant with the CA certificate that signed
    Resolution 12805 Extracted TLS ClientHello message
    the ISE server certificate. It is strongly recommended to not
    disable the server certificate validation on the client! 12806 Prepared TLS ServerHello message
    12807 Prepared TLS Certificate message
    While trying to negotiate a TLS handshake with the client, ISE
    received an unexpected TLS alert message. This might be due 12808 Prepared TLS ServerKeyExchange m
    Root cause to the supplicant not trusting the ISE server certificate for some
    12810 Prepared TLS ServerDone message
    reason. ISE treated the unexpected message as a sign that the
    client rejected the tunnel establishment. 12305 Prepared EAP-Request with another
    11006 Returned RADIUS Access-Challenge
    Username DF\avasquez
    11001 Received RADIUS Access-Request
    Endpoint Id 78:AF:08:6B:83:16
    11018 RADIUS is re-using an existing sess
    Audit Session Id 05D0A8C00000520C254C23FE Extracted EAP-Response containing
    12304
    response
    Authentication Method dot1x
    12305 Prepared EAP-Request with another
    Authentication Protocol PEAP 11006 Returned RADIUS Access-Challenge
    11001 Received RADIUS Access-Request
    Service Type Framed
    11018 RADIUS is re-using an existing sess
    Network Device WLCSRV
    Extracted EAP-Response containing
    12304
    response
    Device Type All Device Types#Wireless_1
    12305 Prepared EAP-Request with another
    Location All Locations#DATAFAST#GUAYAQUIL
    11006 Returned RADIUS Access-Challenge
    NAS IPv4 Address 192.168.208.5 11001 Received RADIUS Access-Request
    11018 RADIUS is re-using an existing sess
    NAS Port Id capwap_9000001d
    Extracted EAP-Response containing
    12304
    NAS Port Type Wireless - IEEE 802.11 response
    12318 Successfully negotiated PEAP versio
    Response Time 36 milliseconds
    12810 Prepared TLS ServerDone message
    12812 Extracted TLS ClientKeyExchange m

    https://192.168.1.60/admin/liveAuthenticationDetail.do 1/3
    5/16/2023 Cisco Identity Services Engine
    Other Attributes 12803 Extracted TLS ChangeCipherSpec m
    12804 Extracted TLS Finished message
    ConfigVersionId 11
    12801 Prepared TLS ChangeCipherSpec m
    Device Port 59319 12802 Prepared TLS Finished message

    DestinationPort 1812 12816 TLS handshake succeeded


    12310 PEAP full handshake finished succes
    RadiusPacketType AccessRequest
    Tunnel build with local server certific
    12832
    UserName DF\avasquez or it has already expired
    12305 Prepared EAP-Request with another
    Protocol Radius
    11006 Returned RADIUS Access-Challenge
    NAS-IP-Address 192.168.208.5 11001 Received RADIUS Access-Request

    NAS-Port 30013 11018 RADIUS is re-using an existing sess


    Extracted EAP-Response containing
    Framed-MTU 1005 12304
    response

    37CPMSessionID=05D0A8C00000520C254C23FE;38Session Unexpectedly received TLS alert me


    State 12511
    ID=isedfgye01/472688405/2756984; rejection by the client
    61025 Open secure connection with TLS pe
    undefined-186 00:0f:ac:04
    11504 Prepared EAP-Failure
    undefined-187 00:0f:ac:04 11003 Returned RADIUS Access-Reject

    undefined-188 00:0f:ac:01 Endpoint conducted several failed au


    5434
    same scenario
    Airespace-Wlan-Id 3

    IsEndpointInRejectMode false

    NetworkDeviceProfileName Cisco

    NetworkDeviceProfileId 403ea8fc-7a27-41c3-80bb-27964031a08d

    IsThirdPartyDeviceFlow false

    RadiusFlowType Wireless802_1x

    SSID 1c-fc-17-98-69-20:DF-EMPLEADOS

    AcsSessionID isedfgye01/472688405/2756984

    CPMSessionID 05D0A8C00000520C254C23FE

    EndPointMACAddress 78-AF-08-6B-83-16

    ISEPolicySetName Wireless - Dot1X

    StepData 4= Normalised Radius.RadiusFlowType

    TLSCipher ECDHE-RSA-AES256-GCM-SHA384

    TLSVersion TLSv1.2

    DTLSSupport Unknown

    Model Name VIRTUAL-WLC

    Network Device Profile Cisco

    Location Location#All Locations#DATAFAST#GUAYAQUIL

    Device Type Device Type#All Device Types#Wireless_1

    Called-Station-ID 1c-fc-17-98-69-20:DF-EMPLEADOS

    CiscoAVPair service-type=Framed

    audit-session-id 05D0A8C00000520C254C23FE

    method dot1x

    client-iif-id 2634028925

    https://192.168.1.60/admin/liveAuthenticationDetail.do 2/3
    5/16/2023 Cisco Identity Services Engine

    vlan-id 210

    cisco-wlan-ssid DF-EMPLEADOS

    wlan-profile-name DF-EMPLEADOS

    Result

    RadiusPacketType AccessReject

    Session Events

    https://192.168.1.60/admin/liveAuthenticationDetail.do 3/3

    You might also like