Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
14K views3 pages

Cisco Identity Services Engine

This document summarizes an authentication failure event recorded by a Cisco Identity Services Engine. It describes the failed authentication attempts of an endpoint with username "DF\avasquez" and MAC address 78:AF:08:6B:83:16. The failure occurred during the TLS handshake stage of the PEAP authentication negotiation due to an unexpected TLS alert message, likely because the client did not trust the server certificate.

Uploaded by

Carmen Pumaguayo Picon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14K views3 pages

Cisco Identity Services Engine

This document summarizes an authentication failure event recorded by a Cisco Identity Services Engine. It describes the failed authentication attempts of an endpoint with username "DF\avasquez" and MAC address 78:AF:08:6B:83:16. The failure occurred during the TLS handshake stage of the PEAP authentication negotiation due to an unexpected TLS alert message, likely because the client did not trust the server certificate.

Uploaded by

Carmen Pumaguayo Picon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

5/16/2023 Cisco Identity Services Engine

Steps
Overview

11001 Received RADIUS Access-Request


5434 Endpoint conducted several failed authentications of
Event
the same scenario 11017 RADIUS created a new session
15049 Evaluating Policy Group
Username DF\avasquez
15008 Evaluating Service Selection Policy
Endpoint Id 78:AF:08:6B:83:16
15048 Queried PIP
Endpoint Profile 11507 Extracted EAP-Response/Identity
Prepared EAP-Request proposing EA
Authentication Policy Wireless - Dot1X 12500
challenge
Authorization Policy Wireless - Dot1X 12625 Valid EAP-Key-Name attribute receiv
11006 Returned RADIUS Access-Challenge
Authorization Result
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing sess
Authentication Details Extracted EAP-Response/NAK reque
12301
instead
Source Timestamp 2023-05-16 11:03:05.919
12300 Prepared EAP-Request proposing P
Received Timestamp 2023-05-16 11:03:05.919 12625 Valid EAP-Key-Name attribute receiv
11006 Returned RADIUS Access-Challenge
Policy Server isedfgye01
11001 Received RADIUS Access-Request
5434 Endpoint conducted several failed authentications of the
Event 11018 RADIUS is re-using an existing sess
same scenario
Extracted EAP-Response containing
12302
12511 Unexpectedly received TLS alert message; treating as a response and accepting PEAP as ne
Failure Reason
rejection by the client
12318 Successfully negotiated PEAP versio
Ensure that the ISE server certificate is trusted by the client, by 12800 Extracted first TLS record; TLS hand
configuring the supplicant with the CA certificate that signed
Resolution 12805 Extracted TLS ClientHello message
the ISE server certificate. It is strongly recommended to not
disable the server certificate validation on the client! 12806 Prepared TLS ServerHello message
12807 Prepared TLS Certificate message
While trying to negotiate a TLS handshake with the client, ISE
received an unexpected TLS alert message. This might be due 12808 Prepared TLS ServerKeyExchange m
Root cause to the supplicant not trusting the ISE server certificate for some
12810 Prepared TLS ServerDone message
reason. ISE treated the unexpected message as a sign that the
client rejected the tunnel establishment. 12305 Prepared EAP-Request with another
11006 Returned RADIUS Access-Challenge
Username DF\avasquez
11001 Received RADIUS Access-Request
Endpoint Id 78:AF:08:6B:83:16
11018 RADIUS is re-using an existing sess
Audit Session Id 05D0A8C00000520C254C23FE Extracted EAP-Response containing
12304
response
Authentication Method dot1x
12305 Prepared EAP-Request with another
Authentication Protocol PEAP 11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
Service Type Framed
11018 RADIUS is re-using an existing sess
Network Device WLCSRV
Extracted EAP-Response containing
12304
response
Device Type All Device Types#Wireless_1
12305 Prepared EAP-Request with another
Location All Locations#DATAFAST#GUAYAQUIL
11006 Returned RADIUS Access-Challenge
NAS IPv4 Address 192.168.208.5 11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing sess
NAS Port Id capwap_9000001d
Extracted EAP-Response containing
12304
NAS Port Type Wireless - IEEE 802.11 response
12318 Successfully negotiated PEAP versio
Response Time 36 milliseconds
12810 Prepared TLS ServerDone message
12812 Extracted TLS ClientKeyExchange m

https://192.168.1.60/admin/liveAuthenticationDetail.do 1/3
5/16/2023 Cisco Identity Services Engine
Other Attributes 12803 Extracted TLS ChangeCipherSpec m
12804 Extracted TLS Finished message
ConfigVersionId 11
12801 Prepared TLS ChangeCipherSpec m
Device Port 59319 12802 Prepared TLS Finished message

DestinationPort 1812 12816 TLS handshake succeeded


12310 PEAP full handshake finished succes
RadiusPacketType AccessRequest
Tunnel build with local server certific
12832
UserName DF\avasquez or it has already expired
12305 Prepared EAP-Request with another
Protocol Radius
11006 Returned RADIUS Access-Challenge
NAS-IP-Address 192.168.208.5 11001 Received RADIUS Access-Request

NAS-Port 30013 11018 RADIUS is re-using an existing sess


Extracted EAP-Response containing
Framed-MTU 1005 12304
response

37CPMSessionID=05D0A8C00000520C254C23FE;38Session Unexpectedly received TLS alert me


State 12511
ID=isedfgye01/472688405/2756984; rejection by the client
61025 Open secure connection with TLS pe
undefined-186 00:0f:ac:04
11504 Prepared EAP-Failure
undefined-187 00:0f:ac:04 11003 Returned RADIUS Access-Reject

undefined-188 00:0f:ac:01 Endpoint conducted several failed au


5434
same scenario
Airespace-Wlan-Id 3

IsEndpointInRejectMode false

NetworkDeviceProfileName Cisco

NetworkDeviceProfileId 403ea8fc-7a27-41c3-80bb-27964031a08d

IsThirdPartyDeviceFlow false

RadiusFlowType Wireless802_1x

SSID 1c-fc-17-98-69-20:DF-EMPLEADOS

AcsSessionID isedfgye01/472688405/2756984

CPMSessionID 05D0A8C00000520C254C23FE

EndPointMACAddress 78-AF-08-6B-83-16

ISEPolicySetName Wireless - Dot1X

StepData 4= Normalised Radius.RadiusFlowType

TLSCipher ECDHE-RSA-AES256-GCM-SHA384

TLSVersion TLSv1.2

DTLSSupport Unknown

Model Name VIRTUAL-WLC

Network Device Profile Cisco

Location Location#All Locations#DATAFAST#GUAYAQUIL

Device Type Device Type#All Device Types#Wireless_1

Called-Station-ID 1c-fc-17-98-69-20:DF-EMPLEADOS

CiscoAVPair service-type=Framed

audit-session-id 05D0A8C00000520C254C23FE

method dot1x

client-iif-id 2634028925

https://192.168.1.60/admin/liveAuthenticationDetail.do 2/3
5/16/2023 Cisco Identity Services Engine

vlan-id 210

cisco-wlan-ssid DF-EMPLEADOS

wlan-profile-name DF-EMPLEADOS

Result

RadiusPacketType AccessReject

Session Events

https://192.168.1.60/admin/liveAuthenticationDetail.do 3/3

You might also like