Professional Documents
Culture Documents
Steps
Overview
11001 Received RADIUS Access-Request
Event 5400 Authentication failed
11017 RADIUS created a new session
Username USERNAME 15049 Evaluating Policy Group
Authentication Policy Default 12500 Prepared EAP-Request proposing EAP-TLS with challenge
The EAP-TLS session ticket received from supplicant while the stateless
12542
session resume is disabled. Performing full authentication
12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the 12505 Prepared EAP-Request with another EAP-TLS challenge
Failure Reason
client certificates chain 11006 Returned RADIUS Access-Challenge
Ensure that the certificate authority that signed the client's certificate is correctly 11001 Received RADIUS Access-Request
installed in the Certificate Store page (Administration > System > Certificates > 11018 RADIUS is re-using an existing session
Resolution Certificate Management > Trusted Certificates). Check the
OpenSSLErrorMessage and OpenSSLErrorStack for more information. If CRL is 12504 Extracted EAP-Response containing EAP-TLS challenge-response
configured, check the System Diagnostics for possible CRL downloading faults.
12811 Extracted TLS Certificate message containing client certificate
EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client 12814 Prepared TLS Alert message
Root cause
certificates chain
12817 TLS handshake failed
Username USERNAME EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client
12514
certificates chain
Endpoint Id 2C:8D:B1:A6:BE:2C
12507 EAP-TLS authentication failed
Calling Station Id 2C-8D-B1-A6-BE-2C 12505 Prepared EAP-Request with another EAP-TLS challenge
Network Device aedxb1-mena-mr42-wap302 61025 Open secure connection with TLS peer
11504 Prepared EAP-Failure
Device Type All Device Types
11003 Returned RADIUS Access-Reject
https://10.41.2.220/admin/liveAuthenticationDetail.do?ID=1629051130806080&sessionID=ce448d0600000d08611b8540 2/4
8/17/2021 Cisco Identity Services Engine
Other Attributes
ConfigVersionId 626
DestinationPort 1812
RadiusPacketType AccessRequest
Protocol Radius
NAS-Port 1
Framed-MTU 1400
37CPMSessionID=ce448d0600000d08611b8540;40SessionID=DXB1VSYISE0
State
01/418425663/236174;
Acct-Session-Id 538280B5762361E2
undefined-186 00:0f:ac:04
undefined-187 00:0f:ac:04
undefined-188 00:0f:ac:01
NetworkDeviceProfileId b0699505-3150-4215-a80e-6753d45bf56c
IsThirdPartyDeviceFlow false
AcsSessionID DXB1VSYISE001/418425663/236174
CPMSessionID ce448d0600000d08611b8540
EndPointMACAddress 2C-8D-B1-A6-BE-2C
ISEPolicySetName Default
TLSCipher unknown
TLSVersion TLSv1.2
https://10.41.2.220/admin/liveAuthenticationDetail.do?ID=1629051130806080&sessionID=ce448d0600000d08611b8540 3/4
8/17/2021 Cisco Identity Services Engine
DTLSSupport Unknown
NAS-Identifier E0-CB-BC-8D-44-CE:vap0
Called-Station-ID E2-CB-AC-8D-44-CE:IntlSOS-Business-Wi-Fi
CiscoAVPair audit-session-id=ce448d0600000d08611b8540
Result
RadiusPacketType AccessReject
Session Events
https://10.41.2.220/admin/liveAuthenticationDetail.do?ID=1629051130806080&sessionID=ce448d0600000d08611b8540 4/4