Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
22801
Views
0
Helpful
5
Replies

5400 and 5434 authentication failed

Go to solution
hcl_cisco
Level 1
Level 1

‎04-10-2018 03:57 AM - edited ‎02-21-2020 10:53 AM

Hello Everyone,

 

Most of the time, I have faced 5400 and 5434 error message. Issue is not for all users , some of the user (like: 10/day) have faced issue on SSID.

 

ISE Version: 1.3.0.876

Authentication Type: EAP-TLS

Laptop Error: Can't able to connect on this network

ISE logs: 5400  authentication failed and 5434 several authentication failed (Attached logs).

 

Pleas let me know what will troubleshooting steps to resolve the user issue.

Please help me on this.

 

4 people had this problem
Labels:
Preview file
33 KB
Preview file
109 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ajc
Level 7
Level 7

‎01-10-2019 11:47 AM - edited ‎01-10-2019 12:03 PM

Just to review your ISE configuration for Wireless users, take a look on the following video.

 

https://www.youtube.com/watch?v=OCqLRzuqCW8

 

You are hitting the AUTHC default policy = deny access. So looks like those enduser devices DO NOT have the proper profile configured for EAP-TLS like the next.

 

You also need to confirm those endusers devices have in the TRUSTED Certificate Authority list the CA that signed the ISE EAP Certificate being used.

 

 

View solution in original post

0 Helpful

Go to solution
ajc
Level 7
Level 7
In response to pachi814

‎01-10-2019 12:37 PM

As Jason indicated, you need to move from 1.3 to 2.x, BUT if you are running old appliances 3395 then you are in trouble because those ones do not accept 2.x version. At this point your only options would be running VM's or replacing appliances.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
pachi814
Level 1
Level 1

‎01-08-2019 12:17 AM

do we have the solution for this issue ?if so please share me pachi814@gmail.com

@hcl_cisco wrote:

Hello Everyone,

 

Most of the time, I have faced 5400 and 5434 error message. Issue is not for all users , some of the user (like: 10/day) have faced issue on SSID.

 

ISE Version: 1.3.0.876

Authentication Type: EAP-TLS

Laptop Error: Can't able to connect on this network

ISE logs: 5400  authentication failed and 5434 several authentication failed (Attached logs).

 

Pleas let me know what will troubleshooting steps to resolve the user issue.

Please help me on this.

 

 

0 Helpful

Go to solution
ajc
Level 7
Level 7
In response to pachi814

‎01-10-2019 12:37 PM

As Jason indicated, you need to move from 1.3 to 2.x, BUT if you are running old appliances 3395 then you are in trouble because those ones do not accept 2.x version. At this point your only options would be running VM's or replacing appliances.

0 Helpful

Go to solution
ajc
Level 7
Level 7

‎01-10-2019 11:47 AM - edited ‎01-10-2019 12:03 PM

Just to review your ISE configuration for Wireless users, take a look on the following video.

 

https://www.youtube.com/watch?v=OCqLRzuqCW8

 

You are hitting the AUTHC default policy = deny access. So looks like those enduser devices DO NOT have the proper profile configured for EAP-TLS like the next.

 

You also need to confirm those endusers devices have in the TRUSTED Certificate Authority list the CA that signed the ISE EAP Certificate being used.

 

 

0 Helpful

Go to solution
ajc
Level 7
Level 7

‎01-10-2019 11:50 AM - edited ‎01-10-2019 12:09 PM

More info.

 

picwifi1-1.pngpicwifi2.pngpicwifi3.pngpicwifi4.pngpicwifi5.png

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎01-10-2019 12:32 PM

Would recommend moving off ISE 1.3 which is EOS/EOL to ISE 2.4 the current recommended Long term release. You will have better operation.
0 Helpful
Customers Also Viewed These Support Documents