- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2021 08:00 AM
Hello Team,
my authentication and authorization policy are correct, as SHA1 certificate is working fine.
But when importing SHA2 client site certificate, I am getting Below error.
Event 5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason 11510 Supplicant declined EAP method selected by Authentication Policy but did not propose another one; EAP negotiation failed
In new SHA2 root certificate, I am seeing use only for Infrastructure but old SHA1 root ceritificate in Cisco ISE showing , it is for both Infra and endpoints..
Pls advise.
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2021 06:50 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2021 08:10 AM
Authentication Details
Source Timestamp 2021-11-03 14:41:48.303
Received Timestamp 2021-11-03 14:41:48.303
Policy Server
Event 5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason 11510 Supplicant declined EAP method selected by Authentication Policy but did not propose another one; EAP negotiation failed
Resolution Ensure that the supplicant is correctly configured. Verify that supplicant has at least one EAP method cofigured.
Root cause In previous EAP message ISE started an EAP method selected by Authentication Policy. Supplicant declined this EAP method by sending EAP NAK message but did not propose another EAP method that it is ready to conduct. Owing to this, EAP-negotiation failed.
Username USERNAME
Endpoint Id F4:39:09:
IPv4 Address 10.1
Audit Session Id 0A407D100000093885F13954
Authentication Method dot1x
Service Type Framed
Network Device ASQ-
Device Type All Device Types#Switch
Location All Locations#1 Angel Square
NAS IPv4 Address 10.163.
NAS Port Id GigabitEthernet8/5
NAS Port Type Ethernet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2021 06:50 PM
Please review
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2021 05:49 PM
There was issue at the client site.. they were not presenting certificate properly.. and because of that.. ISE were not able to identify and validate the certificate match in AD as binary comparison..
after that correction issue resolved..
