nerdexam
Cisco

300-370 · Question #147

Refer to the exhibit. Why did Client 00:25:84:61:92:7d not get a response from the RADIUS server?

The correct answer is B. The shared-secret keys on the controller and on the RADIUS server do not match.. A client failing to receive a response from a RADIUS server during authentication often points to a mismatch in the shared secret key configured on the wireless controller and the RADIUS server.

Troubleshooting Wireless Security

Question

Refer to the exhibit. Why did Client 00:25:84:61:92:7d not get a response from the RADIUS server?

Exhibit

300-370 question #147 exhibit

Options

  • AThe RADIUS server rejected the username that was provided by the client.
  • BThe shared-secret keys on the controller and on the RADIUS server do not match.
  • CThe wireless controller does not have IP connectivity to the RADIUS server.
  • DThe client and the RADIUS server did not agree on the EAP type so the RADIUS server

How the community answered

(44 responses)
  • A
    11% (5)
  • B
    80% (35)
  • C
    2% (1)
  • D
    7% (3)

Why each option

A client failing to receive a response from a RADIUS server during authentication often points to a mismatch in the shared secret key configured on the wireless controller and the RADIUS server.

AThe RADIUS server rejected the username that was provided by the client.

If the RADIUS server rejected the username, it would typically send a specific 'Access-Reject' message back to the wireless controller, rather than providing no response.

BThe shared-secret keys on the controller and on the RADIUS server do not match.Correct

RADIUS clients (like the wireless controller) and servers use a pre-shared secret key to authenticate each other and encrypt certain parts of their communication. If the shared secret keys on the controller and the RADIUS server do not match, the RADIUS server will silently discard the incoming authentication request packets from the controller, resulting in no response being sent back.

CThe wireless controller does not have IP connectivity to the RADIUS server.

If there was no IP connectivity, the wireless controller would not be able to send the RADIUS request to the server at all, or the request would time out without reaching the server for processing.

DThe client and the RADIUS server did not agree on the EAP type so the RADIUS server

A disagreement on the EAP type would usually result in the RADIUS server sending an 'Access-Challenge' or 'Access-Reject' message to the controller, indicating a negotiation failure, not simply no response.

Concept tested: RADIUS shared secret key importance

Source: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-8/config-guide/b_cg88/m_radius.html

Topics

#RADIUS authentication#shared secret#wireless security#authentication failure

Community Discussion

No community discussion yet for this question.

Full 300-370 Practice