300-715 Question #172: Real Exam Question with Answer & Explanation

Question

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error "Authentication failed: 22040 Wrong password or invalid shared secret.". What must be done to address this issue?

Options

• AAdd the network device as a NAD inside Cisco ISE using the existing key.
• BConfigure the key on the Cisco ISE instead of the Cisco switch.
• CUse a key that is between eight and ten characters.
• DValidate that the key is correct on both the Cisco switch as well as Cisco ISE.

Explanation

The error 'Authentication failed: 22040 Wrong password or invalid shared secret' indicates a mismatch in the RADIUS shared secret. To resolve this, the administrator must ensure the shared secret is identical on both the Cisco switch and Cisco ISE.

Common mistakes.

• A. The question implies the administrator is configuring RADIUS, which includes setting up the Network Access Device (NAD) on ISE. The error points specifically to the key's value, not the absence of the NAD configuration.
• B. The RADIUS shared secret must be configured identically on both the Cisco switch (client) and Cisco ISE (server) to establish secure communication. Configuring it only on one device would prevent authentication.
• C. While strong password policies recommend longer and more complex keys, the error message indicates a mismatch or invalidity of the current key, not a failure due to length constraints. RADIUS shared secrets do not inherently have an 8-10 character requirement, though strong practices dictate longer, more complex secrets.

Concept tested. RADIUS Shared Secret Configuration

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ISE_admin_guide_27/b_ISE_admin_guide_27_chapter_01000.html#concept_AEFDF7A1E14E40E3A0E5C9CC9CC5A162

No community discussion yet for this question.