nerdexam
Exams300-715Questions#176
CiscoCisco

300-715 · Question #176

300-715 Question #176: Real Exam Question with Answer & Explanation

The correct answer is D: The shared secret is incorrect on the switch or on Cisco ISE. A failed RADIUS test between a network device and Cisco ISE, despite proper configuration, most commonly indicates that the shared secret is incorrect on either the switch or on Cisco ISE. The shared secret must be identical on both ends for successful communication.

Network Access Device Administration

Question

An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch. What is the issue?

Options

  • AThe endpoint profile is showing as ''unknown"
  • BThe endpoint does not have the appropriate credentials for network access
  • CThe certificate on the switch is self-signed, not a CA-provided certificate
  • DThe shared secret is incorrect on the switch or on Cisco ISE

Explanation

A failed RADIUS test between a network device and Cisco ISE, despite proper configuration, most commonly indicates that the shared secret is incorrect on either the switch or on Cisco ISE. The shared secret must be identical on both ends for successful communication.

Common mistakes.

  • A. Endpoint profiling occurs after successful RADIUS authentication. If the RADIUS test itself fails, the system hasn't even reached the stage where it can profile an endpoint, so 'unknown' profile status is not the root cause of the test failure.
  • B. Endpoint credentials are used for authenticating the end-user or device to the network, which happens after the RADIUS communication channel between the network device and ISE is established. A RADIUS test failure implies an issue with the channel itself, not necessarily endpoint credentials.
  • C. While certificates are crucial for EAP-based endpoint authentication and secure communication, a basic RADIUS test verifies the shared secret and connectivity. A self-signed certificate typically wouldn't cause a fundamental RADIUS test to fail between the NAD and ISE, unless it's specifically an EAP-TLS or a similar method for the NAD-ISE communication which is less common than the shared secret for this initial test.

Concept tested. RADIUS Shared Secret Mismatch Troubleshooting

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ISE_admin_guide_27/b_ISE_admin_guide_27_chapter_01000.html#concept_AEFDF7A1E14E40E3A0E5C9CC9CC5A162

Topics

#RADIUS authentication#ISE configuration#Network device setup#Troubleshooting

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-715 PracticeBrowse All 300-715 Questions