ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-430 All Questions

View all questions & answers for the 300-430 exam
Go to Exam

Exam 300-430 topic 1 question 99 discussion

Actual exam question from Cisco's 300-430
Question #: 99
Topic #: 1
[All 300-430 Questions]

An engineer has implemented 802.1x authentication on the wireless network utilizing the internal database of a RADIUS server. Some clients reported that they are unable to connect. After troubleshooting, it is found that PEAP authentication is failing. A debug showed the server is sending an Access-Reject message.
Which action must be taken to resolve authentication?

  • A. Use the user password that is configured on the server.
  • B. Disable the server certificate to be validated on the client.
  • C. Update the client certificate to match the user account.
  • D. Replace the client certificates from the CA with the server certificate.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by NoWiresIncluded at May 31, 2023, 9:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rrahim
5 months ago
Selected Answer: A
A. Use the user password that is configured on the server. Explanation: PEAP Authentication Failure: PEAP (Protected Extensible Authentication Protocol) uses a server certificate to establish a secure TLS tunnel, but the actual user authentication is performed using credentials (username and password) stored in the RADIUS server's internal database. If the RADIUS server sends an Access-Reject message, it indicates that the user credentials provided by the client do not match those configured on the server. Root Cause: The most common reason for an Access-Reject message during PEAP authentication is an incorrect username or password. The client may be providing credentials that do not match those stored in the RADIUS server's internal database. Solution: Ensure that the client is using the correct username and password as configured on the RADIUS server. This will resolve the authentication failure.
upvoted 2 times
...
GOfeni
8 months, 2 weeks ago
Selected Answer: A
PEAP is a Tunnel Method that only validates the Server certificate. Since the question mentions "the server is sending an Access-Reject message", it is understood the Server certificate has been validated successfully (therefore B is incorrect). The question does not explicitly mention what Inner Method is being used, however it mentions the "internal database of a RADIUS server" is being used for Authentication, this means Username and Password are configured locally on the RADIUS server, since certificates are not supported with Internal Database (therefore C and D are incorrect). In this case, some clients are using the wrong user password, and they need to use the password that have been configured on the server to solve the issue.
upvoted 2 times
...
Ace_Pee
2 years ago
RADIUS wont send an access reject if the certs are invalid if using PEAP mschapv2
upvoted 1 times
...
Zanjit500
2 years, 1 month ago
The server is not trusting the client, not the other way around. Hence D.
upvoted 1 times
...
NoWiresIncluded
2 years, 1 month ago
Selected Answer: D
Disabling the Server Certificate check will work (B), but then you are not using PEAP, you are back to LEAP, and you have removed all the security benefits of that cert. You need to reload the server certifcate onto the clients that are failing. Choice D.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel