Dell d 10 d Wyse thin clients failing EAP PEAP

Aruba Employee

Question - Why does Dell d10d Wyse thin clients fail EAP-PEAP authentication against clearpass 6.4 whereas it works fine against earlier versions.


Environment- Client: Dell d10d Wyse thin client

Information    Clearpass version: 6.4.x
                       Authentication method: EAP-PEAP


Symptoms- Dell d10d Wyse thin clients are not able to connect to network when authentication is done against                    Clearpass version 6.4.x. The alert message in access tracker is "Client did not complete EAP transaction". An over the air packet capture would show an EAP Request going to the client but no response from the client. The supplicant logs show that "SSL connection could not be established"

If we point the authentication to Clearpass 6.3.x or earlier, the authentication works fine. Packet captures in this case shows that the client is responding to EAP-Requests


Cause- PEAP has multiple flavours like PEAP version 0,1 and 2. As per RFC, the authentication server should              send the highest supported version of the authentication method in the EAP-Request. The supplicant is supposed to respond back with the version that it supports. Clearpass 6.4 onwards implemented support for PEAP version2 and hence the EAP-Request packet contains PEAP version as 2.


The Dell d10d Wyse supplicant has an issue where it does not participate in EAP negotiation when the EAP Request has PEAP version 2. The supplicant thinks this is an invalid EAP request and stops responding


Resolution - There are multiple solutions to recover from this situation:

                    1. Use clearpass 6.3.x until other solutions are available
                    2. Clearpass 6.5.x would soon have a feature enhancement which would allow an admin user to                       select the PEAP version in Clearpass RADIUS configuration.
                    3. Upgrade the supplicant firmware to one that handles EAP negotiations in a better and RFC                           compliant way.




Version history
Revision #:
1 of 1
Last update:
‎04-07-2015 10:51 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: