Security

Reply
Occasional Contributor II

Timeout in clearpass

Hi

 

I have a strange issue with some users having trouble when starting their machines (cold boot), they have to wait 15 to 30 seconds before the wireless is active, sone users log on before the connection is there, and is loggd in cached. If wireless is switched off/on no issue

 

In the investigation of this issue i see some Timeout 5 to 10 every day, i se no pattern in it, and i have tried to point to other AD and DNS.

 

[main SessId R00000ea8-01-599ac1b5] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R00000ea8-01-599ac1b5, state - ANYAYQCsALhV0AAAplJ9u0C7eghTLvJcek0Xlg=
[main SessId R00000ea8-01-599ac1b5] ERROR RadiusServer.Radius - reqst_clean_list: Packet 108:244:88:4851B75E43E0 recv 1503314357.433801 - resp 1503314357.443851
[main SessId R00000ea8-01-599ac1b5] ERROR RadiusServer.Radius - reqst_clean_list: Packet 111:410:236:4851B75E43E0 recv 1503314357.452483 - resp 1503314357.453606
[main SessId R00000ea8-01-599ac1b5] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.

 

I have no clue where to look for this error ? 

 

I am on CPPM 6.6.5 

 

Is there any that have some hints ?

 

I have included a log

Regards Erik Loeth

 

Guru Elite

Re: Timeout in clearpass

Which EAP method are you using?
How are the supplicants being managed?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Timeout in clearpass

EAP-PEAP

 

Aprox 2500 clients over the day

 

Regards Erik Loeth

Occasional Contributor II

Re: Timeout in clearpass

Noboddy has any ide where to look ?

 

Regards Erik Loeth

Guru Elite

Re: Timeout in clearpass

How are the supplicants being managed?
Is your EAP server certificate publicly or privately signed?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Timeout in clearpass

Thanks for replying

 

Clients is getting a policity from AD, and the certificate is public (not wildcard)

 

I will verify that the eap cert i a public to morrow.

 

Regards 

 

Erik Loeth

 

Occasional Contributor II

Re: Timeout in clearpass

Hi

 

Yes it is a public cert, from godaddy

 

Regards Erik Loeth.

 

 

Occasional Contributor II

Re: Timeout in clearpass

Hi

 

After a TAC case the issue was a timeout on the client side, client not responding. 

 

The issue is now investigated, it seems that a securetty software is slow to start.

 

Regards Erik Loeth

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: