Security

Reply
New Contributor

dot1x : Client did not complete eap transaction

Hi all,

 

Recently I have integrate HP Unified 850 controller with Clearpass. I have configured dot1x service for Mobile users and authentication is working fine as well.

 

Problem : I can see continous authentication "Accept" logs in Access Tracker for most users, users also reconnecting automatically even they are online.

 

Someusers are getting Time-out, 

Guru Elite

Re: dot1x : Client did not complete eap transaction

If it is a client timeout, typically it is because you introduced a new server certificate with the same SSID, and phones are reconnecting, but the user is not accepting the new certificate.  The new user might not see the new certificate dialog to accept on their device.

 

There could be many reasons for the continuous accepts, like roaming.  We would need to know what type of device it is and the state of that device to even guess.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: dot1x : Client did not complete eap transaction

#Yes, I have introduced new certificate with the same old SSID, but clients are getting notified to accept the new certificate.

#as you said when client get roamed clearpass receiving a Time-out message.

#but some users keep authenticating even they accept the new certificate, all are mobile users(Apple, Samsung)

# I have checked with my Mobile(Apple) and it is working fine

Guru Elite

Re: dot1x : Client did not complete eap transaction

If a user did not click accept for the new certificate, there will be a client timeout.  The user could have the phone in his/her pocket and the phone stays on mobile data, but registers a timeout until the user notices and clicks on accept.

 

You should get a phone in hand that has this issue and troubleshoot.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: dot1x : Client did not complete eap transaction

Hi,

 

Advice me the best way to replace existing radius server with clearpass.

Above mentioned solutions was running with NPS server

 

Thanks

Guru Elite

Re: dot1x : Client did not complete eap transaction

I am not sure there is a best way.  On Windows clients you can push out the trust settings for the new certificate, but for all other platforms, you just have to wait for a human to click on accept.  It is probably best to assign a ceritifcate with a long expiry like 10 years to avoid it...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: dot1x : Client did not complete eap transaction

Please work with your Aruba ClearPass partner. There are many things to consider.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: dot1x : Client did not complete eap transaction

Hi,

I am working to a partner, and new to clearpass

even client accept the new certificate, they are getting timeout

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: