Wireless Access

Reply
Contributor I

EAP-PEAP time-out on IAP225 cluster with Clearpass

Hi all,

 

We are encountering a strange problem in one of our buildings. The building has IAP225 (about 20) in a cluster. Clearpass is configured.

With a latest generation ipad mini, we try to connect to a EAP-PEAP enabled SSID. We use a username and password. Clearpass verifies the credentials and returns the VLAN name to the IAP virtual controller.

 

This works, the ipad is placed in the correct subnet and can work. However, it seems (?) while walking around (roaming) something goes wrong. (this is an educated guess)

 

The ipad tries to connect to the SSID, it takes a long time, and after a while returns an error stating the password was wrong. The password was definently not wrong. In clearpass, when checking the access tracker, we see a time-out (please see below).

 

When the ipad doesn't move around in the building, the problem doesn't occur... Any ideas on what might cause this? OKC is enabled.

 

Error Code: 
9002
Error Category: 
RADIUS protocol
Error Message: 
Request timed out
 Alerts for this Request 
RADIUS Client did not complete EAP transaction

Contributor I

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

Error Code: 
9002
Error Category: 
RADIUS protocol
Error Message: 
Request timed out
 Alerts for this Request 
RADIUS Client did not complete EAP transaction

Guru Elite

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

Question:  Did you recently change the radius server certificate on ClearPass?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

Yes, not that long ago, why?

Guru Elite

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

That message typically occurs when a device that has been connecting has not "accepted" the new radius server certificate.  If you can Forget the wireless network and rejoin and accept the certificate, that might rule that out.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

While connecting the ipad asks to trust the certificate of the clearpass server. We have always accepted. 

Guru Elite

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

Does it ask you to trust it every time?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

Yes it does!

Guru Elite

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

But it did not do that before you changed server certificates?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: EAP-PEAP time-out on IAP225 cluster with Clearpass

Thanks for your help!

 

In fact, the first time we tried to connect the ipad was AFTER we changed the certificates. But indeed, it seems it keeps asking to trust the clearpass certificate.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: