Number of requests in processing tree is normal internal message used to track active authentications being processed by radius module and is not indicative of an issue. You can ignore that message.
If you are seeing timeouts, I would start by looking at the Challenge Response sequence and whether the responses are reaching ClearPass within a reasonable time.
For example:
2022-01-11
19:47:52,755 [Th 35 Req 1535 SessId
R000000a6-01-61de4f68] INFO RadiusServer.Radius - reqst_update_state:
Access-Challenge 220:122:5CC5D4BBD415:AAIA0AAwAOH/BQAAsL7Pf6bAvLm4ltqqoMW5AQ== => This is when a challenge was sent out
2022-01-11
19:47:52,762 [Th 36 Req 1536 SessId
R000000a6-01-61de4f68] INFO RadiusServer.Radius - rlm_service:
The request was categorized into service "AAA Auth" - 221:280:5CC5D4BBD415 => This is the response to the challenge
If you don't either see a response or a delayed response, need to check why on the switch side. Cert size and path MTU can cause timeouts with EAP-TLS.
------------------------------
Mathew George
------------------------------
Original Message:
Sent: Jan 18, 2022 02:30 PM
From: Mauricio Guzman
Subject: ClearPass TIMEOUTS - logs
Hi Folks -
Lately I'm seeing a lot of timeouts on Access Tracker for NAC authentications (eap-tls). I'm using ArubaOS switches w/ ClearPass. Looking at the logs side-by-side of the same client the only differences I noticed is this line:
[Th 226241 Req 45296412 SessId R00e6aefc-12-61e6e439] INFO RadiusServer.Radius - No.of requests in request processing tree: 10
Successful authentications don't have "processing tree" line on them and I was wondering is that means anything????
Thank you in advance!
MG
------------------------------
Cheers!
MG
------------------------------