Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

  • 1.  ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    Posted May 25, 2020 08:46 AM

    Hi,


    I have been rolling out ClearPass to our company for wireless 802.1x authentication.


    I have now been testing it for wired profiles and currently on a Cisco switch when a user attempts to connect they are getting a timeout message.

     

    The access tracker shows the timeout and the below:

     

    Error Code:
    9002
    Error Category:
    RADIUS protocol
    Error Message:
    Request timed out
     Alerts for this Request 
    RADIUSClient did not complete EAP transaction

     

    The logs show:

     

     

    2020-05-25 13:05:38,396	[main SessId R000000a5-01-5ecbb45d] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R000000a5-01-5ecbb45d, state - AHAA6QD9AAG5AwAAJ+ucxvGpis/K+hD2S1ejqA=
    2020-05-25 13:05:38,396	[main SessId R000000a5-01-5ecbb45d] ERROR RadiusServer.Radius - reqst_clean_list: Packet 250:151:88:00-24-9B-0D-E2-E3 recv 1590408285.329495 - resp 1590408285.332988

     

     

     

     

    Not sure what this could be be.


    I have selected it to use EAP-TLS  however in the access tracker I noticed this:

     

    Authentication Method:
    EAP

     Any ideas on what the above logs could mean?


    Thanks



  • 2.  RE: ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    Posted May 25, 2020 09:01 AM

    The majority of the time, if this is a new network, it means that the client has never seen the ClearPass Server certificate and has to click on accept.



  • 3.  RE: ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    Posted May 25, 2020 11:01 AM

    If you are using EAP-TLS does certificate is already present in client machine?

     

    Check CPPM access tracker log for more details, if you see access-challenge from server and if it nor receiving any response it means either switch not forwarding the request to client or clients itself not responding back to challenge.

     

    Check switch logging logs as well for more details to see if it forwarded request to client or not.