EAP-Timeouts can have many reasons but the mean reason is that clearpass send couple of radius challanges and the doen't get a radius response from the client. This could also happen when UDP trafiic becomes fragmented.
I have a customer with EAP-TLS timeouts that likes to be simular with your issue.
In my situations i see that a client have eap-timeouts but 5min later can authenticate successfull on same AP. In the access-track logging i see that the authentication is failed due a bad mschap username or authentication inforamtion (0x000006d). MSCHAP response is incorrect. But a couple of timeouts later the same client/ap is authenticated successful.
Original Message:
Sent: Oct 01, 2024 09:47 PM
From: pmonardo
Subject: AOS 10/AP-515: Some AP flooded by "EAP timeout from clients" error message and clients unable to connect to those AP
Case is the only way to get to the bottom of this unfortunately. So many things could be a factor.
Aruba TAC can install a script on the AP that will loop commands and grab relevant info (does not require a reboot).
I suggest doing this and getting the case escalated.
------------------------------
Aruba Partner Ambassador ACMP, ACDP, ACCP, ACEP
Original Message:
Sent: Oct 01, 2024 06:42 PM
From: asaraca
Subject: AOS 10/AP-515: Some AP flooded by "EAP timeout from clients" error message and clients unable to connect to those AP
I fear opening a case with TAC and spending hours on it because I'm not able to reproduce the issue ...
Original Message:
Sent: Oct 01, 2024 06:39 PM
From: chulcher
Subject: AOS 10/AP-515: Some AP flooded by "EAP timeout from clients" error message and clients unable to connect to those AP
I would recommend opening a case with TAC so that they can grab the tech-support and logs to see what is going on.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 01, 2024 06:24 PM
From: asaraca
Subject: AOS 10/AP-515: Some AP flooded by "EAP timeout from clients" error message and clients unable to connect to those AP
We have AOS 10.7, Radius server is NPS (Windows 2022) and the NPS server is in a different VLAN than the AP. Those vlan are routed through a Cisco 4500X core switch.
What is strange is that if I reboot the AP the problem goes away and comes back in a few weeks. For example I rebooted those AP around 13:30 today and since the reboot I have 0 "EAP Timeout from client".
Original Message:
Sent: Oct 01, 2024 04:51 PM
From: chulcher
Subject: AOS 10/AP-515: Some AP flooded by "EAP timeout from clients" error message and clients unable to connect to those AP
What version of AOS 10? What is your RADIUS server? Where on the network is the RADIUS server in relation to the AP?
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 01, 2024 01:31 PM
From: asaraca
Subject: AOS 10/AP-515: Some AP flooded by "EAP timeout from clients" error message and clients unable to connect to those AP
We migrated our school network from a Mobility Master/AOS 8.x setup, which had worked well for years, to Aruba Central/AOS 10 this summer, and so far, the results have been disastrous. Our 802.1x SSID clients, in particular, are experiencing persistent connection issues. For instance, today, the APs in two classrooms stopped accepting client connection requests and were flooded with 'EAP timeout from clients' error messages. However, when the same clients moved to a different AP, they were able to connect without any issues.
To illustrate, one of the APs that is functioning properly shows only 128 'EAP timeout' error messages in Central, while another AP, in the adjacent classroom, of the same model (AP-515), shows 13,270 'EAP timeout' error messages !!!!
What could cause such strange issues ?