Hi All,
Its my first post here. Sorry if this is not the best place to put this topic.
We implemented dot1X (using TEAP) on LAN over a year ago to all our branches.
From time to time were visible single messages "can't reach RADIUS" in logs on switches but this didn't impact users at all.
After about 2 months in one branch we had an issue that no one using LAN can login to company network. Multiple logs "can't reach RADIUS" visible on all switches in that branch.
Any tries to solve issue didn't worked so we disable dot1x in this branch.
Next day was next try and then all works as before.
Until next time the same issue back in the same brunch.
During issue sometimes there wasn't access trucker logs form LAN users in Clearpass from affected switches. Other time they were, with Timeouts.
We opened TAC ticket if they can help us to resolve this but they didn't helped. Problem back few times, then we decide to disable dot1X on LAN in that brunch. Only few ports were left with dot1x for testing purpose.
From that time we jumped from ClearPass 6.10.6 to 6.12.2 but this change noting.
After updateing Clearpass new ticket were opened. We collect as much logs as we can (from CP, switches). We had live sessions with TAC (Clearpass and switches support) but still without luck.
Hosts are managed by GPO (WIN10) and Intune (WIN11). Settings similar as in all other branches.
We are using 5400R ZL2, 2930F, 2530 switches in affected brunch. For last TAC ticket test were done only on 5400.
Issue were never visible on Wifi, current authentication setup is similar to LAN authentication setup (TEAP, same Clearpass).
We also have configured AAA access to switches using same Clearpass. There were no problem to login to switches in that branch during "issue time".
Maybe You have some ideas what we can check/change?
Best regards!
------------------------------
MZimny
------------------------------