Just need to wait Monday to confirm the solution.
Original Message:
Sent: Aug 13, 2024 09:42 AM
From: Herman Robers
Subject: Clearpass : wired EAP-TLS : Somes devices timeout with first authentication
Machine authentication with client certificates (EAP-TLS) is expected to work reliably. If the computers are booting up, or coming back from sleep, there may be delays, like when the supplicant is starting. If you see the client falling back to MAC authentication, it may help to configure concurrent onboarding on the switch port to keep the 802.1X process running also after a MAC authentication.
Another option to try is to disable Session resumption in your EAP-TLS Authentication Method.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 13, 2024 04:41 AM
From: Kiame
Subject: Clearpass : wired EAP-TLS : Somes devices timeout with first authentication
Hi Herman Robers,
We use machine authentication.
We have 6300 OS CX switches (JL661A version FL.10.10.1080).
For timers, I don't find any specific configuration, so I think the default timers.
Yes, we have MacAuth fallback, so the PC go to block VLAN (MAC unknown).
Thanks.
Original Message:
Sent: Aug 13, 2024 04:25 AM
From: Herman Robers
Subject: Clearpass : wired EAP-TLS : Somes devices timeout with first authentication
Is that user authentication, or machine authentication?
What types of switches do you have, and what EAP/retry timers, MacAuth fallback?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 12, 2024 04:12 AM
From: Kiame
Subject: Clearpass : wired EAP-TLS : Somes devices timeout with first authentication
Hi,
We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network.
In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.
We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.
We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop.
This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).
I already found a post with a timeout problem each beginning of the week without solution.
Have you ever had this problem? Do you have some debug ideas?
Thanks