Security

Hi,

We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network. 

In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.

We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.

We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop. 

This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).

I already found a post with a timeout problem each beginning of the week without solution.

Have you ever had this problem? Do you have some debug ideas?

Thanks

Is that user authentication, or machine authentication?

What types of switches do you have, and what EAP/retry timers, MacAuth fallback?

Hi,

We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network. 

In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.

We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.

We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop. 

This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).

I already found a post with a timeout problem each beginning of the week without solution.

Have you ever had this problem? Do you have some debug ideas?

Thanks

Is that user authentication, or machine authentication?

What types of switches do you have, and what EAP/retry timers, MacAuth fallback?

Hi,

We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network. 

In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.

We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.

We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop. 

This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).

I already found a post with a timeout problem each beginning of the week without solution.

Have you ever had this problem? Do you have some debug ideas?

Thanks

Machine authentication with client certificates (EAP-TLS) is expected to work reliably. If the computers are booting up, or coming back from sleep, there may be delays, like when the supplicant is starting. If you see the client falling back to MAC authentication, it may help to configure concurrent onboarding on the switch port to keep the 802.1X process running also after a MAC authentication.

Another option to try is to disable Session resumption in your EAP-TLS Authentication Method.

Is that user authentication, or machine authentication?

What types of switches do you have, and what EAP/retry timers, MacAuth fallback?

Hi,

We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network. 

In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.

We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.

We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop. 

This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).

I already found a post with a timeout problem each beginning of the week without solution.

Have you ever had this problem? Do you have some debug ideas?

Thanks

Hi Herman Robers,

Thanks for your answers. 

We will try to isolate some ports and enable "port-access onboarding-method concurrent enable" on it.

In second time, we will try to disable Session resumption.

Just need to wait Monday to confirm the solution.

Machine authentication with client certificates (EAP-TLS) is expected to work reliably. If the computers are booting up, or coming back from sleep, there may be delays, like when the supplicant is starting. If you see the client falling back to MAC authentication, it may help to configure concurrent onboarding on the switch port to keep the 802.1X process running also after a MAC authentication.

Another option to try is to disable Session resumption in your EAP-TLS Authentication Method.

Is that user authentication, or machine authentication?

What types of switches do you have, and what EAP/retry timers, MacAuth fallback?

Hi,

We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network. 

In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.

We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.

We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop. 

This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).

I already found a post with a timeout problem each beginning of the week without solution.

Have you ever had this problem? Do you have some debug ideas?

Thanks

Hi,

Unfortunately we tried both solutions without success. The problem is the same :

When we just unplugged and plugged the cable :

Mac authent go to block VLAN but 802.1x succes and take the priority.

In show logs :

Do you have any advice to debug this please ?

Thanks.

Hi Herman Robers,

Thanks for your answers. 

We will try to isolate some ports and enable "port-access onboarding-method concurrent enable" on it.

In second time, we will try to disable Session resumption.

Just need to wait Monday to confirm the solution.

Machine authentication with client certificates (EAP-TLS) is expected to work reliably. If the computers are booting up, or coming back from sleep, there may be delays, like when the supplicant is starting. If you see the client falling back to MAC authentication, it may help to configure concurrent onboarding on the switch port to keep the 802.1X process running also after a MAC authentication.

Another option to try is to disable Session resumption in your EAP-TLS Authentication Method.

Is that user authentication, or machine authentication?

What types of switches do you have, and what EAP/retry timers, MacAuth fallback?

Hi,

We have several timeouts with somes devices with wired EAP-TLS authentication. These timeouts appears only the first day of the week when the post is connected to the network. 

In logs, we can see that after few Access-Challenge, the client stop to respond and the authentication go to timeout.

We just need to disconnect and reconnect the cable and the authentication works without any problem all the week.During the weekend, the device is turned off.

We are trying to recover as much information as possible on the workstation side but seems different models with different networks cards. These are all Windows 10 laptop. 

This is only a small amount of devices (may be 5% of the inventory). All our devices are managed with Intune (CSP for EAP-TLS authentication).

I already found a post with a timeout problem each beginning of the week without solution.

Have you ever had this problem? Do you have some debug ideas?

Thanks