I'm currently trying to troubleshoot some intermittent EAP-PEAP MSCHAPv2 auth timeouts from windows clients in a customer installation.
win 10 clients with up to date intel drivers connecting using PEAP-MSCHAPv2 auth.
I get mostly normal behaviour however i'm seeing intermittent timeouts which i'm yet to find a cause for (coverage is good, AP stability good).
I'm leaning towards client side issues as we're finding some weird events in the wlan report showing 802.1x supplicant restart however i've noticed something else common in the failed requests which can't explain.
When a successful request is processed by ClearPass it shows a Framed-MTU value of 768 in the radius request.
For a failed (i.e client did not respond) case the MTU value is 1100.
I'm struggling to find a reason for this other than maybe the client is sending a large request for some reason and this is being fragmented and dropped?
Anybody else seen similar issues?
For reference IAP 126.96.36.199 with CPPM 6.6.5 (yeah its old!) and Win10 clients.
Default MTU value in CPPM is 1500
You can check MTU value configure in IAP aswell
Compare access tracker log of both working auth and timed out auth. Mostly we see timeouts when server sent access challenge to client and when there is no response after multiple attempts if will result in timeouts.
Thanks for your reply.
I have checked the difference between successful and failed attempts and this is where i've noticed that there is a difference.
Successful requests have a size of 768 and failed attempts 1100.
I have intermittent issues on the same AP with different clients.
The same client could work 3 times and then timeout on the same AP so i'm thinking its likely some kind of client side issue. trying to get to the bottom of why the two MTU sizes listed in the request would be different.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.