Security

 View Only
  • 1.  Getting Radius timeout error TEAP authentication

    Posted Aug 01, 2024 01:11 PM
    Hello All,

    We are trying to apply new TEAP authentication in our environment, Configuration done on both CPPM and end points but it's not working. 

    Getting Timeout error in access tracker logs. Any suggestions to fix this?

    Thank you
    SK


  • 2.  RE: Getting Radius timeout error TEAP authentication

    Posted Aug 01, 2024 03:58 PM
    Edited by chulcher Aug 02, 2024 10:17 AM

    Timeout is quite often because of issues with transmitting one or more of the certificates and packet fragmentation.  Make sure you don't have any MTU issues, test configuring EAP MTU fragmentation to see if that is a viable workaround.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Getting Radius timeout error TEAP authentication

    Posted Aug 02, 2024 10:13 AM

    Can also be an issue with the client configuration, where the radius server trust is not set correctly, or there is no client certificate, or the end user is prompted for credentials (user/pass or certificate). Does the same client work with EAP-TLS?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: Getting Radius timeout error TEAP authentication

    Posted Aug 02, 2024 03:48 PM
    Hi Herman,

    Noted on this. For our case the same client working fine for EAP-TLS.

    Thank you
    SK





  • 5.  RE: Getting Radius timeout error TEAP authentication

    Posted Aug 06, 2024 03:36 AM

    In that case, the pre-requisites seem fine, and issue can be in client configuration, ClearPass configuration or in between.

    Did you find/follow the TEAP Configuration Guide, and/or this video on TEAP (note that the video suggests to disable anonymous authentication, but that doesn't work anymore but with anonymous authentication it should work as well).

    In general, most issues I see are: client doesn't trust the server certificate (either root CA or servername/domain missing in client), client doesn't know which credentials to use (when multiple client certificates are present), or the mentioned fragmentation (which should occur with EAP-TLS as well).

    Your Aruba partner or TAC may be able to check the (detailed) logs and see where the authentication stops.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------