Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

MSM422 (MSM765 zl) FW 6.4.2.0-19648 EAP-TTLS: Multiple EAP-Request Identity packets problem

This thread has been viewed 0 times

  • 1.  MSM422 (MSM765 zl) FW 6.4.2.0-19648 EAP-TTLS: Multiple EAP-Request Identity packets problem

    Posted Apr 15, 2015 07:42 AM
      |   view attached

    We have recently switched to EAP-TTLS as outer 802.1X authentication protocol for our campus wide MSM422 installation (controlled by a MSM765 zl, everything running FW 6.4.2.0-19648), and the problem we are seeing is that EVERY (reproduced with 3 different APs) MSM422 sends multiple  EAP-Request Identity packets within a few thousands of a second. 

     

    This confuses the Windows 802.1x supplicant and thus the TLS handshake fails.

     

    Just for the sake of completness, we are using a proprietary EAP protocol (EAP-JUAC) as inner authentication protocol. However, the issue described here occurs before the inner EAP method is even suggested.

     

    Attached please find a packet capture that shows the problem.

     

    Now the question is:  Is this a bug? If not, why  are the APs behaving this way?

    Why would an AP send 3 ID requests a few thousandths of a second apart, is there a practical use case for this? Is there no way to instruct the APs to only send 1 as is common?


    #MSM765zl
    #requestidenditypacket
    #EAP-TTLS
    #MSM422

    Attachment(s)

    zip
    00-24-A8-86-65-16-wvlan1 (5).zip   703 B 1 version


  • 2.  RE: MSM422 (MSM765 zl) FW 6.4.2.0-19648 EAP-TTLS: Multiple EAP-Request Identity packets problem

    Posted Apr 28, 2015 07:58 AM

    Are there any HP engineers reading this? I've opened a case with HP support but it seems like this is getting nowhere ...