Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x Client did not complete EAP transaction

This thread has been viewed 25 times

  • 1.  802.1x Client did not complete EAP transaction

    Posted Dec 21, 2018 02:05 AM

    Hi I would ask you,

    I have hpe sw 5406zl and IP phone and clearpass.

    setting of siwtch port are:

    aaa port-access authenticator X quiet-period 10
    aaa port-access authenticator X tx-period 2
    aaa port-access authenticator X supplicant-timeout 5
    aaa port-access authenticator X server-timeout 10
    aaa port-access authenticator X reauth-period 3600
    aaa port-access authenticator X logoff-period 14400
    aaa port-access authenticator X client-limit 2

    everything is working ....

     

    but I have switch aruba 2530-8G also with same setting and after 3.5 days are ipphone disconected with result -down. After reboot phone is verify and conected and after 3,5 days discontected again

    Client did not complete EAP transaction

     

    log

    2018-12-20 22:16:28,093[main SessId R0001cb76-01-5c1c067e] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R0001cb76-01-5c1c067e, state - AFQA2gDNAF40mpsAVjMrYaJpyTc8LtnJkVa3aA=
    2018-12-20 22:16:28,093[main SessId R0001cb76-01-5c1c067e] ERROR RadiusServer.Radius - reqst_clean_list: Packet 19:358:88:MAC recv 1545340542.566170 - resp 1545340542.577818
    2018-12-20 22:16:28,093[main SessId R0001cb76-01-5c1c067e] ERROR RadiusServer.Radius - reqst_clean_list: Packet 20:448:1124:MAC recv 1545340542.581796 - resp 1545340542.582407
    2018-12-20 22:16:28,093[main SessId R0001cb76-01-5c1c067e] ERROR RadiusServer.Radius - reqst_clean_list: Packet 21:394:1120:MAC recv 1545340542.586013 - resp 1545340542.586356
    2018-12-20 22:16:28,093[main SessId R0001cb76-01-5c1c067e] ERROR RadiusServer.Radius - reqst_clean_list: Packet 22:394:1120:MAC recv 1545340542.589629 - resp 1545340542.590000
    2018-12-20 22:16:28,093[main SessId R0001cb76-01-5c1c067e] ERROR RadiusServer.Radius - reqst_clean_list: Packet 23:394:1041:MAC recv 1545340542.593295 - resp 1545340542.593647


  • 2.  RE: 802.1x Client did not complete EAP transaction

    EMPLOYEE
    Posted Dec 21, 2018 04:49 AM

    Worked on similar issue, increaese authenticator values helped fix the issue

     

    Increased to below values

     

    aaa port-access authenticator 1/11 quiet-period 60        -> default value

    aaa port-access authenticator 1/11 tx-period 30             -> default value

    aaa port-access authenticator 1/11 max-requests 2       -> default

    aaa port-access authenticator 1/11 client-limit 32



  • 3.  RE: 802.1x Client did not complete EAP transaction

    Posted Dec 21, 2018 05:17 AM

    Thanks I wil try it.


    Is somewhere wrote all default option of aruba 2530-8g and HPE 5406zl? If  there is any difference between this switches.

    thanks



  • 4.  RE: 802.1x Client did not complete EAP transaction

    Posted Dec 27, 2018 02:18 AM

    I tried it but the result is the same :( exactly after 3,5days auth timeout - Client did not complete EAP transaction

    actual port setting:

    aaa port-access authenticator 1 supplicant-timeout 5
    aaa port-access authenticator 1 server-timeout 10
    aaa port-access authenticator 1 reauth-period 3600
    aaa port-access authenticator 1 logoff-period 14400
    aaa port-access authenticator 1 client-limit 32

     

    in CP in profiles is setting radius session-timeout to 10800

     

    with same setting works without problem on 5406zl



  • 5.  RE: 802.1x Client did not complete EAP transaction

    EMPLOYEE
    Posted Dec 28, 2018 05:42 AM

    We need to analyze swtich packet capture, open switch TAC ticket to debug this issue.