Security

Reply
Occasional Contributor II

Clearpass Wired 802.1x timeout issue

Hi everyone,


I have run into a little bit of an issue with wired 802.1X on windows devices. I didn't see this in testing, but once everything was deployed to my production environment I am seeing around 10-15 windows clients a day timing out while they are booting or coming out of sleep. These clients timeout 2 times in a row, get sent a failed authentication message, and then fall back to MAC auth (sent to a guest zone). This can normally be sorted by disabling the nic and renabling it, but is a bit of a hassle and can be confusing to the customer.

The Windows 802.1X settings are deployed through a group policy, and I'm wondering if it’s one of those settings that is causing the issue. We are using default settings, since they were working fine in the lab, but now I'm questioning if that is part of the problem.

 

 

8021x settings.PNG

 

Below is an example of what happens. Two timeouts and then it will fail back to MAC auth.  Sometimes the device corrects itself and will reauthenticate 20-30 minutes later, and sometimes it won't reauthenticate with 802.1x for hours.

image.png

 

I would be greatful for any tips.

 

Thank you,

Bobberson

Highlighted
MVP Expert

Re: Clearpass Wired 802.1x timeout issue

In most cases this is a client device issue. Which OS are they running? During boot, are they first try to do a PXE boot?

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Highlighted
Occasional Contributor II

Re: Clearpass Wired 802.1x timeout issue

It doesn't appear that PXE boot is occuring, and it shouldn't be in the boot order.  As far as OS, they are a mix of windows 7 and 10, but most of the issues seem to occur with the windows 7 devices.

Highlighted
MVP Expert

Re: Clearpass Wired 802.1x timeout issue

Yes, I seen that problem also. Sometimes the EAP stack starts to late.
Can you make a port mirror to see what happens with the EAP traffic? Also check the EAP logs at the client

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Highlighted
New Contributor

Re: Clearpass Wired 802.1x timeout issue

I'm facing the same issue with Lenovo T490s.

Have you found the solution for this behavior?

 

Gadi

Highlighted
New Contributor

Re: Clearpass Wired 802.1x timeout issue

I seem to have the same issue. Has anybody found something to solve this?

 

Regards,

Lucas

Highlighted
Guru Elite

Re: Clearpass Wired 802.1x timeout issue

Please be specific about your issue and open a new thread.  This one is old.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: