Security

Reply
Occasional Contributor II

Clearpass Wired 802.1x timeout issue

Hi everyone,


I have run into a little bit of an issue with wired 802.1X on windows devices. I didn't see this in testing, but once everything was deployed to my production environment I am seeing around 10-15 windows clients a day timing out while they are booting or coming out of sleep. These clients timeout 2 times in a row, get sent a failed authentication message, and then fall back to MAC auth (sent to a guest zone). This can normally be sorted by disabling the nic and renabling it, but is a bit of a hassle and can be confusing to the customer.

The Windows 802.1X settings are deployed through a group policy, and I'm wondering if it’s one of those settings that is causing the issue. We are using default settings, since they were working fine in the lab, but now I'm questioning if that is part of the problem.

 

 

8021x settings.PNG

 

Below is an example of what happens. Two timeouts and then it will fail back to MAC auth.  Sometimes the device corrects itself and will reauthenticate 20-30 minutes later, and sometimes it won't reauthenticate with 802.1x for hours.

image.png

 

I would be greatful for any tips.

 

Thank you,

Bobberson

Super Contributor I

Re: Clearpass Wired 802.1x timeout issue

In most cases this is a client device issue. Which OS are they running? During boot, are they first try to do a PXE boot?

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Occasional Contributor II

Re: Clearpass Wired 802.1x timeout issue

It doesn't appear that PXE boot is occuring, and it shouldn't be in the boot order.  As far as OS, they are a mix of windows 7 and 10, but most of the issues seem to occur with the windows 7 devices.

Super Contributor I

Re: Clearpass Wired 802.1x timeout issue

Yes, I seen that problem also. Sometimes the EAP stack starts to late.
Can you make a port mirror to see what happens with the EAP traffic? Also check the EAP logs at the client

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: