Security

Reply
Highlighted
Occasional Contributor I

Client did not complete EAP transaction

Hi,

I have met a problem. Some client is randomly TIMEOUT with code ERRORS 9002. ( 7 client/100 client)

I implemented authenticated with basic mode (non TLS). Can anyone suggest how to fix this.

Capture.PNGAccess TrackerCapture1.PNGLog

Thank you,

MVP Guru

Re: Client did not complete EAP transaction

Hi ,

 

It looks you are doing EAP-PEAP authentication by using AD as authentication source. In log what I see after user found in AD, CPPM server as sent EAP request MSCHPv2 Access challange identity to supplicant at 13:41:15 through NAD devcies (controller/switch) but it diidnt recevied any response and waited for 47 seconds and request get deleted.

 

We need to look in to NAD device first whether it forwared server challange to supplicant or not, if it forward but client is not respoding then need to debug issue on cleint side.

 

Capture.JPG

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Client did not complete EAP transaction

Hi,

NAS is 3COM switch, can you please suggest me how to collect the necessary. Below is configuration of the switch

 

domain default enable clearpass
#
gvrp
#
dot1x
dot1x timer quiet-period 10
dot1x timer tx-period 10
dot1x timer supp-timeout 60
dot1x retry 10
dot1x authentication-method eap
undo dot1x handshake enable
#
MAC-authentication domain clearpass
#
radius scheme system
radius scheme clearpass
server-type standard
primary authentication 192.168.9.10
primary accounting 192.168.9.10
secondary authentication 192.168.11.254
security-policy-server 192.168.9.10
key authentication pvp
key accounting pvp
user-name-format without-domain
nas-ip 192.168.9.5
accounting-on enable
#
domain clearpass
authentication radius-scheme clearpass
accounting radius-scheme clearpass

----------------------

interface GigabitEthernet1/0/X
port access vlan 9
dot1x

Frequent Contributor I

Re: Client did not complete EAP transaction

can you check machine certificate installed on the Client machine?

 

MVP Guru

Re: Client did not complete EAP transaction

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02581967

 

Check for display radius statistics and port debugging, it will give idea.

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Client did not complete EAP transaction

Hi,

I didn't check: "Verify the server's identity by validating the certificate" for all the computer.

I make this simply by bypassing it.

Kind Regards,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: