Security

Hi,

I have met a problem. Some client is randomly TIMEOUT with code ERRORS 9002. ( 7 client/100 client)

I implemented authenticated with basic mode (non TLS). Can anyone suggest how to fix this.

Access TrackerLog

Thank you,

Hi ,

It looks you are doing EAP-PEAP authentication by using AD as authentication source. In log what I see after user found in AD, CPPM server as sent EAP request MSCHPv2 Access challange identity to supplicant at 13:41:15 through NAD devcies (controller/switch) but it diidnt recevied any response and waited for 47 seconds and request get deleted.

We need to look in to NAD device first whether it forwared server challange to supplicant or not, if it forward but client is not respoding then need to debug issue on cleint side.

Hi,

NAS is 3COM switch, can you please suggest me how to collect the necessary. Below is configuration of the switch

domain default enable clearpass
#
gvrp
#
dot1x
dot1x timer quiet-period 10
dot1x timer tx-period 10
dot1x timer supp-timeout 60
dot1x retry 10
dot1x authentication-method eap
undo dot1x handshake enable
#
MAC-authentication domain clearpass
#
radius scheme system
radius scheme clearpass
server-type standard
primary authentication 192.168.9.10
primary accounting 192.168.9.10
secondary authentication 192.168.11.254
security-policy-server 192.168.9.10
key authentication pvp
key accounting pvp
user-name-format without-domain
nas-ip 192.168.9.5
accounting-on enable
#
domain clearpass
authentication radius-scheme clearpass
accounting radius-scheme clearpass

----------------------

interface GigabitEthernet1/0/X
port access vlan 9
dot1x

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02581967

Check for display radius statistics and port debugging, it will give idea.

can you check machine certificate installed on the Client machine?

Hi,

I didn't check: "Verify the server's identity by validating the certificate" for all the computer.

I make this simply by bypassing it.

Kind Regards,