KTI Networks / Clearpass RADIUS timeout
10-18-2018 02:34 AM
I'm struggling to get "KTI Networks" industrial switches to work with 802.1X and Clearpass as the RADIUS server.
I've tried to authenticate clients that have no problem authenticating on ALU and Juniper switches using both EAP-MD5 and EAP-PEAP. Just to be sure, I've adjusted the service configuration so the same services are used for all switches.
What I see on the supplicant (Windows 10 / EAP-PEAP):
An EAP failure from KTI, 0.2 seconds after sending out Client Hello handshake (TLS 1.2)
What I see on Clearpass
- Service categorisation and enforcement profiles are correct, but there's both a timeout and reject log in access tracker (Client did not complete EAP transaction).
Analyzing the tcpdump shows that the client hello is sent from the switch in response to the access-challenge. 1 second later, Clearpass sends out a access-reject.
A simple freeradius setup worked immediately with the same KTI switch. We only tested EAP-MD5.
Any ideas please?