Security

Reply
Contributor I

RADIUS Timeout on some IAPs

We are getting a high amount of RADIUS Timeouts, but not on all IAPs(?!)

 

Authentication is through CLEARPASS

 

Test device is a Surface running Windows 10

 

When connecting to AP1 (which is a VC) - the authentication request in Airwave is ACCEPT

Authentication Method: EAP-PEAP,EAP-MSCHAPv2

Authentication Source: AD:dc1.our.domain.com

 

When connecting to AP2 - autentication request in Airwave is TIMEOUT

Authentication Method: EAP

Authentication Source: None

 

Error Code: 9002

RADIUS Client did not complete EAP transaction

 

APs are the same model - Aruba AP 325

Firmware/image is the same

VLANs on respective switches are the same

Dynamic Proxy is enabled for RADIUS and TACACS

 

Other posts regarding this error seem to indicate a certificate issue, however this connection works fine on one AP and not another - so I think we can safely assume the certificate is valid.

 

 

Guru Elite

Re: RADIUS Timeout on some IAPs

With regards to the 9002, that often happens when you have recently changed the radius server certificate and a human is not there to click on "accept" to the new cert on some clients.  It might not be your situation, but it is one of the situations.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: RADIUS Timeout on some IAPs

Thanks for the response, but it doesn't appear to be the case in this instance.

Re: RADIUS Timeout on some IAPs

How many ClearPass servers are there in your environment? Just one, or are there others?

Charlie Clemmer
Aruba Customer Engineering
Contributor I

Re: RADIUS Timeout on some IAPs

We have one ClearPass server and domain controller (NPS) as the secondary authentication server.

Re: RADIUS Timeout on some IAPs

Is the same Radius certificate installed on both servers (ClearPass and NPS)?


Charlie Clemmer
Aruba Customer Engineering
Contributor I

Re: RADIUS Timeout on some IAPs

No the certificates are different

Super Contributor II

Re: RADIUS Timeout on some IAPs

Please make sure that the client is accepting both certificates.
Preferably you should use the same authentication backend and certificates for your primary and secondary authentication server.

Like already mentioned it looks like the client isn't accepting the server side certificate.

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Contributor I

Re: RADIUS Timeout on some IAPs

The Root CA Certificate is the same on Airwave and the DC. The RADIUS/EAP Server Certificate was issued by our DC. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: