Has anyone seen this:
Users connected to employee over EAP-PEAP MS-CHAPV2 with username “EAP-PEAP (MSCHAPv2)”. AirWave and controllers registered the clients but ClearPass have not passed the authentication (obviously because the username is wrong) but clients do pass the authentication
The issue occurs randomly to small numbers of clients.
AOS 6.5.3.3 CPPM 6.7.6
From AirWave:
(WC02) #show user mac 38:f9:d3:xx:xx:xx
Name: EAP-PEAP (MSCHAPv2), IP: 10.x.y.z, MAC: 38:f9:d3:xx:xx:xx, Age: 00:01:20
Role: EMPLOYEE-ROLE (how: ROLE_DERIVATION_DOT1X_VSA), ACL: 118/0
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-PEAP, server: CP01
Authentication Servers: dot1x authserver: CP01, mac authserver:
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: ROLE_DERIVATION_DOT1X_VSA
VLAN Derivation: Dot1x Aruba VSA
Idle timeout (global): 1800 seconds, Age: 00:00:14
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 0
phy_type: a-VHT-40, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 110, Assigned: 1316, Current: 1316 vlan-how: 17 DP assigned vlan:0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x1047a (tunnel 1146)
--More-- (q) quit (u) pageup (/) search (n) repeat