Security

Reply
Regular Contributor II

dot1x wired Client did not complete EAP transaction

We have been piloting CP for wired access, and only currently have about a dozen users connected to a dot1x configured switch.  90% of the time, everything works well.. but every now and again, a user calls to say they have lost connectivity.  

 

Looking at the logs, there are timeouts, with the error Client did not complete EAP transaction.  If they log out and back in, they are fine.  If I filter to logs for this user, you can see that every 3 hours an authenticaiton takes place, and then the odd timeowut, cuasing the issue.  

 

Im assuming this timout is perhaps due to a delay between the client and a response from the authenticaiton server?  Is there a way to extend this timeout period?  Is this 3 hours a default behaviour, or setting?

 

Any other sugggestions?  I cant imagine what this would be like if we rolled this out to10k users!

Contributor I

Re: dot1x wired Client did not complete EAP transaction

What is the Switch Model and Software Version you are using ?

 

You may also consider playing with tx-period and supplicant-timeout in the below commands.

aaa port-access authenticator 2 tx-period 10      //EAP Request-Identity waiting period (seconds)
aaa port-access authenticator 2 supplicant-timeout 10       //supplicant timeout period (seconds)

 

Regards,

Kapil

 

 

Super Contributor I

Re: dot1x wired Client did not complete EAP transaction

Hi

 

If you followed the ClearPass wired policy enforcement guide (below) then the 3 hours is the session timeout used. Normally this should not be an issue. Please set all the config as in the guide > http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161

 

Hope it helps

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: