Clearpass Wired 802.1x timeout issue
05-15-2019 11:05 AM
I have run into a little bit of an issue with wired 802.1X on windows devices. I didn't see this in testing, but once everything was deployed to my production environment I am seeing around 10-15 windows clients a day timing out while they are booting or coming out of sleep. These clients timeout 2 times in a row, get sent a failed authentication message, and then fall back to MAC auth (sent to a guest zone). This can normally be sorted by disabling the nic and renabling it, but is a bit of a hassle and can be confusing to the customer.
The Windows 802.1X settings are deployed through a group policy, and I'm wondering if it’s one of those settings that is causing the issue. We are using default settings, since they were working fine in the lab, but now I'm questioning if that is part of the problem.
Below is an example of what happens. Two timeouts and then it will fail back to MAC auth. Sometimes the device corrects itself and will reauthenticate 20-30 minutes later, and sometimes it won't reauthenticate with 802.1x for hours.
I would be greatful for any tips.