Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

This thread has been viewed 121 times

  • 1.  ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    Posted May 25, 2020 08:46 AM

    Hi,


    I have been rolling out ClearPass to our company for wireless 802.1x authentication.


    I have now been testing it for wired profiles and currently on a Cisco switch when a user attempts to connect they are getting a timeout message.

     

    The access tracker shows the timeout and the below:

     

    Error Code:
    9002
    Error Category:
    RADIUS protocol
    Error Message:
    Request timed out
     Alerts for this Request 
    RADIUSClient did not complete EAP transaction

     

    The logs show:

     

     

    2020-05-25 13:05:38,396	[main SessId R000000a5-01-5ecbb45d] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R000000a5-01-5ecbb45d, state - AHAA6QD9AAG5AwAAJ+ucxvGpis/K+hD2S1ejqA=
2020-05-25 13:05:38,396	[main SessId R000000a5-01-5ecbb45d] ERROR RadiusServer.Radius - reqst_clean_list: Packet 250:151:88:00-24-9B-0D-E2-E3 recv 1590408285.329495 - resp 1590408285.332988

     

     

     

     

    Not sure what this could be be.


    I have selected it to use EAP-TLS  however in the access tracker I noticed this:

     

    Authentication Method:
    EAP

     Any ideas on what the above logs could mean?


    Thanks



  • 2.  RE: ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    EMPLOYEE
    Posted May 25, 2020 09:01 AM

    The majority of the time, if this is a new network, it means that the client has never seen the ClearPass Server certificate and has to click on accept.



  • 3.  RE: ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    EMPLOYEE
    Posted May 25, 2020 11:01 AM

    If you are using EAP-TLS does certificate is already present in client machine?

     

    Check CPPM access tracker log for more details, if you see access-challenge from server and if it nor receiving any response it means either switch not forwarding the request to client or clients itself not responding back to challenge.

     

    Check switch logging logs as well for more details to see if it forwarded request to client or not.

     

     



  • 4.  RE: ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    Posted Nov 07, 2022 03:39 PM
    Hi, I also have the same problem, what was the solution?
    Original Message


  • 5.  RE: ClearPass 9002 - Request Timeout - Client did not complete EAP transaction

    EMPLOYEE
    Posted Nov 07, 2022 07:41 PM
    generally this error could be caused  by client that moves out of the wifi coverage when doing EAP transaction, it could also be Driver issues.
    but certainly it can also be trust issues for certs on the client side. this is the way the clients handles the trust chain.




    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------

    Original Message