Skip to main content (Press Enter).
Register | Sign in
Skip auxiliary navigation (Press Enter).
Skip main navigation (Press Enter).
Toggle navigation
Discussion
Support
Aruba Documentation Portal
Aruba Support Knowledge Base
Community Learning
News
ACEX Hall of Fame
MVP Overview
Tech Corners
Search
Community Home
Discussion
Topic Thread
Security
View Only
Community Home
Discussion
60K
Library
1.9K
Events
0
Members
2.1K
last person joined: yesterday
Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all
|
Collapse all
Clearpass Onboard Time out- client did not complete eap transaction when client did not complete eap transaction when setting Checkpoint between AP and Clearpass
This thread has been viewed 17 times
1.
Clearpass Onboard Time out- client did not complete eap transaction when client did not complete eap transaction when setting Checkpoint between AP and Clearpass
0
Kudos
Le Ngoc Tan
Posted Jun 09, 2022 01:10 PM
Reply
Reply Privately
Options Dropdown
Dear
I have 1 Clearpass version 6.10.5 installed on Hyper-V platform, using onguard and onboard.
AP Aruba use Virtual Controller 8.7.11.
Access Point and Clearpass are located in two different subnets and have a gateway located at Firewall Checkpoint.
Onguard with EAP-MSchapv2 authentication is very stable.
However when I do CLearpass onboard BYOD device with 2 SSIDs there is an error- client did not complete eap transaction.
I tried for AP and Clearpass in the same subnet then it works fine.
I am doubting the problem is on Checkpoint or Hyper-V.
However on Hyper-V I turned off Firewall, and on Checkpoint I set any permit rule,
and monitor log has no drop or reject traffic
.
But my device cannot connect EAP-TLS to secure wifi after running quickconnect.
Has anyone encountered the same situation as me?
We look forward to sharing experiences from you
Thank you very much
log on AP:
Jun 8 08:45:13 eap-req <- 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10 55 1030
Jun 8 08:45:13 eap-resp -> 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10 55 6
Jun 8 08:45:13 rad-req -> 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10/CPPM 74 223 VP-HO
Jun 8 08:45:13 rad-resp <- 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10/CPPM 74 -
Jun 8 08:45:13 eap-req <- 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10 56 389
Jun 8 08:45:14 eap-resp -> 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10 56 1492
Jun 8 08:45:14 rad-req -> 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10/CPPM 75 1719 VP-HO
Jun 8 08:45:15 station-up * 04:56:e5:5c:e0:63 1c:28:af:d7:b3:11 - - wpa2 aes
Jun 8 08:45:15 eap-id-req <- 04:56:e5:5c:e0:63 1c:28:af:d7:b3:11 1 5
Jun 8 08:45:15 eap-start -> 04:56:e5:5c:e0:63 1c:28:af:d7:b3:11 - -
Jun 8 08:45:15 eap-id-req <- 04:56:e5:5c:e0:63 1c:28:af:d7:b3:11 1 5
Jun 8 08:45:18 dot1x-timeout * 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10/CPPM 56 768 server timeout
Jun 8 08:45:18 dot1x-timeout * 10:5b:ad:05:7a:79 1c:28:af:d7:b3:10/CPPM 57 512 station timeout
Capture Log wireshark when client connect
log on clearpass
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Privacy policy
Terms of service
Site Map
Legal
© Copyright 2024 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Higher Logic