ExtremeWireless (Identifi)

Expand all | Collapse all

EAP-TLS authentication delayed 60 seconds

  • 1.  EAP-TLS authentication delayed 60 seconds

    Posted 12-11-2017 19:33
    I have an SSID that is leveraging EAP-TLS. I have this deployed at on five different controller pairs. Two of the controller pairs are experiencing a 60 second delay to the authentication. This is occuring on V9.21 with AP36XX's and on V10.31 with AP3935's. The authentication does not fail but is consistently delayed 60 seconds on initial authentications and on roams. I have only tested this on iPhones running current code. I have looked over the controller configs and they are the same between all the controller pairs. Looking at the packet captures, the 4-way is not being delayed so I'm definitely at a loss for what would be causing this.


  • 2.  RE: EAP-TLS authentication delayed 60 seconds

    Posted 12-12-2017 02:10
    Jon , is GTAC already involved? Do you use radius client on AP or controller?
    They would need to take traces from hostapd on AP/radclient and on the RADIUS server and see where the delay is . Do you know and have access to the whole path between NAS and RADIUS?


  • 3.  RE: EAP-TLS authentication delayed 60 seconds

    Posted 12-12-2017 10:26
    GTAC is not involved yet, radius client is on the controller, NAC is the radius server.


  • 4.  RE: EAP-TLS authentication delayed 60 seconds

    Posted 02-02-2018 13:21
    I did get resolution on this issue. The TL;DR is that we found a configuration inconsistency for the authentication settings on the wireless controller.


  • 5.  RE: EAP-TLS authentication delayed 60 seconds

    Posted 02-02-2018 13:47
    Thanks for the follow-up Jon.