EAP-TLS authentication delayed 60 seconds

  • 0
  • 1
  • Problem
  • Updated 6 months ago
  • Solved
I have an SSID that is leveraging EAP-TLS.  I have this deployed at on five different controller pairs.  Two of the controller pairs are experiencing a 60 second delay to the authentication.  This is occuring on V9.21 with AP36XX's and on V10.31 with AP3935's.  The authentication does not fail but is consistently delayed 60 seconds on initial authentications and on roams. I have only tested this on iPhones running current code.  I have looked over the controller configs and they are the same between all the controller pairs.  Looking at the packet captures, the 4-way is not being delayed so I'm definitely at a loss for what would be causing this.
Photo of Jon Linton

Jon Linton

  • 580 Points 500 badge 2x thumb

Posted 7 months ago

  • 0
  • 1
Photo of Ostrovsky, Yury

Ostrovsky, Yury, Employee

  • 3,050 Points 3k badge 2x thumb
Jon , is GTAC already involved? Do you use radius client on AP or controller?
They would need to take traces from hostapd on AP/radclient and on the RADIUS server and see where the delay is . Do you know and have access to the whole path between NAS and RADIUS?
Photo of Jon Linton

Jon Linton

  • 580 Points 500 badge 2x thumb
GTAC is not involved yet, radius client is on the controller, NAC is the radius server.
Photo of Jon Linton

Jon Linton

  • 580 Points 500 badge 2x thumb
I did get resolution on this issue. The TL;DR is that we found a configuration inconsistency for the authentication settings on the wireless controller.
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,394 Points 20k badge 2x thumb
Thanks for the follow-up Jon.