EAP-TLS authentication delayed 60 seconds

Userlevel 1
I have an SSID that is leveraging EAP-TLS. I have this deployed at on five different controller pairs. Two of the controller pairs are experiencing a 60 second delay to the authentication. This is occuring on V9.21 with AP36XX's and on V10.31 with AP3935's. The authentication does not fail but is consistently delayed 60 seconds on initial authentications and on roams. I have only tested this on iPhones running current code. I have looked over the controller configs and they are the same between all the controller pairs. Looking at the packet captures, the 4-way is not being delayed so I'm definitely at a loss for what would be causing this.

4 replies

Userlevel 5
Jon , is GTAC already involved? Do you use radius client on AP or controller?
They would need to take traces from hostapd on AP/radclient and on the RADIUS server and see where the delay is . Do you know and have access to the whole path between NAS and RADIUS?
Userlevel 1
GTAC is not involved yet, radius client is on the controller, NAC is the radius server.
Userlevel 1
I did get resolution on this issue. The TL;DR is that we found a configuration inconsistency for the authentication settings on the wireless controller.
Userlevel 7
Thanks for the follow-up Jon.