Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

802.1X client authentication takes a long time and most times never completes at all.

« Go Back

Information

 
Title802.1X client authentication takes a long time and most times never completes at all.
Symptoms
  • Users periodically failing to authenticate across a WAN link
  • Users periodically failing to authenticate when a firewall is between the controller and the AP
  • Some clients are failing the 802.1X process, NAC may indicate this is due to the end station not responding.
  • Following message seen in AP log
02102:chantry_client.c:337-rc_decode_response_ac()-DOT1X: #### Corrupted packet code 131 len 10217 , discard the buf=0x10081d78 967465

 
Environment
  • Tipping Point Firewall - HP
  • IdentiFi
  • Firmware All
  • RADIUS
  • 802.1X
Cause
The firewall or anything that does packet inspection could re-order the authentication packets if they are fragmented. The controller will send the big fragment first, little fragment second. The firewall or WAN router may flip the order and send the little fragment first, big fragment second. The AP at this point will drop the packets if they are out of order.
Resolution
  • Contact the firewall/router vendor to see if there is an option to allow the UDP 13910 WASSP packets or SIP/DIP of the controller to pass through without packet inspection.
or
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255