HPE Community
IMC
1752421 Members
5980 Online
108788 Solutions
New Discussion юеВ

Re: iMC UAM dot1x authentication disconnect after 30 sec

 
SOLVED
Go to solution
ebilcari
Occasional Collector

тАО02-16-2016 03:57 AM - edited тАО02-17-2016 02:24 AM

тАО02-16-2016 03:57 AM - edited тАО02-17-2016 02:24 AM

iMC UAM dot1x authentication disconnect after 30 sec

Hello,

I have configured IMC/UAM dot1x port authentication using as access switch v1910. The login process (Authentication) goes ok but the connection seems unstable.
If I use native windows 7 supplicant I get connected (get to specific vlan, get ip via dhcp, get web access) but precisely after 30 sec a re-authentication process happens without disrupting the service. (anyway must be some problem with that).
If i use inode as supplicant the authentication goes all ok as up but after 30 seconds the connection is disconnected (seen as authentication failed), if I press connect button the connection comes up again.
On UAM user log the process is seen as disconnected requested by user after a session that durates only 26 sec.
On attachment is the wireshark display

I have tried enable disable handshake, changing many timers on switch but the time is precisely the same
Hope someone could help
Thanks

---
MASE-ACMP-ACCP
1 person had this problem.
0 Kudos
2 REPLIES 2
NeilR
Esteemed Contributor

тАО02-17-2016 06:30 PM

тАО02-17-2016 06:30 PM

Re: iMC UAM dot1x authentication disconnect after 30 sec

So I'm guessing you've searched all the posts on UAM in this forum - if not, then a good place to check.

Based on what you've said, I think problem is imc. How are your user credentials coming over? via LDAP from AD?

Are you using the synchronize users as needed switch? If so try turning that off. I've had some odd things happen creating users on the fly. Instead, set up the periodic sync, and run manually as needed.

Another thing to check is the user stack, authentication settings. Are these only windows btw? Check and make sure if the validate certificate setting is checked, then a matching trust cert for you domain is in the list. It should work unchecked - just be consistent. Also maybe try a mac or linux client if you can.

If you are using any of the modifiers, or other features related to time of day, location etc., in your policies - simplify as much as possible. Get the basic working if you aren't there already.

Its been a while since I got this all working so I don't recall all the problems I had along the way. I've posted configuration info for what worked for me in earlier posts.

ebilcari
Occasional Collector

тАО02-20-2016 12:35 AM

тАО02-20-2016 12:35 AM

Solution

Re: iMC UAM dot1x authentication disconnect after 30 sec

Thank you Neil,

as I said on my post all the authentication goes ok and the user is seen on the online user list, so all authentication were good. The problem were at iNode that disconnected the user after 30 sec, on UAM the status changes to "disconnected requested by user" .
After 2 days of debugging I found the problem on imc firewall machine that was blocking some iNode ports. In result I don't know why HP choose this but if the iNode client weren't communicating with iMC/EAD it drops the connection after 30 sec in same way as if the button disconnect is pressed by user.

 

 

---
MASE-ACMP-ACCP
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.