- This topic has 1 reply, 1 voice, and was last updated 1 year, 11 months ago by
.
-
Posts
-
We have over 5000 3040, 5070, 5470AIO, and 5470 mobile devices internally that are capable of doing 802.1x EAP-TLS authentication and able to re-authenticate every 4 hours.
We received two OptiPlex 3000 units to test as 5070 replacements that are EOL. Everything works without issue for the OptiPlex 3000 devices in the same policy as the other devices except for the 4 hour re-authentication interval which is a layer 2 request coming from the switch.
- OptiPlex 3000 can perform SCEP enrollment without issue
- OptiPlex 3000 can pass 802.1x EAP-TLS authentication on first boot and after a reboot
- OptiPlex 3000 does not respond to a layer 2 re-authentication request, loses connectivity and needs to be rebooted to perform a successful EAP-TLS authentication.
Will be opening a case with Dell for this bug since no other model devices are impacted by this it is specific to the OptiPlex 3000.
This is apparently not hardware specific, this occurs on 3040, 5070, 5470 and OptiPlex 3000 on 9.1.6108 only for re-authentication attempts. Any previous firmware this is working without issue. Firmware 9.1.2205 should be out soon, will test and report back. Dell engineering has a Jira ticket escalated to them for a bug report. Its as if the EAP services stops itself after the first authentication which you can see in the log file after successful EAP authentication it will enter and informational message:
- EAP Authentication state ‘completed’
- EAP Authentication state ‘disconnected’
- EAP Authentication state ‘inactive’
The ‘inactive’ is what makes me thing the process stopped but they should be able to find the delta in the code for EAP from 9.1.5067 to 9.1.6108 to understand what changed.
- You must be logged in to reply to this topic.