Hi Guys, I have an issue when I send requests via the eduroam website realm test tool (eapol_test) and for some of them I get a "No response" or "Timeout" result, and other times a success without changing the client configuration parameters. Doing a tcpdump at my server and matching up errors from the realm test tool sometimes not a single packet is seen from the eduroam servers, other times a partial number of packets are seen, and sometimes all packets are seen in which case my server returns an Access-Accept and all is well.
I then go to my border firewall and see the same matching packet counts as at my server. Basically, I run the eapol_test from the website and sometimes nothing is seen at my border firewall, sometimes half the normal access-challenges occur, and then when I see the normal number of packets there is a corresponding number of packets on my backend server and a successful authentication at my server. One thing that is interesting but maybe not too relevant is that it seems to affect remote EAP-TLS connections twice as often as remote PEAP connections ...but both are sporadic. Local authentications on the other hand are fast and successful 100%. I am finding myself unfortunately needing to troubleshoot the internet at this point. Anyway, I guess my questions for the group are: 1) If you run the tests from the eduroam realm test tool are the results consistently successful against your servers? 2) Is anyone aware of maybe a problem with the way the website runs the eapol_test script that sometimes would cause no request to even be sent? 3) If two or three Access-Challenge requests are sent from my servers to the eduroam servers, I see them leave my border firewall, and I never get a reply back what am I to do? Thanks, -- Curtis K. Larsen Senior Wi-Fi Network Engineer University of Utah IT/CIS Office 801-587-1313 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
