Hi there,
I'm getting stuck with an ISE deployement and HP H3C 5500 Comware 5 switch. Basically, that's a very simple DOT1X configuration, with just PermitAccess and some device-traffic-class=voice attribute to handle IP Phone authentication.
The authentication itself is working like a charm. The problem occurs when the reauth timer is reached : I got two different "red" logs. See attachment : the 1st one seems to indicate that on the first Access-Challenge, the switch is initiating a new EAP session. Meaning the current session is discarded by ISE. The 2nd one refers to an invalid state attribute, session being discarded again.
Looking at a packet capture, I can see that in the first Access-Challenge, ISE sends a state attribute (=1st log). But then, the switch seems to start a new session (still 1st log), meaning the state attribute is not valid anymore. There comes the second log : switch is starting a new EAP session with the state attribute that has been discarded by ISE (=2nd log).
The second log looks like a consequence of the first behavior.
Then, everything is reseted on both sides, a new EAP session is built and the endpoint is authenticated again. The problem is that during the two tenths of second this whole procedure takes, the phone is losing its connectivity and reboots...
Any idea ? Thank you.
BR,
Vincent
