Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
1
Replies

ISE 3.2 EAP-TLS with Microsoft Azure AD - User Cert & EAP MTU Concerns

pritamCTC
Level 1
Level 1

‎03-19-2025 10:41 AM - edited ‎03-19-2025 10:47 AM

Dear @Greg Gibbs 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/218197-configure-ise-3-2-eap-tls-with-azure-act.html

When we are following the above deployment "ISE 3.2 EAP-TLS with Microsoft Azure AD" only with user certificate, should we worry about below concerns about large EAP packet (Wireless) highlighted with "usually Client Certificate"?

https://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/220576-eap-fragmentation-implementations-and-be.html 

Microsoft Windows Native Supplicant

Microsoft Windows sends EAP-TLS fragments (usually Client Certificate) that are 1,486 or 1,482 bytes long. For this value size, the Ethernet frame is 1,500 bytes.

 

Truly appreciate for your response.

 

0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎03-19-2025 02:35 PM

If the ISE PSNs are deployed in Azure, then the out-of-sequence UDP issues caused by the certificate payload will be an issue. If the PSNs are deployed in any other location (on-prem, AWS, etc) it will not be an issue.

0 Helpful
Customers Also Viewed These Support Documents