Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1726
Views
5
Helpful
2
Replies

Problem with EAP-TLS (802.1X)

karel.stadler
Level 1
Level 1

‎04-28-2004 03:18 AM - edited ‎03-10-2019 07:46 AM

Hello,

i'm trying to create a Port-Based Network Access Control using 802.1X. With EAP-MD5 it works fine but if i use EAP-TLS the authentication won't work.

I'm using Windows XP Sp1 as client (supplicant), as authenticator an Catalyst 2950 Switch and the Server is a Windows Server 2003 Std. (IAS as RADIUS)

I sniffed the traffic between the Switch and the Server, there are 4 RADIUS packets and in the last one (it seems to be the packet with the server certificate) it shows me the message "Unreassembled Packet:RADIUS".

What can i do to fix this?

Thanks for help

Labels:
0 Helpful
2 Replies 2

drolemc
Level 6
Level 6

‎05-04-2004 07:47 AM

We had a similar problem which turned out to be an issue with baby-giant packets. You will need to play with your MTU settings. As far as EAP-TLS dot1x authentication goes, I don't think any issues exist.

0 Helpful

karel.stadler
Level 1
Level 1
In response to drolemc

‎05-05-2004 05:35 AM

Thank you for your help. The MTU game didn't help us much.

Finally the problem was the IOS Version! :-(

For example the Catalyst 3550 supports EAP-TLS since Version 12.1(12c)EA1a. So the problem is solved now.

Hope this helps others to identify EAP-TLS Problems.

best rgds

Karel

Customers Also Viewed These Support Documents