04-28-2004 03:18 AM - edited 03-10-2019 07:46 AM
Hello,
i'm trying to create a Port-Based Network Access Control using 802.1X. With EAP-MD5 it works fine but if i use EAP-TLS the authentication won't work.
I'm using Windows XP Sp1 as client (supplicant), as authenticator an Catalyst 2950 Switch and the Server is a Windows Server 2003 Std. (IAS as RADIUS)
I sniffed the traffic between the Switch and the Server, there are 4 RADIUS packets and in the last one (it seems to be the packet with the server certificate) it shows me the message "Unreassembled Packet:RADIUS".
What can i do to fix this?
Thanks for help
05-04-2004 07:47 AM
We had a similar problem which turned out to be an issue with baby-giant packets. You will need to play with your MTU settings. As far as EAP-TLS dot1x authentication goes, I don't think any issues exist.
05-05-2004 05:35 AM
Thank you for your help. The MTU game didn't help us much.
Finally the problem was the IOS Version! :-(
For example the Catalyst 3550 supports EAP-TLS since Version 12.1(12c)EA1a. So the problem is solved now.
Hope this helps others to identify EAP-TLS Problems.
best rgds
Karel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide