Hi, I am having a major problem trying to get 802.1X / EAP-TLS working over one of our new remote links. I'm thinking it's related to the MTU size and packet fragmentation. Wireshark shows "Fragmented IP protocol" when during the EAP challenge and ISE reports "Supplicant stopped responding to ISE during EAP-TLS certificate exchange (Step latency=120000 ms).
I've tried lowering the MTU on the Meraki AP management SVI, I've lowered the Framed-MTU attribute (12) down to 1002 on ISE, I've tried setting a low MTU via DHCP Option 26 for the Access Points. Nothing seems to help with the fragmentation.
This works for remote users across all our other MPLS links, but this new site is served by a LAN-extension and our WAN provider has stated it supports a maximum MTU of 1536.
Any other clues as to what I could try?
