Wireless Access

Following is the error message received when am trying to Connect SSID (Which 802.1x Authentication) over MPLS Network

  EAP-ID mismatched 2:1 for station 00:1a:73:08:35:8e d8:c7:c8:74:42:c1
   |authmgr|  Dropping EAPOL packet sent by Station 00:1a:73:08:35:8e d8:c7:c8:74:42:c1

Can you explain more why am getting this tye of error message ?

AP is resource Constrained , AP age out

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/auth-trace-buffer-showing-eap-id-mismatch/td-p/50194

Means is it client Misleading Configuration ?????/

This looks like an issue on the client side configuration or on the AAA server.

     1 - EAP type not supported/configured on the client side.

     2 - The client wants to use an EAP method that the AAA server does not support.

can you try on a local ap not over MPLS?

if locally work and over MPLS fail can also be an MTU issue

you can try looking this values:

http://technet.microsoft.com/en-us/library/cc755205%28WS.10%29.aspx

http://technet.microsoft.com/en-us/library/cc771164%28WS.10%29.aspx

(i suppose your radius it's microsoft ias server)

First thing is that it feel good to discuss these thing with you .

What is deafult Maximum Transfer Unit  of packet which are going from Acess-point ?

From Server side the value of MTU is 1500 bytes.

from Microsoft docs:

This maximum size for the EAP payload can create RADIUS messages that require fragmentation by a router or firewall between the NPS server and a RADIUS client. If this is the case, a router or firewall positioned between the RADIUS client and the NPS server might silently discard some fragments, resulting in authentication failure and the inability of the access client to connect to the network.

Use the following procedure to lower the maximum size that NPS uses for EAP payloads by adjusting the Framed-MTU attribute in a network policy to a value no greater than 1344: