Security

 View Only
  • 1.  ClearPass in Azure - EAP-TLS timeout

    Posted Sep 04, 2024 07:19 AM

    Anyone know of any issues with ClearPass deployed in Microsoft Azure with EAP-TLS timeouts if the client and CP receive their certificate from an intermediate instead of the root CA. Seems that it might be a MTU sizing issue due to the too big of a cert chain + the inability by Azure to handle UDP correctly (packet reorderning). Moving to radsec might solve this, but then we would lose Central Cloud guest (as an AP can only have 1 radsec server).

    Thanks!



  • 2.  RE: ClearPass in Azure - EAP-TLS timeout

    Posted Sep 04, 2024 09:58 AM

    Make sure that EAP fragmentation is enabled on the network device and set at a suitably low enough size for network traversal without further fragmentation.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------