Make sure that EAP fragmentation is enabled on the network device and set at a suitably low enough size for network traversal without further fragmentation.
------------------------------
Carson Hulcher, ACEX#110
------------------------------
Original Message:
Sent: Sep 04, 2024 07:18 AM
From: PE89
Subject: ClearPass in Azure - EAP-TLS timeout
Anyone know of any issues with ClearPass deployed in Microsoft Azure with EAP-TLS timeouts if the client and CP receive their certificate from an intermediate instead of the root CA. Seems that it might be a MTU sizing issue due to the too big of a cert chain + the inability by Azure to handle UDP correctly (packet reorderning). Moving to radsec might solve this, but then we would lose Central Cloud guest (as an AP can only have 1 radsec server).
Thanks!