Controllerless Networks

Hello,

I'm managing Many Cluster of AP 505 on the local Network and everything works fine. We use EAP TLS with a NPS server (Radius on Windows Server 2019).

We also havesome remote sites on which we'd like to deploy some APs.  theses remote sites connect to the main Network with a IPSec Tunnel (Zyxel on the remote sites and Fortinet 101F on the HQ site).

The problem is that on the remote sites we can't connect to the SSID. The logs on the NPS server show that the AP connect to the Radius but it looks like the "packet" don't come back to the AP and the client.

The firewalls on both sides are ok.

I've check the configuration of the NPS, the AP configuration, etc... but i don't find anything and don't how to solve my problem. 

Any idea?

Regards,

David

If you are using EAP-TLS then there is a possibility that you'll need to force EAP fragmentation for the authentication to work properly.

Hello,

I'm managing Many Cluster of AP 505 on the local Network and everything works fine. We use EAP TLS with a NPS server (Radius on Windows Server 2019).

We also havesome remote sites on which we'd like to deploy some APs.  theses remote sites connect to the main Network with a IPSec Tunnel (Zyxel on the remote sites and Fortinet 101F on the HQ site).

The problem is that on the remote sites we can't connect to the SSID. The logs on the NPS server show that the AP connect to the Radius but it looks like the "packet" don't come back to the AP and the client.

The firewalls on both sides are ok.

I've check the configuration of the NPS, the AP configuration, etc... but i don't find anything and don't how to solve my problem. 

Any idea?

Regards,

David

If you are using EAP-TLS then there is a possibility that you'll need to force EAP fragmentation for the authentication to work properly.

Hello,

I'm managing Many Cluster of AP 505 on the local Network and everything works fine. We use EAP TLS with a NPS server (Radius on Windows Server 2019).

We also havesome remote sites on which we'd like to deploy some APs.  theses remote sites connect to the main Network with a IPSec Tunnel (Zyxel on the remote sites and Fortinet 101F on the HQ site).

The problem is that on the remote sites we can't connect to the SSID. The logs on the NPS server show that the AP connect to the Radius but it looks like the "packet" don't come back to the AP and the client.

The firewalls on both sides are ok.

I've check the configuration of the NPS, the AP configuration, etc... but i don't find anything and don't how to solve my problem. 

Any idea?

Regards,

David

https://www.arubanetworks.com/techdocs/CLI-Bank/Content/instant/dot1x%20eap-frag-mtu.htm

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc755205(v=ws.10)

If you are using EAP-TLS then there is a possibility that you'll need to force EAP fragmentation for the authentication to work properly.

Hello,

I'm managing Many Cluster of AP 505 on the local Network and everything works fine. We use EAP TLS with a NPS server (Radius on Windows Server 2019).

We also havesome remote sites on which we'd like to deploy some APs.  theses remote sites connect to the main Network with a IPSec Tunnel (Zyxel on the remote sites and Fortinet 101F on the HQ site).

The problem is that on the remote sites we can't connect to the SSID. The logs on the NPS server show that the AP connect to the Radius but it looks like the "packet" don't come back to the AP and the client.

The firewalls on both sides are ok.

I've check the configuration of the NPS, the AP configuration, etc... but i don't find anything and don't how to solve my problem. 

Any idea?

Regards,

David