Reset Search
 

 

Article

Users not authenticating across VPN

« Go Back

Information

 
TitleUsers not authenticating across VPN
Symptoms
  • Users not authenticating across VPN
  • NAC reports authentication request went stale
Environment
  • Identifi
  • NAC
  • All firmware
Cause
  • NPS server is sending maximum EAP payload size of 1500 (default).
  • Frame is being fragmented and showing as malformed.
Resolution
  • Lower MTU per Microsoft recommendations:
  • Perform this procedure if you have routers or firewalls that are not capable of performing fragmentation.
  • The recommended Framed-MTU value in this circumstance is 1344 bytes or less.
To configure the Framed-MTU attribute:
  1. Click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.
  2. Double-click Policies, click Network Policies, and then in the details pane double-click the policy that you want to configure.
  3. In the policy Properties dialog box, click the Settings tab.
  4. In Settings, in RADIUS Attributes, click Standard. In the details pane, click Add. The Add Standard RADIUS Attribute dialog box opens.
  5. In Attributes, scroll down to and click Framed-MTU, and then click Add. The Attribute Information dialog box opens.
  6. In Attribute Value, type a value equal to or less than 1344. Click OK, click Close, and then click OK.
See: https://technet.microsoft.com/en-us/library/cc771164(v=ws.10).aspx
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255