网络工程 - Cisco 3750 802.1x -- 无效的 Eapol 数据包长度 - 吾爱随笔录

在这里让EAP-TLS工作很艰难。我正在从 EAP-PEAP 解决方案转换为EAP-TLS并已完成 PKI 所需的步骤，以免出现证书问题。（服务器和客户端证书由同一 CA 签署）

根据下面的日志和我发现的以下 Cisco 论坛，我相信 MTU 大小存在问题。下面列出的是帖子。但是，在执行Framed-MTU = 1344并将其更改为不同的大小后，我在 Cisco 3750s 日志上看不到任何差异。总是错误，无效的 Eapol 数据包长度 = 1492。

有没有人遇到过这个？我使用的是 Win2008R2 NPS

Framed-MTU解决方法 = https://technet.microsoft.com/en-us/library/cc771164%28WS.10%29.aspx和https://supportforums.cisco.com/discussion/11087011/eap-tls-authentication -失败

为什么我认为这是一个碎片问题 = http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/118634-technote-eap-00.html#anc18

基本上我的设置 = http://networklessons.com/wireless/peap-and-eap-tls-on-server-2008-and-cisco-wlc/

Mar 10 17:33:08.889: dot1x-packet(Gi1/0/7): Received an EAPOL frame
Mar 10 17:33:08.889: dot1x-ev(Gi1/0/7): Received pkt saddr =f0de.f17b.4d9f , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.0006
Mar 10 17:33:08.889: dot1x-packet(Gi1/0/7): Received an EAP packet
Mar 10 17:33:08.889: EAPOL pak dump rx
Mar 10 17:33:08.889: EAPOL Version: 0x1  type: 0x0  length: 0x0006
Mar 10 17:33:08.889: dot1x-packet(Gi1/0/7): Received an EAP packet from f0de.f17b.4d9f
Mar 10 17:33:08.889: dot1x-ev(Gi1/0/7): dot1x_sendRespToServer: Response sent to the server from 0x9C000260 (f0de.f17b.4d9f)
Mar 10 17:33:08.897: dot1x-ev(Gi1/0/7): Sending EAPOL packet to f0de.f17b.4d9f
Mar 10 17:33:08.897: dot1x-ev(Gi1/0/7): Role determination not required
Mar 10 17:33:08.897: dot1x-ev(Gi1/0/7): Sending out EAPOL packet
Mar 10 17:33:08.897: EAPOL pak dump Tx
Mar 10 17:33:08.897: EAPOL Version: 0x3  type: 0x0  length: 0x029B
Mar 10 17:33:08.897: EAP code: 0x1  id: 0x5  length: 0x029B type: 0xD
Mar 10 17:33:08.897: dot1x-packet(Gi1/0/7): EAPOL packet sent to client 0x9C000260 (f0de.f17b.4d9f)
Mar 10 17:33:08.923: dot1x-ev(Gi1/0/7): Role determination not required
Mar 10 17:33:08.923: dot1x-packet(Gi1/0/7): Queuing an EAPOL pkt on Authenticator Q
Mar 10 17:33:08.923: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
Mar 10 17:33:08.923: EAPOL pak dump rx
Mar 10 17:33:08.923: EAPOL Version: 0x1  type: 0x0  length: 0x05D4
Mar 10 17:33:08.923: dot1x-ev:
dot1x_auth_queue_event: Int Gi1/0/7 CODE= 2,TYPE= 13,LEN= 1492

Mar 10 17:33:08.923: dot1x-packet(Gi1/0/7): Received an EAPOL frame
Mar 10 17:33:08.923: dot1x-ev(Gi1/0/7): Received pkt saddr =f0de.f17b.4d9f , daddr = 0180.c200.0003, pae-ether-type = 888e.0100.05d4
Mar 10 17:33:08.923: dot1x-err(Gi1/0/7): Invalid Eapol packet length = 1492