We currently have 802.1X wired enabled, using Windows 2012 NPS and Windows 2012 ADCS and we require computer authentication in the policy. I set the Framed-MTU size to 1344 on the policy and set the registry (AssumePhase2Fragmentation) to assume the other
party is not capable of fragmentation during PEAP authentication. We are trying to enable Jumbo Frames as we have uses moving terabytes of data. We have enabled Jumbo Frames on the NPS server NIC and the network switches and routers (Brocade). With
Jumbo Frames disabled on the NIC settings, and the port set to 1500, 802.1X works. With a NIC set to enable Jumbo Frames, and the switch port set to 1500 it fails. The failure occurs when the Server sends its certificates to the supplicant,
the supplicant is not responding. With Wireshark, we can see the server certificates being sent to supplicant with three fragmented packages. The supplicant acknowledges the first two, but no response with the third and final fragment.
↧