Symptom

WLC fails to reassemble fragmented packet with low MTU between WLC and AP. EAP-TLS fails during the certificate handshake between the WLC and the client supplicant. A wired packet capture between the AP and the WLC shows that the fragmented certificate message from the client is incomplete. If WLAN is central switching, WLC may fail to reassemle fragmented packet from AP/client.

Conditions

Seen when the path MTU between the WLC and AP is low. Seen when the certificate is large size. If WLAN is central switching, WLC may fail to reassemle fragmented packet from AP/client.

Workaround

use WPA2-PSK instead of EAP-TLS for certificate handshake issue. use flexconnect local switching for client data frame.

Further Problem Description