[RADIATOR] EAPTLS_MaxFragmentSize settings

Mike McCauley mikem at open.com.au
Tue Oct 11 16:23:36 CDT 2011


Hello Alex,

On Tuesday 11 October 2011 09:35:08 pm Alexander Hartmaier wrote:
> I've tried a lot of different values and looked at the radius packets
> coming from our switches (for wired dot1x): peap 1350, inner tls 1300
> peap 1400, inner tls 1360
> peap 1412, inner tls 1350
>
> In the end I've used 1350/1300 because increasing it any further towards
> the limit didn't lower the number of packets so I preferred to have a
> little bit of safety margin left.
>
> The EAP packet that is encapsulated inside one of the radius key/value
> pairs + all other radius attributes doesn't exceed one ethernet frame
> because EAP doesn't support fragmentation. Depending on the number of other
> radius attributes your switches or wlan controllers send to the radius
> servers you can increase the EAP payload. Decreasing the number of packets
> reduces the authentication time and lowers to load on both the radius
> client (switch, wlan controller) and radius server.
>
> @Open guys: can you please add something like my description to the docs?

Done for the next release.

Cheers.

>
> Am 2011-10-11 13:16, schrieb Alex Sharaz:
> Hi,
>
> For a long time I've had
>
> =====
> # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
> # size that will be replied by Radiator. It must be small
> # enough to fit in a single Radius request (ie less than 4096)
> # and still leave enough space for other attributes
> # Aironet APs seem to need a smaller MaxFragmentSize izes.
>                 EAPTLS_MaxFragmentSize 1000
>
> ==========
>
> Set up in my Radiator radius.cfg file simply because it was there in the
> sample radius.cfg file I initially used. I'm now wondering if perhaps this
> is a bit small.
>
> What are other people doing?
> Is anyone explicitly setting this up or are people leaving it to the
> default value
>
> Rgds
> Alex
>
>
>
>
> Time for another Macmillan Cancer Support event. This time its the 12 day
> Escape to Africa challenge View route at
> http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=20377986643603501
>6780.00049e867720273b73c39&z=8 Please sponsor me at
> http://www.justgiving.com/Alex-Sharaz
>
>
>
>
>
>
> Checked by  Hu-fw-yhman
>
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au<mailto:radiator at open.com.au>
> http://www.open.com.au/mailman/listinfo/radiator
>
> --
> Cheers, Alex
>
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>"* Notice: This e-mail contains information that is confidential and may be
> privileged. If you are not the intended recipient, please notify the sender
> and then delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>"*



-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.


More information about the radiator mailing list