[RADIATOR] EAPTLS_MaxFragmentSize settings
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Wed Oct 12 03:39:12 CDT 2011
Thanks Mike!
Am 2011-10-11 23:23, schrieb Mike McCauley:
> Hello Alex,
>
> On Tuesday 11 October 2011 09:35:08 pm Alexander Hartmaier wrote:
>> I've tried a lot of different values and looked at the radius packets
>> coming from our switches (for wired dot1x): peap 1350, inner tls 1300
>> peap 1400, inner tls 1360
>> peap 1412, inner tls 1350
>>
>> In the end I've used 1350/1300 because increasing it any further towards
>> the limit didn't lower the number of packets so I preferred to have a
>> little bit of safety margin left.
>>
>> The EAP packet that is encapsulated inside one of the radius key/value
>> pairs + all other radius attributes doesn't exceed one ethernet frame
>> because EAP doesn't support fragmentation. Depending on the number of other
>> radius attributes your switches or wlan controllers send to the radius
>> servers you can increase the EAP payload. Decreasing the number of packets
>> reduces the authentication time and lowers to load on both the radius
>> client (switch, wlan controller) and radius server.
>>
>> @Open guys: can you please add something like my description to the docs?
> Done for the next release.
>
> Cheers.
>
>> Am 2011-10-11 13:16, schrieb Alex Sharaz:
>> Hi,
>>
>> For a long time I've had
>>
>> =====
>> # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
>> # size that will be replied by Radiator. It must be small
>> # enough to fit in a single Radius request (ie less than 4096)
>> # and still leave enough space for other attributes
>> # Aironet APs seem to need a smaller MaxFragmentSize izes.
>> EAPTLS_MaxFragmentSize 1000
>>
>> ==========
>>
>> Set up in my Radiator radius.cfg file simply because it was there in the
>> sample radius.cfg file I initially used. I'm now wondering if perhaps this
>> is a bit small.
>>
>> What are other people doing?
>> Is anyone explicitly setting this up or are people leaving it to the
>> default value
>>
>> Rgds
>> Alex
>>
>>
>>
>>
>> Time for another Macmillan Cancer Support event. This time its the 12 day
>> Escape to Africa challenge View route at
>> http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=20377986643603501
>> 6780.00049e867720273b73c39&z=8 Please sponsor me at
>> http://www.justgiving.com/Alex-Sharaz
>>
>>
>>
>>
>>
>>
>> Checked by Hu-fw-yhman
>>
>>
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au<mailto:radiator at open.com.au>
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>> --
>> Cheers, Alex
>>
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> "* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
>> Handelsgericht Wien, FN 79340b
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> "* Notice: This e-mail contains information that is confidential and may be
>> privileged. If you are not the intended recipient, please notify the sender
>> and then delete this e-mail immediately.
>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
>> "*
>
>
More information about the radiator
mailing list