[RADIATOR] Performance logging
Hartmaier Alexander
alexander.hartmaier at t-systems.at
Wed Mar 30 06:55:54 CDT 2016
Hi Tuure,
we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner.
Not sure if the outher EAP-PEAP adds any real security as the Radiator
cert is the same one for both types as it only hides the transmission of
the user cert which can be classified like a public key imho.
I've already tuned the EAPTLS_MaxFragmentSize to have as few roundtrips
as possible (1350 for the outer PEAP and 1300 for the inner EAP-TLS).
You see how I calculate the response_time in my email yesterday.
Best regards, Alex
On 2016-03-30 13:27, Tuure Vartiainen wrote:
> Hi,
>
>> On 30 Mar 2016, at 14:13, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
>>
>> yes this is the total auth time. Is one second a usual value for a
>> PEAP-TLS auth?
>>
> just out of curiosity, how do you calculate the total auth time?
>
> An EAP authentication takes around 4-10 round-trips depending on
> an EAP method and an amount of (certificate) data transferred.
>
> If you time the authentication from the receive time of the first Access-Request
> to the final Access-Accept, your total time also includes transmission
> delays of those EAP round-trips between an EAP supplicant and Radiator.
>
> Does PEAP-TLS mean, that you are using EAP-PEAP with EAP-TLS as an innner EAP method
> or EAP-PEAP with EAP-MSCHAPv2?
>
>
> BR
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list