I've tried a lot of different values and looked at the radius packets coming
from our switches (for wired dot1x):
peap 1350, inner tls 1300
peap 1400, inner tls 1360
peap 1412, inner tls 1350
In the end I've used 1350/1300 because increasing it any further towards the
limit didn't lower the number of packets so I preferred to have a little bit of
safety margin left.
The EAP packet that is encapsulated inside one of the radius key/value pairs +
all other radius attributes doesn't exceed one ethernet frame because EAP
doesn't support fragmentation.
Depending on the number of other radius attributes your switches or wlan
controllers send to the radius servers you can increase the EAP payload.
Decreasing the number of packets reduces the authentication time and lowers to
load on both the radius client (switch, wlan controller) and radius server.
@Open guys: can you please add something like my description to the docs?
Am 2011-10-11 13:16, schrieb Alex Sharaz:
Hi,
For a long time I've had
=====
# EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
# size that will be replied by Radiator. It must be small
# enough to fit in a single Radius request (ie less than 4096)
# and still leave enough space for other attributes
# Aironet APs seem to need a smaller MaxFragmentSize izes.
EAPTLS_MaxFragmentSize 1000
==========
Set up in my Radiator radius.cfg file simply because it was there in the sample
radius.cfg file I initially used. I'm now wondering if perhaps this is a bit
small.
What are other people doing?
Is anyone explicitly setting this up or are people leaving it to the default
value
Rgds
Alex
Time for another Macmillan Cancer Support event. This time its the 12 day
Escape to Africa challenge
View route at
http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=203779866436035016780.00049e867720273b73c39&z=8
Please sponsor me at http://www.justgiving.com/Alex-Sharaz
Checked by Hu-fw-yhman
_______________________________________________
radiator mailing list
radiator@open.com.au<mailto:radiator@open.com.au>
http://www.open.com.au/mailman/listinfo/radiator
--
Cheers, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
