Hello Alex, On Tuesday 11 October 2011 09:35:08 pm Alexander Hartmaier wrote: > I've tried a lot of different values and looked at the radius packets > coming from our switches (for wired dot1x): peap 1350, inner tls 1300 > peap 1400, inner tls 1360 > peap 1412, inner tls 1350 > > In the end I've used 1350/1300 because increasing it any further towards > the limit didn't lower the number of packets so I preferred to have a > little bit of safety margin left. > > The EAP packet that is encapsulated inside one of the radius key/value > pairs + all other radius attributes doesn't exceed one ethernet frame > because EAP doesn't support fragmentation. Depending on the number of other > radius attributes your switches or wlan controllers send to the radius > servers you can increase the EAP payload. Decreasing the number of packets > reduces the authentication time and lowers to load on both the radius > client (switch, wlan controller) and radius server. > > @Open guys: can you please add something like my description to the docs?
Done for the next release. Cheers. > > Am 2011-10-11 13:16, schrieb Alex Sharaz: > Hi, > > For a long time I've had > > ===== > # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt > # size that will be replied by Radiator. It must be small > # enough to fit in a single Radius request (ie less than 4096) > # and still leave enough space for other attributes > # Aironet APs seem to need a smaller MaxFragmentSize izes. > EAPTLS_MaxFragmentSize 1000 > > ========== > > Set up in my Radiator radius.cfg file simply because it was there in the > sample radius.cfg file I initially used. I'm now wondering if perhaps this > is a bit small. > > What are other people doing? > Is anyone explicitly setting this up or are people leaving it to the > default value > > Rgds > Alex > > > > > Time for another Macmillan Cancer Support event. This time its the 12 day > Escape to Africa challenge View route at > http://maps.google.co.uk/maps/ms?ie=UTF8&hl=en&msa=0&msid=20377986643603501 >6780.00049e867720273b73c39&z=8 Please sponsor me at > http://www.justgiving.com/Alex-Sharaz > > > > > > > Checked by Hu-fw-yhman > > > > > _______________________________________________ > radiator mailing list > radiator@open.com.au<mailto:radiator@open.com.au> > http://www.open.com.au/mailman/listinfo/radiator > > -- > Cheers, Alex > > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien > Handelsgericht Wien, FN 79340b > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >"* Notice: This e-mail contains information that is confidential and may be > privileged. If you are not the intended recipient, please notify the sender > and then delete this e-mail immediately. > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >"* -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
