Richard Pruss wrote: > The fragmentation size problem may be addressed by the relay agent > having the role of EAP authenticator, as it splits the EAP traffic into > RADIUS out of DHCP, and DHCP messages should be normally sized to the > server.
RADIUS packets are maximum 4k in size, so RADIUS wouldn't be the limiting factor. What is the limiting factor is EAPoL, where packets can't be fragmented. Most RADIUS servers already look for a MTU in the Access-Request, and limit the size of EAP responses on their end, so that the EAP data will fit into one Ethernet packet. My tests on various implementations show that RADIUS servers and 802.1x supplicants appear to work with MTUs set very low, such as 100 octets. The result is a LOT more RADIUS traffic than normal, but the authentication process succeeds. So limiting the DHCP packet sizes to 500 octets shouldn't affect the operation EAP. Similar issues apply to PANA, where there is IP and UDP overhead on top of what would otherwise be EAPoL. Alan DeKok. _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
