Hello Carlos,
sorry for the late reply.
So yes you can add Framed-MTU in the radius reply.
Use the radius filter for that , something like that should work:
[eap]
filter = connection_type
operator = is
value = Ethernet-EAP
[1:eap]
scope = returnRadiusAccessAccept
merge_answer = yes
answer1 = Framed-MTU => 1500
Regards
Fabrice
Le 19-02-10 à 04 h 26, Carlos Wetli via PacketFence-users a écrit :
Hello,
We are currently configuring dot1x on our older cisco devices which
migt be replaced this year or early next year. We are running
PacketFence 8,3 as authentication server and windows 10 clients. A PKI
is available and the certificates have been deployed on the clients
and servers.
We have the issue that the Cisco 2960 is fragmenting the EAP Packet
correctly but not adding them correctly within the Radius packets,
which means that a large Radius Packet (1750 Bytes) is then
fragmented when put on the wire and therefore put an EAP fragment on
two different UDP Frames.This means that only a part of the 255 bytes
EAP fragment is on the first UDP frame while the rest of the EAP
fragment is then sent by the next fragmented UDP frame. My
understanding is that this should not occur as a EAP fragment should
not further been fragmented on two different Radius packets.
I can also see that the Switch is sending Framed-MTU 1500, while
PacketFence have a EAP fragement-size of 1024 configured but not
sending out Framed-MTU. Would it help to send a Framed-MTU smaller
that 1500 from PacketFence ? How/where can that be done ?
As alternative is there a possibility to configure the Windows Client
to send smaller EAP packets `?
Thanks in advance,
Regards,
Carlos
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
