Security

Reply

Fragmentation Radius responses

We use Clearpass for EAP-TLS authentication.

One of our WAN suppliers does not allow fragmented packets.

On this branch we cannot get EAP-TLS to function.

The MTU settings we made on our VM500:

Data port MTU 1300

EAP-TLS fragment MTU 1300 (default 1024)

(management port = default MTU 1500)

 

In tracker we see timeouts for EAP-TLS clients. EAP-PEAP no problem.

 

In wireshark we see that the packets are send by Clearpass that are  fragmented on the IP layer. (protocol IPv4)

I expected the fragmentation - not on the IP layer but - in EAP-TLS. (all packets protocol RADIUS).

 

How can i change the behaviour of Clearpass to not fragment on IP layer but fragment in EAP-TLS protocol?

Re: Fragmentation Radius responses

Bump

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: