Fragmentation Radius responses
11-29-2018 06:50 AM
We use Clearpass for EAP-TLS authentication.
One of our WAN suppliers does not allow fragmented packets.
On this branch we cannot get EAP-TLS to function.
The MTU settings we made on our VM500:
Data port MTU 1300
EAP-TLS fragment MTU 1300 (default 1024)
(management port = default MTU 1500)
In tracker we see timeouts for EAP-TLS clients. EAP-PEAP no problem.
In wireshark we see that the packets are send by Clearpass that are fragmented on the IP layer. (protocol IPv4)
I expected the fragmentation - not on the IP layer but - in EAP-TLS. (all packets protocol RADIUS).
How can i change the behaviour of Clearpass to not fragment on IP layer but fragment in EAP-TLS protocol?