On 10/11/2011 02:35 PM, Alexander Hartmaier wrote: Hello Alexander,
thanks for the information. The doc mentions 1000 as an example of a safe value, but these numbers look like probable reasonable values. I'll make a note of adding this to the docs. Thanks! > I've tried a lot of different values and looked at the radius packets > coming from our switches (for wired dot1x): > peap 1350, inner tls 1300 > peap 1400, inner tls 1360 > peap 1412, inner tls 1350 > > In the end I've used 1350/1300 because increasing it any further towards > the limit didn't lower the number of packets so I preferred to have a > little bit of safety margin left. > > The EAP packet that is encapsulated inside one of the radius key/value > pairs + all other radius attributes doesn't exceed one ethernet frame > because EAP doesn't support fragmentation. > Depending on the number of other radius attributes your switches or wlan > controllers send to the radius servers you can increase the EAP payload. > Decreasing the number of packets reduces the authentication time and > lowers to load on both the radius client (switch, wlan controller) and > radius server. > > @Open guys: can you please add something like my description to the docs? -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator