EAP fragment size clarification needed

Alan DeKok aland at deployingradius.com
Mon Sep 24 09:58:16 CEST 2007


Stefan Winter wrote:
> I wonder what the sentence about MAX packet size on APs is about. Is it their 
> maximum allowed length of a RADIUS packet? Frankly, that would be quite 
> stupid because packets can legitimately be much larger than that. (-> RADIUS 
> implementation problem on AP)

  No.  It's Ethernet segment size.  When the AP talks to the supplicant,
it's via EAPoL (EAP over LAN).  The EAP packets are put into the data
portion of Ethernet packets.  Since Ethernet packets can't be
fragmented, there's a limit to the maximum EAP packet size.

> If it is about fragmented and re-assembled UDP: that would mean those APs 
> can't re-assemble UDP properly (-> again implementation problem)

  That happens, too.  It's easier to add code on the server than to fix
buggy AP's.

> finally, if it's about the max layer-2 size for the EAP conversation: then a 
> fragment size of 1500 would be okay on a 1500 MTU on layer 2 (and if one only 
> authenticates 802.3 LANs and 802.11 WLANs, both of them handle 1500 just 
> fine).

  There is often additional information (VLAN, etc.) that can shrink the
maximum Ethernet segment size.

> So if the above holds true, I would much rather set fragment size to 1500, and 
> fix any upcoming impl problems that have nothing to do with EAP frag size, 
> rather than yield with my frag size.

  That's why it's configurable.  Others have reported issues with
fragment sizes larger than 1024.  Some even need it to be less.

  Alan DeKok.



More information about the Freeradius-Users mailing list