Changing MTU value for EAP Session error
Alan DeKok
aland at deployingradius.com
Wed Jan 11 08:48:34 CET 2012
Sallee, Stephen (Jake) wrote:
> I have read on the list and the FR wiki that decreasing the MTU value
> for the tunnel can help alleviate the pesky EAP session did not finish
> problem. I would like to try this as I am getting the same issue on IOS
> and Android based phones using the default certs FR ships with.
It *might* help. Or it might not. If you get 4-5 Request/Challenge
exchanges, then changing MTU likely won't help.
> However I cannot find where to specify the MTU value, I assume it is in
> the inner-tunnel virtual server,
Nope.
> but my google-fu is weak today and
> cannot find any instructions. I see several messages on the list saying
> that is should be done but none actually explaining HOW.
Like most things in FreeRADIUS: you don't. It's calculated
automatically. If the NAS sends a Framed-MTU, then FreeRADIUS uses that
to calculate the maximum MTU.
The simplest thing to try is to see eap.conf, and change fragment_size
to something smaller. Anything less than 1K is likely useless, as
Ethernet always supports 1.5K packets.
If it still doesn't work when fragment_size=1K, then the problem isnt
MTU. It's something else.
Alan DeKok.
More information about the Freeradius-Users
mailing list