Radsec Limitations

Michael Cullen michael.cullen at madetech.com
Wed May 26 15:43:10 CEST 2021


Good afternoon,

We have radsec tunnels between the authenticator and the server wherever it
is supported, and a lot of the newer networking equipment that has this.
The majority of traffic will be on Windows machines using EAP-TTLS. We came
across this message:
https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/task/radsec-configuring.html#:~:text=Due%20to%20limitations%20of%20the,255%20RADIUS%20messages%20in%20flight
which states "NOTE: Due to limitations of the TCP protocol, RADSEC can have
no more than 255 RADIUS messages in flight."

Due to the majority of our traffic being from Windows machines using
EAP-TTLS, will this also include RADIUS messages? Has anyone been affected
by this limitation? We are looking at scaling the RADIUS solution to a
large number of users in the future.
There seems to be no reported issues about these limitations, other than
the article above.

Thanks for any help you can provide,
Michael


More information about the Freeradius-Users mailing list