[EXT] Re: Question on client retransmit behavior

[Brian Julin]

Alan DeKok <aland at deployingradius.com> wrote:
>                • The higher layer is responsible for re-transmission within a single authentication attempt,
> and should protect communication with the Authentication Server with retransmissions appropriate to the transport use.
>
> and
>
>       Correct protocol operation depends upon the use of timer values by the Supplicant higher layer functions that are 
> compatible with those used by the Authenticator’s higher layer functions to retransmit EAP-Requests.
> There is no automatic means of communicating changes in timer values between Authenticator and Supplicant,
> so deviation from the default timer values can adversely affect the operation of the protocol.

Thanks.  If I find the time and patience to take this up with the vendor those will be useful.

>  Where "authenticator" is the NAS.
>
> So perhaps it's the responsibility of the NAS to do retransmissions.

Hrm... maybe I'll just give it a try when usage is really low just to see what happens.  Something horrible, no doubt.

>> There appears (sigh) to be no way to turn this behavior off.  It also has a maximum 5 second timeout between retransmits, and though it will respond to Status-Server requests, it will not send them to upstream proxies.
>  That part is at least fine: not proxying Status-Server.

What I meant was... it does not allow you to initiate Status Server probes on that proxy hop to send to the next proxy.  Wouldn't expect it to forward.

Thanks again.