question regarding the Framed-MTU and the fragment_size in EAP

[Dave Wang]

Hi,

I noticed that in our aruba switch, it refused to work after eap-tls
if I left the default config for EAP-TLS fragment_size.

And what happened is, aruba switch does not send Framed-MTU in radius
request, freeradius uses the fragment_size to do calculation, but in
the Access-Accept response, it sends a radius attribute Framed-MTU,
with value calculated based on fragment_size.

However, I do not understand why freeradius sends the Framed-MTU based on
the
fragment_size, as it seems these two are not directly linked.

The Framed-MTU is more or less used to set the MTU for this user for
the following traffic. but the fragment_size is used to decide how we
do the fragment in eap, and the value is restricted by the link
between NAS and freeradius.

Suppose the max-MTU between NAS and freeradius is 1000, so we need to
set the fragment_size to be a smaller value in order to make the EAP
works, but if the other links the NAS used have a higher max-MTU (say
1500), there is no reason to restrict the max-MTU to be 1000 in the
end.

Any reason behind how the Framed-MTU is set in the EAP-TLS case based
on the fragment_size?


Regards,
Dave