802.1x - Registry Key to change EAP packet size

802.1x - Registry Key to change EAP packet size

Post by Thomas » Thu, 13 Oct 2005 05:32:19


Dear NG,

I believe (& so does Cisco) that I have run into a bug around 802.1x.

To validate/invalidate the possibility, I would like to know whether it is
possible in Windows XP, to change the maximum EAP packet size.
Via a registry key for example.

I'm at a customer in Sweden & have to leave in about 12 hours. I'd be
grateful if someone could pinpoint the correct registry key to me :-)

I'll keep you updated,

Best regards,

Thomas


Context:
802.1x - EAP-TLS machine authentication
At some stage in the authentication process, IAS sends radius/challenge
message with its certificate
Authenticator relays as EAP/request
Supplicant sends EAP/response
Authenticator does not do anything, because:
- EAP/response is too big
- Cisco does not support fragmentation of radius messages
Authentication fails
 
 
 

802.1x - Registry Key to change EAP packet size

Post by James McIl » Thu, 13 Oct 2005 07:23:14

"Thomas K" < XXXX@XXXXX.COM > wrote in



The information on how to do this is included in the IAS Operations Guide:


http://www.yqcomputer.com/
4763-8909-36e7c310ae3c&displaylang=en

--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
 

802.1x - Registry Key to change EAP packet size

Post by Manjunath » Fri, 14 Oct 2005 02:14:55

Thomas

Here are a couple of suggestions I got internally from others in
Microsoft:
--------------
Actually this is better done from the server side Set the Framed-MTU
(advanced settings in RAP or CRP in IAS) to a lower number this would set
the size of the EAP packet.

EAP to radius encapsulation is done by the AP not the supplicant

There is no bug here. If the Radius (UDP) packet gets fragmented. Many
switches will drop it. And cause a message incomplete error on IAS server

-------------------
The 1X supplicant gets the maximum size of the packet by querying the
miniport driver. What is the scenario here - it that you want to achieve by
changing the size?

--------------------
Thanks, Manju

+++++++++++++++++++++++++++++++++++++++++++++++
This posting is provided "AS IS" with no warranties, and confers no rights
 
 
 

802.1x - Registry Key to change EAP packet size

Post by Thomas » Sun, 16 Oct 2005 18:19:40

Hello James,

I'll try setting the framed-mtu to 1344 & let u know

T
 
 
 

802.1x - Registry Key to change EAP packet size

Post by Thomas » Sun, 16 Oct 2005 18:20:55

Hello Manju

I'll try setting the framed-mtu to 1344 & let u know if this solves the
problem :)

T