Configuring EAP-TLS Fragment Size

Use the following command to configure and reduce the EAP-TLS fragment size sent to the RADIUS server. Reducing the EAP-TLS fragment size ensures that IP fragmentation does not take place in the network.

It is important to configure the EAP-TLS fragment size based on the MTU of the network.
The following command will only set the EAP-TLS fragment size sent to the RADIUS server. The EAP-TLS fragment size sent to supplicant will not be changed. This command is applicable only for the EAP-TLS method, and it does not apply to PEAP/EAP-TTLS.

Syntax

aaa port-access authenticator eap-tls-fragment towards-server <max-fragment-size>

no aaa port-access authenticator eap-tls-fragment towards-server <max-fragment-size>

Description

Configures the EAP-TLS fragment size sent to the RADIUS server. If the EAP-TLS fragment size is not configured, the switch will perform EAP-TLS fragmentation only when the size of the incoming data packet is more than 3 KB.

The no form of the command removes the EAP-TLS fragment size configuration.

Parameter

eap-tls-fragment towards-server

Configure the EAP-TLS fragment size, which is sent to the RADIUS server.

<max-fragment-size>

Enter the value to set the maximum fragment size. The allowable range of EAP-TLS fragment size is between 576 to 3072 bytes.

Command Context

config