RADIUS attribute 12 : Framed-MTU

RaphaelL
Kind of a big deal
Kind of a big deal

RADIUS attribute 12 : Framed-MTU

Hi ,

 

I don't know if we have any product specialist or radius guru here that could clarify something for me.

 

Reading RFC2865 I can't quite understand the use-case of the framed-MTU attribute.

https://datatracker.ietf.org/doc/html/rfc2865#page-37

 

It is used by Meraki and the value is not customizable and right now it is 1400.

 

RaphaelL_0-1697655316019.png

2 Questions.

 

1- From what I can understand , the Authenticator ( MS,MR,MX whatever ) is saying to the RADIUS server ( Cisco ISE in my case ), hey ! don't send me anything over 1400 bytes please.  Right ?

2- Is there another way around ? For the RADIUS server to announce that it would preffer not to receive anything over 1400 bytes ?

 

Not trying to solve anything , just trying to understand how that thing works !

1 Reply 1
pjc
A model citizen

I was wondering when trying to resolve issues previously I was having at some of my SDWAN sites and suspected packet fragmentation where, if any, MTU value was specified on the MR's.  I tried reducing MTU sizes in NPS Radius connection policies, but had no joy.  Ended up having to use the Meraki Proxy Radius to broker requests for those troublesome sites where there was fragmentation

Get notified when there are additional replies to this discussion.