When Does the RADIUS Certificate Packet Fragment?

Started by deanwebb, July 20, 2016, 07:29:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

deanwebb

July 20, 2016, 07:29:27 PM
Fun stuff here...

When Windows sends a certificate to a RADIUS server as part of an 802.1X logon sequence, it does not fragment the EAP/EAPOL traffic.

It. Does. Not. Fragment.

:badass:

That's right, set that MTU wherever you want, it won't fragment. Set it too low, in fact, and Windows won't even send it at all! In the Cisco technote describing this, they noted that they saw cert packets as large as 2000 bytes! When the AP gets the EAP/EAPOL traffic, it has to convert it to RADIUS traffic and send it on to the WLC. Therefore, that AP has to fragment the traffic because Windows is a honey badger and it don't care.

This is Windows: :steamtroll: and this is the Cisco AP:  :jackie-chan:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions