Hello we look after a large Enterprise network and wish to deploy certificate-based 802.1x enterprise-wide. The network uses encryption over a multi-layer architecture. We see a Radius issue on congested links because the EAP conversations are quite large (certificate exchange). Thus a 7000 byte PDU is fragmented into 1500 bytes, then each of these is fragmented into 1400 bytes over the encrypted links, we may then have 10 fragments, some of which are lost on congested links.
We wanted to use "IP MTU 1400" on the management interface on the 3560s and 3750s but this command is "not supported". It seems strange that this command is not available - not sure why. In this case, is there any other alternative to force the Radius traffic from the switch to 1400 bytes to avoid fragmentation and thus loss of data.