02-04-2007 09:37 PM - edited 03-05-2019 02:09 PM
Hello we look after a large Enterprise network and wish to deploy certificate-based 802.1x enterprise-wide. The network uses encryption over a multi-layer architecture. We see a Radius issue on congested links because the EAP conversations are quite large (certificate exchange). Thus a 7000 byte PDU is fragmented into 1500 bytes, then each of these is fragmented into 1400 bytes over the encrypted links, we may then have 10 fragments, some of which are lost on congested links.
We wanted to use "IP MTU 1400" on the management interface on the 3560s and 3750s but this command is "not supported". It seems strange that this command is not available - not sure why. In this case, is there any other alternative to force the Radius traffic from the switch to 1400 bytes to avoid fragmentation and thus loss of data.
thanks,
Netdesign
02-09-2007 06:37 AM
You cannot change the MTU for individual interface. You must set the MTU globally. Reset the switch afterwards for the MTU change to take effect.
02-11-2007 03:12 PM
Thanks but I don't want to change the MTU on the physical interfaces. I need to change the MTU on the management VLAN so it doesn't source UDP (Radius) traffic larger than 1400 bytes.
Anyway, looks like Cisco can't do it even though it should be a feature. I guess we'll have to request a change - it's for a very large customer rollout.
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide