Re: IEEE 802.1X support with Host AP driver


From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-09-25 15:16:23 UTC



On Tue, Sep 24, 2002 at 05:16:58PM -0500, Mody Sachin (Princeton) wrote:

> Everytime I try the TLS or TTLS authentication I get an error message saying
> Message too long on a ieee802.1x send.
> Below are the debug messages for the problem, this is for the EAP-TLS case,
> the problem with EAP-TTLS is also exactly the same: (Its very long)

> Received 2369 bytes from authentication server

> ieee802_1x_send: send: Message too long

That's too long message IEEE 802.1X when using IEEE 802.11 between the Authenticator and the Supplicant. IEEE 802.1X does not support fragmentation in that part and the messages from authentication server will thus need to be smaller. I set the MTU of wlan0ap to more or less maximum value (2290) to allow over 1500 byte frames, but 2369 bytes is too much. If I remember correctly, EAP messages can be fragmented at higher level. In other words, I would recommend checking whether you could configure the authentication server to use smaller EAP packets (max. fragment size or something similar in the configuration).

-- 
Jouni Malinen                                            PGP id EFC895FA


This archive was generated by hypermail 2.1.4.