How to reduce the EAP packet size by using the Framed MTU attribute in Windows Server 2003


This article describes how to reduce the EAP packet size of a Remote Authentication Dial-In User Service (RADIUS) server. You can do this by using the Framed-MTU attribute in Internet Authentication Services (IAS) of a Microsoft Windows Server 2003-based computer.

More Information

The Extensible Authentication Protocol (EAP) packets of the RADIUS server are large when some firewall programs drop the UDP fragments to help protect the network. Framed MTU is used with EAP authentication to notify the RADIUS server about the Maximum Transmission Unit (MTU) negotiation with the client. The RADIUS server communicates with the client, so that the RADIUS server does not send EAP messages that cannot be delivered over the network. The default attribute value of the framed MTU for the IAS server is 1,500. You can set the attribute to a minimum of 64 and a maximum of 1,500. To avoid the fragment issues, you can set the attribute value to 1,344.

To set the Framed-MTU attribute in IAS, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Internet Authentication Service.
  2. Under Internet Authentication Service, locate Remote Access Policies, and then click Remote Access Policies.
  3. Under Remote Access Policies, open a policy. To do this, follow these steps:
    1. In the right-pane, click a policy.
    2. On the Action menu, click Properties.
  4. On the Settings tab, click Edit Profiles.
  5. In the Edit Dial-in Profile dialog box, click the Advanced tab.
  6. Under Attributes, click Framed-Protocol, and then click Add.
  7. In the Add Attributes dialog box, locate Framed-MTU, click Framed-MTU, and then click Add.
  8. In the Attribute Information dialog box, type the value that you want in the Attribute Value box, and then click OK.
  9. Click Close, and then click OK two times.