MTU size on network interfaces is around 1500 bytes. If the RADIUS UDP packet exceeds this size then they packets will be split up. UDP packets are normally quite small so this isn't common. EAP-PEAP packets tend to be small because PEAP just uses certificates at one end and username/password at the other. On the other hand, EAP-TLS use certificates in both directions. Certificates are much bigger than a username and password so more likely to exceed the MTU size.
If a firewall is configured to be suspicious of packet fragmentation (often used as way of hacking organisations) then it could block these authentication attempts. We've only really heard of this happening with EAP-TLS for the reasons above.
The configuration of the client and servers with the certificate chain is an important factor. At a bare minimum the server needs a Root CA and a client needs a client certificate. In this simple case the packet size isn't likely to cause fragmentation. However, the certificate chain might contain one or more intermediate CAs and where these are deployed is critical. The key is to have as much of the chain as possible installed on the server and for the client to send as little as possible with each auth request.
The same applies to EAP-PEAP for the TTLS part - the client should have as much of the chain as possible and the server with just the server cert.
Doing this means that during an authentication the minimum (one server cert and one client cert) are passed around rather than a number of client, server and intermediates.
These are not exclusive.
The last option is somewhat of a last resort because it's not universally respected by RADIUS servers. However, what it does do is to pass a hint to a RADIUS server to request that the RADIUS server use a maximum of 1100 bytes for the RADIUS packet. This would mean that, with the additional headers provided by the TCP stack that the packets should never be fragmented.
The caveat is, as stated, that different RADIUS server react differently to seeing Framed-MTU. It certainly can't be relied on at the solution.
<insert info about RADIUS server support for Framed-MTU>