[RADIATOR] Radius packets dropped - DONT FRAG bit set
Bob Shafer
bshafer at du.edu
Wed Oct 8 08:00:39 CDT 2008
Our datacomm folks are having a problem with EAP passing through an
Aruba controller to a non-Aruba AP. Aruba support says the same
hardware works fine in their lab, but they are using a MS radius server.
Here are the logs from the controller:
Oct 7 11:35:38 :124004: <DBUG> |authmgr| Forwarding the Radius packet
after stateful dot1x processing
code:11/smac:00:0f:f8:a0:a8:80/sport:1812/dport:32769
Oct 7 11:35:38 :199802: <ERRS> |authmgr| radhdlr.c,
rx_statefull_radius:204: the DONT FRAG bit set in the radius response,
dropping the request
Oct 7 11:35:38 :124004: <DBUG> |authmgr| Forwarding the Radius packet
after stateful dot1x processing
code:1/smac:00:0f:7d:00:55:39/sport:32769/dport:1812
Oct 7 11:35:38 :199802: <ERRS> |authmgr| radhdlr.c,
rx_statefull_radius:204: the DONT FRAG bit set in the radius response,
dropping the request
Oct 7 11:35:38 :124004: <DBUG> |authmgr| Forwarding the Radius packet
after stateful dot1x processing
code:2/smac:00:0f:f8:a0:a8:80/sport:1812/dport:32769
In our radius.cfg we have:
EAPTLS_MaxFragmentSize 1000
though I'm not sure if this is the underlying issue, or not. If not
suggestions on where to look are more than welcome.
I'd be happy to send config, etc. but thought this might be a problem
you have encountered. BTW we're running Radiator 4.2. I've been ready
to switch to 4.3 for a couple of months, but datacomm hasn't had time to
try their devices with the 4.3 test server I've set up.
Thanks,
Bob Shafer
University of Denver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3577 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.open.com.au/pipermail/radiator/attachments/20081008/19211773/attachment.bin>
More information about the radiator
mailing list