[RADIATOR] Radius packets dropped - DONT FRAG bit set

Hugh Irvine hugh at open.com.au
Wed Oct 8 17:09:50 CDT 2008


Hello Bob -

Well, RADIUS is UDP, which to the best of my knowlege is single  
packet send, single packet reply, and by definition cannot be  
fragmented.

It would be useful from my point of view to see your Radiator  
configuration file and a trace 4 debug in conjunction with a  
Wireshark capture.

Radiator also just hands the outgoing RADIUS packets to the operating  
system to send - what hardware/software platform are you running on?

regards

Hugh



On 9 Oct 2008, at 00:00, Bob Shafer wrote:

> Our datacomm folks are having a problem with EAP passing through an  
> Aruba controller to a non-Aruba AP.  Aruba support says the same  
> hardware works fine in their lab, but they are using a MS radius  
> server.
>
> Here are the logs from the controller:
>
> Oct 7 11:35:38 :124004:  <DBUG> |authmgr|  Forwarding the Radius  
> packet after stateful dot1x processing code:11/smac: 
> 00:0f:f8:a0:a8:80/sport:1812/dport:32769
> Oct 7 11:35:38 :199802:  <ERRS> |authmgr|  radhdlr.c,  
> rx_statefull_radius:204: the DONT FRAG bit set in the radius  
> response, dropping the request
> Oct 7 11:35:38 :124004:  <DBUG> |authmgr|  Forwarding the Radius  
> packet after stateful dot1x processing code:1/smac:00:0f:7d: 
> 00:55:39/sport:32769/dport:1812
> Oct 7 11:35:38 :199802:  <ERRS> |authmgr|  radhdlr.c,  
> rx_statefull_radius:204: the DONT FRAG bit set in the radius  
> response, dropping the request
> Oct 7 11:35:38 :124004:  <DBUG> |authmgr|  Forwarding the Radius  
> packet after stateful dot1x processing code:2/smac: 
> 00:0f:f8:a0:a8:80/sport:1812/dport:32769
>
> In our radius.cfg we have:
>
> EAPTLS_MaxFragmentSize 1000
>
> though I'm not sure if this is the underlying issue, or not.  If  
> not suggestions on where to look are more than welcome.
>
> I'd be happy to send config, etc. but thought this might be a  
> problem you have encountered.  BTW we're running Radiator 4.2.   
> I've been ready to switch to 4.3 for a couple of months, but  
> datacomm hasn't had time to try their devices with the 4.3 test  
> server I've set up.
>
> Thanks,
>
> Bob Shafer
> University of Denver
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list