Hi Alan, it still seems strange that it would respond with a packet id that was never sent by the client. I guess this could only happen if the AP somehow thought it should retransmit the identity request. I am hoping the radius server logs will help so i can see the missing packet causing freeradius to increment the packet id. Thanks, Tom
list@securew2.com wrote:
Furthermore this does not happen all the time leading me to believe this might be a retransmit issue between the access point and freeradius, maybe during high load.
That's likely. And since it's EAP retransmit after a long time, odds are that the RADIUS packet isn't retransmitted.
It's a brand new RADIUS packet, which means that the RADIUS layer duplicate detection doesn't work. Which means that the EAP packet is processed again.
I suspect that there's very little you can do about it.
There are patches going into 3.0 which will detect RADIUS retransmits over multiple proxy hops. That is a rare case, but more likely in the case of eduroam. Fixing it is good.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html