Multiple access-request + access-accept packets in one conversation.

Vlad Kratsberg vkratsberg at
Wed Jun 1 21:27:54 CEST 2016

Hi Freeradius Users,

I will appreciate some help here.  We are running FR3.0.11 + ldap + 802.1x
peap + gtc.

When client tries to get on the network for the first time, everything is
good.  Server issues cert, client accepts, vlan id is attached to
access-accept packet, and client gets an ip.  The whole exchange is fast
and only consists of 8 request packets.

However , when client tries to re-authenticate -- communication between
client and a server grows to 100 + request packets while server responds
with multiple access-accept packets and none of them contain Tunnel-Id (
not cached ?)

When i disable cache subsection of eap module, and client tries to
re-authenticate, i also get a very long conversation (100+ requests )
involving multiple access-request and access-accept messages, however
access-accept messages return with Tunnel-id attribute.

Can someone point me in the right direction as to why communication is so
long and involves multiple access-accept packets when client tries to
re-authenticate and what needs to be done with cache so it works properly
and caches Tunnel-Id.


More information about the Freeradius-Users mailing list