Initial access requests getting dropped, successive requests succeed

Arran Cudbard-Bell a.cudbardb at
Fri Mar 31 17:35:14 CEST 2017

> On Mar 31, 2017, at 10:27 AM, Alan DeKok <aland at> wrote:
> On Mar 31, 2017, at 10:01 AM, Jeremy Stretch via Freeradius-Users <freeradius-users at> wrote:
>> As an isolated test, I have a Juniper switch configured to authenticate to
>> one of the FreeRADIUS servers, which in turn authenticates against one
>> backend LDAP server. When I try to log into the switch, tcpdump on the
>> RADIUS server confirms that it receives an Access-Request packet. I've
>> stopped the normal daemon and am running `freeradius -X` on the server, but
>> it prints only a single line in response to the Access-Request:
>>   Ready to process requests.
>> It prints this same line each time a request is dropped.
>  That means that the OS told FR there was a packet, but when it tried to read the packet, there was no RADIUS packet.
>  If it was from an unknown client, it would print that.  If it was a malformed packet, it would print that.  So something else is going on.

It might be RPF causing the issue.  I vaguely remember this being a symptom of that, but I could be incorrect.

Simple to check...


Arran Cudbard-Bell
FreeRADIUS Core Developer

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list