How to Remove Framed-MTU from Access-Accept in PEAP Authentication
Alan DeKok
aland at deployingradius.com
Fri May 2 10:14:49 UTC 2025
On May 1, 2025, at 6:24 PM, 早川 拓人 <Takuto.Hayakawa at soliton.co.jp> wrote:
>
> I noticed that when performing PEAP authentication using FreeRADIUS, an unintended "Framed-MTU" attribute is included in the Access-Accept. Could you please advise on how to remove this "Framed-MTU" from the Access-Accept?
>
> After some investigation, I found that adding the following code at the beginning of the post-auth section allows for its removal:
Yes, that works.
> ==========================================================================
> sites-enabled/default.in<http://default.in/>
> -----
>
> post-auth {
> + if ( &session-state:Framed-MTU ) {
> + update session-state {
> + &Framed-MTU !* ANY
> + }
> + }
> ==========================================================================
>
> Is this method correct? Additionally, is there a simpler and safer way to remove the "Framed-MTU"?
>
> Thank you for your assistance.
>
> Please find the debug log below for your reference.
> Due to email size constraints, I have included an excerpt in the email. For the full log, please refer to the attached FreeRadiusv3_2_7_PEAP_Accept.log.
If you post the debug output as text, there's no issue. You had multiple messages to the list rejected because you were posting it as HTML, and then also attaching more files to the message.
The documentation says to post text to the list. The debug output for one PEAP authentication is fairly small, and won't reach anywhere near the limits of the list.
Alan DeKok.
More information about the Freeradius-Users
mailing list