Hi Alan, it still seems strange that it would respond with a packet id that was never sent by the client. I guess this could only happen if the AP somehow thought it should retransmit the identity request.
I am hoping the radius server logs will help so i can see the missing packet causing freeradius to increment the packet id. Thanks, Tom > l...@securew2.com wrote: >> Furthermore this does not happen all the time leading me to believe this >> might be a retransmit issue between the access point and freeradius, >> maybe >> during high load. > > That's likely. And since it's EAP retransmit after a long time, odds > are that the RADIUS packet isn't retransmitted. > > It's a brand new RADIUS packet, which means that the RADIUS layer > duplicate detection doesn't work. Which means that the EAP packet is > processed again. > > I suspect that there's very little you can do about it. > > There are patches going into 3.0 which will detect RADIUS retransmits > over multiple proxy hops. That is a rare case, but more likely in the > case of eduroam. Fixing it is good. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html