Palo Alto Networks Knowledgebase: Oversize Microsoft RADIUS Response Packets being Dropped.

Oversize Microsoft RADIUS Response Packets being Dropped.

1865
Created On 02/07/19 23:41 PM - Last Updated 02/07/19 23:41 PM
User-ID
Resolution

Issue

It is possible for fragmented Microsoft RADIUS authentication response packets from the server to be dropped at the firewall.

 

Cause

This is due to the Microsoft RADIUS server creating oversized packets because of encapsulated authentication inside RADIUS authentication response packet.

 

Resolution

A smaller payload can be configured on the RADIUS server which will resolve the issue by following this procedure: Configure the Framed-MTU Attribute

 

owner: mcooke



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyACAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language