Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SBR] Steel Belted Radius server rejects the authentication with the 'Send packet aborted: would be too long' error message

0

0

Article ID: KB25568 KB Last Updated: 08 Mar 2017Version: 3.0
Summary:
This article describes the issue of the Steel Belted Radius server rejecting authentication with the Send packet aborted: would be too long error message being generated.
Symptoms:
The Steel Belted Radius server rejects the authentication with the Send packet aborted: would be too long error message being generated.
Cause:
This error message is generated, when the SBR server is configured with the return-list attribute, which contains more than 4075 bytes.

For example:

The Cisco-AVPAIR return list attributes for the NCS login with the following attribute values are as follows:
NCS:role0=Root
NCS:virtual-domain0=ROOT-DOMAIN
NCS:task0=View Alerts and Events
NCS:task1=Device Reports
NCS:task2=RADIUS Servers
NCS:task3=Network Summary Reports
NCS:task4=Configure ACS View Servers
NCS:task5=Run Reports List
NCS:task6=View CAS Notifications Only
NCS:task7=Administration Menu Access
NCS:task8=Monitor Clients
NCS:task9=Monitor Media Streams
NCS:task10=Configure Guest Users
NCS:task11=Configure Lightweight Access Point Templates
NCS:task12=Monitor Chokepoints
NCS:task13=Maps Read Write
NCS:task14=Configure Access Points
NCS:task15=Virtual Domains List
NCS:task16=All
NCS:task17=Users and Groups
NCS:task18=Saved Reports List
NCS:task19=Migration Templates
NCS:task20=Monitor Spectrum Experts
NCS:task21=Configure Autonomous Access Point Templates
NCS:task22=Audit Trails
NCS:task23=Monitor Handover Server
NCS:task24=Client Location
NCS:task25=Monitor Access Points
NCS:task26=CleanAir Reports
NCS:task27=Configure Ethernet Switches
NCS:task28=Configure Ethernet Switch Ports
NCS:task29=TACACS+ Servers
NCS:task30=Autonomous AP Reports
NCS:task31=Mobility Service Management
NCS:task32=Performance Reports
NCS:task33=Help Menu Access
NCS:task34=Configure Controllers
NCS:task35=MSAP Reports
NCS:task36=Scheduled Tasks and Data Collection
NCS:task37=Monitor Tags
NCS:task38=Search Access
NCS:task39=Scheduled Configuration Tasks
NCS:task40=Configure WIPS Profiles
NCS:task41=Client Reports
NCS:task42=Services Menu Access
NCS:task43=Configure Templates
NCS:task44=System Settings
NCS:task45=Report Launch Pad
NCS:task46=Remove Clients
NCS:task47=Configure Config Groups
NCS:task48=Mesh Reports
NCS:task49=High Availability Configuration
NCS:task50=License Center
NCS:task51=Lobby Ambassador Defaults Configuration
NCS:task52=Monitor Controllers
NCS:task53=Monitor Security
NCS:task54=Monitor Menu Access
NCS:task55=Track Clients
NCS:task56=Monitor Interferers
NCS:task57=Configure Switch Location Configuration Templates
NCS:task58=Configure WiFi TDOA Receivers
NCS:task59=TAC Case Attachment Tool
NCS:task60=Handover Server Management
NCS:task61=Voice Audit Report
NCS:task62=Global SSID Groups
NCS:task63=Report Run History
NCS:task64=Compliance Reports
NCS:task65=Maps Read Only
NCS:task66=Disable Clients
NCS:task67=WIPS Service
NCS:task68=Security Reports
NCS:task69=Configure Spectrum Experts
NCS:task70=Appliance
NCS:task71=View Security Index Issues
NCS:task72=Home Menu Access
NCS:task73=Monitor WiFi TDOA Receivers
NCS:task74=Health Monitor Details
NCS:task75=ContextAware Reports
NCS:task76=User Preferences
NCS:task77=Guest Reports
NCS:task78=Logging
NCS:task79=Automated Feedback
NCS:task80=Identity Search Engine
NCS:task81=Delete and Clear Alerts
NCS:task82=Email Notification
NCS:task83=License Check
NCS:task84=Rogue Location
NCS:task85=Identify Unknown Users
NCS:task86=Reports Menu Access
NCS:task87=Configure ISE Servers
NCS:task88=Tools Menu Access
NCS:task89=Config Audit Dashboard
NCS:task90=Virtual Domain Management
NCS:task91=Monitor Ethernet Switches
NCS:task92=Configure Choke Points
NCS:task93=RRM Dashboard
NCS:task94=Diagnostic Information
NCS:task95=Planning Mode
NCS:task96=Configure Menu Access
NCS:task97=Ack and Unack Security Index Issue
NCS:task98=Pick and Unpick Alerts
NCS:task99=Ack and Unack Alerts
NCS:task100=Auto Provisioning
Solution:
  • RFC 2865 allows a Radius message to contain the maximum of 4096 bytes, which includes a header of 20 bytes.

  • So, it is expected behavior, when the Steel Belted Radius server rejects the authentication with the Send packet aborted: would be too long error message, when the return-list attribute contains more than 4075 bytes.


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search