802.1x and IAS...'Request was not properly formatted'

Unanswered Question
Jun 12th, 2007
User Badges:

Hi,


First post...so please be gentle :-)


I am currently configuring 802.1x on a Cisco switch and am having issues with the authentication process. If I switch on Windows Authentication then I get a message regarding RADIUS stating that the Request was not properly formatted.


When I switch off Windows Authentication it works...but I guess that defeats the whole purpose of it. I have setup a few Remote Access Policies as well using a variety of encryption types and it still doesnt work.


Any ideas?..or am I being far too vague :-)


Cheers

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Wed, 06/20/2007 - 07:07
User Badges:

Malformed Requests are requests with attributes having an invalid length or unexpected attributes. As long as the RADIUS request is properly formatted and the EAP (e.g. EAP-TLS) message is properly embedded in the RADIUS packet (e.g. in the Eap-Message attribute), things should work fine. To the AAA server it looks like just another NAS (of course you have to define the NAS, AP or switch, as a RADIUS client in the AAA server). Things to check if you run into problems:

- Does the switch properly encapsulate EAP packets and pass them through to the RADIUS server (and back to the client, of course)?

- Does the supplicant on the client side work properly and adhere to the 802.1x and EAP standards?


As long as these conditions are fulfilled, there should be no problem. If you do run into problems, you can turn on the AAA server trace, this will give you additional details about the RADIUS processing. The highest level trace will give you a dump of all the RADIUS packets received and sent by the AAA server.


Actions

This Discussion