×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

802.1x with 2948 GE-TX

Unanswered Question
Apr 1st, 2009
User Badges:
  • Silver, 250 points or more

Dear all,


I configured 802.1x with an 2950 and IAS ins the LAB, everything is working finde with dynamic VLAN Assignement and Guest VLAN.

I did the same with an 2948, I need to use it (mangement decission they don't want buy new one :-(( )

But I got an error message:

A malformed RADIUS message was received from client 10.1.2.100. The data is the RADIUS message.


Can somebody helps me?

I think it is a setting in the IAS Radius-Client setting, or I'm wrong? I tried Cisco o. Radius Standard.


Thanks, Sebastian


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Jagdeep Gambhir Wed, 04/01/2009 - 14:37
User Badges:
  • Red, 2250 points or more

Please make sure shared secret key is same on both ends.




Regards,

~JG

srue Thu, 04/02/2009 - 05:16
User Badges:
  • Blue, 1500 points or more

you might need to install wireshark on the server or somehow otherwise sniff the radius packets. this will give you more information than that event log.

Sebastian Helmer Thu, 04/02/2009 - 09:48
User Badges:
  • Silver, 250 points or more

Thanks for the Idea..


Thats the output:


I think the service-types in IAS and the 2948 are not the same..any ideas? I tried with someone but it do not work. But, I get a second erros message in the ias..bevor I type in the password, something tried with another user azbycx, thats strange I think..


No. Time Source Destination Protocol Info

6 30.902648 10.1.2.100 10.1.20.10 RADIUS Access-Request(1) (id=3, l=119)


Frame 6 (161 bytes on wire, 161 bytes captured)

Ethernet II, Src: Cisco_11:b7:42 (00:13:c3:11:b7:42), Dst: Vmware_9c:a8:42 (00:0c:29:9c:a8:42)

Internet Protocol, Src: 10.1.2.100 (10.1.2.100), Dst: 10.1.20.10 (10.1.20.10)

User Datagram Protocol, Src Port: redstorm_join (2346), Dst Port: radius (1812)

Radius Protocol

Code: Access-Request (1)

Packet identifier: 0x3 (3)

Length: 119

Authenticator: 02FA248B0A0C213711B8213325BB1A04

Attribute Value Pairs

AVP: l=13 t=User-Name(1): CISLAB\test

User-Name: CISLAB\test

AVP: l=6 t=NAS-IP-Address(4): 10.1.2.100

NAS-IP-Address: 10.1.2.100 (10.1.2.100)

AVP: l=7 t=NAS-Port(5): [unhandled integer length(5)]

AVP: l=6 t=Framed-MTU(12): 1000

Framed-MTU: 1000

AVP: l=19 t=Calling-Station-Id(31): 00-17-42-21-6e-df

Calling-Station-Id: 00-17-42-21-6e-df

AVP: l=6 t=Service-Type(6): Framed-User(2)

Service-Type: Framed-User (2)

AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)

NAS-Port-Type: Ethernet (15)

AVP: l=18 t=EAP-Message(79) Last Segment[1]

EAP fragment

Extensible Authentication Protocol

Code: Response (2)

Id: 1

Length: 16

Type: Identity [RFC3748] (1)

Identity (11 bytes): CISLAB\test

AVP: l=18 t=Message-Authenticator(80): 35D1789AA9FFED111C540DE63F093A53

Message-Authenticator: 35D1789AA9FFED111C540DE63F093A53

Sebastian Helmer Fri, 04/10/2009 - 06:20
User Badges:
  • Silver, 250 points or more

It is working now with Software 8.4. I used 8.3 but this makes trouble in my case.

>Thanks all

Actions

This Discussion