802.1x with 2948 GE-TX

Unanswered Question
Apr 1st, 2009

Dear all,


I configured 802.1x with an 2950 and IAS ins the LAB, everything is working finde with dynamic VLAN Assignement and Guest VLAN.

I did the same with an 2948, I need to use it (mangement decission they don't want buy new one :-(( )

But I got an error message:

A malformed RADIUS message was received from client 10.1.2.100. The data is the RADIUS message.


Can somebody helps me?

I think it is a setting in the IAS Radius-Client setting, or I'm wrong? I tried Cisco o. Radius Standard.


Thanks, Sebastian


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
srue Thu, 04/02/2009 - 05:16

you might need to install wireshark on the server or somehow otherwise sniff the radius packets. this will give you more information than that event log.

Sebastian Helmer Thu, 04/02/2009 - 09:48

Thanks for the Idea..


Thats the output:


I think the service-types in IAS and the 2948 are not the same..any ideas? I tried with someone but it do not work. But, I get a second erros message in the ias..bevor I type in the password, something tried with another user azbycx, thats strange I think..


No. Time Source Destination Protocol Info

6 30.902648 10.1.2.100 10.1.20.10 RADIUS Access-Request(1) (id=3, l=119)


Frame 6 (161 bytes on wire, 161 bytes captured)

Ethernet II, Src: Cisco_11:b7:42 (00:13:c3:11:b7:42), Dst: Vmware_9c:a8:42 (00:0c:29:9c:a8:42)

Internet Protocol, Src: 10.1.2.100 (10.1.2.100), Dst: 10.1.20.10 (10.1.20.10)

User Datagram Protocol, Src Port: redstorm_join (2346), Dst Port: radius (1812)

Radius Protocol

Code: Access-Request (1)

Packet identifier: 0x3 (3)

Length: 119

Authenticator: 02FA248B0A0C213711B8213325BB1A04

Attribute Value Pairs

AVP: l=13 t=User-Name(1): CISLAB\test

User-Name: CISLAB\test

AVP: l=6 t=NAS-IP-Address(4): 10.1.2.100

NAS-IP-Address: 10.1.2.100 (10.1.2.100)

AVP: l=7 t=NAS-Port(5): [unhandled integer length(5)]

AVP: l=6 t=Framed-MTU(12): 1000

Framed-MTU: 1000

AVP: l=19 t=Calling-Station-Id(31): 00-17-42-21-6e-df

Calling-Station-Id: 00-17-42-21-6e-df

AVP: l=6 t=Service-Type(6): Framed-User(2)

Service-Type: Framed-User (2)

AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)

NAS-Port-Type: Ethernet (15)

AVP: l=18 t=EAP-Message(79) Last Segment[1]

EAP fragment

Extensible Authentication Protocol

Code: Response (2)

Id: 1

Length: 16

Type: Identity [RFC3748] (1)

Identity (11 bytes): CISLAB\test

AVP: l=18 t=Message-Authenticator(80): 35D1789AA9FFED111C540DE63F093A53

Message-Authenticator: 35D1789AA9FFED111C540DE63F093A53

Sebastian Helmer Fri, 04/10/2009 - 06:20

It is working now with Software 8.4. I used 8.3 but this makes trouble in my case.

>Thanks all

Actions

This Discussion