Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
7
Helpful
5
Replies

802.1x with 2948 GE-TX

Sebastian Helmer
Level 5
Level 5

‎04-01-2009 11:16 AM - edited ‎03-10-2019 04:24 PM

Dear all,

I configured 802.1x with an 2950 and IAS ins the LAB, everything is working finde with dynamic VLAN Assignement and Guest VLAN.

I did the same with an 2948, I need to use it (mangement decission they don't want buy new one :-(( )

But I got an error message:

A malformed RADIUS message was received from client 10.1.2.100. The data is the RADIUS message.

Can somebody helps me?

I think it is a setting in the IAS Radius-Client setting, or I'm wrong? I tried Cisco o. Radius Standard.

Thanks, Sebastian

Labels:
0 Helpful
5 Replies 5

Jagdeep Gambhir
Level 10
Level 10

‎04-01-2009 02:37 PM

Please make sure shared secret key is same on both ends.

Regards,

~JG

Sebastian Helmer
Level 5
Level 5
In response to Jagdeep Gambhir

‎04-02-2009 12:36 AM

Hi Jagdeep,

I'm sure!

Attacheed you find my config and IAS eventlog message..

thanks

21493-myswitch.cfg
0 Helpful

srue
Level 7
Level 7
In response to Sebastian Helmer

‎04-02-2009 05:16 AM

you might need to install wireshark on the server or somehow otherwise sniff the radius packets. this will give you more information than that event log.

Sebastian Helmer
Level 5
Level 5
In response to srue

‎04-02-2009 09:48 AM

Thanks for the Idea..

Thats the output:

I think the service-types in IAS and the 2948 are not the same..any ideas? I tried with someone but it do not work. But, I get a second erros message in the ias..bevor I type in the password, something tried with another user azbycx, thats strange I think..

No. Time Source Destination Protocol Info

6 30.902648 10.1.2.100 10.1.20.10 RADIUS Access-Request(1) (id=3, l=119)

Frame 6 (161 bytes on wire, 161 bytes captured)

Ethernet II, Src: Cisco_11:b7:42 (00:13:c3:11:b7:42), Dst: Vmware_9c:a8:42 (00:0c:29:9c:a8:42)

Internet Protocol, Src: 10.1.2.100 (10.1.2.100), Dst: 10.1.20.10 (10.1.20.10)

User Datagram Protocol, Src Port: redstorm_join (2346), Dst Port: radius (1812)

Radius Protocol

Code: Access-Request (1)

Packet identifier: 0x3 (3)

Length: 119

Authenticator: 02FA248B0A0C213711B8213325BB1A04

Attribute Value Pairs

AVP: l=13 t=User-Name(1): CISLAB\test

User-Name: CISLAB\test

AVP: l=6 t=NAS-IP-Address(4): 10.1.2.100

NAS-IP-Address: 10.1.2.100 (10.1.2.100)

AVP: l=7 t=NAS-Port(5): [unhandled integer length(5)]

AVP: l=6 t=Framed-MTU(12): 1000

Framed-MTU: 1000

AVP: l=19 t=Calling-Station-Id(31): 00-17-42-21-6e-df

Calling-Station-Id: 00-17-42-21-6e-df

AVP: l=6 t=Service-Type(6): Framed-User(2)

Service-Type: Framed-User (2)

AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)

NAS-Port-Type: Ethernet (15)

AVP: l=18 t=EAP-Message(79) Last Segment[1]

EAP fragment

Extensible Authentication Protocol

Code: Response (2)

Id: 1

Length: 16

Type: Identity [RFC3748] (1)

Identity (11 bytes): CISLAB\test

AVP: l=18 t=Message-Authenticator(80): 35D1789AA9FFED111C540DE63F093A53

Message-Authenticator: 35D1789AA9FFED111C540DE63F093A53

0 Helpful

Sebastian Helmer
Level 5
Level 5

‎04-10-2009 06:20 AM

It is working now with Software 8.4. I used 8.3 but this makes trouble in my case.

>Thanks all

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents