CommScope RUCKUS Community Forums

z9fr · ‎11-09-2024

Hi all I have been trying to configure my wifi network to use 802.1x and my radius server. the functionality works for AAA Servers I can go to the Test authentication Servers settings section and when i enter correct credentials everything works as expected

But when I connect using WIFI it always fails in my radius logs I see the following

```
2024-11-09 11:25:51 UTC [localhost, pool-2-thread-13] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:51 UTC [localhost, pool-2-thread-13] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:25:53 UTC [localhost, pool-2-thread-1] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:53 UTC [localhost, pool-2-thread-1] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:25:56 UTC [localhost, pool-2-thread-3] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:56 UTC [localhost, pool-2-thread-3] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:25:58 UTC [localhost, pool-2-thread-2] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:58 UTC [localhost, pool-2-thread-2] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:26:03 UTC [localhost, pool-2-thread-4] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:26:03 UTC [localhost, pool-2-thread-4] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A

```

Is there something I'm missing in the configuration?

Following is now my wlan service config looks like.

```
ruckus# show wlan name radius_test
WLAN Service:
ID:
2:
NAME = radius_test
Tx. Rate of Management Frame(2.4GHz) = 2.0Mbps
Tx. Rate of Management Frame(5GHz) = 6.0Mbps
Beacon Interval = 100ms
SSID = radius_test
Description = radius_test
Type = Standard Usage
Authentication = 802.1x-eap
Encryption = wpa3
Algorithm = aes-gcmp256
FT Roaming = Disabled
802.11k Neighbor report = Enabled
Web Authentication = Disabled
Authentication Server = authentik_test
Called-Station-Id type = wlan-bssid
Tunnel Mode = Disabled
Background Scanning = Enabled
Max. Clients = 100
Isolation per AP = Disabled
Isolation across AP = Disabled
Zero-IT Activation = Disabled
Priority = High
Load Balancing = Disabled
Band Balancing = Disabled
Wifi6 = Enabled
Service = Enabled
Dynamic PSK = Disabled
Rate Limiting Uplink = Disabled
PerSSID Rate Limiting Uplink = 0
Rate Limiting Downlink = Disabled
PerSSID Rate Limiting Downlink = 0
Auto-Proxy configuration:
Status = Disabled
Inactivity Timeout:
Status = Enabled
Timeout = 5 Minutes
VLAN-ID = 1
Dynamic VLAN = Disabled
Closed System = Disabled
Https Redirection = Disabled
OFDM-Only State = Disabled
Multicast Filter State = Disabled
Directed Multicast= Enabled
802.11d State = Enabled
Force DHCP State = Disabled
Force DHCP Timeout = 10
DHCP Option82:
Status = Disabled
Option82 sub-Option1 = Disabled
Option82 sub-Option2 = Disabled
Option82 sub-Option150 = Disabled
Option82 sub-Option151 = Disabled
Ignore unauthorized client statistic = Disabled
STA Info Extraction State = Enabled
BSS Minrate = Disabled
DTIM period = 1
Directed MC/BC Threshold = 1
Call Admission Control State = Disabled
PMK Cache Timeout= 720 minutes
PMK Cache for Reconnect= Enabled
NAS-ID Type= wlan-bssid
Roaming Acct-Interim-Update= Disabled
PAP Message Authenticator = Enabled
Send EAP-Failure = Disabled
L2/MAC = No ACLS
L3/L4/IP Address = No ACLS
L3/L4/IPv6 Address = No ACLS
Precedence = Default
Proxy ARP = Disabled
Device Policy = No ACLS
Vlan Pool = No Pools
Role based Access Control Policy = Disabled
SmartRoam = Disabled Roam-factor = 1
Allow List = No ACLS
URL Filtering = Disabled
Application Recognition & Control = Disabled
Apply ARC Policy = NO POLICY
WIFICalling Enabled= Disabled
WIFICalling Profile= 0
Client Flow Data Logging = Disabled
Wlan Bind = all
Client Connection Data = Disabled
Transient Client Management = Disabled
80211w-pmf = Required
```

sanjay_kumar · ‎11-12-2024

Hi,

Can you share the below output from the AP CLI either from Master or Member? We need to see if the auth method is set to PAP or CHAP.

From Master:
ruckus# ap-mode
You have all rights in this mode.
ruckus(ap-mode)# get aaa auth-method

From Member:
rkscli: get aaa auth-method

z9fr · ‎11-13-2024

Hi

Thanks for the reply. yes I have attached the result with this message.

ruckus# ap-mode
You have all rights in this mode.
ruckus(ap-mode)# get aaa auth-method
AAA: RADIUS server authentication method: chap
OK
ruckus(ap-mode)#
ruckus(ap-mode)#

Thanks

sanjay_kumar · ‎11-13-2024

Config looks fine.

Seems like the Radius agent does not support CHAP.

Can you try using the below command see if it works?

config
aaa "radius server name"
auth-method pap

Below is the sample example:

ruckus# config
You have all rights in this mode.
ruckus(config)# aaa 1234
The AAA server '1234' has been loaded. To save the AAA server, type 'end' or 'exit'.
ruckus(config-aaa)# auth-method pap
The command was executed successfully. To save the changes, type 'end' or 'exit'.
ruckus(config-aaa)# end
The AAA server '1234' has been updated and saved.
Your changes have been saved.
ruckus(config)# end
Your changes have been saved.
ruckus#

CommScope RUCKUS Community Forums

Issues with configuration authentication 802.1x