11-09-2024 03:53 AM
Hi all I have been trying to configure my wifi network to use 802.1x and my radius server. the functionality works for AAA Servers I can go to the Test authentication Servers settings section and when i enter correct credentials everything works as expected
But when I connect using WIFI it always fails in my radius logs I see the following
```
2024-11-09 11:25:51 UTC [localhost, pool-2-thread-13] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:51 UTC [localhost, pool-2-thread-13] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:25:53 UTC [localhost, pool-2-thread-1] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:53 UTC [localhost, pool-2-thread-1] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:25:56 UTC [localhost, pool-2-thread-3] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:56 UTC [localhost, pool-2-thread-3] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:25:58 UTC [localhost, pool-2-thread-2] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:25:58 UTC [localhost, pool-2-thread-2] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
2024-11-09 11:26:03 UTC [localhost, pool-2-thread-4] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing
2024-11-09 11:26:03 UTC [localhost, pool-2-thread-4] : INFO - Completed processing. packetId=0, totalProcessingTime=1ms, queueTime=0ms, oktaTime=0ms, httpCode=N/A, result=FAILED, remoteAddress=N/A
```
Is there something I'm missing in the configuration?
Following is now my wlan service config looks like.
```
ruckus# show wlan name radius_test
WLAN Service:
ID:
2:
NAME = radius_test
Tx. Rate of Management Frame(2.4GHz) = 2.0Mbps
Tx. Rate of Management Frame(5GHz) = 6.0Mbps
Beacon Interval = 100ms
SSID = radius_test
Description = radius_test
Type = Standard Usage
Authentication = 802.1x-eap
Encryption = wpa3
Algorithm = aes-gcmp256
FT Roaming = Disabled
802.11k Neighbor report = Enabled
Web Authentication = Disabled
Authentication Server = authentik_test
Called-Station-Id type = wlan-bssid
Tunnel Mode = Disabled
Background Scanning = Enabled
Max. Clients = 100
Isolation per AP = Disabled
Isolation across AP = Disabled
Zero-IT Activation = Disabled
Priority = High
Load Balancing = Disabled
Band Balancing = Disabled
Wifi6 = Enabled
Service = Enabled
Dynamic PSK = Disabled
Rate Limiting Uplink = Disabled
PerSSID Rate Limiting Uplink = 0
Rate Limiting Downlink = Disabled
PerSSID Rate Limiting Downlink = 0
Auto-Proxy configuration:
Status = Disabled
Inactivity Timeout:
Status = Enabled
Timeout = 5 Minutes
VLAN-ID = 1
Dynamic VLAN = Disabled
Closed System = Disabled
Https Redirection = Disabled
OFDM-Only State = Disabled
Multicast Filter State = Disabled
Directed Multicast= Enabled
802.11d State = Enabled
Force DHCP State = Disabled
Force DHCP Timeout = 10
DHCP Option82:
Status = Disabled
Option82 sub-Option1 = Disabled
Option82 sub-Option2 = Disabled
Option82 sub-Option150 = Disabled
Option82 sub-Option151 = Disabled
Ignore unauthorized client statistic = Disabled
STA Info Extraction State = Enabled
BSS Minrate = Disabled
DTIM period = 1
Directed MC/BC Threshold = 1
Call Admission Control State = Disabled
PMK Cache Timeout= 720 minutes
PMK Cache for Reconnect= Enabled
NAS-ID Type= wlan-bssid
Roaming Acct-Interim-Update= Disabled
PAP Message Authenticator = Enabled
Send EAP-Failure = Disabled
L2/MAC = No ACLS
L3/L4/IP Address = No ACLS
L3/L4/IPv6 Address = No ACLS
Precedence = Default
Proxy ARP = Disabled
Device Policy = No ACLS
Vlan Pool = No Pools
Role based Access Control Policy = Disabled
SmartRoam = Disabled Roam-factor = 1
Allow List = No ACLS
URL Filtering = Disabled
Application Recognition & Control = Disabled
Apply ARC Policy = NO POLICY
WIFICalling Enabled= Disabled
WIFICalling Profile= 0
Client Flow Data Logging = Disabled
Wlan Bind = all
Client Connection Data = Disabled
Transient Client Management = Disabled
80211w-pmf = Required
```