Showing results for 
Search instead for 
Did you mean: 

ASR 9000 using Mcrosoft NPS 2016 - A malformed RADIUS message was received from client XXXXX. The data is the RADIUS message.


Hi everyone,


I have some ASR9k on different IOS XR versions within the network. The problem is that my ASR 9001 running Version 5.3.2 is not able to authenticate me against the Radius server (Microsoft NPS 2016). On the server I am getting the following error:


A malformed RADIUS message was received from client XXXXX. The data is the RADIUS message.


I've tried many different configuration, but the one below is the only one generating some events on the server:


usergroup XXXX
taskgroup root-system

radius source-interface X vrf X
radius-server vsa attribute ignore unknown
radius-server host XXXX auth-port 1812 acct-port 1813

aaa group server radius XXXXX
server XXXXX auth-port 1812 acct-port 1813
vrf X
source-interface X


aaa authorization exec default group XXXX local
aaa authentication login default group XXXX local
aaa default-taskgroup root-system

ssh client vrf X
ssh client source-interface X


The same configuration is working as expected on ASR 9001 running IOS XR 4.3.2 with NPS 2016.


Any ideas what could be wrong?


sh radius
Number of Servers: 1

Server: X.X.X.X/1812/1813 is UP
Address family: IPv4
Total Deadtime: 0s Last Deadtime: 0s
Timeout: 5 sec, Retransmit limit: 3
Quarantined: No
3 requests, 0 pending, 9 retransmits
0 accepts, 0 rejects, 0 challenges
12 timeouts, 0 bad responses, 0 bad authenticators
0 unknown types, 0 dropped, 0 ms latest rtt
Throttled: 0 transactions, 0 timeout, 0 failures
Estimated Throttled Access Transactions: 0
Maximum Throttled Access Transactions: 0

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers