I have some ASR9k on different IOS XR versions within the network. The problem is that my ASR 9001 running Version 5.3.2 is not able to authenticate me against the Radius server (Microsoft NPS 2016). On the server I am getting the following error:
A malformed RADIUS message was received from client XXXXX. The data is the RADIUS message.
I've tried many different configuration, but the one below is the only one generating some events on the server:
usergroup XXXX taskgroup root-system
radius source-interface X vrf X radius-server vsa attribute ignore unknown radius-server host XXXX auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
aaa group server radius XXXXX server XXXXX auth-port 1812 acct-port 1813 vrf X source-interface X
aaa authorization exec default group XXXX local aaa authentication login default group XXXX local aaa default-taskgroup root-system
ssh client vrf X ssh client source-interface X
The same configuration is working as expected on ASR 9001 running IOS XR 4.3.2 with NPS 2016.
Any ideas what could be wrong?
sh radius Number of Servers: 1
Server: X.X.X.X/1812/1813 is UP Address family: IPv4 Total Deadtime: 0s Last Deadtime: 0s Timeout: 5 sec, Retransmit limit: 3 Quarantined: No Authentication: 3 requests, 0 pending, 9 retransmits 0 accepts, 0 rejects, 0 challenges 12 timeouts, 0 bad responses, 0 bad authenticators 0 unknown types, 0 dropped, 0 ms latest rtt Throttled: 0 transactions, 0 timeout, 0 failures Estimated Throttled Access Transactions: 0 Maximum Throttled Access Transactions: 0