<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Unable to Authenticate Users to Cisco Meraki "ERROR - malformed RADIUS packet"
May 28, 2025
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview

When using the Okta RADIUS agent to authenticate users to Cisco Meraki, the following error is displayed in the Okta RADIUS log.

YYYY-MM-DD HH:MM:SS UTC [01, pool-2-thread-13] : ERROR - malformed RADIUS packet. Exception message: Access-Request: User-Password or CHAP-Password/CHAP-Challenge missing

Applies To
  • Okta RADIUS agent
  • Cisco Meraki
  • Challenge Handshake Authentication Protocol (CHAP)
Cause

The Okta RADIUS agent does not support CHAP for authentication.

Solution

Cisco Meraki must be configured to use Password Authentication Protocol (PAP) with the Okta RADIUS agent.

Keep in mind that the Meraki cloud must be able to communicate with the RADIUS servers via the Internet.

Please make sure that:

  • The RADIUS servers have public IP addresses (i.e.,are reachable on the Internet)
  • The firewall, if any, allows incoming traffic to the RADIUS servers
  • Allowlist IP addresses as clients on the RADIUS server as per the Help > Firewall info page within the Meraki dashboard.

Refer to the Configure Cisco Meraki document for additional information.

Related References

Recommended content

Still looking for help?
Loading
Unable to Authenticate Users to Cisco Meraki "ERROR - malformed RADIUS packet"