[cisco-nas] cannot get radius aaa working with 2611 router
Souphonh
souphonh at laopdr.com
Wed May 12 23:51:35 EDT 2004
Dear All,
I am using cisco 2611 with IOS image file c2600-i-mz.122-16.bin, and the radius server is icradius-0.18.1. The following is my radius aaa configuration part:
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed group radius local
aaa authorization network default group radius if-authenticated
aaa accounting network default start-stop group radius
....
interface Group-Async1
ip unnumbered Loopback0
ip nat inside
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
async mode interactive
peer default ip address pool dialin_pool
ppp authentication chap pap default
group-range 33 40
!
......
radius-server host x.x.x.x auth-port 1812 acct-port 1813
radius-server key 7 0EDFTRHKIHGGFF
radius-server vsa send accounting
radius-server vsa send authentication
The above configuration works fine with cisco 3640 using IOS image file c3640-jk8o3s-mz.122-16a.bin. But not lucky for the 2611 nas. These are the radius debug log while I have tried to callin:
01:04:57: AAA/AUTHEN/START (1083241614): port='Async33' list='' action=LOGIN service=PPP
01:04:57: AAA/AUTHEN/START (1083241614): using "default" list
01:04:57: AAA/AUTHEN (1083241614): status = UNKNOWN
01:04:57: AAA/AUTHEN/START (1083241614): Method=radius (radius)
01:04:57: RADIUS: ustruct sharecount=2
01:04:57: Radius: radius_port_info() success=1 radius_nas_port=1
01:04:57: RADIUS: added cisco VSA 2 len 7 "Async33"
01:04:57: RADIUS: Initial Transmit Async33 id 0 202.47.226.10:1812, Access-Request, len 91
01:04:57: Attribute 4 6 CA2FE285
01:04:57: Attribute 5 6 00000021
01:04:57: Attribute 26 15 0000000902094173
01:04:57: Attribute 61 6 00000000
01:04:57: Attribute 1 7 61646D69
01:04:57: Attribute 3 19 016AF044
01:04:57: Attribute 6 6 00000002
01:04:57: Attribute 7 6 00000001
01:04:57: RADIUS: Received from id 0 202.47.226.10:1812, Access-Accept, len 56
01:04:57: Attribute 13 6 00000001
01:04:57: Attribute 7 6 00000001
01:04:57: Attribute 28 6 00004650
01:04:57: Attribute 62 6 00000001
01:04:57: Attribute 6 6 00000002
01:04:57: Attribute 27 6 00057E40
01:04:57: RADIUS: Response (0) failed decrypt
01:04:57: RADIUS: Reply for 0 fails decrypt
01:04:57: AAA/AUTHEN (1083241614): status = ERROR
01:04:57: AAA/AUTHEN/START (1083241614): Method=LOCAL
01:04:57: AAA/AUTHEN (1083241614): User not found, end of method list
01:04:57: AAA/AUTHEN (1083241614): status = FAIL
01:04:57: Async33 AAA/DISC: 17/"User Error"
01:04:57: Async33 AAA/DISC/EXT: 1043/"CHAP Auth Failed"
01:04:57: AAA/ACCT/PROG: Updating Connect Progress for ds0 -1 to 101
01:04:57: As33 AAA/DISC: 18/"Host Request"
01:04:57: As33 AAA/DISC/EXT: 1046/"Upper Layer Req Close"
01:04:57: As33 AAA/DISC: 1/"User Request"
01:04:57: As33 AAA/DISC/EXT: 1045/"Received Terminate"
01:04:57: AAA/MEMORY: free_user (0x811441D4) user='admin' ruser='NULL' port='Async33' rem_addr='async' authen_type=CHAP service=PPP priv=1
01:04:57: As33 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
01:04:57: As33 AAA/DISC: 2/"Lost Carrier"
01:04:57: As33 AAA/DISC/EXT: 1011/"Lost Carrier"
01:04:57: AAA/ACCT/PROG: Updating Connect Progress for ds0 -1 to 65
01:04:58: As33 AAA/DISC: 2/"Lost Carrier"
Could you please suggest what is wrong with the settings.
Thanks and Regards,
Souphonh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20040513/45ce9c24/attachment.html
More information about the cisco-nas
mailing list