[cisco-nas] cannot get radius aaa working with 2611 router
Milan Obuch
milan.obuch at bluegrass.sk
Thu May 13 00:26:31 EDT 2004
On Thursday 13 May 2004 05:51, Souphonh wrote:
> Dear All,
>
> I am using cisco 2611 with IOS image file c2600-i-mz.122-16.bin, and the
> radius server is icradius-0.18.1. The following is my radius aaa
> configuration part:
>
> aaa new-model
> aaa authentication login default local
> aaa authentication ppp default if-needed group radius local
> aaa authorization network default group radius if-authenticated
> aaa accounting network default start-stop group radius
> ....
>
> interface Group-Async1
> ip unnumbered Loopback0
> ip nat inside
> encapsulation ppp
> ip tcp header-compression
> no ip mroute-cache
> async mode interactive
> peer default ip address pool dialin_pool
> ppp authentication chap pap default
> group-range 33 40
> !
>
> ......
>
> radius-server host x.x.x.x auth-port 1812 acct-port 1813
> radius-server key 7 0EDFTRHKIHGGFF
> radius-server vsa send accounting
> radius-server vsa send authentication
Try it without vsa's. I hit something similar some time ago. With vsa's
failures, without vsa's everything OK.
Milan
> The above configuration works fine with cisco 3640 using IOS image file
> c3640-jk8o3s-mz.122-16a.bin. But not lucky for the 2611 nas. These are the
> radius debug log while I have tried to callin:
>
> 01:04:57: AAA/AUTHEN/START (1083241614): port='Async33' list=''
> action=LOGIN service=PPP 01:04:57: AAA/AUTHEN/START (1083241614): using
> "default" list
> 01:04:57: AAA/AUTHEN (1083241614): status = UNKNOWN
> 01:04:57: AAA/AUTHEN/START (1083241614): Method=radius (radius)
> 01:04:57: RADIUS: ustruct sharecount=2
> 01:04:57: Radius: radius_port_info() success=1 radius_nas_port=1
> 01:04:57: RADIUS: added cisco VSA 2 len 7 "Async33"
> 01:04:57: RADIUS: Initial Transmit Async33 id 0 202.47.226.10:1812,
> Access-Request, len 91 01:04:57: Attribute 4 6 CA2FE285
> 01:04:57: Attribute 5 6 00000021
> 01:04:57: Attribute 26 15 0000000902094173
> 01:04:57: Attribute 61 6 00000000
> 01:04:57: Attribute 1 7 61646D69
> 01:04:57: Attribute 3 19 016AF044
> 01:04:57: Attribute 6 6 00000002
> 01:04:57: Attribute 7 6 00000001
> 01:04:57: RADIUS: Received from id 0 202.47.226.10:1812, Access-Accept,
> len 56 01:04:57: Attribute 13 6 00000001
> 01:04:57: Attribute 7 6 00000001
> 01:04:57: Attribute 28 6 00004650
> 01:04:57: Attribute 62 6 00000001
> 01:04:57: Attribute 6 6 00000002
> 01:04:57: Attribute 27 6 00057E40
> 01:04:57: RADIUS: Response (0) failed decrypt
> 01:04:57: RADIUS: Reply for 0 fails decrypt
> 01:04:57: AAA/AUTHEN (1083241614): status = ERROR
> 01:04:57: AAA/AUTHEN/START (1083241614): Method=LOCAL
> 01:04:57: AAA/AUTHEN (1083241614): User not found, end of method list
> 01:04:57: AAA/AUTHEN (1083241614): status = FAIL
> 01:04:57: Async33 AAA/DISC: 17/"User Error"
> 01:04:57: Async33 AAA/DISC/EXT: 1043/"CHAP Auth Failed"
> 01:04:57: AAA/ACCT/PROG: Updating Connect Progress for ds0 -1 to 101
> 01:04:57: As33 AAA/DISC: 18/"Host Request"
> 01:04:57: As33 AAA/DISC/EXT: 1046/"Upper Layer Req Close"
> 01:04:57: As33 AAA/DISC: 1/"User Request"
> 01:04:57: As33 AAA/DISC/EXT: 1045/"Received Terminate"
> 01:04:57: AAA/MEMORY: free_user (0x811441D4) user='admin' ruser='NULL'
> port='Async33' rem_addr='async' authen_type=CHAP service=PPP priv=1
> 01:04:57: As33 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
> 01:04:57: As33 AAA/DISC: 2/"Lost Carrier"
> 01:04:57: As33 AAA/DISC/EXT: 1011/"Lost Carrier"
> 01:04:57: AAA/ACCT/PROG: Updating Connect Progress for ds0 -1 to 65
> 01:04:58: As33 AAA/DISC: 2/"Lost Carrier"
> Could you please suggest what is wrong with the settings.
>
> Thanks and Regards,
> Souphonh
More information about the cisco-nas
mailing list