[c-nsp] Cisco3750 %AAA-3-BADMETHOD

Heath Jones hj1980 at gmail.com
Wed Aug 4 12:52:16 EDT 2010 

Chris - on second thought, when you say the 'memory dump' was in the log,
are you talking about your console session or actual log file / syslog? I
was assuming you might have seen it in the nvram config if you did a show
conf.
If its the actual syslog then I think you should consider a potential dos /
compromise / other crazy bug. Any other odd behaviour on the network lately?


On 4 August 2010 13:07, Chris Lane <clane1875 at gmail.com> wrote:

> All,
>
> Running a C3750 48TS on 12.2(35)SE2 . Used very simple AAA method for
> authentication with radius, 4 lines of AAA.
> Happened to log into router today only to notice that i can't configure
> device, my credentials don't match and i have this in the log
>
> %AAA-3-BADMETHOD
>
> This entry is on AUG 2nd, and the last NVRAM change was done on July29th -
> and it was simple vlan addition.
> The most alarming problem was when i did a SHOW RUN, there were almost 20
> AAA commands that myself or the 29th UPDATED CONFIG did not add.
> On Aug 2nd the log does not show any user access just the above with a
> bunch
> of memory dumps, as it appears. Unfortunately i did not grab the LOG
> itself.
> ugg.
>
> Issue, i figured by rebooting the last NVRAM change on JULY 29th i would
> regain my original config from the 29th and remove these randomly issued
> commands. This is a remote router fyi:
> router did not respond well to reload and did not come back.  Oh and on
> reboot i did NOT save changes to Config preserving July 29th NVRAM change.
>
> Has anyone Seen such wierd oddity?
>
> I have to repeat, the logs do not indicate user Access to the box, which
> the
> box does log, on Aug 2nd, just the above error with 2 full log lines full
> of
> what appears to be a memory dump of some sort.
>
> And lastly Cisco's website shows this for the Above error:
>
> AAA-3-BADMETHOD : Cannot process [chars] method [int]
>
> Explanation    A method list function has encountered a method list that
> was
> unknown or that could not be processed.
>
> Recommended Action    Copy the error message exactly as it appears on the
> console or in the system log, contact your Cisco technical support
> representative, and provide the representative with the gathered
> information.
>
>
>
> Wow, thats helpful  ;-)
>
> Much regards
>
> Chris
> --
> //CL
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list