Line has invalid autocommand " ppp negotiate"

Unanswered Question
May 2nd, 2007
User Badges:

Hi all,

i am trying to deploy radius authentication on my switches.

aaa authentication login default group radius local

aaa authorization exec default group radius local

I think that these two command is everythink what i need for radius authentication and authorization.

But when i try to login i get error message:

Line has invalid autocommand " ppp negotiate"

Please could you help me? I try to use command

line vty 0 15

no autocommand ppp negotiate

but with no success.

Please i need you urgent help.

Thanks a lot


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Wed, 05/02/2007 - 09:43
User Badges:
  • Red, 2250 points or more


This message is seen when switch has exec authorizaton configured,and the RADIUS server has settings for a PPP connection. Therefore the switch is attempting to start PPP as it was asked to do by the RADIUS server. PPP can't be started on a telnet connection, so it fails and disconnects.

Suggestion : Either remove exec authorization or remove the Service-Type=Framed and/or

Framed-Protocol=PPP attributes from the RADIUS profile.

I hope the information would help resolving your query.

tomas.backo Wed, 05/02/2007 - 23:13
User Badges:

Hi igambhir,

thank very much, i remove service-type and framed-protocol from radius, and that error message doesn't appear again.

But new problem arised for me :)

Authorization failed

But i don't know why?

I have command

aaa authorization exec default group radius

and i expect that when i am able to authenticate on radius i will be able to authorized also.

It is needed to set somethning on microsoft radius server?

Thanks in advance


Jagdeep Gambhir Thu, 05/03/2007 - 05:43
User Badges:
  • Red, 2250 points or more

Make service type = Login

If still error is there , get debugs

debug authorization

debug radius

band2headboy Tue, 10/05/2010 - 11:39
User Badges:

If you are using IAS on Windows 2k3 you can apply the "Request must contain the message authenticator attribute" check box to your switch profile!


This Discussion