Line has invalid autocommand " ppp negotiate"

Unanswered Question
May 2nd, 2007
User Badges:

Hi all,


i am trying to deploy radius authentication on my switches.


aaa authentication login default group radius local

aaa authorization exec default group radius local


I think that these two command is everythink what i need for radius authentication and authorization.


But when i try to login i get error message:

Line has invalid autocommand " ppp negotiate"


Please could you help me? I try to use command

line vty 0 15

no autocommand ppp negotiate


but with no success.

Please i need you urgent help.

Thanks a lot


Tomas

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Wed, 05/02/2007 - 09:43
User Badges:
  • Red, 2250 points or more

Tomas,

This message is seen when switch has exec authorizaton configured,and the RADIUS server has settings for a PPP connection. Therefore the switch is attempting to start PPP as it was asked to do by the RADIUS server. PPP can't be started on a telnet connection, so it fails and disconnects.


Suggestion : Either remove exec authorization or remove the Service-Type=Framed and/or

Framed-Protocol=PPP attributes from the RADIUS profile.


I hope the information would help resolving your query.

tomas.backo Wed, 05/02/2007 - 23:13
User Badges:

Hi igambhir,


thank very much, i remove service-type and framed-protocol from radius, and that error message doesn't appear again.


But new problem arised for me :)


Authorization failed


But i don't know why?


I have command

aaa authorization exec default group radius


and i expect that when i am able to authenticate on radius i will be able to authorized also.

It is needed to set somethning on microsoft radius server?


Thanks in advance

Tomas


Jagdeep Gambhir Thu, 05/03/2007 - 05:43
User Badges:
  • Red, 2250 points or more

Make service type = Login


If still error is there , get debugs


debug authorization

debug radius

band2headboy Tue, 10/05/2010 - 11:39
User Badges:

If you are using IAS on Windows 2k3 you can apply the "Request must contain the message authenticator attribute" check box to your switch profile!

Actions

This Discussion