console messages generating login failures on radius server

Answered Question
Jul 5th, 2007
User Badges:

Greetings,


I manage a large number of remote sites which use an 1841 and 2960. IN order to gain console access to the 2960 I run a regular cisco console cable from the aux port of the 1841 to the console of the 2960. I recently implemented radius authentication (utilising Microsoft IAS). I am now getting messages like the following:


Event Type: Warning

Event Source: IAS

Event Category: None

Event ID: 2

Date: 7/5/2007

Time: 1:25:37 PM

User: N/A

Computer: <redacted>

Description:

User User Access Verification was denied access.

Fully-Qualified-User-Name = <redacted>\User Access Verification

NAS-IP-Address = 10.x.x.x

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = <redacted>

Client-IP-Address = 10.x.x.x

NAS-Port-Type = Async

NAS-Port = 0

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 16

Reason = Authentication was not successful because an unknown user name or incorrect password was used.


Often times I will see an interface up/down message generate a log entry as well. Is there any way to stop this?


here are the line configs for the two devices:


console on the 2960:

line con 0

session-timeout 20

exec-timeout 20 0

logging synchronous

login authentication use-radius


Cisco 1841 router:

line con 0

session-timeout 20

exec-timeout 20 0

logging synchronous

login authentication use-radius

line aux 0

login authentication use-radius

transport input telnet

transport output telnet





Correct Answer by Richard Burts about 9 years 12 months ago

Matthew


I believe that the issue is that the prompt message generated on the 2960 is causing the 1841 to try to start an exec session on its aux and it treats the prompt data as the user ID. I suggest that you add: "no exec" under the configuration of line aux 0 on the 1841. I believe that this will resolve your issue.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Richard Burts Thu, 07/05/2007 - 12:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Matthew


I believe that the issue is that the prompt message generated on the 2960 is causing the 1841 to try to start an exec session on its aux and it treats the prompt data as the user ID. I suggest that you add: "no exec" under the configuration of line aux 0 on the 1841. I believe that this will resolve your issue.


HTH


Rick

mawhite Thu, 07/05/2007 - 12:49
User Badges:

Rick,


Your suggestion solved the problem. Thanks!


-mtw

Richard Burts Thu, 07/05/2007 - 13:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Matthew


I am glad that my suggestion solved your problem. Thanks for using the rating system to indicate that your problem was resolved (and thanks for the rating). It makes the forum more useful when people can read about a problem and can be sure that they will read a response that solved the problem. I encourage you to continue your participation in the forum.


HTH


Rick

Actions

This Discussion