Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
0
Helpful
3
Replies

console messages generating login failures on radius server

Go to solution
mawhite
Level 1
Level 1

‎07-05-2007 12:29 PM

Greetings,

I manage a large number of remote sites which use an 1841 and 2960. IN order to gain console access to the 2960 I run a regular cisco console cable from the aux port of the 1841 to the console of the 2960. I recently implemented radius authentication (utilising Microsoft IAS). I am now getting messages like the following:

Event Type: Warning

Event Source: IAS

Event Category: None

Event ID: 2

Date: 7/5/2007

Time: 1:25:37 PM

User: N/A

Computer: <redacted>

Description:

User User Access Verification was denied access.

Fully-Qualified-User-Name = <redacted>\User Access Verification

NAS-IP-Address = 10.x.x.x

NAS-Identifier = <not present>

Called-Station-Identifier = <not present>

Calling-Station-Identifier = <not present>

Client-Friendly-Name = <redacted>

Client-IP-Address = 10.x.x.x

NAS-Port-Type = Async

NAS-Port = 0

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = <undetermined>

Authentication-Type = PAP

EAP-Type = <undetermined>

Reason-Code = 16

Reason = Authentication was not successful because an unknown user name or incorrect password was used.

Often times I will see an interface up/down message generate a log entry as well. Is there any way to stop this?

here are the line configs for the two devices:

console on the 2960:

line con 0

session-timeout 20

exec-timeout 20 0

logging synchronous

login authentication use-radius

Cisco 1841 router:

line con 0

session-timeout 20

exec-timeout 20 0

logging synchronous

login authentication use-radius

line aux 0

login authentication use-radius

transport input telnet

transport output telnet

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-05-2007 12:35 PM

Matthew

I believe that the issue is that the prompt message generated on the 2960 is causing the 1841 to try to start an exec session on its aux and it treats the prompt data as the user ID. I suggest that you add: "no exec" under the configuration of line aux 0 on the 1841. I believe that this will resolve your issue.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-05-2007 12:35 PM

Matthew

I believe that the issue is that the prompt message generated on the 2960 is causing the 1841 to try to start an exec session on its aux and it treats the prompt data as the user ID. I suggest that you add: "no exec" under the configuration of line aux 0 on the 1841. I believe that this will resolve your issue.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
mawhite
Level 1
Level 1
In response to Richard Burts

‎07-05-2007 12:49 PM

Rick,

Your suggestion solved the problem. Thanks!

-mtw

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to mawhite

‎07-05-2007 01:10 PM

Matthew

I am glad that my suggestion solved your problem. Thanks for using the rating system to indicate that your problem was resolved (and thanks for the rating). It makes the forum more useful when people can read about a problem and can be sure that they will read a response that solved the problem. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents