AAA Authentiation ERROR

Unanswered Question
Oct 11th, 2007

Dear All,

Please find below the debug output of my switch:

02:31:31: AAA: parse name=FastEthernet0/31 idb type=122 tty=-1

02:31:31: AAA: name=FastEthernet0/31 flags=0x15 type=6 shelf=0 slot=0 adapter

port=31 channel=0

02:31:31: AAA: parse name=<no string> idb type=-1 tty=-1

02:31:31: AAA/MEMORY: create_user (0x80DD1130) user='test' ruser='test' port=

stEthernet0/31' rem_addr='00-16-D4-41-57-E1/00-16-46-EE-A6-5F' authen_type=EA

ervice=802.1x priv=1

02:31:31: AAA/AUTHEN/START (2017932010): port='FastEthernet0/31' list='Dot1x

List' action=LOGIN service=802.1x

02:31:31: AAA/AUTHEN/START (2017932010): using "default" list

02:31:31: AAA/AUTHEN/START (2017932010): Method=radius (radius)

02:31:51: AAA/AUTHEN (2017932010): status = ERROR

02:31:51: AAA/AUTHEN/START (2017932010): no methods left to try

02:31:51: AAA/AUTHEN (2017932010): status = ERROR

02:31:51: AAA/AUTHEN/START (2017932010): failed to authenticate

02:31:51: AAA/MEMORY: free_user_quiet (0x80DD1130) user='test' ruser='test' p

='FastEthernet0/31' rem_addr='00-16-D4-41-57-E1/00-16-46-EE-A6-5F' authen_typ

service=17 priv=1

Thanks,

Yousef

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Thu, 10/11/2007 - 05:10

Yousef

The output shows that there is an attempt to authenticate via Radius which fails. The output does not identify the cause of the failure. There are several things that I would suggest to investigate this and identify the problem. Probably the first thing to do is to verify the configuration of the Radius server. Does the configuration specify the correct address for the server and the correct key? Next would be to verify connectivity to the Radius server. Does your configuration specify the source address to use in communicating with the Radius server? If so you should use extended ping to verify connectivity. In the extended ping specify the Radius server address as the destination and specify the correct source address on the switch.

If those checks do not show a problem then the next thing that I would suggest is to check on the server. Does the server see the request for authentication? If it sees the request does it process it and authenticate it? Are there error messages about the authentication request?

HTH

Rick

mohammad-yousef Tue, 10/16/2007 - 05:45

Thanks alot for you both , your posts helped me alot to understand many things in AAA ,

and I will try to solve the problem next week.

Thanks alot again.

Actions

This Discussion