Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
5
Helpful
3
Replies

AAA Authentiation ERROR

mohammad-yousef
Level 1
Level 1

‎10-11-2007 02:59 AM - edited ‎03-10-2019 03:26 PM

Dear All,

Please find below the debug output of my switch:

02:31:31: AAA: parse name=FastEthernet0/31 idb type=122 tty=-1

02:31:31: AAA: name=FastEthernet0/31 flags=0x15 type=6 shelf=0 slot=0 adapter

port=31 channel=0

02:31:31: AAA: parse name=<no string> idb type=-1 tty=-1

02:31:31: AAA/MEMORY: create_user (0x80DD1130) user='test' ruser='test' port=

stEthernet0/31' rem_addr='00-16-D4-41-57-E1/00-16-46-EE-A6-5F' authen_type=EA

ervice=802.1x priv=1

02:31:31: AAA/AUTHEN/START (2017932010): port='FastEthernet0/31' list='Dot1x

List' action=LOGIN service=802.1x

02:31:31: AAA/AUTHEN/START (2017932010): using "default" list

02:31:31: AAA/AUTHEN/START (2017932010): Method=radius (radius)

02:31:51: AAA/AUTHEN (2017932010): status = ERROR

02:31:51: AAA/AUTHEN/START (2017932010): no methods left to try

02:31:51: AAA/AUTHEN (2017932010): status = ERROR

02:31:51: AAA/AUTHEN/START (2017932010): failed to authenticate

02:31:51: AAA/MEMORY: free_user_quiet (0x80DD1130) user='test' ruser='test' p

='FastEthernet0/31' rem_addr='00-16-D4-41-57-E1/00-16-46-EE-A6-5F' authen_typ

service=17 priv=1

Thanks,

Yousef

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-11-2007 05:10 AM

Yousef

The output shows that there is an attempt to authenticate via Radius which fails. The output does not identify the cause of the failure. There are several things that I would suggest to investigate this and identify the problem. Probably the first thing to do is to verify the configuration of the Radius server. Does the configuration specify the correct address for the server and the correct key? Next would be to verify connectivity to the Radius server. Does your configuration specify the source address to use in communicating with the Radius server? If so you should use extended ping to verify connectivity. In the extended ping specify the Radius server address as the destination and specify the correct source address on the switch.

If those checks do not show a problem then the next thing that I would suggest is to check on the server. Does the server see the request for authentication? If it sees the request does it process it and authenticate it? Are there error messages about the authentication request?

HTH

Rick

HTH

Rick
0 Helpful

Premdeep Banga
Level 7
Level 7

‎10-13-2007 09:55 AM

Yousef

Great troubleshooting tips from Rick, do follow them.

And meaning of status codes returned during AAA authentication,

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/ch05/schathen.htm#wp1000942

Regrads,

Prem

mohammad-yousef
Level 1
Level 1
In response to Premdeep Banga

‎10-16-2007 05:45 AM

Thanks alot for you both , your posts helped me alot to understand many things in AAA ,

and I will try to solve the problem next week.

Thanks alot again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents