cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
374
Views
0
Helpful
2
Replies

IOS upgrade issues

volleyman
Level 1
Level 1

I recently upgraded the IOS on my 2811 router from 12.4(12)to 12.4(15)T3 in order to pick up support for a new hwic-3g-gsm card.

upgraded via tftp with no apparent issues. after the upgrade, ssh connections to the router stopped working. I changed the vty 04 to accept all which allowed telnet to work but still no ssh. is there any debugging I can do for ssh?

also, radius stopped working. in the debugs, I can see it accept the account but I get a bunch of failed lines that I don't understand. here is the debug output:

Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): ask "Username: "

Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): send packet; GET_USER

Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): ask "Password: "

Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): send packet; GET_PASSWORD

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006):Orig. component type = EXEC

Mar 5 19:12:32.659: RADIUS: AAA Unsupported Attr: interface [174] 6

Mar 5 19:12:32.659: RADIUS: 74 74 79 35 [tty5]

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): dropping service type, "radius-server attribute 6 on-for-login-auth" is off

Mar 5 19:12:32.659: RADIUS(00000006): Config NAS IP: 0.0.0.0

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): acct_session_id: 4

Mar 5 19:12:32.659: RADIUS(00000006): sending

Mar 5 19:12:32.659: RADIUS/ENCODE: Best Local IP-Address 10.10.4.52 for Radius-Server 10.10.1.251

Mar 5 19:12:32.663: RADIUS(00000006): Send Access-Request to 10.10.1.251:1812 id 1645/6, len 83

Mar 5 19:12:32.663: RADIUS: authenticator 98 CF 80 52 47 5D AF A0 - E3 96 B4 0F F0 78 32 75

Mar 5 19:12:32.663: RADIUS: User-Name [1] 7 "zaned"

Mar 5 19:12:32.663: RADIUS: User-Password [2] 18 *

Mar 5 19:12:32.663: RADIUS: NAS-Port [5] 6 514

Mar 5 19:12:32.663: RADIUS: NAS-Port-Id [87] 8 "tty514"

Mar 5 19:12:32.663: RADIUS: NAS-Port-Type [61] 6 Virtual [5]

Mar 5 19:12:32.663: RADIUS: Calling-Station-Id [31] 12 "10.10.4.51"

Mar 5 19:12:32.663: RADIUS: NAS-IP-Address [4] 6 10.10.4.52

Mar 5 19:12:32.667: RADIUS: Received from id 1645/6 10.10.1.251:1812, Access-Accept, len 44

Mar 5 19:12:32.667: RADIUS: authenticator 8A 52 1F 11 41 AA C8 C7 - 0F 08 25 28 B9 3E 1A 5D

Mar 5 19:12:32.667: RADIUS: Service-Type [6] 6 Administrative [6]

Mar 5 19:12:32.667: RADIUS: Vendor, Cisco [26] 18

Mar 5 19:12:32.667: RADIUS: Cisco AVpair [1] 12 "shell:cmd*"

Mar 5 19:12:32.667: RADIUS(00000006): Received from id 1645/6

Mar 5 19:12:32.667: RADIUS/DECODE: convert VSA string; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: cisco VSA type 1; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: VSA; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: decoder; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: attribute Vendor-Specific; FAIL

Mar 5 19:12:32.671: RADIUS/DECODE: parse response op decode; FAIL

Mar 5 19:12:32.671: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

any help would be appreciated.

2 Replies 2

volleyman
Level 1
Level 1

also, I should mention that I included one local account for when radius fails. This account also wont' work. The only way to connect to the router right now is via rommon which isn't a problem because its currently in the lab.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Could you provide the full image names of the current and prior IOSs?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: