03-05-2008 11:31 AM - edited 03-03-2019 08:59 PM
I recently upgraded the IOS on my 2811 router from 12.4(12)to 12.4(15)T3 in order to pick up support for a new hwic-3g-gsm card.
upgraded via tftp with no apparent issues. after the upgrade, ssh connections to the router stopped working. I changed the vty 04 to accept all which allowed telnet to work but still no ssh. is there any debugging I can do for ssh?
also, radius stopped working. in the debugs, I can see it accept the account but I get a bunch of failed lines that I don't understand. here is the debug output:
Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): ask "Username: "
Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): send packet; GET_USER
Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): ask "Password: "
Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): send packet; GET_PASSWORD
Mar 5 19:12:32.659: RADIUS/ENCODE(00000006):Orig. component type = EXEC
Mar 5 19:12:32.659: RADIUS: AAA Unsupported Attr: interface [174] 6
Mar 5 19:12:32.659: RADIUS: 74 74 79 35 [tty5]
Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
Mar 5 19:12:32.659: RADIUS(00000006): Config NAS IP: 0.0.0.0
Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): acct_session_id: 4
Mar 5 19:12:32.659: RADIUS(00000006): sending
Mar 5 19:12:32.659: RADIUS/ENCODE: Best Local IP-Address 10.10.4.52 for Radius-Server 10.10.1.251
Mar 5 19:12:32.663: RADIUS(00000006): Send Access-Request to 10.10.1.251:1812 id 1645/6, len 83
Mar 5 19:12:32.663: RADIUS: authenticator 98 CF 80 52 47 5D AF A0 - E3 96 B4 0F F0 78 32 75
Mar 5 19:12:32.663: RADIUS: User-Name [1] 7 "zaned"
Mar 5 19:12:32.663: RADIUS: User-Password [2] 18 *
Mar 5 19:12:32.663: RADIUS: NAS-Port [5] 6 514
Mar 5 19:12:32.663: RADIUS: NAS-Port-Id [87] 8 "tty514"
Mar 5 19:12:32.663: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Mar 5 19:12:32.663: RADIUS: Calling-Station-Id [31] 12 "10.10.4.51"
Mar 5 19:12:32.663: RADIUS: NAS-IP-Address [4] 6 10.10.4.52
Mar 5 19:12:32.667: RADIUS: Received from id 1645/6 10.10.1.251:1812, Access-Accept, len 44
Mar 5 19:12:32.667: RADIUS: authenticator 8A 52 1F 11 41 AA C8 C7 - 0F 08 25 28 B9 3E 1A 5D
Mar 5 19:12:32.667: RADIUS: Service-Type [6] 6 Administrative [6]
Mar 5 19:12:32.667: RADIUS: Vendor, Cisco [26] 18
Mar 5 19:12:32.667: RADIUS: Cisco AVpair [1] 12 "shell:cmd*"
Mar 5 19:12:32.667: RADIUS(00000006): Received from id 1645/6
Mar 5 19:12:32.667: RADIUS/DECODE: convert VSA string; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: cisco VSA type 1; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: VSA; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: decoder; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: attribute Vendor-Specific; FAIL
Mar 5 19:12:32.671: RADIUS/DECODE: parse response op decode; FAIL
Mar 5 19:12:32.671: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
any help would be appreciated.
03-05-2008 11:33 AM
also, I should mention that I included one local account for when radius fails. This account also wont' work. The only way to connect to the router right now is via rommon which isn't a problem because its currently in the lab.
03-05-2008 07:54 PM
Could you provide the full image names of the current and prior IOSs?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: