AAA Authentincation Failed

Unanswered Question
Sep 22nd, 2010

Hi Experts,

I face some problem when try to login router using AAA authentication. Then the router get the local password to login.

I paste below the result after debugging AAA authentication:

*Sep 22 15:43:32.194: AAA/BIND(000115D0): Bind i/f 
*Sep 22 15:43:32.198: AAA/AUTHEN/LOGIN (000115D0): Pick method list 'default'
*Sep 22 15:43:56.010: %RADIUS-4-RADIUS_DEAD: RADIUS server,1646 is not responding.
*Sep 22 15:43:56.010: %RADIUS-4-RADIUS_ALIVE: RADIUS server,1646 is being marked alive.
*Sep 22 15:43:56.010: AAA/AUTHEN/LINE(000115D0): GET_PASSWORD   ----> authentication failed then router find local password
*Sep 22 15:44:19.330: AAA/AUTHEN/LINE(000115D0): PASS

I need your expertise.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
padatta Wed, 09/22/2010 - 03:15


  Please paste the 'show run | in aaa' output and obtain the following debugs again.

debug aaa authentication

debug radius authentication

  Also make sure the network path between router and AAA server is 'clean'. Do you see any drops while running a continuous ping (say repeat 1000) to AAA server from the router?



CSCO11702470 Thu, 09/23/2010 - 02:11

Below my AAA config:

aaa new-model
aaa authentication login default group radius local line
aaa authentication enable default group radius enable
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa session-id common



radius-server host auth-port 1645 acct-port 1646 key *******


If I PING to radius server, it not have any drops. Means router to radius are reacheable.


amitaaga Fri, 09/24/2010 - 13:50

Hi Muhammad,

From the debugs it seems that the router does not get any response from the radius server, marks it as dead and then falls back to the local authentication.

Also, is the radius server actually listening on ports 1645 and 1646 for authentication and accounting? You may try changing the ports to 1812 and 1813 respectively in the radius server command?

If it is a windows server please try disabling windows firewall and see if it helps.

If the issue still persists, please provide the following info:

What radius server do we have? Is it an ACS server or Microsoft IAS?

Is there any other device in between the router and the ACS server which could be blocking UDP traffic on 1645/1812,1646/1813?

Are we seeing any hits on the radius server when the user tries to authenticate?




This Discussion