( Radius Authentication issue) AAA: parse name=tty2 idb type=-1 tty=-1

Unanswered Question
Oct 4th, 2010

Hi ,

I am having radius authentication issue. The issue occured after changing ACS Server key. now even i have corrected the key but still authentication issue exist.

I have verified ACS server connectivity with test command which is sucssefull but when i do remotely ssh to switch,  it failed with unknow reason and no logs appeared at ACS server...

Here is my configurations...and debug... I would appreciate if you can suggest... the solution...

aaa new-model
aaa group server radius networks
server 192.168.255.101 auth-port 1812 acct-port 1813
!        
aaa group server radius SNAC
server 192.168.44.33 auth-port 1812 acct-port 1813
server 192.168.224.14 auth-port 1812 acct-port 1813
!        
aaa authentication login default local
aaa authentication login conslog local
aaa authentication login networks group radius local
aaa authentication dot1x default group SNAC
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius
aaa accounting exec default start-stop group radius


radius-server host 192.168.44.33 auth-port 1812 acct-port 1813 key 7 06222D12424F0A
radius-server host 192.168.224.14 auth-port 1812 acct-port 1813 key 7 14333038020529
radius-server host 192.168.255.101 auth-port 1812 acct-port 1813 key 7 022A0B5C5B140E25151B2918170321
radius-server source-ports 1645-1646

debug

DXB-SWT-035#
Oct  4 12:09:20.694: AAA: parse name=tty1 idb type=-1 tty=-1
Oct  4 12:09:20.694: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
Oct  4 12:09:20.694: AAA/MEMORY: create_user (0x1E354E8) user='NULL' ruser='NULL' ds0=0 port='tty1' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Oct  4 12:09:20.694: AAA/AUTHEN/START (2369954885): port='tty1' list='networks' action=LOGIN service=LOGIN
Oct  4 12:09:20.694: AAA/AUTHEN/START (23699
DXB-SWT-035#54885): found list networks
Oct  4 12:09:20.694: AAA/AUTHEN/START (2369954885): Method=radius (radius)
Oct  4 12:09:20.694: AAA/AUTHEN (2369954885): status = GETPASS
Oct  4 12:09:20.694: AAA/AUTHEN/CONT (2369954885): continue_login (user='muhasim')
Oct  4 12:09:20.694: AAA/AUTHEN (2369954885): status = GETPASS
Oct  4 12:09:20.694: AAA/AUTHEN (2369954885): Method=radius (radius)
Oct  4 12:09:20.702: AAA/AUTHEN (2369954885): status = FAIL
Oct  4 12:09:20.702: AAA/AUTHEN/ABORT: (2369954885) because Unk
DXB-SWT-035#nown.
DXB-SWT-035#
Oct  4 12:09:35.419: AAA: parse name=tty2 idb type=-1 tty=-1
Oct  4 12:09:35.419: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Oct  4 12:09:35.419: AAA/MEMORY: create_user (0x1FEAE3C) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Oct  4 12:09:35.419: AAA/AUTHEN/START (806126399): port='tty2' list='networks' action=LOGIN service=LOGIN
Oct  4 12:09:35.419: AAA/AUTHEN/START (806126
DXB-SWT-035#399): found list networks
Oct  4 12:09:35.419: AAA/AUTHEN/START (806126399): Method=radius (radius)
Oct  4 12:09:35.419: AAA/AUTHEN (806126399): status = GETPASS
Oct  4 12:09:35.423: AAA/AUTHEN/CONT (806126399): continue_login (user='manwar')
Oct  4 12:09:35.423: AAA/AUTHEN (806126399): status = GETPASS
Oct  4 12:09:35.423: AAA/AUTHEN (806126399): Method=radius (radius)
Oct  4 12:09:35.427: AAA/AUTHEN (806126399): status = FAIL
Oct  4 12:09:35.427: AAA/AUTHEN/ABORT: (806126399) because Unknown.
DXB-SWT-035#
Oct  4 12:09:48.895: AAA/AUTHEN/19 (0000006F): Pick method list 'default'
DXB-SWT-035#
Oct  4 12:09:56.991: AAA/AUTHEN/START (2123105333): port='tty1' list='networks' action=LOGIN service=LOGIN
Oct  4 12:09:56.991: AAA/AUTHEN/START (2123105333): found list networks
Oct  4 12:09:56.991: AAA/AUTHEN/START (2123105333): Method=radius (radius)
Oct  4 12:09:56.991: AAA/AUTHEN (2123105333): status = GETPASS
Oct  4 12:09:56.991: AAA/AUTHEN/CONT (2123105333): continue_login (user='muhasim')
Oct  4 12:09:56.991: AAA/AUTHEN (2123105333): status = GETPASS
Oct  4 12:09:56.991: AAA/AUTHEN (2123105
DXB-SWT-035#333): Method=radius (radius)
Oct  4 12:09:56.999: AAA/AUTHEN (2123105333): status = FAIL
Oct  4 12:09:56.999: AAA/AUTHEN/ABORT: (2123105333) because Unknown.
DXB-SWT-035#
Oct  4 12:10:08.204: AAA/MEMORY: free_user (0x1FEAE3C) user='manwar' ruser='NULL' port='tty2' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1
Oct  4 12:10:08.308: AAA/MEMORY: free_user (0x1E354E8) user='muhasim' ruser='NULL' port='tty1' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1

DXB-SWT-035#test aaa group networks rizali xxx legacy

Attempting authentication test to server-group networks using radius

User was successfully authenticated.

DXB-SWT-035#test aaa group networks rizali xxx port 1812

Attempting authentication test to server-group networks using radius

User was successfully authenticated.

thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vinay Sharma Mon, 10/04/2010 - 03:10

Hi Nadeem,

do you have any key configured in ACS for network device group in which this device is a entry? If yes, please update that as well.

If still face the same issue, please provide the following:-

1. debug aaa authentication

2. debug radius

thanks,

Vinay

Nadeem ahmed Ahmed Mon, 10/04/2010 - 04:40

Hi ,

It is already updated for whole network devce groups and some random devices are not working.

These bebugs are after being everything updated...

Thanks!

Actions

This Discussion