A router with Cisco IOS version 12.4 sends the NAS-Port-Type RADIUS attribute twice in an AAA request

Document

Wed, 07/22/2009 - 19:37
Jun 18th, 2009

Core issue

This problem occurs due to the presence of Cisco bug ID CSCsc96280.

Sometimes, a router acts as a VPN server for VPN client users. When such a router is upgraded to Cisco IOS  Software Release 12.4(6.7), the router sends the NAS-Port-Type RADIUS attribute twice in an Authentication, Authorization, and Accounting (AAA) access-request packet. This problem occurs when the router is configured to authenticate VPN users against the RADIUS server. The logs display entries similar to this:

00:05:13: RADIUS(00000005): Send Access-Request to 172.19.220.219:1645 id 1645/4, len81
00:05:13: RADIUS:  authenticator A1 0A 19 02 DC 9F CF A7 - 1A 48 52 EF E6 E7 3D A1
00:05:13: RADIUS:  User-Name  [1]  7  "unity"
00:05:13: RADIUS:  User-Password  [2]  18  *
00:05:13: RADIUS:  Calling-Station-Id  [31]  12  "10.1.32.25"
00:05:13: RADIUS:  NAS-Port-Type  [61]  6  Virtual  [5]
00:05:13: RADIUS:  NAS-Port-Type  [61]  6  Virtual  [5]
00:05:13: RADIUS:  Service-Type  [6]  6  Outbound  [5]

Resolution

In order to resolve this issue, download and upgrade the Cisco IOS to any one of these versions:

  •   

    12.4(7.8)

       
  •   12.4(7.9)

Problem Type

Troubleshoot software feature

Product Family

Routers

Cisco IOS Software Version

12.4

VPN Tunnel End Points

Router

Features & Tasks

RADIUS

Loading.

Actions

This Document