Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ppp can't run on this line

does anyone have a list of cisco vsa or av pairs? thanks! i just want to know whats out there and what i can use. anyways..here is my problem.

i just started to setup authorization and now i can't get into my router by telnet.

all i did was this.

aaa athorization exec default group radius

and then applied

aaa athorization exec default to line vty 0 4

are you suppose to apply authorization to lines? but why is it saying ppp won't work? my debug says this

exe-router#rvice-Type [6] 6 Login [1]

3d00h: RADIUS: NAS-IP-Address [4] 6 172.16.1.1

3d00h: RADIUS: Received from id 21645/103 172.16.1.26:1645, Access-Accept, len 1

19

3d00h: RADIUS: authenticator 94 8B C1 DF 00 23 90 6E - 2F 31 6B AF C1 FC 6E FD

3d00h: RADIUS: Vendor, Cisco [26] 25

3d00h: RADIUS: Cisco AVpair [1] 19 "Shell:priv-lvl=15"

3d00h: RADIUS: Framed-Protocol [7] 6 PPP [1]

3d00h: RADIUS: Port-Limit [62] 6 1

3d00h: RADIUS: Service-Type [6] 6 Login [1]

3d00h: RADIUS: Class [25] 32

3d00h: RADIUS: 40 B1 04 CA 00 00 01 37 00 01 AC 10 01 1A 01 C3 [@??????7?????

???]

3d00h: RADIUS: 32 D8 AD 10 92 58 00 00 00 00 00 00 00 44 [2????X???????

D]

3d00h: RADIUS: Vendor, Microsoft [26] 12

3d00h: RADIUS: MS-MPPE-Enc-Policy [7] 6

3d00h: RADIUS: 00 00 00 [???]

3d00h: RADIUS: Vendor, Microsoft [26] 12

3d00h: RADIUS: MS-MPPE-Enc-Type [8] 6

3d00h: RADIUS: 00 00 00 [???]

3d00h: RADIUS(00000057): Received from id 21645/103

3d00h: RADIUS: Constructed " ppp negotiate "

3d00h: AAA/AUTHOR/EXEC(00000057): processing AV priv-lvl=15

3d00h: AAA/AUTHOR/EXEC(00000057): processing AV noescape=1

3d00h: AAA/AUTHOR/EXEC(00000057): processing AV autocmd= ppp negotiate

3d00h: AAA/AUTHOR/EXEC(00000057): Authorization successful

says i was authorized. but....also where did that ppp autocommand come from?

  • AAA Identity and NAC
2 REPLIES
New Member

Re: ppp can't run on this line

Him

You need to remove the following attribute in the profile of the user.

Framed-Protocol [7] 6 PPP [1]

If you are using the following attribute , router uses it for ppp authorization.

Here is the list of the av-pair.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008010216c.html

these av-pairs can be used for radius as well as tacacs+.

Do let me know if you have any questions.

Thanks

Sujit

New Member

Re: ppp can't run on this line

thank you for your response. it seems that may was the problem...got rid of it and now it works. thanks man

421
Views
0
Helpful
2
Replies