Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

( Radius Authentication issue) AAA: parse name=tty2 idb type=-1 tty=-1

Hi ,

I am having radius authentication issue. The issue occured after changing ACS Server key. now even i have corrected the key but still authentication issue exist.

I have verified ACS server connectivity with test command which is sucssefull but when i do remotely ssh to switch,  it failed with unknow reason and no logs appeared at ACS server...

Here is my configurations...and debug... I would appreciate if you can suggest... the solution...

aaa new-model
aaa group server radius networks
server 192.168.255.101 auth-port 1812 acct-port 1813
!        
aaa group server radius SNAC
server 192.168.44.33 auth-port 1812 acct-port 1813
server 192.168.224.14 auth-port 1812 acct-port 1813
!        
aaa authentication login default local
aaa authentication login conslog local
aaa authentication login networks group radius local
aaa authentication dot1x default group SNAC
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius
aaa accounting exec default start-stop group radius


radius-server host 192.168.44.33 auth-port 1812 acct-port 1813 key 7 06222D12424F0A
radius-server host 192.168.224.14 auth-port 1812 acct-port 1813 key 7 14333038020529
radius-server host 192.168.255.101 auth-port 1812 acct-port 1813 key 7 022A0B5C5B140E25151B2918170321
radius-server source-ports 1645-1646

debug

DXB-SWT-035#
Oct  4 12:09:20.694: AAA: parse name=tty1 idb type=-1 tty=-1
Oct  4 12:09:20.694: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
Oct  4 12:09:20.694: AAA/MEMORY: create_user (0x1E354E8) user='NULL' ruser='NULL' ds0=0 port='tty1' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Oct  4 12:09:20.694: AAA/AUTHEN/START (2369954885): port='tty1' list='networks' action=LOGIN service=LOGIN
Oct  4 12:09:20.694: AAA/AUTHEN/START (23699
DXB-SWT-035#54885): found list networks
Oct  4 12:09:20.694: AAA/AUTHEN/START (2369954885): Method=radius (radius)
Oct  4 12:09:20.694: AAA/AUTHEN (2369954885): status = GETPASS
Oct  4 12:09:20.694: AAA/AUTHEN/CONT (2369954885): continue_login (user='muhasim')
Oct  4 12:09:20.694: AAA/AUTHEN (2369954885): status = GETPASS
Oct  4 12:09:20.694: AAA/AUTHEN (2369954885): Method=radius (radius)
Oct  4 12:09:20.702: AAA/AUTHEN (2369954885): status = FAIL
Oct  4 12:09:20.702: AAA/AUTHEN/ABORT: (2369954885) because Unk
DXB-SWT-035#nown.
DXB-SWT-035#
Oct  4 12:09:35.419: AAA: parse name=tty2 idb type=-1 tty=-1
Oct  4 12:09:35.419: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Oct  4 12:09:35.419: AAA/MEMORY: create_user (0x1FEAE3C) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Oct  4 12:09:35.419: AAA/AUTHEN/START (806126399): port='tty2' list='networks' action=LOGIN service=LOGIN
Oct  4 12:09:35.419: AAA/AUTHEN/START (806126
DXB-SWT-035#399): found list networks
Oct  4 12:09:35.419: AAA/AUTHEN/START (806126399): Method=radius (radius)
Oct  4 12:09:35.419: AAA/AUTHEN (806126399): status = GETPASS
Oct  4 12:09:35.423: AAA/AUTHEN/CONT (806126399): continue_login (user='manwar')
Oct  4 12:09:35.423: AAA/AUTHEN (806126399): status = GETPASS
Oct  4 12:09:35.423: AAA/AUTHEN (806126399): Method=radius (radius)
Oct  4 12:09:35.427: AAA/AUTHEN (806126399): status = FAIL
Oct  4 12:09:35.427: AAA/AUTHEN/ABORT: (806126399) because Unknown.
DXB-SWT-035#
Oct  4 12:09:48.895: AAA/AUTHEN/19 (0000006F): Pick method list 'default'
DXB-SWT-035#
Oct  4 12:09:56.991: AAA/AUTHEN/START (2123105333): port='tty1' list='networks' action=LOGIN service=LOGIN
Oct  4 12:09:56.991: AAA/AUTHEN/START (2123105333): found list networks
Oct  4 12:09:56.991: AAA/AUTHEN/START (2123105333): Method=radius (radius)
Oct  4 12:09:56.991: AAA/AUTHEN (2123105333): status = GETPASS
Oct  4 12:09:56.991: AAA/AUTHEN/CONT (2123105333): continue_login (user='muhasim')
Oct  4 12:09:56.991: AAA/AUTHEN (2123105333): status = GETPASS
Oct  4 12:09:56.991: AAA/AUTHEN (2123105
DXB-SWT-035#333): Method=radius (radius)
Oct  4 12:09:56.999: AAA/AUTHEN (2123105333): status = FAIL
Oct  4 12:09:56.999: AAA/AUTHEN/ABORT: (2123105333) because Unknown.
DXB-SWT-035#
Oct  4 12:10:08.204: AAA/MEMORY: free_user (0x1FEAE3C) user='manwar' ruser='NULL' port='tty2' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1
Oct  4 12:10:08.308: AAA/MEMORY: free_user (0x1E354E8) user='muhasim' ruser='NULL' port='tty1' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1

DXB-SWT-035#test aaa group networks rizali xxx legacy

Attempting authentication test to server-group networks using radius

User was successfully authenticated.

DXB-SWT-035#test aaa group networks rizali xxx port 1812

Attempting authentication test to server-group networks using radius

User was successfully authenticated.

thanks!

2 REPLIES

Re: ( Radius Authentication issue) AAA: parse name=tty2 idb type

Hi Nadeem,

do you have any key configured in ACS for network device group in which this device is a entry? If yes, please update that as well.

If still face the same issue, please provide the following:-

1. debug aaa authentication

2. debug radius

thanks,

Vinay

Thanks & Regards

Re: ( Radius Authentication issue) AAA: parse name=tty2 idb type

Hi ,

It is already updated for whole network devce groups and some random devices are not working.

These bebugs are after being everything updated...

Thanks!

388
Views
0
Helpful
2
Replies