08-20-2003 11:15 PM - edited 03-02-2019 09:46 AM
I want to config a 2501(use the aux port to connect a MODEM) as the access server with radius server authen(I use the WIN2K's IAS as the radius server,I have added a client whose ip address is 192.168.1.102,and share key is "cisco123"),but I failed,why?
1.IOS is c2500-jos56i-l.121-20.bin
2.config is:
cimic#sho run
Building configuration...
Current configuration : 1880 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cimic
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius if-authenticated
enable secret xxxxxx
!
username xxx password xxxxx
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0
ip address 192.168.1.102 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface Async1
ip unnumbered Ethernet0
encapsulation ppp
async mode dedicated
peer default ip address pool async
ppp authentication pap
!
ip local pool async 192.168.1.70 192.168.1.80
ip classless
no ip http server
!
!
radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key cisco123
radius-server retransmit 3
radius-server key xxxx
!
line con 0
line aux 0
session-timeout 20
modem InOut
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
speed 38400
password xxxx
!
end
* and I have tested the 1645&1646 port as the authen and acct port,but also failed
3.debug aaa authen,debug radius,debug ppp neg,debug ppp auth:
cimic#ter mon
cimic#
00:17:21: As1 LCP: I CONFREQ [Closed] id 1 len 23
00:17:21: As1 LCP: ACCM 0x00000000 (0x020600000000)
00:17:21: As1 LCP: MagicNumber 0x374654AF (0x0506374654AF)
00:17:21: As1 LCP: PFC (0x0702)
00:17:21: As1 LCP: ACFC (0x0802)
00:17:21: As1 LCP: Callback 6 (0x0D0306)
00:17:21: As1 LCP: Lower layer not up, Fast Starting
00:17:21: As1 PPP: Treating connection as a dedicated line
00:17:21: As1 PPP: Phase is ESTABLISHING, Active Open
00:17:21: As1 LCP: O CONFREQ [Closed] id 14 len 24
00:17:21: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
00:17:21: As1 LCP: AuthProto PAP (0x0304C023)
00:17:21: As1 LCP: MagicNumber 0xE02E4D84 (0x0506E02E4D84)
00:17:21: As1 LCP: PFC (0x0702)
00:17:21: As1 LCP: ACFC (0x0802)
00:17:21: As1 LCP: O CONFREJ [REQsent] id 1 len 7
00:17:21: As1 LCP: Callback 6 (0x0D0306)
00:17:21: %LINK-3-UPDOWN: Interface Async1, changed state to up
00:17:21: As1 LCP: I CONFACK [REQsent] id 14 len 24
00:17:21: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
00:17:21: As1 LCP: AuthProto PAP (0x0304C023)
00:17:21: As1 LCP: MagicNumber 0xE02E4D84 (0x0506E02E4D84)
00:17:21: As1 LCP: PFC (0x0702)
00:17:21: As1 LCP: ACFC (0x0802)
00:17:21: As1 LCP: I CONFREQ [ACKrcvd] id 2 len 20
00:17:21: As1 LCP: ACCM 0x00000000 (0x020600000000)
00:17:21: As1 LCP: MagicNumber 0x374654AF (0x0506374654AF)
00:17:21: As1 LCP: PFC (0x0702)
00:17:21: As1 LCP: ACFC (0x0802)
00:17:21: As1 LCP: O CONFACK [ACKrcvd] id 2 len 20
00:17:21: As1 LCP: ACCM 0x00000000 (0x020600000000)
00:17:21: As1 LCP: MagicNumber 0x374654AF (0x0506374654AF)
00:17:22: As1 LCP: PFC (0x0702)
00:17:22: As1 LCP: ACFC (0x0802)
00:17:22: As1 LCP: State is Open
00:17:22: As1 PPP: Phase is AUTHENTICATING, by this end
00:17:22: As1 LCP: I IDENTIFY [Open] id 3 len 18 magic 0x374654AF MSRASV5.10
00:17:22: As1 LCP: I IDENTIFY [Open] id 4 len 25 magic 0x374654AF MSRAS-0-XIEGUO
HUA
00:17:22: As1 PAP: I AUTH-REQ id 55 len 12 from "web"
00:17:22: As1 PAP: Authenticating peer web
00:17:22: AAA: parse name=Async1 idb type=10 tty=1
00:17:22: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=1 cha
nnel=0
00:17:22: AAA/MEMORY: create_user (0x3068D8) user='web' ruser='' port='Async1' r
em_addr='async' authen_type=PAP service=PPP priv=1
00:17:22: AAA/AUTHEN/START (15642053): port='Async1' list='' action=LOGIN servic
e=PPP
00:17:22: AAA/AUTHEN/START (15642053): using "default" list
00:17:22: AAA/AUTHEN (15642053): status = UNKNOWN
00:17:22: AAA/AUTHEN/START (15642053): Method=radius (radius)
00:17:22: RADIUS: ustruct sharecount=1
00:17:22: RADIUS: Initial Transmit Async1 id 3 192.168.1.2:1812, Access-Request,
len 73
00:17:22: Attribute 4 6 C0A80166
00:17:22: Attribute 5 6 00000001
00:17:22: Attribute 61 6 00000000
00:17:22: Attribute 1 5 77656202
00:17:22: Attribute 2 18 1DADB70C
00:17:22: Attribute 6 6 00000002
00:17:22: Attribute 7 6 00000001
00:17:24: As1 PAP: I AUTH-REQ id 56 len 12 from "web"
00:17:24: As1 AUTH: Duplicate authentication request id=56 already in progress
00:17:27: RADIUS: Retransmit id 3
00:17:27: As1 PAP: I AUTH-REQ id 57 len 12 from "web"
00:17:27: As1 AUTH: Duplicate authentication request id=57 already in progress
00:17:30: As1 PAP: I AUTH-REQ id 58 len 12 from "web"
00:17:30: As1 AUTH: Duplicate authentication request id=58 already in progress
00:17:32: RADIUS: Retransmit id 3
00:17:33: As1 PAP: I AUTH-REQ id 59 len 12 from "web"
00:17:33: As1 AUTH: Duplicate authentication request id=59 already in progress
00:17:36: As1 PAP: I AUTH-REQ id 60 len 12 from "web"
00:17:36: As1 AUTH: Duplicate authentication request id=60 already in progress
00:17:37: RADIUS: Retransmit id 3
00:17:39: As1 PAP: I AUTH-REQ id 61 len 12 from "web"
00:17:39: As1 AUTH: Duplicate authentication request id=61 already in progress
00:17:42: RADIUS: Marking server 192.168.1.2:1812,1813 dead
00:17:42: RADIUS: Tried all servers.
00:17:42: RADIUS: No valid server found. Trying any viable server
00:17:42: RADIUS: Tried all servers.
00:17:42: RADIUS: No response for id 3
00:17:42: RADIUS: No response from server
00:17:42: AAA/AUTHEN (15642053): status = ERROR
00:17:42: AAA/AUTHEN/START (15642053): Method=LOCAL
00:17:42: AAA/AUTHEN (15642053): User not found, end of method list
00:17:42: AAA/AUTHEN (15642053): status = FAIL
00:17:42: As1 PAP: O AUTH-NAK id 61 len 32 msg is "Password validation failure"
00:17:42: As1 PPP: Phase is TERMINATING
00:17:42: As1 LCP: O TERMREQ [Open] id 15 len 4
00:17:42: AAA/MEMORY: free_user (0x3068D8) user='web' ruser='' port='Async1' rem
_addr='async' authen_type=PAP service=PPP priv=1
00:17:42: As1 LCP: I TERMACK [TERMsent] id 15 len 4
00:17:42: As1 LCP: State is Closed
00:17:42: As1 PPP: Phase is DOWN
00:17:42: As1 PPP: Phase is ESTABLISHING, Passive Open
00:17:42: As1 LCP: State is Listen
00:17:44: %LINK-5-CHANGED: Interface Async1, changed state to reset
00:17:44: As1 LCP: State is Closed
00:17:44: As1 PPP: Phase is DOWN
00:17:49: %LINK-3-UPDOWN: Interface Async1, changed state to down
00:17:49: As1 LCP: State is Closed
the web is the username
help me ASSP,thanks
08-22-2003 03:11 AM
Hi,
it seems clear that the router is configured well and everything works ok up to the point where we should get a reply from the radius server, but we never get one:
RADIUS: No response from server
So the questions to ask are:
- is the network connectivity OK between the router and the IAS?
- is there a firewall or other filtering device in between? if so, does it permit radius packets in both directions?
- is the IAS properly configured? Personally I don't know IAS but here's a link that might be helpful:
http://www.cisco.com/warp/public/471/vpn5k-msias.shtml#topic2
(It describes configuration of IAS for a VPN concentrator, but at least some parts should apply to your case as well).
hth
Herbert
08-23-2003 05:15 PM
thanks for your friendly answer,the IAS Server and the router is in the same LAN,so,there is no problem of the connection between them.maybe because of the configuration of the IAS,I will check it later,thanks
08-22-2003 12:34 PM
I would agree with verifying IP connectivity to the IAS. We can see that we aren't getting a response from the IAS, are you seeing the request's in the IAS logs ?
Make sure the IAS is reachable via ping's for example to ensure a good IP path with good response time. You can also reference this link on troubleshooting RADIUS connections.
If it gets to hectic and your sure everything is set up right I would suggest opening a case.
http://www.cisco.com/en/US/tech/tk583/tk547/technologies_tech_note09186a0080093f4b.shtml
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: