Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems with Radius Authentication

Hi all, I have problems trying to authenticate with Radius only at the ppp connection.

When I dial-in using the terminal window I can access the router with the Radius authentication, but the access to the network is not posible. Only works using a local user.

Thanks in advanced.

Here are de config router and debugs....

Congiguration's router:

version 11.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco3620

!

aaa new-model

aaa authentication login default radius local

aaa authentication login NO_AUTHEN none

aaa authentication ppp default radius local

enable password ******

username cisco password 0 tricom

ip subnet-zero

no ip finger

!

process-max-time 200

!

interface Loopback0

no ip address

!

interface FastEthernet0/0

ip address ***.**.36.99 255.255.252.0

no cdp enable

!

interface Group-Async33

ip unnumbered FastEthernet0/0

no ip directed-broadcast

encapsulation ppp

async mode interactive

peer default ip address pool lab

no cdp enable

ppp authentication chap

group-range 33 40

!

router eigrp 1

network ***.**.0.0

!

ip local pool lab ***.**.**.90 ***.**.**.95

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

logging buffered 4096 debugging

no cdp run

radius-server host ***.**.*.** auth-port 1645 acct-port 1646

radius-server key *******

!

line con 0

login authentication NO_AUTHEN

transport input none

line 33 40

autoselect during-login

autoselect ppp

modem InOut

transport preferred none

transport input all

transport output none

stopbits 1

flowcontrol hardware

Debugs:

3d13h: AAA: parse name=tty33 idb type=10 tty=33

3d13h: AAA: name=tty33 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=33 channel=0

3d13h: AAA/AUTHEN: creattty33' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

3d13h: AAA/AUTHEN/START (15223567): port='tty33' list='' action=LOGIN service=LOGIN

3d13h: AAA/AUTHEN/START (15223567): using "default" list

3d13h: AAA/AUTHEN/START (15223567): Method=RADIUS

3d13h: AAA/AUTHEN (15223567): status = GETUSER

3d13h: AAA/AUTHEN/ABORT: (15223567) because Autoselected.

3d13h: AAA/AUTHEN: free_user (0x60F4A404) user='' ruser='' port='tthen_type=ASCII service=LOGIN priv=1

3d13h: As33 LCP: Lower layer not up, Fast Starting

3d13h: As33 PPP: Treating connection as a dedicated line

3d13h: %LINK-3-UPDOWN: Interface Async33, changed state to up

3d13h: As33 PPP: Phase is AUTHENTICATING, by this end

3d13h: As33 CHAP: O CHALLENGE id 6 len 30 from "Cisco3620"

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: AAA: parse name=Async33 idb type=10 tty=33

3d13h: AAA: name=Async33 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=33 channel=0

3d13h: AAA/AUTHEN: create_user (0x60F4A3AC) user='carlos welhous' ruser='' port='Async33' rem_addr='async' authen_type=CHAP service=PPP priv=1

3d13h: AAA/AUTHEN/START (3218263426): port='Async33' list='' action=LOGIN service=PPP

3d13h: AAA/AUTHEN/START (3218263426): using "default" list

3d13h: AAA/AUTHEN/START (3218263426): Method=RADIUS

3d13h: RADIUS: ustruct sharecount=1

3d13h: RADIUS: Initial Transmit id 17 172.22.0.30:1645, Access-Request, len 85

3d13h: Attribute 4 6 AC162463

3d13h: Attribute 5 6 00000021

3d13h: Attribute 61 6 00000000

3h: Attribute 1 16 6361726C

3d13h: Attribute 3 19 06E45FF5

3d13h: Attribute 6 6 00000002

3d13h: Attribute 7 6 00000001

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: As33 AUTH: Duplicate authentication request id=6 already in progress

3d13h: RADIUS: Retransmit id 17

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: As33 AUTH: Duplicate authentication request id=6 already in progress

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: As33 AUTH: Duplicate authentication request id=6 already in progress

3d13h: RADIUS: Retransmit id 17

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: As33 AUTH: Duplicate authentication request id=6 already in progress

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: As33 AUTH: Duplicate authentication request id=6 already in progress

3d13h: RADIUS: Retransmit id 17

3d13h: As33 CHAP: I RESPONSE id 6 len 35 from "carlos welhous"

3d13h: As33 AUTH: Duplicate authentication request id=6 already in progress

3d13h: RADIUS: No response for id 17

3d13h: RADIUS: No response from server

3d13h: AAA/AUTHEN (3218263426): status = ERROR

3d13h: AAA/AUTHEN/START (3218263426): Method=LOCAL

3d13h: AAA/AUTHEN (3218263426): User not found, end of method list

3d13h: AAA/AUTHEN (3218263426): status = FAIL

3d12h: As33 CHAP: Unable to validate Response. Username carlos welhous: Authentication failure

3d12h: As33 CHAP: O FAILURE id 4 len 26 msg is "Authentication failure"

3d12h: AAA/AUTHEN: free_user (0x60E43030) user='carlos welhous' ruser='' port='Async33' rem_addr='async' authen_type=CHAP service=PPP priv=1

3d12h: %LINK-5-CHANGED: Interface Async33, changed state to reset

3d12h: %LINK-3-UPDOWN: Interface Async33, changed state to down

1 REPLY
Bronze

Re: Problems with Radius Authentication

The debug only indicates that there is no connectivity with the RADIUS server; it makes no sense that PPP connections would fail while terminal connections succeed. I would think that if the RADIUS server were unable to process PPP calls, or was unhappy with any of the AV-Pairs it would still reply to the NAS. All that I can suggest is to troubleshoot this at the RADIUS server, to verify if it is receiving the ACCESS-REQUEST, and why it may not be responding to it.

263
Views
0
Helpful
1
Replies
CreatePlease login to create content