Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

AS5300 dialin Authentication to radius server

Hello,

I'm haveing some problems getting dialed in and authenticated to an AS5300 using IAS for a radius server. I know the radius server is working fine because I'm using it for my VTY ports. When I try to set it up for the lines 1-48 I see the below debug. When I set it to local authentication it works fine. Appreciate any help.

Patrick

aaa new-model

!

!

aaa authentication login default local

aaa authentication login IAS group radius

aaa authentication login IAS1 group radius local

aaa authentication ppp IAS if-needed group radius

aaa session-id common

ip subnet-zero

radius-server host 1.1.1.12 auth-port 1645 acct-port 1646 key cisco123

line 1 48

exec-timeout 0 0

login authentication IAS

modem Dialin

transport preferred none

transport input all

transport output none

autoselect during-login

autoselect ppp

line aux 0

line vty 0 4

exec-timeout 60 0

password cisco

login authentication IAS1

6 REPLIES

Re: AS5300 dialin Authentication to radius server

2d02h: AAA/BIND(0000003D): Bind i/f Serial3:0

2d02h: %ISDN-6-CONNECT: Interface Serial3:0 is now connected to 9999999999 N/A

2d02h: AAA/AUTHEN/LOGIN (0000003D): Pick method list 'IAS'

2d02h: RADIUS/ENCODE(0000003D): ask "Username: "

2d02h: RADIUS/ENCODE(0000003D): send packet; GET_USER

2d02h: RADIUS/ENCODE(0000003D): ask "Password: "

2d02h: RADIUS/ENCODE(0000003D): send packet; GET_PASSWORD

2d02h: RADIUS/ENCODE(0000003D):Orig. component type = ISDN

2d02h: RADIUS: AAA Unsupported Attr: interface [153] 5

2d02h: RADIUS: 74 74 79 [tty]

2d02h: RADIUS(0000003D): Storing nasport 30 in rad_db

2d02h: RADIUS/ENCODE(0000003D): dropping service type, "radius-server attribute 6 on-for-login-auth" is off

2d02h: RADIUS(0000003D): Config NAS IP: 0.0.0.0

2d02h: RADIUS/ENCODE(0000003D): acct_session_id: 61

2d02h: RADIUS(0000003D): sending

2d02h: RADIUS/ENCODE: Best Local IP-Address 1.1.1.1 for Radius-Server 1.1.1.7

2d02h: RADIUS(0000003D): Send Access-Request to 1.1.1.7:1645 id 1645/26, len 87

2d02h: RADIUS: authenticator 72 71 E7 63 31 99 F5 DA - 90 CD 6C E5 27 C9 08 F6

2d02h: RADIUS: User-Name [1] 13 "pYY%C`AWe'*"

2d02h: RADIUS: User-Password [2] 18 *

2d02h: RADIUS: Calling-Station-Id [31] 12 "9999999999"

2d02h: RADIUS: Called-Station-Id [30] 6 "2100"

2d02h: RADIUS: NAS-Port [5] 6 30

2d02h: RADIUS: NAS-Port-Type [61] 6 Async [0]

2d02h: RADIUS: NAS-IP-Address [4] 6 1.1.1.1

2d02h: RADIUS: Received from id 1645/26 1.1.1.7:1645, Access-Reject, len 20

2d02h: RADIUS: authenticator E6 6D 98 4D EA 66 B3 50 - 31 07 DF 03 B5 C9 3F FE

2d02h: RADIUS(0000003D): Received from id 1645/26

2d02h: AAA/AUTHEN/LOGIN (0000003D): Pick method list 'IAS'

2d02h: RADIUS/ENCODE(0000003D): ask "Username: "

2d02h: RADIUS/ENCODE(0000003D): send packet; GET_USER

2d02h: RADIUS/ENCODE(0000003D): ask "Username: "

2d02h: RADIUS/ENCODE(0000003D): send packet; GET_USER

2d02h: RADIUS/ENCODE(0000003D): ask "Password: "

2d02h: RADIUS/ENCODE(0000003D): send packet; GET_PASSWORD

2d02h: RADIUS/ENCODE(0000003D):Orig. component type = ISDN

2d02h: RADIUS: AAA Unsupported Attr: interface [153] 5

2d02h: RADIUS: 74 74 79 [tty]

2d02h: RADIUS(0000003D): Using existing nas_port 30

2d02h: RADIUS/ENCODE(0000003D): dropping service type, "radius-server attribute 6 on-for-login-auth" is off

2d02h: RADIUS(0000003D): Config NAS IP: 0.0.0.0

2d02h: RADIUS/ENCODE(0000003D): acct_session_id: 61

2d02h: RADIUS(0000003D): sending

2d02h: RADIUS/ENCODE: Best Local IP-Address 1.1.1.1 for Radius-Server 1.1.1.7

2d02h: RADIUS(0000003D): Send Access-Request to 1.1.1.7:1645 id 1645/27, len 82

2d02h: RADIUS: authenticator 82 35 E4 5C 5C 26 A1 E7 - AB C0 B1 BA EE BF 72 F1

2d02h: RADIUS: User-Name [1] 8 "`AWe'*"

2d02h: RADIUS: User-Password [2] 18 *

2d02h: RADIUS: Calling-Station-Id [31] 12 "9999999999"

2d02h: RADIUS: Called-Station-Id [30] 6 "2100"

2d02h: RADIUS: NAS-Port [5] 6 30

2d02h: RADIUS: NAS-Port-Type [61] 6 Async [0]

2d02h: RADIUS: NAS-IP-Address [4] 6 1.1.1.1

2d02h: RADIUS: Received from id 1645/27 1.1.1.7:1645, Access-Reject, len 20

2d02h: RADIUS: authenticator 92 39 CA F8 1E AE 5C D0 - CA 97 6A 80 B9 ED B6 FD

2d02h: RADIUS(0000003D): Received from id 1645/27

2d02h: %ISDN-6-DISCONNECT: Interface Serial3:0 disconnected from 9999999999 , call lasted 20 seconds

Here is the debug from the call attempt.

Patrick

Re: AS5300 dialin Authentication to radius server

Here is the Event from Windows Events it looks like the username/password is being corrupted when trying to send it to the radius server.

User pYY%C`AWe'* was denied access.

Fully-Qualified-User-Name = CORP\pYY%C`AWe'*

NAS-IP-Address = 1.1.1.1

NAS-Identifier =

Called-Station-Identifier = 2100

Calling-Station-Identifier = 9999999999

Client-Friendly-Name = AS5300

Client-IP-Address = 1.1.1.1

NAS-Port-Type = Async

NAS-Port = 30

Proxy-Policy-Name = Use Windows authentication for all users

Authentication-Provider = Windows

Authentication-Server =

Policy-Name =

Authentication-Type = PAP

EAP-Type =

Reason-Code = 16

Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at

Patrick

Re: AS5300 dialin Authentication to radius server

Problem Solved

Patrick

Hall of Fame Super Silver

Re: AS5300 dialin Authentication to radius server

Patrick

Thanks for updating the posting to indicate that you had solved the problem. It would be even more useful if you indicated how you identified the problem and what the solution is.

HTH

Rick

Re: AS5300 dialin Authentication to radius server

Rick,

Well I really didn't do anything. I rebooted the AS5300.

Patrick

Hall of Fame Super Silver

Re: AS5300 dialin Authentication to radius server

Patrick

I had hoped that there was more done to achieve the solution. But if a reboot fixed the problem then it is good for us to know that a reboot fixed it. And perhaps if we are faced with similar symptoms we should think more quickly of trying a reboot.

HTH

Rick

303
Views
0
Helpful
6
Replies
CreatePlease to create content