Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS upgrade issues

I recently upgraded the IOS on my 2811 router from 12.4(12)to 12.4(15)T3 in order to pick up support for a new hwic-3g-gsm card.

upgraded via tftp with no apparent issues. after the upgrade, ssh connections to the router stopped working. I changed the vty 04 to accept all which allowed telnet to work but still no ssh. is there any debugging I can do for ssh?

also, radius stopped working. in the debugs, I can see it accept the account but I get a bunch of failed lines that I don't understand. here is the debug output:

Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): ask "Username: "

Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): send packet; GET_USER

Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): ask "Password: "

Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): send packet; GET_PASSWORD

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006):Orig. component type = EXEC

Mar 5 19:12:32.659: RADIUS: AAA Unsupported Attr: interface [174] 6

Mar 5 19:12:32.659: RADIUS: 74 74 79 35 [tty5]

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): dropping service type, "radius-server attribute 6 on-for-login-auth" is off

Mar 5 19:12:32.659: RADIUS(00000006): Config NAS IP: 0.0.0.0

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): acct_session_id: 4

Mar 5 19:12:32.659: RADIUS(00000006): sending

Mar 5 19:12:32.659: RADIUS/ENCODE: Best Local IP-Address 10.10.4.52 for Radius-Server 10.10.1.251

Mar 5 19:12:32.663: RADIUS(00000006): Send Access-Request to 10.10.1.251:1812 id 1645/6, len 83

Mar 5 19:12:32.663: RADIUS: authenticator 98 CF 80 52 47 5D AF A0 - E3 96 B4 0F F0 78 32 75

Mar 5 19:12:32.663: RADIUS: User-Name [1] 7 "zaned"

Mar 5 19:12:32.663: RADIUS: User-Password [2] 18 *

Mar 5 19:12:32.663: RADIUS: NAS-Port [5] 6 514

Mar 5 19:12:32.663: RADIUS: NAS-Port-Id [87] 8 "tty514"

Mar 5 19:12:32.663: RADIUS: NAS-Port-Type [61] 6 Virtual [5]

Mar 5 19:12:32.663: RADIUS: Calling-Station-Id [31] 12 "10.10.4.51"

Mar 5 19:12:32.663: RADIUS: NAS-IP-Address [4] 6 10.10.4.52

Mar 5 19:12:32.667: RADIUS: Received from id 1645/6 10.10.1.251:1812, Access-Accept, len 44

Mar 5 19:12:32.667: RADIUS: authenticator 8A 52 1F 11 41 AA C8 C7 - 0F 08 25 28 B9 3E 1A 5D

Mar 5 19:12:32.667: RADIUS: Service-Type [6] 6 Administrative [6]

Mar 5 19:12:32.667: RADIUS: Vendor, Cisco [26] 18

Mar 5 19:12:32.667: RADIUS: Cisco AVpair [1] 12 "shell:cmd*"

Mar 5 19:12:32.667: RADIUS(00000006): Received from id 1645/6

Mar 5 19:12:32.667: RADIUS/DECODE: convert VSA string; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: cisco VSA type 1; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: VSA; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: decoder; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: attribute Vendor-Specific; FAIL

Mar 5 19:12:32.671: RADIUS/DECODE: parse response op decode; FAIL

Mar 5 19:12:32.671: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

any help would be appreciated.

2 REPLIES
New Member

Re: IOS upgrade issues

also, I should mention that I included one local account for when radius fails. This account also wont' work. The only way to connect to the router right now is via rommon which isn't a problem because its currently in the lab.

Super Bronze

Re: IOS upgrade issues

Could you provide the full image names of the current and prior IOSs?

204
Views
0
Helpful
2
Replies