03-05-2008 11:31 AM - edited 03-03-2019 08:59 PM
I recently upgraded the IOS on my 2811 router from 12.4(12)to 12.4(15)T3 in order to pick up support for a new hwic-3g-gsm card.
upgraded via tftp with no apparent issues. after the upgrade, ssh connections to the router stopped working. I changed the vty 04 to accept all which allowed telnet to work but still no ssh. is there any debugging I can do for ssh?
also, radius stopped working. in the debugs, I can see it accept the account but I get a bunch of failed lines that I don't understand. here is the debug output:
Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): ask "Username: "
Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): send packet; GET_USER
Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): ask "Password: "
Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): send packet; GET_PASSWORD
Mar 5 19:12:32.659: RADIUS/ENCODE(00000006):Orig. component type = EXEC
Mar 5 19:12:32.659: RADIUS: AAA Unsupported Attr: interface [174] 6
Mar 5 19:12:32.659: RADIUS: 74 74 79 35 [tty5]
Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
Mar 5 19:12:32.659: RADIUS(00000006): Config NAS IP: 0.0.0.0
Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): acct_session_id: 4
Mar 5 19:12:32.659: RADIUS(00000006): sending
Mar 5 19:12:32.659: RADIUS/ENCODE: Best Local IP-Address 10.10.4.52 for Radius-Server 10.10.1.251
Mar 5 19:12:32.663: RADIUS(00000006): Send Access-Request to 10.10.1.251:1812 id 1645/6, len 83
Mar 5 19:12:32.663: RADIUS: authenticator 98 CF 80 52 47 5D AF A0 - E3 96 B4 0F F0 78 32 75
Mar 5 19:12:32.663: RADIUS: User-Name [1] 7 "zaned"
Mar 5 19:12:32.663: RADIUS: User-Password [2] 18 *
Mar 5 19:12:32.663: RADIUS: NAS-Port [5] 6 514
Mar 5 19:12:32.663: RADIUS: NAS-Port-Id [87] 8 "tty514"
Mar 5 19:12:32.663: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Mar 5 19:12:32.663: RADIUS: Calling-Station-Id [31] 12 "10.10.4.51"
Mar 5 19:12:32.663: RADIUS: NAS-IP-Address [4] 6 10.10.4.52
Mar 5 19:12:32.667: RADIUS: Received from id 1645/6 10.10.1.251:1812, Access-Accept, len 44
Mar 5 19:12:32.667: RADIUS: authenticator 8A 52 1F 11 41 AA C8 C7 - 0F 08 25 28 B9 3E 1A 5D
Mar 5 19:12:32.667: RADIUS: Service-Type [6] 6 Administrative [6]
Mar 5 19:12:32.667: RADIUS: Vendor, Cisco [26] 18
Mar 5 19:12:32.667: RADIUS: Cisco AVpair [1] 12 "shell:cmd*"
Mar 5 19:12:32.667: RADIUS(00000006): Received from id 1645/6
Mar 5 19:12:32.667: RADIUS/DECODE: convert VSA string; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: cisco VSA type 1; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: VSA; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: decoder; FAIL
Mar 5 19:12:32.667: RADIUS/DECODE: attribute Vendor-Specific; FAIL
Mar 5 19:12:32.671: RADIUS/DECODE: parse response op decode; FAIL
Mar 5 19:12:32.671: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
any help would be appreciated.
03-05-2008 11:33 AM
also, I should mention that I included one local account for when radius fails. This account also wont' work. The only way to connect to the router right now is via rommon which isn't a problem because its currently in the lab.
03-05-2008 07:54 PM
Could you provide the full image names of the current and prior IOSs?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide