Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


AAA killed my reverse telnet

I am trying to allow my users to reverse telnet to a US Robotics Sportster 56K modem which is connected to the auxilary port of a Cisco 1710. First I want them to authenticate either the local or radius user databases. I have been able to reverse telnet into the modem using the configuration listed below if I disable the aaa new-model and telnet in without authentication. I have preformed debugging on AAA Authentication and AAA Authorization and only receive this output while attempting to authenticate:

02:55:33: AAA/AUTHEN/LOGIN (00000025): Pick method list 'default'

02:55:39: AAA/AUTHOR/CONN(00000025): Authorization FAILED for tty5

At which point I will get a message stating that my connection has been closed by foreign host.

The same local user account works fine when attempting to telnet to a vty port in EXEC mode.

I have also attempted to set all the aaa defaults none so that no authentication takes place and it still terminates my connections in the same way.

Additionally in posibly a related issue when I do a "show user" the user field is blank. On other routers I have done this with it shows the name of the user that is logged onto the port.

Any help would be greatly appreciated.

FYI - This configuration is a work in progress there are some things such as radius client configurations that I have not yet configured.

version 12.2

no parser cache

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname mycisco1710


logging rate-limit console 10 except errors

aaa new-model



aaa authentication login default local group radius

aaa authentication ppp default local group radius

aaa authorization exec default local group radius

aaa authorization network default local group radius

aaa authorization reverse-access default local group radius

aaa session-id common

enable secret 5 XXXXXXXXXXXXXXX

enable password 7 XXXXXXXXXXXXXXX


username test password 7 XXXXXXXXXXXXXXXX

memory-size iomem 20

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip routing



ip host modem 2005


ip audit notify log

ip audit po max-events 100

ip ssh time-out 120

ip ssh authentication-retries 3

no ip dhcp-client network-discovery


crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200




interface Ethernet0

no ip address

no ip route-cache

no ip mroute-cache




interface FastEthernet0

ip address

no ip route-cache

no ip mroute-cache

speed auto



interface Async5

no ip address

encapsulation ppp

async mode interactive

ppp authentication chap pap


ip classless

no ip http server





line con 0

line aux 0

exec-timeout 0 0

modem InOut

modem autoconfigure type default

transport preferred none

transport input all

autoselect during-login

autoselect ppp

stopbits 1

speed 115200

flowcontrol hardware

line vty 0 4

exec-timeout 0 0

line vty 5 15




Take a look at this line:

aaa authorization reverse-access

default local group radius

May want to change it to:

aaa authorization reverse-access


A good link on this is below:


Hi Kevtown,

Looking at yr AAA config why do you need the word local after default , try:

aaa authorization reverse-access default group radius

Also go to Cisco Documentation: Configuring Authorization.

Cisco has good examples for reverse telnet via ACS/AAA server authentication.


Content for Community-Ad