cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1199
Views
0
Helpful
2
Replies
Highlighted
Beginner

AAA Radius - Line has invalid autocommand PPP negotiated

Having an issue setting up Radius.

 

After configuring the network policy and client, when i login, a message is quickly show and the session disconnected. The message is "Line has invalid autocommand  PPP negotiated", what I've been able to test successfully is removing the following command :

aaa authorization exec default group Radius local

Once i do that, i pass login, but have go into exec mode manually. 

 

I've read a few post, the common recommendation is remove "Framed Protocol - PPP" in radius, I've done this. Any suggestions?

 

AAA commands

aaa new-model

aaa group server radius Radius

Server x.x.x.x auth-port 1812 acct-port 1813

aaa authentication login default group Radius local

aaa authorization exec default group Radius  local

radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 0 [key]

 

 

 

Everyone's tags (2)
2 REPLIES 2
Highlighted

Re: AAA Radius - Line has invalid autocommand PPP negotiated

Bump, I have this issue as well. PPP negotiate removed from the radius configuration. Seems to only happen on the newer IOSes.

I'm currently on 152.4 E8

Highlighted
Beginner

Re: AAA Radius - Line has invalid autocommand PPP negotiated

I've had partial success with this and found that in AD dial-in properties for the user account had to be set to Control Access through NPS network Policy.  With that I was able to access the shell option and go right to enable mode........ but then it started rejecting AD accounts and only allowing 1 account in so back to the drawing board