Re: Invalid line autocommand PPP negotiate

jayznetwork · ‎02-24-2022

After I configure the Network Policy server I have this problem.

When I remove the exec authorization local I can't get in

Password required, but none set
% Error in authentication.

SWITCH>

I have seen some suggestion to remove the framed-Protocol = PPP how ?

balaji.bandi · ‎02-24-2022

if the config is not saved, reload the device and test it, post complete config and let us know what you looking to achieve here.

for now, looks like you are locked here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jayznetwork · ‎02-24-2022

hi balaji, I know but what I'm trying to figure out is how to make my cisco2960 switch aaa successful to radius server (NPS)

When I test the authentication/authorization from switch using my account username/password was successful but close the connection after with this error

login as: <username>
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server

Line has invalid autocommand " ppp negotiate"

balaji.bandi · ‎02-25-2022

we are not sure what happend, what point it was gave that error, as you mentioned it was working, after logout it was not working, so i can not think anything more than anything to offer below suggestions :

check below thread may help you :

https://community.cisco.com/t5/network-access-control/line-has-invalid-autocommand-quot-ppp-negotiate-quot/td-p/737029

https://hubbardonnetworking.wordpress.com/2014/11/09/debugging-cisco-device-authentication-to-a-microsoft-nps-server/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Cary Budach · ‎10-23-2023

I had the same problem, I don't think you need to make changes to a base config in your RADIUS policies. Instead, try this:

aaa authentication login VTY_AUTHEN group RADIUS_SERVER local

aaa authentication PPP default group RADIUS_SERVER

aaa authorization exec VTY_AUTHOR group RADIUS_SERVER local

and under lines vty 0-15

authorization exec VTY_AUTHOR

login authentication VTY_AUTHEN.

Worked perfectly after HOURS of searching RADIUS and Windows NPS boards...

davelittle260 · ‎02-24-2022

@jayznetwork wrote: West Penn Power Bill Pay
After I configure the Network Policy server I have this problem.
When I remove the exec authorization local I can't get in
Password required, but none set
% Error in authentication.
SWITCH>
I have seen some suggestion to remove the framed-Protocol = PPP how ?

If you see the following on the client you are using to log in 'Line has invalid autocommand "ppp negotiate" it probably means that the request isn't matching the network policy you created. Putty will close the session before you can see the message.

jayznetwork · ‎02-25-2022

yeah, I've seen resolution to remove the framed-protocol PPP from radius But I couldn't find it

Cary Budach · ‎10-23-2023

don't remove the framed-Protocol=PPP, instead:

aaa authentication ppp default group RADIUS_SERVER.

This tells aaa to accept ppp frames.

thomas · ‎03-06-2022

Hard to troubleshoot without a configuration to know what you are trying to do vs what you have done.

Also, Network Policy Server(NPS) is a Microsoft product and it does not do TACACS.

See How to Ask The Community for Help

loginssaga · ‎04-17-2023

I have this problem after I have set up the Network Policy server.

I can't get in when I take away the exec authorization local.

Error in authentication: Password required, but none set.

SWITCH>

I've heard some people say that the framed-Protocol should be taken out.

If you see "Line has invalid autocommand "ppp negotiate" on the client you are using to log in, it means that the request doesn't match the network policy you made. Before you can see the message, the session will end.

my viking journey

MHM Cisco World · ‎04-17-2023

Can you make separate post' this make all see and answer you.