cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2590
Views
121
Helpful
10
Replies

Invalid line autocommand PPP negotiate

jayznetwork
Level 1
Level 1

After I configure the Network Policy server I have this problem.

When I remove the exec authorization local I can't get in 

Password required, but none set
% Error in authentication.

SWITCH>

I have seen some suggestion to remove the framed-Protocol = PPP how ?

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

if the config is not saved, reload the device and test it, post complete config and let us know what you looking to achieve here.

 

for now, looks like you are locked here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hi balaji, I know but what I'm trying to figure out is how to make my cisco2960 switch aaa successful to radius server (NPS)

When I test the authentication/authorization from switch using my account username/password was successful but close the connection after with this error

 

login as: <username>
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server

Line has invalid autocommand " ppp negotiate"

we are not sure what happend, what point it was gave that error, as you mentioned it was working, after logout it was not working, so i can not think anything more than anything to offer below suggestions :

 

check below thread may help you :

 

https://community.cisco.com/t5/network-access-control/line-has-invalid-autocommand-quot-ppp-negotiate-quot/td-p/737029

https://hubbardonnetworking.wordpress.com/2014/11/09/debugging-cisco-device-authentication-to-a-microsoft-nps-server/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I had the same problem, I don't think you need to make changes to a base config in your RADIUS policies.   Instead, try this:

aaa authentication login VTY_AUTHEN group RADIUS_SERVER local

aaa authentication PPP default group RADIUS_SERVER

aaa authorization exec VTY_AUTHOR group RADIUS_SERVER local

and under lines vty 0-15

authorization exec VTY_AUTHOR

login authentication VTY_AUTHEN.

 

Worked perfectly after HOURS of searching RADIUS and Windows NPS boards...

 

 

 

 

 

davelittle260
Level 1
Level 1

@jayznetwork wrote: West Penn Power Bill Pay

After I configure the Network Policy server I have this problem.

When I remove the exec authorization local I can't get in 

Password required, but none set
% Error in authentication.

SWITCH>

I have seen some suggestion to remove the framed-Protocol = PPP how ?


If you see the following on the client you are using to log in 'Line has invalid autocommand "ppp negotiate" it probably means that the request isn't matching the network policy you created. Putty will close the session before you can see the message.

yeah, I've seen resolution to remove the framed-protocol PPP from radius But I couldn't find it

don't remove the framed-Protocol=PPP, instead:

aaa authentication ppp default group RADIUS_SERVER.  

This tells aaa to accept ppp frames.   

thomas
Cisco Employee
Cisco Employee

Hard to troubleshoot without a configuration to know what you are trying to do vs what you have done.

Also, Network Policy Server(NPS) is a Microsoft product and it does not do TACACS.

See How to Ask The Community for Help 

loginssaga
Level 1
Level 1

I have this problem after I have set up the Network Policy server.

I can't get in when I take away the exec authorization local.

Error in authentication: Password required, but none set.

SWITCH>

I've heard some people say that the framed-Protocol should be taken out.

If you see "Line has invalid autocommand "ppp negotiate" on the client you are using to log in, it means that the request doesn't match the network policy you made. Before you can see the message, the session will end.

my viking journey

Can you make separate post' this make all see and  answer you.