cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17358
Views
30
Helpful
7
Replies

Line has invalid autocommand " ppp negotiate"

tomas.backo
Beginner
Beginner

Hi all,

i am trying to deploy radius authentication on my switches.

aaa authentication login default group radius local

aaa authorization exec default group radius local

I think that these two command is everythink what i need for radius authentication and authorization.

But when i try to login i get error message:

Line has invalid autocommand " ppp negotiate"

Please could you help me? I try to use command

line vty 0 15

no autocommand ppp negotiate

but with no success.

Please i need you urgent help.

Thanks a lot

Tomas

1 Accepted Solution

Accepted Solutions

Jagdeep Gambhir
Advocate
Advocate

Tomas,

This message is seen when switch has exec authorizaton configured,and the RADIUS server has settings for a PPP connection. Therefore the switch is attempting to start PPP as it was asked to do by the RADIUS server. PPP can't be started on a telnet connection, so it fails and disconnects.

Suggestion : Either remove exec authorization or remove the Service-Type=Framed and/or

Framed-Protocol=PPP attributes from the RADIUS profile.

I hope the information would help resolving your query.

View solution in original post

7 Replies 7

Jagdeep Gambhir
Advocate
Advocate

Tomas,

This message is seen when switch has exec authorizaton configured,and the RADIUS server has settings for a PPP connection. Therefore the switch is attempting to start PPP as it was asked to do by the RADIUS server. PPP can't be started on a telnet connection, so it fails and disconnects.

Suggestion : Either remove exec authorization or remove the Service-Type=Framed and/or

Framed-Protocol=PPP attributes from the RADIUS profile.

I hope the information would help resolving your query.

Hi igambhir,

thank very much, i remove service-type and framed-protocol from radius, and that error message doesn't appear again.

But new problem arised for me :)

Authorization failed

But i don't know why?

I have command

aaa authorization exec default group radius

and i expect that when i am able to authenticate on radius i will be able to authorized also.

It is needed to set somethning on microsoft radius server?

Thanks in advance

Tomas

Make service type = Login

If still error is there , get debugs

debug authorization

debug radius

Worked like a charm for my setup. Much thanks.

Hi tomas, 

can you tell me how did you remove the framed-protocol from radius ? I'm having the same problem

You are the Best  

Work like a charm

you made my day

chenriquevz
Beginner
Beginner

If you are using IAS on Windows 2k3 you can apply the "Request must contain the message authenticator attribute" check box to your switch profile!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: