05-02-2007 06:54 AM - edited 03-10-2019 03:08 PM
Hi all,
i am trying to deploy radius authentication on my switches.
aaa authentication login default group radius local
aaa authorization exec default group radius local
I think that these two command is everythink what i need for radius authentication and authorization.
But when i try to login i get error message:
Line has invalid autocommand " ppp negotiate"
Please could you help me? I try to use command
line vty 0 15
no autocommand ppp negotiate
but with no success.
Please i need you urgent help.
Thanks a lot
Tomas
Solved! Go to Solution.
05-02-2007 09:43 AM
Tomas,
This message is seen when switch has exec authorizaton configured,and the RADIUS server has settings for a PPP connection. Therefore the switch is attempting to start PPP as it was asked to do by the RADIUS server. PPP can't be started on a telnet connection, so it fails and disconnects.
Suggestion : Either remove exec authorization or remove the Service-Type=Framed and/or
Framed-Protocol=PPP attributes from the RADIUS profile.
I hope the information would help resolving your query.
05-02-2007 09:43 AM
Tomas,
This message is seen when switch has exec authorizaton configured,and the RADIUS server has settings for a PPP connection. Therefore the switch is attempting to start PPP as it was asked to do by the RADIUS server. PPP can't be started on a telnet connection, so it fails and disconnects.
Suggestion : Either remove exec authorization or remove the Service-Type=Framed and/or
Framed-Protocol=PPP attributes from the RADIUS profile.
I hope the information would help resolving your query.
05-02-2007 11:13 PM
Hi igambhir,
thank very much, i remove service-type and framed-protocol from radius, and that error message doesn't appear again.
But new problem arised for me :)
Authorization failed
But i don't know why?
I have command
aaa authorization exec default group radius
and i expect that when i am able to authenticate on radius i will be able to authorized also.
It is needed to set somethning on microsoft radius server?
Thanks in advance
Tomas
05-03-2007 05:43 AM
Make service type = Login
If still error is there , get debugs
debug authorization
debug radius
10-10-2017 08:33 AM
Worked like a charm for my setup. Much thanks.
02-24-2022 12:26 PM
Hi tomas,
can you tell me how did you remove the framed-protocol from radius ? I'm having the same problem
04-20-2022 04:51 AM
You are the Best
Work like a charm
you made my day
10-05-2010 11:39 AM
If you are using IAS on Windows 2k3 you can apply the "Request must contain the message authenticator attribute" check box to your switch profile!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide