10-04-2010 02:33 AM - edited 03-10-2019 05:27 PM
Hi ,
I am having radius authentication issue. The issue occured after changing ACS Server key. now even i have corrected the key but still authentication issue exist.
I have verified ACS server connectivity with test command which is sucssefull but when i do remotely ssh to switch, it failed with unknow reason and no logs appeared at ACS server...
Here is my configurations...and debug... I would appreciate if you can suggest... the solution...
aaa new-model
aaa group server radius networks
server 192.168.255.101 auth-port 1812 acct-port 1813
!
aaa group server radius SNAC
server 192.168.44.33 auth-port 1812 acct-port 1813
server 192.168.224.14 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication login conslog local
aaa authentication login networks group radius local
aaa authentication dot1x default group SNAC
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius
aaa accounting exec default start-stop group radius
radius-server host 192.168.44.33 auth-port 1812 acct-port 1813 key 7 06222D12424F0A
radius-server host 192.168.224.14 auth-port 1812 acct-port 1813 key 7 14333038020529
radius-server host 192.168.255.101 auth-port 1812 acct-port 1813 key 7 022A0B5C5B140E25151B2918170321
radius-server source-ports 1645-1646
debug
DXB-SWT-035#
Oct 4 12:09:20.694: AAA: parse name=tty1 idb type=-1 tty=-1
Oct 4 12:09:20.694: AAA: name=tty1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0
Oct 4 12:09:20.694: AAA/MEMORY: create_user (0x1E354E8) user='NULL' ruser='NULL' ds0=0 port='tty1' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Oct 4 12:09:20.694: AAA/AUTHEN/START (2369954885): port='tty1' list='networks' action=LOGIN service=LOGIN
Oct 4 12:09:20.694: AAA/AUTHEN/START (23699
DXB-SWT-035#54885): found list networks
Oct 4 12:09:20.694: AAA/AUTHEN/START (2369954885): Method=radius (radius)
Oct 4 12:09:20.694: AAA/AUTHEN (2369954885): status = GETPASS
Oct 4 12:09:20.694: AAA/AUTHEN/CONT (2369954885): continue_login (user='muhasim')
Oct 4 12:09:20.694: AAA/AUTHEN (2369954885): status = GETPASS
Oct 4 12:09:20.694: AAA/AUTHEN (2369954885): Method=radius (radius)
Oct 4 12:09:20.702: AAA/AUTHEN (2369954885): status = FAIL
Oct 4 12:09:20.702: AAA/AUTHEN/ABORT: (2369954885) because Unk
DXB-SWT-035#nown.
DXB-SWT-035#
Oct 4 12:09:35.419: AAA: parse name=tty2 idb type=-1 tty=-1
Oct 4 12:09:35.419: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Oct 4 12:09:35.419: AAA/MEMORY: create_user (0x1FEAE3C) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
Oct 4 12:09:35.419: AAA/AUTHEN/START (806126399): port='tty2' list='networks' action=LOGIN service=LOGIN
Oct 4 12:09:35.419: AAA/AUTHEN/START (806126
DXB-SWT-035#399): found list networks
Oct 4 12:09:35.419: AAA/AUTHEN/START (806126399): Method=radius (radius)
Oct 4 12:09:35.419: AAA/AUTHEN (806126399): status = GETPASS
Oct 4 12:09:35.423: AAA/AUTHEN/CONT (806126399): continue_login (user='manwar')
Oct 4 12:09:35.423: AAA/AUTHEN (806126399): status = GETPASS
Oct 4 12:09:35.423: AAA/AUTHEN (806126399): Method=radius (radius)
Oct 4 12:09:35.427: AAA/AUTHEN (806126399): status = FAIL
Oct 4 12:09:35.427: AAA/AUTHEN/ABORT: (806126399) because Unknown.
DXB-SWT-035#
Oct 4 12:09:48.895: AAA/AUTHEN/19 (0000006F): Pick method list 'default'
DXB-SWT-035#
Oct 4 12:09:56.991: AAA/AUTHEN/START (2123105333): port='tty1' list='networks' action=LOGIN service=LOGIN
Oct 4 12:09:56.991: AAA/AUTHEN/START (2123105333): found list networks
Oct 4 12:09:56.991: AAA/AUTHEN/START (2123105333): Method=radius (radius)
Oct 4 12:09:56.991: AAA/AUTHEN (2123105333): status = GETPASS
Oct 4 12:09:56.991: AAA/AUTHEN/CONT (2123105333): continue_login (user='muhasim')
Oct 4 12:09:56.991: AAA/AUTHEN (2123105333): status = GETPASS
Oct 4 12:09:56.991: AAA/AUTHEN (2123105
DXB-SWT-035#333): Method=radius (radius)
Oct 4 12:09:56.999: AAA/AUTHEN (2123105333): status = FAIL
Oct 4 12:09:56.999: AAA/AUTHEN/ABORT: (2123105333) because Unknown.
DXB-SWT-035#
Oct 4 12:10:08.204: AAA/MEMORY: free_user (0x1FEAE3C) user='manwar' ruser='NULL' port='tty2' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1
Oct 4 12:10:08.308: AAA/MEMORY: free_user (0x1E354E8) user='muhasim' ruser='NULL' port='tty1' rem_addr='192.168.255.6' authen_type=ASCII service=LOGIN priv=1
DXB-SWT-035#test aaa group networks rizali xxx legacy
Attempting authentication test to server-group networks using radius
User was successfully authenticated.
DXB-SWT-035#test aaa group networks rizali xxx port 1812
Attempting authentication test to server-group networks using radius
User was successfully authenticated.
thanks!
10-04-2010 03:10 AM
Hi Nadeem,
do you have any key configured in ACS for network device group in which this device is a entry? If yes, please update that as well.
If still face the same issue, please provide the following:-
1. debug aaa authentication
2. debug radius
thanks,
Vinay
10-04-2010 04:40 AM
Hi ,
It is already updated for whole network devce groups and some random devices are not working.
These bebugs are after being everything updated...
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide