Solved: RADIUS - This line may not run PPP - message

jeff.vargas · ‎09-09-2004

I've configured one of my routers for RADIUS. The RADIUS server is a MS IAS server. When I try to authenticate the IAS server logs tell me I've authenticated successfully but the telnet session will not let me in. I enter my username and then password and the router comes back and says "This line may not run PPP"

Anyone know what's going on? I'm under the impression the VTY ports need a transport input command of some type. I'm kind of screwed at this point because I locked myself out of the router.

Please help.

Thanks,

-Jeff

jeff.vargas · ‎09-10-2004

Rick

Thanks for your response. I figured it out and got it working. The RADIUS attributes were incorrectly set. My biggest problem is that someone else is responsible for the RADIUS server. Once they let me have access to the server I was able to play around with the properties for the NAS and I just had to set the attributes correctly.

Thanks,

-Jeff

View solution in original post

Richard Burts · ‎09-09-2004

Jeff

Were you able to telnet to the router before you configured RADIUS?

Do you know how the router is configured? Could you post the part of the config that defines aaa and the config of the vty lines?

Do you have access to the router via the console port? If so can you alter the configuration to let your session in?

As a last resort you might consider rebooting the router (as in password recovery procedure), set the config register to 0x2142, boot the router which will come up with an empty running config. Copy the config from startup-config, remove the RADIUS config, paste the config back into the router. This would get you back into the router.

HTH

Rick

HTH

Rick

jeff.vargas · ‎09-09-2004

Rick

Yes, I was able to telnet prior to configuring RADIUS.

AAA config =

aaa new-model

aaa authentication login default group radius

aaa authorization exec default group radius

radius-server host 10.1.1.1

radius-server key XXXX

I'm locked out of the console because I forgot to add the enable key word at the end of the AAA authentication line. That's what I get for cutting and pasting.

I'm afraid I may need to re-boot. Luckily I did not write the config.

I was just wondering if there is anything I can do from the RADIUS server end to allow me access. judging from the logs on the RADIUS server it appears I'm authenticating. Any ideas on the message I get when I telnet?

Thanks,

-Jeff

Richard Burts · ‎09-10-2004

Jeff

It is good that a simple reload/reboot will get you back to a working config.

I am not sure about the error message. I wonder if something in the RADIUS response is telling the router that this user should be on a ppp connection. Can you provide details of the RADIUS parameters for this user ID?

HTH

Rick

HTH

Rick

jeff.vargas · ‎09-10-2004

Rick

Thanks for your response. I figured it out and got it working. The RADIUS attributes were incorrectly set. My biggest problem is that someone else is responsible for the RADIUS server. Once they let me have access to the server I was able to play around with the properties for the NAS and I just had to set the attributes correctly.

Thanks,

-Jeff

maninthemirrow · ‎03-14-2015

hello

have the same issue but was able to solve and might a help to someone.

all you have to do is remove the aaa authorisation from the vty line, but before you do that use the test aaa command to make sure it works first.

thanks

Clovis Madri · ‎08-04-2021

This problem is in the configuration of the Police of the on Windows server.

remove the PPP and leave as the image

Brasil 2021