cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1906
Views
0
Helpful
3
Replies

VPN/Radius Error - RADIUS/DECODE: parse VSA parts error

Hi Guys,

 

I'm trying to authenticate a VPN connection for a particular login, I can see that the radius logs confirm that the authentication is made correctly, I just seem to be having these Parse errors/failures.

 

Please see logs below: if you require any further information please ask.

 

*Aug 28 00:53:53.630: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
*Aug 28 00:53:53.634: AAA/BIND(0000B854): Bind i/f
*Aug 28 00:53:53.634: VPDN uid:96 L2TUN socket session accept requested
*Aug 28 00:53:53.634: VPDN uid:96 Setting up dataplane for L2-L2, no idb
*Aug 28 00:53:53.638: VPDN Received L2TUN socket message <xCCN - Session Connected>
*Aug 28 00:53:53.642: AAA/BIND(0000B854): Bind i/f Virtual-Template1
*Aug 28 00:53:53.642: VPDN uid:96 VPDN session up
*Aug 28 00:53:54.518: AAA/AUTHEN/PPP (0000B854): Pick method list 'default'
*Aug 28 00:53:54.522: RADIUS/ENCODE(0000B854):Orig. component type = VPDN
*Aug 28 00:53:54.522: RADIUS: AAA Unsupported Attr: interface [210] 14
*Aug 28 00:53:54.522: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 [ Uniq-Sess-ID]
*Aug 28 00:53:54.522: RADIUS(0000B854): Config NAS IP: 0.0.0.0
*Aug 28 00:53:54.522: RADIUS(0000B854): Config NAS IPv6: ::
*Aug 28 00:53:54.522: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
*Aug 28 00:53:54.522: RADIUS/ENCODE(0000B854): acct_session_id: 47096
*Aug 28 00:53:54.522: RADIUS(0000B854): sending
*Aug 28 00:53:54.522: RADIUS/ENCODE: Best Local IP-Address 10.10.10.2 for Radius-Server 10.10.10.50
*Aug 28 00:53:54.522: RADIUS(0000B854): Send Access-Request to 10.10.10.50:1812 id 1645/126, len 91
*Aug 28 00:53:54.522: RADIUS: authenticator 7A 78 B4 3E BF 2A 8B BB - CD C2 A0 B0 6A D5 DC 63
*Aug 28 00:53:54.522: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Aug 28 00:53:54.522: RADIUS: User-Name [1] 6 "Test"
*Aug 28 00:53:54.522: RADIUS: CHAP-Password [3] 19 *
*Aug 28 00:53:54.526: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Aug 28 00:53:54.526: RADIUS: NAS-Port [5] 6 96
*Aug 28 00:53:54.526: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID96"
*Aug 28 00:53:54.526: RADIUS: Service-Type [6] 6 Framed [2]
*Aug 28 00:53:54.526: RADIUS: NAS-IP-Address [4] 6 10.10.10.2
*Aug 28 00:53:54.526: RADIUS(0000B854): Sending a IPv4 Radius Packet
*Aug 28 00:53:54.526: RADIUS(0000B854): Started 5 sec timeout
*Aug 28 00:53:54.530: RADIUS: Received from id 1645/126 10.10.10.50:1812, Access-Accept, len 117
*Aug 28 00:53:54.530: RADIUS: authenticator F9 47 7F B3 B0 AB F5 76 - 75 54 58 C8 CB CD A9 F0
*Aug 28 00:53:54.530: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Aug 28 00:53:54.530: RADIUS: Service-Type [6] 6 Framed [2]
*Aug 28 00:53:54.530: RADIUS: Framed-IP-Address [8] 6 10.10.10.10
*Aug 28 00:53:54.530: RADIUS: Class [25] 46
*Aug 28 00:53:54.530: RADIUS: 85 BD 07 B9 00 00 01 37 00 01 02 00 0A 0A 0A 32 00 00 00 00 BD 95 4C B8 5F 37 23 3C 01 D5 5D 39 64 F2 47 BC 00 00 00 00 00 00 00 1D [ 72L_7#<]9dG]
*Aug 28 00:53:54.530: RADIUS: Vendor, Cisco [26] 9
*Aug 28 00:53:54.530: RADIUS: Cisco AVpair [1] 3 "8"
*Aug 28 00:53:54.530: RADIUS: Vendor, Microsoft [26] 12
*Aug 28 00:53:54.530: RADIUS: MS-Link-Util-Thresh[14] 6
*Aug 28 00:53:54.530: RADIUS: 00 00 00 32 [ 2]
Core1.DC1(config)#
*Aug 28 00:53:54.530: RADIUS: Vendor, Microsoft [26] 12
*Aug 28 00:53:54.530: RADIUS: MS-Link-Drop-Time-L[15] 6
*Aug 28 00:53:54.530: RADIUS: 00 00 00 78 [ x]
*Aug 28 00:53:54.534: RADIUS(0000B854): Received from id 1645/126
*Aug 28 00:53:54.534: RADIUS/DECODE: parse VSA parts error
*Aug 28 00:53:54.534: RADIUS/DECODE: convert VSA string; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: cisco VSA type 1; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: VSA; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: decoder; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: attribute Vendor-Specific; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: parse response op decode; FAIL
Core1.DC1(config)#
*Aug 28 00:53:56.534: VPDN uid:96 disconnect (AAA) IETF: 17/user-error Ascend: 26/PPP CHAP Fail
*Aug 28 00:53:56.534: VPDN uid:96 vpdn shutdown session, result=2, error=6, vendor_err=0, syslog_error_code=8, syslog_key_type=1
*Aug 28 00:53:56.534: VPDN uid:96 VPDN/AAA: accounting stop sent
*Aug 28 00:53:56.542: VPDN Received L2TUN socket message <CDN - Session Disconnected>

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
Make sure if you're not getting help needed to work through TAC as well

View solution in original post

3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni
I would focus on the configuration of your attributes and troubleshoot from there. Good luck!

Damien Miller
VIP Alumni
VIP Alumni
What does it look like if you try using a real user?

Second piece of this, what components and models are you using, radius server, client device, head end device etc.

Jason Kunst
Cisco Employee
Cisco Employee
Make sure if you're not getting help needed to work through TAC as well