07-05-2007 12:29 PM
Greetings,
I manage a large number of remote sites which use an 1841 and 2960. IN order to gain console access to the 2960 I run a regular cisco console cable from the aux port of the 1841 to the console of the 2960. I recently implemented radius authentication (utilising Microsoft IAS). I am now getting messages like the following:
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 7/5/2007
Time: 1:25:37 PM
User: N/A
Computer: <redacted>
Description:
User User Access Verification was denied access.
Fully-Qualified-User-Name = <redacted>\User Access Verification
NAS-IP-Address = 10.x.x.x
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = <redacted>
Client-IP-Address = 10.x.x.x
NAS-Port-Type = Async
NAS-Port = 0
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or incorrect password was used.
Often times I will see an interface up/down message generate a log entry as well. Is there any way to stop this?
here are the line configs for the two devices:
console on the 2960:
line con 0
session-timeout 20
exec-timeout 20 0
logging synchronous
login authentication use-radius
Cisco 1841 router:
line con 0
session-timeout 20
exec-timeout 20 0
logging synchronous
login authentication use-radius
line aux 0
login authentication use-radius
transport input telnet
transport output telnet
Solved! Go to Solution.
07-05-2007 12:35 PM
Matthew
I believe that the issue is that the prompt message generated on the 2960 is causing the 1841 to try to start an exec session on its aux and it treats the prompt data as the user ID. I suggest that you add: "no exec" under the configuration of line aux 0 on the 1841. I believe that this will resolve your issue.
HTH
Rick
07-05-2007 12:35 PM
Matthew
I believe that the issue is that the prompt message generated on the 2960 is causing the 1841 to try to start an exec session on its aux and it treats the prompt data as the user ID. I suggest that you add: "no exec" under the configuration of line aux 0 on the 1841. I believe that this will resolve your issue.
HTH
Rick
07-05-2007 12:49 PM
Rick,
Your suggestion solved the problem. Thanks!
-mtw
07-05-2007 01:10 PM
Matthew
I am glad that my suggestion solved your problem. Thanks for using the rating system to indicate that your problem was resolved (and thanks for the rating). It makes the forum more useful when people can read about a problem and can be sure that they will read a response that solved the problem. I encourage you to continue your participation in the forum.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide