Showing results for 
Search instead for 
Did you mean: 

as5300 not sending username to radius

I have an AS5300 IOS (tm) 5300 Software (C5300-I-M), Version 12.2(16) using it as RAS.

I am using  FreeRADIUS Version 2.1.8 for accounting puposes

The problem I am facing is that when opening a ppp dial up connection to the as5300, it is not sending the username. I need the as5300 to send the username so that a realm can be matched.

Below is snippet of debug output from FreeRadius

rad_recv: Accounting-Request packet from host port 1646, id=211, length=97
        NAS-IP-Address =
        NAS-Port = 182
        NAS-Port-Type = Async
        Called-Station-Id = "02081131234"
        Calling-Station-Id = "2075176623"
        Acct-Status-Type = Start
        Service-Type = Framed-User
        Acct-Session-Id = "0000006E"
        Framed-Protocol = PPP
        Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent
[acct_unique] Hashing 'NAS-Port = 182,Client-IP-Address =,NAS-IP-Address =,Acct-Session-Id = "0000006E",'
[acct_unique] Acct-Unique-Session-ID = "93340c227b9a5bca".
++[acct_unique] returns ok
[suffix] Proxy reply, or no User-Name.  Ignoring.
++[suffix] returns ok
++[files] returns noop

Below is my AAA config from my cisco

aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default none
aaa accounting send stop-record authentication failure
aaa accounting network default start-stop group radius

I have tested with radtest with username testing@secureroot and i get the following output which does ffind the username and thus the realm. this indicates to me that there is nothing wrong with my freeradius config

rad_recv: Access-Request packet from host port 37443, id=212, length=67
        User-Name = "testing@secureroot"
        User-Password = "mypassword"
        NAS-IP-Address =
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "secureroot" for User-Name = "testing@secureroot"
[suffix] Found realm "secureroot"
[suffix] Adding Stripped-User-Name = "testing"
[suffix] Adding Realm = "secureroot"
[suffix] Authentication realm is LOCAL.

i have done tcpdump of my successful radtest and it looks like

15:12:42.183076 IP > RADIUS, Access Request (1), id: 0x64 length: 67
15:12:42.183079 IP > RADIUS, Access Accept (2), id: 0x64 length: 62

below is the tcpdump of the cisco communicating with the radius

14:29:59.998964 IP > RADIUS, Accounting Request (4), id: 0xe3 length: 97
14:30:00.003907 IP > RADIUS, Accounting Response (5), id: 0xe3 length: 20
14:30:12.061861 IP > RADIUS, Accounting Request (4), id: 0xe4 length: 150
14:30:12.063124 IP > RADIUS, Accounting Response (5), id: 0xe4 length: 20

The tcpdump shows that when opening ppp connection to the cisco it is not sending any access requests to port 1812, only accounting packets. Somethinge definitely wrong with the config on the cisco.

I am thinking i have missed something simple


Everyone's tags (6)
Cisco Employee

Re: as5300 not sending username to radius


Consider, if you haven't recievded any solution on this.

If you are not seeing radius access request coming from the AS5300 that means its not trying to communicate over UDP port 1812 that what we have configured on the free radius server. 

Could you please issue the below listed command and see if that helps;

radius-server host auth-port 1812 acct-port 1813 key

Command refrence;

Also if that doesn't help, please provide me the o/p of the following debugs;

debug aaa authentication

debug radius

term mon

Also send me the "Sh Run" from the IOS.



Do rate helpul posts-

~Jatin Katyal

Re: as5300 not sending username to radius

Thanks, but I have solved the problem. The cisco was not sending requests to radius becuase I was missing the line

ppp authentication chap pap

in the Dialer interface.