cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
258
Views
0
Helpful
3
Replies

VPN/Radius Error - RADIUS/DECODE: parse VSA parts error

Hi Guys,

 

I'm trying to authenticate a VPN connection for a particular login, I can see that the radius logs confirm that the authentication is made correctly, I just seem to be having these Parse errors/failures.

 

Please see logs below: if you require any further information please ask.

 

*Aug 28 00:53:53.630: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
*Aug 28 00:53:53.634: AAA/BIND(0000B854): Bind i/f
*Aug 28 00:53:53.634: VPDN uid:96 L2TUN socket session accept requested
*Aug 28 00:53:53.634: VPDN uid:96 Setting up dataplane for L2-L2, no idb
*Aug 28 00:53:53.638: VPDN Received L2TUN socket message <xCCN - Session Connected>
*Aug 28 00:53:53.642: AAA/BIND(0000B854): Bind i/f Virtual-Template1
*Aug 28 00:53:53.642: VPDN uid:96 VPDN session up
*Aug 28 00:53:54.518: AAA/AUTHEN/PPP (0000B854): Pick method list 'default'
*Aug 28 00:53:54.522: RADIUS/ENCODE(0000B854):Orig. component type = VPDN
*Aug 28 00:53:54.522: RADIUS: AAA Unsupported Attr: interface [210] 14
*Aug 28 00:53:54.522: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 [ Uniq-Sess-ID]
*Aug 28 00:53:54.522: RADIUS(0000B854): Config NAS IP: 0.0.0.0
*Aug 28 00:53:54.522: RADIUS(0000B854): Config NAS IPv6: ::
*Aug 28 00:53:54.522: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
*Aug 28 00:53:54.522: RADIUS/ENCODE(0000B854): acct_session_id: 47096
*Aug 28 00:53:54.522: RADIUS(0000B854): sending
*Aug 28 00:53:54.522: RADIUS/ENCODE: Best Local IP-Address 10.10.10.2 for Radius-Server 10.10.10.50
*Aug 28 00:53:54.522: RADIUS(0000B854): Send Access-Request to 10.10.10.50:1812 id 1645/126, len 91
*Aug 28 00:53:54.522: RADIUS: authenticator 7A 78 B4 3E BF 2A 8B BB - CD C2 A0 B0 6A D5 DC 63
*Aug 28 00:53:54.522: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Aug 28 00:53:54.522: RADIUS: User-Name [1] 6 "Test"
*Aug 28 00:53:54.522: RADIUS: CHAP-Password [3] 19 *
*Aug 28 00:53:54.526: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Aug 28 00:53:54.526: RADIUS: NAS-Port [5] 6 96
*Aug 28 00:53:54.526: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID96"
*Aug 28 00:53:54.526: RADIUS: Service-Type [6] 6 Framed [2]
*Aug 28 00:53:54.526: RADIUS: NAS-IP-Address [4] 6 10.10.10.2
*Aug 28 00:53:54.526: RADIUS(0000B854): Sending a IPv4 Radius Packet
*Aug 28 00:53:54.526: RADIUS(0000B854): Started 5 sec timeout
*Aug 28 00:53:54.530: RADIUS: Received from id 1645/126 10.10.10.50:1812, Access-Accept, len 117
*Aug 28 00:53:54.530: RADIUS: authenticator F9 47 7F B3 B0 AB F5 76 - 75 54 58 C8 CB CD A9 F0
*Aug 28 00:53:54.530: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Aug 28 00:53:54.530: RADIUS: Service-Type [6] 6 Framed [2]
*Aug 28 00:53:54.530: RADIUS: Framed-IP-Address [8] 6 10.10.10.10
*Aug 28 00:53:54.530: RADIUS: Class [25] 46
*Aug 28 00:53:54.530: RADIUS: 85 BD 07 B9 00 00 01 37 00 01 02 00 0A 0A 0A 32 00 00 00 00 BD 95 4C B8 5F 37 23 3C 01 D5 5D 39 64 F2 47 BC 00 00 00 00 00 00 00 1D [ 72L_7#<]9dG]
*Aug 28 00:53:54.530: RADIUS: Vendor, Cisco [26] 9
*Aug 28 00:53:54.530: RADIUS: Cisco AVpair [1] 3 "8"
*Aug 28 00:53:54.530: RADIUS: Vendor, Microsoft [26] 12
*Aug 28 00:53:54.530: RADIUS: MS-Link-Util-Thresh[14] 6
*Aug 28 00:53:54.530: RADIUS: 00 00 00 32 [ 2]
Core1.DC1(config)#
*Aug 28 00:53:54.530: RADIUS: Vendor, Microsoft [26] 12
*Aug 28 00:53:54.530: RADIUS: MS-Link-Drop-Time-L[15] 6
*Aug 28 00:53:54.530: RADIUS: 00 00 00 78 [ x]
*Aug 28 00:53:54.534: RADIUS(0000B854): Received from id 1645/126
*Aug 28 00:53:54.534: RADIUS/DECODE: parse VSA parts error
*Aug 28 00:53:54.534: RADIUS/DECODE: convert VSA string; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: cisco VSA type 1; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: VSA; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: decoder; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: attribute Vendor-Specific; FAIL
*Aug 28 00:53:54.534: RADIUS/DECODE: parse response op decode; FAIL
Core1.DC1(config)#
*Aug 28 00:53:56.534: VPDN uid:96 disconnect (AAA) IETF: 17/user-error Ascend: 26/PPP CHAP Fail
*Aug 28 00:53:56.534: VPDN uid:96 vpdn shutdown session, result=2, error=6, vendor_err=0, syslog_error_code=8, syslog_key_type=1
*Aug 28 00:53:56.534: VPDN uid:96 VPDN/AAA: accounting stop sent
*Aug 28 00:53:56.542: VPDN Received L2TUN socket message <CDN - Session Disconnected>

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN/Radius Error - RADIUS/DECODE: parse VSA parts error

Make sure if you're not getting help needed to work through TAC as well
3 REPLIES 3
Rising star

Re: VPN/Radius Error - RADIUS/DECODE: parse VSA parts error

I would focus on the configuration of your attributes and troubleshoot from there. Good luck!
Highlighted
VIP Engager

Re: VPN/Radius Error - RADIUS/DECODE: parse VSA parts error

What does it look like if you try using a real user?

Second piece of this, what components and models are you using, radius server, client device, head end device etc.
Cisco Employee

Re: VPN/Radius Error - RADIUS/DECODE: parse VSA parts error

Make sure if you're not getting help needed to work through TAC as well