Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
2
Replies

IOS upgrade issues

volleyman
Level 1
Level 1

‎03-05-2008 11:31 AM - edited ‎03-03-2019 08:59 PM

I recently upgraded the IOS on my 2811 router from 12.4(12)to 12.4(15)T3 in order to pick up support for a new hwic-3g-gsm card.

upgraded via tftp with no apparent issues. after the upgrade, ssh connections to the router stopped working. I changed the vty 04 to accept all which allowed telnet to work but still no ssh. is there any debugging I can do for ssh?

also, radius stopped working. in the debugs, I can see it accept the account but I get a bunch of failed lines that I don't understand. here is the debug output:

Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): ask "Username: "

Mar 5 19:12:27.719: RADIUS/ENCODE(00000006): send packet; GET_USER

Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): ask "Password: "

Mar 5 19:12:29.851: RADIUS/ENCODE(00000006): send packet; GET_PASSWORD

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006):Orig. component type = EXEC

Mar 5 19:12:32.659: RADIUS: AAA Unsupported Attr: interface [174] 6

Mar 5 19:12:32.659: RADIUS: 74 74 79 35 [tty5]

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): dropping service type, "radius-server attribute 6 on-for-login-auth" is off

Mar 5 19:12:32.659: RADIUS(00000006): Config NAS IP: 0.0.0.0

Mar 5 19:12:32.659: RADIUS/ENCODE(00000006): acct_session_id: 4

Mar 5 19:12:32.659: RADIUS(00000006): sending

Mar 5 19:12:32.659: RADIUS/ENCODE: Best Local IP-Address 10.10.4.52 for Radius-Server 10.10.1.251

Mar 5 19:12:32.663: RADIUS(00000006): Send Access-Request to 10.10.1.251:1812 id 1645/6, len 83

Mar 5 19:12:32.663: RADIUS: authenticator 98 CF 80 52 47 5D AF A0 - E3 96 B4 0F F0 78 32 75

Mar 5 19:12:32.663: RADIUS: User-Name [1] 7 "zaned"

Mar 5 19:12:32.663: RADIUS: User-Password [2] 18 *

Mar 5 19:12:32.663: RADIUS: NAS-Port [5] 6 514

Mar 5 19:12:32.663: RADIUS: NAS-Port-Id [87] 8 "tty514"

Mar 5 19:12:32.663: RADIUS: NAS-Port-Type [61] 6 Virtual [5]

Mar 5 19:12:32.663: RADIUS: Calling-Station-Id [31] 12 "10.10.4.51"

Mar 5 19:12:32.663: RADIUS: NAS-IP-Address [4] 6 10.10.4.52

Mar 5 19:12:32.667: RADIUS: Received from id 1645/6 10.10.1.251:1812, Access-Accept, len 44

Mar 5 19:12:32.667: RADIUS: authenticator 8A 52 1F 11 41 AA C8 C7 - 0F 08 25 28 B9 3E 1A 5D

Mar 5 19:12:32.667: RADIUS: Service-Type [6] 6 Administrative [6]

Mar 5 19:12:32.667: RADIUS: Vendor, Cisco [26] 18

Mar 5 19:12:32.667: RADIUS: Cisco AVpair [1] 12 "shell:cmd*"

Mar 5 19:12:32.667: RADIUS(00000006): Received from id 1645/6

Mar 5 19:12:32.667: RADIUS/DECODE: convert VSA string; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: cisco VSA type 1; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: VSA; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: decoder; FAIL

Mar 5 19:12:32.667: RADIUS/DECODE: attribute Vendor-Specific; FAIL

Mar 5 19:12:32.671: RADIUS/DECODE: parse response op decode; FAIL

Mar 5 19:12:32.671: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL

any help would be appreciated.

Labels:
0 Helpful
2 Replies 2

volleyman
Level 1
Level 1

‎03-05-2008 11:33 AM

also, I should mention that I included one local account for when radius fails. This account also wont' work. The only way to connect to the router right now is via rommon which isn't a problem because its currently in the lab.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-05-2008 07:54 PM

Could you provide the full image names of the current and prior IOSs?

0 Helpful
Customers Also Viewed These Support Documents