Showing results for 
Search instead for 
Did you mean: 

Password Expiry fails to work on the Cisco IOS router


Core issue

Currently, Cisco IOS Easy VPN clients send the username and password values to the EasyVPN Server, which in turn sends them to the authentication, authorization, and accounting (AAA) subsystem. The AAA subsystem generates an authentication request to the RADIUS server. If the password has expired, then the RADIUS server replies back with an authentication failure.

The reason for the failure is not passed back to AAA subsystem, so the user is denied access because of authentication failure but does not know that the failure is due to password expiry.


In order to resolve this issue, upgrade the router to Cisco IOS  Software Release 12.4(6)T.

With release of Cisco IOS Software Release 12.4(6)T, the AAA Password Expiry infrastructure notifies the Easy VPN client that the password has expired, and provides a generic way for the user to change the password.

In order to download the suggested image, use the Cisco IOS Upgrade Planner.

Note: The Password Expiry feature is not supported on the hardware client.

Refer to AAA Password Expiry in Cisco IOS EasyVPN for more information.