Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1628
Views
0
Helpful
0
Comments

On a Cisco router running IOS version 12.3, the AAA authentication fallback method to enable a password does not work properly if the RADIUS server is unavailable

TCC_2
Level 10
Level 10

‎06-22-2009 05:27 PM - edited ‎02-21-2020 09:56 PM

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsc49958.

The Authentication, Authorization, and Accounting (AAA) authentication fallback method to enable a password does not work properly in this scenario. If the RADIUS server is not available, then the user password that was typed originally for RADIUS authentication is cached and automatically used for the enable password. This causes the authentication to fail for the fallback enable method. The user is prompted again for their RADIUS account information, so this user is locked out.

This issue was first found in Cisco IOS  Software Releases 12.3(2) and 12.3(3.1)T. Refer to all affected versions for a list of all Cisco IOS Software releases affected by this bug.

Resolution

As a workaround, perform one of these steps:

  • If the RADIUS server is unavailable, enter any username and use the enable password as the user password.

  • Download and upgrade the Cisco IOS version to any one of these versions:

       
    •   12.2(28)SB
    •   12.4(5.11)T
    •   12.4(5.13)
    •   12.3(17.6)
    •   12.3(14)T06
    •   12.4(03c)
    •   12.4(2)T04
    •   12.2(28)ZV
    •   12.4(4)T02
    •   12.4(05b)
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents