Authorisation failed % error

Andy White · ‎04-17-2012

Hello,

I have just added radius to my 2955 and when I log in I get this error:

This is what I have added.

aaa new-model

radius-server host 10.10.1.33 auth-port 1645 acct-port 1646 key secret

radius-server host 10.10.1.34 auth-port 1645 acct-port 1646 key secret

radius-server vsa send accounting
radius-server vsa send authentication

aaa authentication login default group radius local
aaa authentication enable default line
aaa authorization console
aaa authorization exec default group radius local

What does that error mean? Is it an issue with the romete radius server or my config?

John Blakley · ‎04-17-2012

Andy,

Try removing the authorization lines from the aaa config and see if that helps. If so, you'll need to pass the attribute back from your radius server for the authorization piece. Something like shell:priv-lvl=15.

Take a look at this post as it may help:

https://supportforums.cisco.com/thread/344219

John

HTH, John *** Please rate all useful posts ***

Andy White · ‎04-20-2012

Sorry for the delay, I'm still getting the error.

Cisco say that the Windows Radius server needs to send authorisation back to the switch, although the chap didn't know what I should add to the Radius server. Would you know?

The user lokos to get authenticated and then is seems the switch expects to see authorisation sent from the Radius server.

Thanks