cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
797
Views
0
Helpful
1
Replies

Cisco 6509/6513 and AAA

fibernet570
Level 1
Level 1

I'm having issues with aaa authorization on Cisco 6509/6513 however its working fine on my Cisco 4948.

I have the following configured on the 6509, striaght forward:

aaa authentication login default group radius enable

aaa authorization exec default group radius if-authenticated

When I telnet to the Cisco 6509 or 6513 I get:

Username: admin

Password: ****

Authorization failed

If I remove "aaa authorization exec default group radius if-authenticated", it defaults to user exec:

======================

Username: admin

Password: ****

Password: ******

C6513_NY>

======================

Here is info on my Cisco 6509:

IOS: c6sup22-jsv-mz.121-26.E7.bin

Cisco WS-C6509

Let me know if I can get aaa authorization working, go to have a policy that authenticates to privilege exec mode.

-MN

1 Reply 1

fibernet570
Level 1
Level 1

Debug output:

31w2d: AAA: parse name=tty2 idb type=-1 tty=-1
31w2d: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
31w2d: AAA/MEMORY: create_user (0x44344CF4) user='' ruser='' port='tty2' rem_addr='192.168.166.250' authen_type=ASCII service=LOGIN priv=1
31w2d: AAA/AUTHEN/START (1964255498): port='tty2' list='' action=LOGIN service=LOGIN
31w2d: AAA/AUTHEN/START (1964255498): using "default" list
31w2d: AAA/AUTHEN/START (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = GETUSER
31w2d: AAA/AUTHEN/CONT (1964255498): continue_login (user='(undef)')
31w2d: AAA/AUTHEN (1964255498): status = GETUSER
31w2d: AAA/AUTHEN (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = GETPASS
31w2d: AAA/AUTHEN/CONT (1964255498): continue_login (user='Admin')
31w2d: AAA/AUTHEN (1964255498): status = GETPASS
31w2d: AAA/AUTHEN (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = PASS
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): Port='tty2' list='' service=EXEC
31w2d: AAA/AUTHOR/EXEC: tty2 (4085001239) user='Admin'
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): send AV service=shell
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): send AV cmd*
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): found list "default"
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): Method=radius (radius)
31w2d: AAA/AUTHOR (4085001239): Post authorization status = FAIL
31w2d: AAA/AUTHOR/EXEC: Authorization FAILED
31w2d: AAA/MEMORY: free_user (0x44344CF4) user='Admin' ruser='' port='tty2' rem_addr='192.168.166.250' authen_type=ASCII service=LOGIN priv=1

-MN

Review Cisco Networking for a $25 gift card