Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
770
Views
0
Helpful
1
Replies

Cisco 6509/6513 and AAA

fibernet570
Level 1
Level 1

‎01-21-2011 11:10 AM - edited ‎03-06-2019 03:07 PM

I'm having issues with aaa authorization on Cisco 6509/6513 however its working fine on my Cisco 4948.

I have the following configured on the 6509, striaght forward:

aaa authentication login default group radius enable

aaa authorization exec default group radius if-authenticated

When I telnet to the Cisco 6509 or 6513 I get:

Username: admin

Password: ****

Authorization failed

If I remove "aaa authorization exec default group radius if-authenticated", it defaults to user exec:

======================

Username: admin

Password: ****

Password: ******

C6513_NY>

======================

Here is info on my Cisco 6509:

IOS: c6sup22-jsv-mz.121-26.E7.bin

Cisco WS-C6509

Let me know if I can get aaa authorization working, go to have a policy that authenticates to privilege exec mode.

-MN

Labels:
0 Helpful
1 Reply 1

fibernet570
Level 1
Level 1

‎01-25-2011 08:38 AM

Debug output:

31w2d: AAA: parse name=tty2 idb type=-1 tty=-1
31w2d: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
31w2d: AAA/MEMORY: create_user (0x44344CF4) user='' ruser='' port='tty2' rem_addr='192.168.166.250' authen_type=ASCII service=LOGIN priv=1
31w2d: AAA/AUTHEN/START (1964255498): port='tty2' list='' action=LOGIN service=LOGIN
31w2d: AAA/AUTHEN/START (1964255498): using "default" list
31w2d: AAA/AUTHEN/START (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = GETUSER
31w2d: AAA/AUTHEN/CONT (1964255498): continue_login (user='(undef)')
31w2d: AAA/AUTHEN (1964255498): status = GETUSER
31w2d: AAA/AUTHEN (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = GETPASS
31w2d: AAA/AUTHEN/CONT (1964255498): continue_login (user='Admin')
31w2d: AAA/AUTHEN (1964255498): status = GETPASS
31w2d: AAA/AUTHEN (1964255498): Method=radius (radius)
31w2d: AAA/AUTHEN (1964255498): status = PASS
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): Port='tty2' list='' service=EXEC
31w2d: AAA/AUTHOR/EXEC: tty2 (4085001239) user='Admin'
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): send AV service=shell
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): send AV cmd*
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): found list "default"
31w2d: tty2 AAA/AUTHOR/EXEC (4085001239): Method=radius (radius)
31w2d: AAA/AUTHOR (4085001239): Post authorization status = FAIL
31w2d: AAA/AUTHOR/EXEC: Authorization FAILED
31w2d: AAA/MEMORY: free_user (0x44344CF4) user='Admin' ruser='' port='tty2' rem_addr='192.168.166.250' authen_type=ASCII service=LOGIN priv=1

-MN

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card