Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 2950 Switch Authentication problem

Status
Not open for further replies.
naasma

naasma

IS-IT--Management
Oct 2, 2008
1
ZA
Hi,

I have setup AAA authentication on our Cisco Swicthes so that you can use your AD account to log on, but on some of the switches is doesn't allow the AD account to authenticate at all. I get the following error on the switch logs:

008239: 2w3d: AAA/MEMORY: create_user (0x80CE2A40) user='' ruser='' port='tty1'
rem_addr='10.5.9.31' authen_type=ASCII service=LOGIN priv=15
008240: 2w3d: AAA/AUTHEN/START (3181771015): port='tty1' list='default' action=L
OGIN service=LOGIN
008241: 2w3d: AAA/AUTHEN/START (3181771015): found list default
008242: 2w3d: AAA/AUTHEN/START (3181771015): Method=rad_admin (radius)
008243: 2w3d: AAA/AUTHEN (3181771015): status = GETUSER
008244: 2w3d: AAA/AUTHEN/CONT (3181771015): continue_login (user='(undef)')
008245: 2w3d: AAA/AUTHEN (3181771015): status = GETUSER
008246: 2w3d: AAA/AUTHEN (3181771015): Method=rad_admin (radius)
008247: 2w3d: AAA/AUTHEN (3181771015): status = GETPASS
008248: 2w3d: AAA/AUTHEN/CONT (3181771015): continue_login (user='naasma')
008249: 2w3d: AAA/AUTHEN (3181771015): status = GETPASS
008250: 2w3d: AAA/AUTHEN (3181771015): Method=rad_admin (radius)
008251: 2w3d: RADIUS: ustruct sharecount=1
008252: 2w3d: RADIUS: added cisco VSA 2 len 4 "tty1"
008253: 2w3d: RADIUS: Initial Transmit tty1 id 51 10.4.156.40:1645, Access-Reque
st, len 97
008254: 2w3d: Attribute 4 6 0A050902
008255: 2w3d: Attribute 5 6 00000001
008256: 2w3d: Attribute 26 12 0000000902067474
008257: 2w3d: Attribute 61 6 00000005
008258: 2w3d: Attribute 1 8 6E616173
008259: 2w3d: Attribute 31 11 31302E35
008260: 2w3d: Attribute 2 18 CA1BCF72
008261: 2w3d: Attribute 44 10 30303030
008262: 2w3d: RADIUS: Received from id 51 10.4.156.40:1645, Access-Reject, len 2
0
008263: 2w3d: RADIUS: Response (51) failed decrypt
008264: 2w3d: AAA/AUTHEN (3181771015): status = ERROR
008265: 2w3d: AAA/AUTHEN/START (290149027): port='tty1' list='' action=LOGIN ser
vice=LOGIN

That is failed to decrypt the Radius, i have double checked the raduis key on the devices and the raduis server i have even change the key to something else but no luck at all.

Your help will be appreciated.

Naas

 
Sort by date Sort by votes
I'm assuming that you're using IAS as your Radius server? What does your system event log say about these failures? Can you also post your scrubbed aaa config in your switches?

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
411
madwok
madwok
B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
118
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
441
nt8d09
nt8d09
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
436
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
380
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top