Solved

Cisco AAA Authentication issues

Posted on 2012-03-28
2
513 Views
Last Modified: 2012-06-21
The devices in question are stand-alone cisco switches.

I have attached the "debug aaa **" output below for a successful and unsuccessful login attempt. These logs come from the two switches running the same IOS & model.

I am able to authenticate with rsa token, but able to authenticate via local user database when the "aaa authorization exec if-authenticated" command is present.

If the command is not present, I am able to login via the local user database, but not radius.

Any thoughts? What additional information can I provide to help isolate this?
aaa.pass.txt
aaa.fail.txt
0
Comment
Question by:-dev-null-
2 Comments
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37783704
I think you may have an issue with the authorization config on the radius server.
According to this:

The aaa authorization exec default group radius if-authenticated command configures the network access server to contact the RADIUS server to determine if users are permitted to start an EXEC shell when they log in. If an error occurs when the network access server contacts the RADIUS server, the fallback method is to permit the CLI to start, provided the user has been properly authenticated.

the existence of the "if-authenticated" command provides a fallback to CLI if the radius is missing authentication info.

Tamas
0
 

Author Closing Comment

by:-dev-null-
ID: 37805606
fixed
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fabric 1 54
HP 1920 Switch -- IFNET LINK_UPDOWN Errors 3 78
Provide internet access from one windows PC to another 16 97
Network adapter for Windows 7 9 49
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question