Solved

Cisco AAA Authentication issues

Posted on 2012-03-28
2
501 Views
Last Modified: 2012-06-21
The devices in question are stand-alone cisco switches.

I have attached the "debug aaa **" output below for a successful and unsuccessful login attempt. These logs come from the two switches running the same IOS & model.

I am able to authenticate with rsa token, but able to authenticate via local user database when the "aaa authorization exec if-authenticated" command is present.

If the command is not present, I am able to login via the local user database, but not radius.

Any thoughts? What additional information can I provide to help isolate this?
aaa.pass.txt
aaa.fail.txt
0
Comment
Question by:-dev-null-
2 Comments
 
LVL 17

Accepted Solution

by:
TimotiSt earned 500 total points
ID: 37783704
I think you may have an issue with the authorization config on the radius server.
According to this:

The aaa authorization exec default group radius if-authenticated command configures the network access server to contact the RADIUS server to determine if users are permitted to start an EXEC shell when they log in. If an error occurs when the network access server contacts the RADIUS server, the fallback method is to permit the CLI to start, provided the user has been properly authenticated.

the existence of the "if-authenticated" command provides a fallback to CLI if the radius is missing authentication info.

Tamas
0
 

Author Closing Comment

by:-dev-null-
ID: 37805606
fixed
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question