Hi
Could someone please help understanding a debug output? I'm configuring a router to use IAS radius server for login authentication.
The config is: Router-2610xm#sh run | incl aaa aaa new-model aaa authentication login default group radius local aaa authentication enable default enable aaa authorization exec default group radius local aaa session-id common
Router-2610xm#sh run | incl radius aaa authentication login default group radius local aaa authorization exec default group radius local radius-server host 10.1.10.11 auth-port 1812 acct-port 1813 key secret radius-server retransmit 2 radius-server timeout 4 radius-server authorization permit missing Service-Type
My debug shows that the radius server is not accessible. But i'm not sure that everything is fine. I'm able to ping the radius, but have no other access (no ethereal, no logs). I'm also not sure about the non-standard setting. I've tried both with 1645/46 and 1812/13 and the server listens on both.
The debug output is:
Apr 8 13:37:04.540: AAA/BIND(0000001B): Bind i/f Apr 8 13:37:04.556: AAA/AUTHEN/LOGIN (0000001B): Pick method list 'default' Apr 8 13:37:04.652: RADIUS/ENCODE(0000001B): ask "Username: " Apr 8 13:37:04.652: RADIUS/ENCODE(0000001B): send packet; GET_USER Apr 8 13:37:08.618: RADIUS/ENCODE(0000001B): ask "Password: " Apr 8 13:37:08.622: RADIUS/ENCODE(0000001B): send packet; GET_PASSWORD Apr 8 13:37:11.663: RADIUS: AAA Unsupported [150] 5 Apr 8 13:37:11.667: RADIUS: 74 74 79 [tty] Apr 8 13:37:11.667: RADIUS(0000001B): Storing nasport 76 in rad_db Apr 8 13:37:11.667: RADIUS/ENCODE(0000001B): dropping service type, "radius-server attribute 6 on-for-login-auth" is off Apr 8 13:37:11.667: RADIUS(0000001B): Config NAS IP: 0.0.0.0 Apr 8 13:37:11.667: RADIUS/ENCODE(0000001B): acct_session_id: 26 Apr 8 13:37:11.667: RADIUS(0000001B): sending Apr 8 13:37:11.667: RADIUS/ENCODE: Best Local IP-Address 10.101.2.18 for Radius-Server 10.1.10.11 Apr 8 13:37:11.667: RADIUS(0000001B): Send Access-Request to
10.1.10.11:1812 id 21645/18, len 78 Apr 8 13:37:11.671: RADIUS: authenticator 02 C6 EC 78 3B 70 13 78 - DB AE 6B 1C 4A 99 E2 C7 Apr 8 13:37:11.671: RADIUS: User-Name [1] 7 "test" Apr 8 13:37:11.671: RADIUS: User-Password [2] 18 * Apr 8 13:37:11.671: RADIUS: NAS-Port [5] 6 76 Apr 8 13:37:11.671: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Apr 8 13:37:11.671: RADIUS: Calling-Station-Id [31] 15 "10.102.16.129" Apr 8 13:37:11.671: RADIUS: NAS-IP-Address [4] 6 10.101.2.18 Apr 8 13:37:15.678: RADIUS: Retransmit to (10.1.10.11:1812,1813) for id 21645/18 Apr 8 13:37:19.681: RADIUS: Retransmit to (10.1.10.11:1812,1813) for id 21645/18 Apr 8 13:37:23.683: RADIUS: No response from (10.1.10.11:1812,1813) for id 21645/18 Apr 8 13:37:23.683: RADIUS/DECODE: parse response no app start; FAIL Apr 8 13:37:23.683: RADIUS/DECODE: parse response; FAIL Apr 8 13:37:25.687: AAA/AUTHEN/LOGIN (0000001B): Pick method list 'default' Apr 8 13:37:25.687: RADIUS/ENCODE(0000001B): ask "Username: " Apr 8 13:37:25.687: RADIUS/ENCODE(0000001B): send packet; GET_USERthanks Adam
A: No. Q: Should I include quotations after my reply?