AAA authentication question
Here is the config, I have a switch:
AAA authentication login default group Ganymede + local
AAA authentication login vtylogin group Ganymede + local
AAA authentication login conlogin group Ganymede + activate none
the AAA authentication enable default Ganymede + activate
Now, here are my questions:
1. when I have my login of Ganymede console connection works, but when I type 'enable' and try to use my password to Active Directory, it does not work. So I try the enable password, don't worry. However if I change the 4th line "aaa authentication enable the Activate by default", I can now by using the enable password.
2. my second question is when I SSH into the switch, I want only that it uses the RADIUS server and use only the database local when the Ganymede is not available. However while Ganymede is available, I am still able to login using the local user account. I guess that's by design? Is there a way to prevent this if it isn't design?
When you use the local user account to connect to the device, can you check if you can see the log in "past the authentication attempt" on the box of the CSA? If so, the same account could you please check your local ACS DB user to see that it was created by a fake?
Tags: Cisco Security
Similar Questions
-
RADIUS authentication question
Hello world
I'm learning the Radius Authentication. Here are my updated laboratory in place:
R1 (107.107.107.10)-(107.107.107.4) - WIN2008 (RADIUS SERVER)
Here is the config of RADIUS on the R1:
AAA authentication login default local radius group
RADIUS-server host 107.107.107.4 auth-port 1645 acct-port 1646
key cisco RADIUS serverI have a few questions:
(1) above, I do not specify encryption on R1, R1 will use this as the default encryption?
In the attached file, we see the password is encrypted, but there is no config on R1 to use particular encryption
(2) we also see "authenticator", which is I think is R1 host name i.e encrypted with the shared secret. I'm wrong?
Much appreciated and have a great weekend!
Hello
The Protocol Radius encrypts the password for the default user. I think that Radius uses MD5.
The authenticator is a random string generated by the client and is used in the encryption of the password process.
Thank you
John
-
No AAA authentication for switch
I'm intrigued by my question. I have a switch on 9 that cannot authenticate with our server GANYMEDE. The configurations are the same as any other switch, but when I try to open a session using the account GANYMEDE + access is denied. This is the configuration for the AAA/GANYMEDE on the switch.
AAA new-model
AAA authentication login default group Ganymede + local
authorization AAA console
AAA authorization exec default group Ganymede + localradius-server X.X.33.XX host
radius-server key 7?I deleted the aaa configuration and then reconfigured it as well as the information from the server RADIUS and no authentication Ganymede. I gave the Ganymede interface should use, but same result. Any ideas?
Thank you
Robert
Robert,
Please make sure following
-Radius server is accessible from the switch and port 49 is not blocked.
S ' it is layer 3 switch, then make sure to configure the interface source ip Ganymede XXXX (Interface IP set in radius server)
-Check the secret key
If the problem is still there then please get
Debug aaa authentication
debugging Ganymede
Kind regards
~ JG
-
Excluding the lines of Terminal Server in the AAA authentication
Hi all
Hope you can help, I'm trying to find a solution to exclude only the following line port by using the AAA authentication (ACS GANYMEDE +) on a map of Terminal Server on a Cisco 2600 router. Does anyone know how to do this, or point me in the right direction to solve?
I've included the output below:
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
AAA accounting default connection group power Ganymede
AAA accounting system default start-stop Ganymede group.
AAA - the id of the joint sessionline 41
session-timeout 20
decoder location - XXXXXX XXXXXX BT
No banner motd
No exec-banner
absolute-timeout 240
Modem InOut
No exec
transport of entry all
StopBits 1
Speed 38400Is it a question of disabling the command line or using a defined group?
Thanks a lot for your help.
Jim.
Hi Jim
You may need to create another group for authentication to the and send your AAA configuration
line to 0
connection of authentication aux_auth
AAA authentication login aux_auth line
You can also configure a username local/pw and map it on the group to here...
Console and telnet would still use the configured default group, or you can specify specific groups:
Line con 0
console login authentication
line 4 vty0
vty authentication login
and specify the aaa authentication settings individually...
I hope this helps... all the best
REDA
-
AAA authentication problemssss
Hello
When I use commands below aaa and attempt to authenticate, I am able to authenticate with GANYMEDE +, but further then when I do "sh run" I get message "command failed authorization." Please notify.
Test-Switch #sh run
Authorization of command failed.
AAA new-model
AAA authentication login NETWORK_ACCESS group Ganymede + local activate
the AAA authentication enable default group Ganymede + activateAAA authorization exec default group Ganymede + authenticated if
default 15 AAA authorization commands group Ganymede + noneAAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.the String key of the host IP radius-server
line vty 0 4
transport input telnet ssh
authentication of the connection NETWORK_ACCESS
exec-timeout 10BUT as soon I just changed the aaa as configuration below I'm able to run sh run commands as usual without any error.
AAA new-model
AAA authentication login default group Ganymede + local
AAA authentication login no_tacacs local
activate the default AAA authentication no
AAA authentication login default group Ganymede + line
AAA authentication login no_tacacs line
authorization AAA console
AAA authorization exec default group Ganymede + local authenticated by FIS
AAA authorization exec default group Ganymede + authenticated if
AAA authorization exec local no_tacacs authenticated by FIS
AAA authorization commands 0 no_tacacs no
AAA authorization commands 1 no_tacacs no
AAA authorization commands 15 no_tacacs no
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
AAA - the id of the joint session
Please advise, thank you. its urgent
To approach the issue from a slightly different angle - your original set of commands instruct the router to send the application for leave to GANYMEDE for each command to level 15, which includes see the race. Your GANYMEDE server was not configured to allow your use to see the race and if your attempt to show performance was rejected.
Your revised set of orders doesn't send application to GANYMEDE for level 15 commands (or other classes of orders by the way) and so there is no question here to see the race.
As far as I can say that your revised set of orders do not permit for orders. You can achieve this result just as easily (and with fewer complications in your configuration) If you delete just aaa authorization command from your config lines.
HTH
Rick
-
I have configured the banner authentication aaa and aaa fail message on a router running 12.1 (15) - authentication is done by ACS 3.0.2 which works very well.
Problem - the banner of authentication does not appear (nothing is outside of "username:"-don't not even 'check' user access) If you enter a wrong password, but the failure message. If I console in and unplug the interface while the two messages very well.
Workaround solution - if I set up a connection "banner" then everything works fine too, but I can't work out why does not display the "banner of aaa authentication."
I suspect ACS prevents the message, but I can't work out how - can anyone suggest a solution?
Thank you very much!
By the way that the command "radius-server administration '? It doesn't seem to be documented, and it has no effect or not.
The banner command does not work if you make the RADIUS authentication, it will not work if you do a RADIUS/local/etc. This is normal, cause with Ganymede you can have the sending server banner and guests down (even if with all I don't think that you can do) and so if you have configured authentication GANYMEDE the router does not take into account the banner command and waits to see if she gets a new one from the server RADIUS itself. If it is not it will simply display the usual guests.
As for the 'radius-server admin' command, honestly, I have no idea, never seen anyone use. Online help says "start the daemon of Ganymede management administrative messages", but what really I don't know, maybe someone else can help.
-
the AAA authentication enable default group Ganymede + activate
I implement CSACS 4.0. First of all on the client, I will apply aaa authenticatio / authorization under vty. The issure if I use the followin command
the AAA authentication enable default group Ganymede + activate
What happens if I connect via the console? I need to enter a name of user and password?
Here is my configuration
AAA new-model
Group authvty of connection authentication AAA GANYMEDE + local
the AAA authentication enable default group Ganymede + activate
authvty orders 15 AAA authorization GANYMEDE + local
RADIUS-server host IP
Radius-server key
Ganymede IP source interface VLAN 3
AAA accounting send stop-record an authentication failure
AAA accounting delay start
AAA accounting exec authvty start-stop group Ganymede +.
orders accounting AAA 15 authvty power group Ganymede +.
AAA accounting connection authvty start-stop group Ganymede +.
line vty 0 15
connection of authentication authvty
authorization orders 15 authvty
authvty connection accounting
accounting orders 15 authvty
accunting exec authvty
Any suggestion will be appreciated!
It should work because it is a guest message.banner whenever you try to connect (console/vty). I set it up on my router.
If you have banner motd, it will appear as well (see below). So, I have to remove it to get only the aaa banner & prompt is displayed:
************************************************************
Username: cisco, password: cisco (priv 15f - local) *.
************************************************************
Any unauthorized use is prohibited.
Enter your name here: User1
Now enter your password:
Router #.
The configuration more or less looks like this:
AAA new-model
AAA authentication banner ^ is forbidden to use CUnauthorized. ^ C
AAA authentication password prompt "enter your password now:
AAA-guest authentication username "enter your name here:
Group AAA authentication login default RADIUS
local authentication AAA CONSOLE connection
HTH
AK
-
AAA authentication in Cisco router
I want to create the user name and password with the level of prévilige for each user in the Cisco 3640 router. I don't have any authentication server, and I want to use the local database of the Cisco router to do this. Can someone suggest me how should I proceed.
Thanks in advance
Hello
If you want to create users in the local database of the router, you must use the following command
username cisco password privilege 5 test
AAA new-model
AAA authentic login default local
AAA exec default local author
Thank you
Sujit
-
The AAA authentication configuration
We have ACS server 3.1 to AAA for authentication for all routers and switches. I want each person to connect the router using its own id, password password and activate. If the ACS server is unavailable, I want to have different id, password and enable password for console and telnet access. What is the right way to do this? I also want to follow all orders entered on the router.
That's what I have:
AAA new-model
AAA authentication login default group Ganymede + local
enable AAA authentication login no_tacacs
the AAA authentication enable default group Ganymede + line
AAA authorization exec default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
!
username admin password 7 xxxxxxxxxxxxxxxx
!
!
Line con 0
connection of authentication no_tacacs
line to 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
Yes, it's Joy on the right. Thank you, Renault
-
http using aaa authentication when Ganymede server is down
I installed AAA using Ganymede and everything works well except for authentication http through a browser or a network Assistant when the RADIUS server is down. For console and telnet connections, the default authentication line when Ganymede is out of service.
AAA new-model
AAA authentication login default group Ganymede + line
AAA authorization exec default group Ganymede + authenticated if
AAA accounting update newinfo
AAA accounting exec default start-stop Ganymede group.
only AAA 0 default stop accounting controls group Ganymede +.
only AAA 1 default stop accounting controls group Ganymede +.
accounting AAA commands default 15 stop only Ganymede group.
!
aaa IP http authentication
!
radius-server host 10.161.161.20
111111 radius-server key
It must be something with the fact that on http or ANC, it connects to the router at level 15, but I have played with all sorts of orders of different authorization and cannot operate.
Paul
What you want to do for authentication if the RADIUS server is down? For telnet and console access you can use the line as a backup method because it is possible to configure a password for the line on the console and vty ports. Which type of backup method you want for HTTP? The one that seems most logical to me would be to a local authentication in order to cover the situation where the server is down.
To use local authentication, you must do the following:
-create a definition of the local user (maybe more if you need extended security).
-specify a special method for authentication of the aaa.
-specify that http, using the special method.
The configuration might look like this:
password user tech1 tech1
AAA authentication login http_auth group Ganymede + local
IP http authentication aaa - authentication of the connection http_auth
Or you can decide to use the secret to activate (or password that is configured in office). The config might look like this:
AAA authentication login http_auth group Ganymede + activate
IP http authentication aaa - authentication of the connection http_auth
If you want a different backup method, let us know what it is and we'll see how it could be implemented.
HTH
Rick
-
AAA authentication and privilege-mode
I want to configure authentication aaa with accounts of local user on the switch. The idea is to come directly into the "privilege" without the enable command mode.
I have configured the following commands:
AAA new-model
AAA authentication login default local
What other commands (permission) are necessary to obtain the command of privilege?
Thank you
Pascal
Dear Sir
For the console you must issue to order more.
There is a hidden within IOS command you will need to apply: "authorization aaa console.
Who should fix it
Kind regards
~ JG
Note the useful messages
-
The AAA authentication and VRF-Lite
Hello!
I encountered a strange problem, when you use authentication Radius AAA and VRF-Lite.
The setting is as follows. A/31 linknet is configured between PE and THIS (7206/g1 and C1812), where the EP sub-si is part of a MPLS VPN and VRF-Lite CE uses to maintain separate local services (where more than one VPN is used..).
Access to the this, via telnet, console etc, will be authenticated by our RADIUS servers, based on the following configuration:
--> Config start<>
AAA new-model
!
!
Group AA radius RADIUS-auth server
Server x.x.4.23 auth-port 1645 acct-port 1646
Server x.x.7.139 auth-port 1645 acct-port 1646
!
AAA authentication login default group auth radius local
enable AAA, enable authentication by default group RADIUS-auth
...
touch of 1646-Server RADIUS host x.x.4.23 auth-port 1645 acct-port
touch of 1646-Server RADIUS host x.x.7.139 auth-port 1645 acct-port
...
source-interface
IP vrf 10 RADIUS ---> Config ends<>
The VRF-Lite instance is configured like this:
---> Config start<>
VRF IP-10
RD 65001:10
---> Config ends<>
Now - if I remove the configuration VRF-Lite and use global routing on the CE (which is OK for a simple vpn installation), AAA/RADIUS authentication works very well. "" When I activate transfer ip vrf "10" on the interface of the outside and inside, AAA/RADIUS service is unable to reach the two defined servers.
I compared the routing table when using VRF-Lite and global routing, and they are identical. All roads are correctly imported via BGP, and the service as a whole operates without problem, in other words, the AAA/RADIUS part is the only service does not.
It may be necessary to include a vrf-transfer command in the config of Group server as follows:
AAA radius RADIUS-auth server group
Server-private x.x.x.x auth-port 1645 acct-port
1646 key ww
IP vrf forwarding 10
See the document below for more details:
http://www.Cisco.com/en/us/partner/docs/iOS/12_4/secure/configuration/guide/hvrfaaa.html
-
The AAA authentication not working method and 'by default' list
Guys,
I hope someone can help me here to the problem of the AAA. I copied the configuration and debugging below. The router keeps using username/password local name even if the ACS servers are accessible and functional. To debug, it seems he keeps using the method list 'default' ignoring GANYMEDE config. Any help will be appreciated
Config
**********************************
AAA new-model
!
username admin privilege 15 secret 5 xxxxxxxxxx.
!
AAA authentication login default group Ganymede + local
the AAA authentication enable default group Ganymede + activate
authorization AAA console
AAA authorization exec default group Ganymede + local
AAA authorization commands 15 default group Ganymede + local
AAA authorization default reverse-access group Ganymede + local
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
!
AAA - the id of the joint session
!
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server host x.x.x.x
RADIUS-server application made
RADIUS-server key 7 0006140E54xxxxxxxxxx
!
Ganymede IP interface-source Vlan200
***************************
Debugs
002344: 5 Dec 01:36:03.087 ICT: AAA/BIND (00000022): link i / f
002345: Dec 5 01:36:03.087 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
002346: Dec 5 01:36:11.080 ICT: AAA/AUTHENTIC/LOGIN (00000022): choose method list "by default".
core01 #.
002347: Dec 5 01:36:59.404 ICT: AAA: analyze name = tty0 BID type =-1 ATS = - 1
002348: Dec 5 01:36:59.404 ICT: AAA: name = tty0 flags = 0 x 11 type = 4 shelf = 0 = 0 = 0 = 0 = 0 channel port adapter slot
002349: Dec 5 01:36:59.404 ICT: AAA/MEMORY: create_user (0 x 6526934) user = "admin" ruser = "core01" ds0 = 0 port = "tty0" rem_addr = "async" authen_type = service ASCII = NONE priv = 15 initial_task_id = '0', vrf = (id = 0)
002350: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): Port = "tty0" list = "service = CMD
002351: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/CMD: tty0 (2162495688) user = "admin".
002352: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send service AV = shell
002353: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd = AV set up
002354: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send AV terminal = cmd - arg
002355: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): send cmd - arg = AV
002356: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): found the 'default' list
002357: Dec 5 01:36:59.404 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = Ganymede + (Ganymede +)
002358: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): user = admin
002359: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send service AV = shell
002360: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd = AV set up
002361: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send AV terminal = cmd - arg
002362: Dec 5 01:36:59.404 ICT: AAA/AUTHOR/TAC +: (2162495688): send cmd - arg = AV
Enter configuration commands, one per line. End with CNTL/Z.
core01 (config) #.
002363: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): permission post = ERROR
002364: Dec 5 01:37:04.261 ICT: tty0 AAA/AUTHOR/CMD (2162495688): method = LOCAL
002365: Dec 5 01:37:04.261 ICT: AAA/AUTHOR (2162495688): position of authorization = PASS_ADD
002366: Dec 5 01:37:04.261 ICT: AAA/MEMORY: free_user (0 x 6526934) user = "admin" ruser = "core01" port = "tty0" rem_addr = "async" authen_type = ASCII service = NONE priv = 15
core01 (config) #.
Ganymede + accessible servers use source vlan 200. Also in the Ganymede server + can you check if the IP address for this device is configured correctly and also please check the pwd on the server and the game of this device.
As rick suggested sh Ganymede would be good as well. That would show the failures and the successes
HTH
Kishore
-
GANYMEDE + Queueing AAA authentication
Hello
I've recently updated the IOS on my 3560 X 15.0 (2) SE3 and I can't get GANYMEDE works correctly. It worked properly on this device until I updated the IOS so I don't know what happened. I've made a few other changes as well (management IP change and clean the other config) so I'm not 100% sure what the issue was with the IOS. I have this same exact config on several other Cisco devices and it works fine. Any thoughts are appreciated.
Config:
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
Ganymede IP source interface Vlan1
radius-server host
Ganymede IP source interface Vlan1
GANYMEDE-server host 10.x.x.x key *.Debugs:
MORE: Queuing request authentication AAA 88 for the treatment
I never spent queuing. I can't find a way to clear the queue either.
I have to disable the uplink port and reboot the switch to not even enter the port of the console. At this point, I get 1 authentication attempt (debugging below) before entering the queue messages.
21:34:36.864 Mar 29 CDT: % LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed State to
21:40:48.068 Mar 29 CDT: MORE: Queuing AAA request authentication 47 for the treatment
21:40:48.068 Mar 29 CDT: HIGHER: processing id authentication of demand beginning 47
21:40:48.068 Mar 29 CDT: MORE: authentication start package created for 47(**USERNAME**)
21:40:48.068 Mar 29 CDT: MORE: using the 10.x.x.x server
21:40:48.068 Mar 29 CDT: HIGHER (0000002F) / 0/IDLE/68F4CBC: started 5 sec timeout
21:40:48.077 Mar 29 CDT: HIGHER (0000002F) / 0/IDLE/68F4CBC: got immediately connect on the new 0
21:40:48.077 Mar 29 CDT: HIGHER (0000002F) / 68F4CBC/WRITING/0: started 5 sec timeout
21:40:48.077 Mar 29 CDT: T +: 192 (0xC0) Version, type 1, seq 1, encryption 1, SC 0
21:40:48.077 Mar 29 CDT: T +: session_id 912650955 (0x3665F2CB), dlen 32 (0x20)
21:40:48.077 Mar 29 CDT: T +: type: AUTHENTIC / START, priv_lvl:1 action: ascii LOGIN
21:40:48.077 Mar 29 CDT: T +: svc:LOGIN user_len:11 port_len:4 (0x4) raddr_len:9 (0 x 9) data_len:0
21:40:48.077 Mar 29 CDT: T +: user: (* USERNAME *)
21:40:48.077 Mar 29 CDT: T +: port: tty1
21:40:48.077 Mar 29 CDT: T +: rem_addr: 10.y.y.y
21:40:48.077 Mar 29 CDT: T +: data:
21:40:48.077 Mar 29 CDT: T +: end of packet
21:40:48.077 Mar 29 CDT: HIGHER (0000002F) / 0/WRITING: write to 10.x.x.x failed with errno 257 ((ENOTCONN))
21:40:48.077 Mar 29 CDT: MORE: authentication start package created for 47(**USERNAME**)
21:40:48.077 Mar 29 CDT: HIGHER (0000002F): start write failed
21:43:01.976 Mar 29 CDT: % SYS-5-CONFIG_I: configured from console by dcmorris on console
21:43:08.057 Mar 29 CDT: MORE: Queuing AAA request authentication 48 for the treatment
21:45:24.842 Mar 29 CDT: MORE: Queuing AAA request authentication 49 for the treatment
21:48:52.494 Mar 29 CDT: MORE: Queuing AAA asks 50 for processing authentication
You might want to take a look here
https://supportforums.Cisco.com/message/3965551#3965551
Jatin kone
-Does the rate of useful messages-
-
We have following commands configured on the 2950
AAA new-model
AAA authentication login default local radius group
the AAA authentication enable default
RADIUS group AAA authorization exec default authenticated if
localuser username secret 5 *.
When you try to access the switch it's mark to the RADIUS server, but it is not authenticated.
And then he gets authenticated with the local user name.
Here is the log of the RADIUS server
It shows the correct user name and correct the source of the switch IP address.
Authentication provider = Windows
Authentication server =
Policy-Name =
Authentication type PAP =
EAP-Type =
Code motif = 16
Reason = authentication was not successful because an unknown user or bad password name has been used.
In principle it was expected that as long as the switch is able to connect to the RADIUS server, it will not use the local username for authentication.
But the switch uses the local username even if he can contact the RADIUS service.
Please share the experience.
Thank you
Subodh
Hello
Indeed, I've recreated the issue when authenticating against a RAQ. My switch is running a newer version, however, it always reports the error of decryption on newspapers when the shared secret is incorrect. Shared secret configured as "cisco" on the switch and as "cisco123" relating to the registration of the IAS RADIUS client. Got the following text:
Priv15 of the user has been denied access.
Fully-qualified-user name = CAMEJIA\priv15
NAS-IP-Address = x.x.250.12
NAS-identify =
Station called = identifier
Calling-Station-identifier =
Client-Friendly-Name = x.x.250.12
Client-IP-Address = x.x.250.12
NAS-Port-Type = Async
NAS-Port =
Proxy-policy-Name = use Windows authentication for all users
Authentication provider = Windows
Authentication server =
Policy-Name =
Authentication type PAP =
EAP-Type =
Code motif = 16
Reason = authentication was not successful because an unknown user or bad password name has been used.
On the debugging switch:
* 06:02:13.600 Mar 2: RADIUS: receipt id 1645/6 x.x.250.20:1645, Access-Reject, len 20
* 06:02:13.600 Mar 2: RADIUS: 24 84 60 FA B8 43 3rd A9 authenticator - AC 55 72 70 CE 34 BA 70
* 06:02:13.600 Mar 2: RADIUS: authenticator response decrypt fault, len 20 pak
* 06:02:13.600 Mar 2: RADIUS: package dump: 03060014248460FAB8433EA9AC557270CE34BA70
* 06:02:13.600 Mar 2: RADIUS: digest expected: D22363698E8862015AC91213B540D77C
* 06:02:13.600 Mar 2: RADIUS: authentic response: 248460FAB8433EA9AC557270CE34BA70
* 06:02:13.600 Mar 2: RADIUS: ask authentic: 32B4A229A7EB982A61EB31E29A24AA47
* 06:02:13.600 Mar 2: RADIUS: response (6) could not decipher
Please, create a new RADIUS client for the switch only and use a single key as "cisco" on both sides. Do not forget that we should not hit the space bar when you configure the key on the IOS since it will space as a valid shared key figure.
I hope this helps.
Kind regards.
Maybe you are looking for
-
My iPhone 5 suddenly turns off when I have the battery power. How can I solve this problem. Thank you
-
activate ipad appears on my ipad - cannot reset with my apple ID and the correct password.
My iPad - I've had in years - now on with the display 'activate iPad. " I use my good Apple ID and password, but the answer is "this identifier apple does not unlock this iPad." Someone knows how to handle around that?
-
How do I program labview to read all 8 compact fieldpoint modules?
I am new to fieldpoint and I my set-up block diagram to read 8 strain gauges using a SG-140 module. My basket is filled with strain gauge modules 8 SG-140, and I need to know how to fix my diagram to read all 8 modules of SG - 140. So, I need a tot
-
How can I PIN things on screen?
I bought my 310-1145UK (20 "all-in-one) of shopping TV. They have demonstrated how easily you can 'PIN' things at the carousel at the bottom of the screen on the screen itself. I tried for 3 months now to do (I want to pin live TV on your desktop
-
Hi, I use Windows XP Home Edition. I had difficulties to install security updates 11. An update of the sample is displayed above. All others are updated for security and all have the same error code. I clicked on the question mark next to the Red Cro