Announcement

Collapse
No announcement yet.

Radius configuration problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Radius configuration problem

    Hi all,
    New here and having an issue with radius config to where most routers on our network are working with this config and a few are not. Seems like the Radius server is functioning as it should. Whenever I try to authenticate I get the below error:

    RDI-MPLSRTR#test aaa group CLI-AUTH user password legacy
    Attempting authentication test to server-group CLI-AUTH using radius

    Oct 24 13:39:46.494: AAA: parse name=<no string> idb type=-1 tty=-1
    Oct 24 13:39:46.494: AAA/MEMORY: create_user (0x312B68CC) user='username' ruser='NULL' ds0=0 port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)No authoritative response from any server.

    BRDI-MPLSRTR#
    Oct 24 13:40:05.214: AAA/MEMORY: free_user (0x312B68CC) user='username' ruser='NULL' port='' rem_addr='NULL' authen_type=ASCII service=LOGIN priv=1 vrf= (id=0)
    BRDI-MPLSRTR#

    Here is my running config:

    Current configuration : 8660 bytes
    !
    ! Last configuration change at 11:25:08 Brazil Fri Oct 24 2014 by routeradm
    ! NVRAM config last updated at 17:57:15 Brazil Thu Oct 23 2014 by routeradm
    ! NVRAM config last updated at 17:57:15 Brazil Thu Oct 23 2014 by routeradm
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime localtime show-timezone
    service password-encryption
    !
    hostname BRDI-MPLSRTR
    !
    boot-start-marker
    boot-end-marker
    !
    !
    card type e1 0 0
    logging console informational
    enable secret 5 $1$V326$jfWrfTbyXz50acEwEiuWI0
    !
    aaa new-model
    !
    !
    aaa group server radius CLI-AUTH
    server 10.2.24.76
    !
    aaa authentication login default group CLI-AUTH local
    !
    !
    !
    !
    !
    aaa session-id common
    !
    clock timezone EDT -3 0
    clock summer-time Brazil recurring 1 Sun May 2:00 1 Sun Nov 2:00
    !
    no ipv6 cef
    ip source-route
    ip cef
    !
    !
    !
    !
    !
    ip domain name ******
    !
    multilink bundle-name authenticated
    !
    !
    crypto pki token default removal timeout 0
    !
    crypto pki trustpoint TP-self-signed-1554113946
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1554113946
    revocation-check none
    rsakeypair TP-self-signed-1554113946
    !
    !
    crypto pki certificate chain TP-self-signed-1554113946
    certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31353534 31313339 3436301E 170D3131 31303231 31323535
    35345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35353431
    31333934 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BABD 9AE60746 C2909671 FFD4616B 8914E2CB 281581FB 0C4B9870 26A8AB73
    2C7CD3B0 401FEAE5 B8C739AF 0D175E36 6EE0E855 525FCE4B 514CEA47 D4B682F3
    1AE30499 3C34BE1B 8A4761CC 542BE710 ACD858BC 372DD24F 7C7DB4E5 AC45C215
    8370618D 5A7EEA8C 9BF5F032 202FB95D B10B51ED 811821B4 739281B6 D5DA9656
    943B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 1450E3B0 EEC104F6 2D20BE53 CB4DF329 D56FA081 6B301D06
    03551D0E 04160414 50E3B0EE C104F62D 20BE53CB 4DF329D5 6FA0816B 300D0609
    2A864886 F70D0101 05050003 81810046 82C7D216 72A8349A BA603092 8189DCAA
    BE144B1D 5A4E35FB 432CEFF9 E1FA3BAE 29627CAF BCF1AD58 D36195DA D8BBB7B2
    277EA531 041BBED4 57BED255 24002958 116C21B5 E21726EE 3AE054ED AEE2CA6C
    F3085293 0D955571 56A2332F 324F3454 538716F8 9DAB8AC8 4CAE5221 853499F9
    F4058C3E B47F2A70 32F4E743 6B6121
    quit
    license udi pid CISCO2911/K9 sn FTX1543ALZ2
    !
    !
    archive
    log config
    hidekeys
    path ftp://10.2.24.31/BRDI-MPLSRTR/$h
    write-memory
    time-period 10080
    username ******
    username ******
    !
    redundancy
    !
    !
    !
    !
    controller E1 0/0/0
    clock source line independent
    channel-group 0 timeslots 1-31
    !
    ip ftp username ******
    ip ftp password
    !
    class-map match-any Voice-Video
    match dscp af41 ef
    class-map match-any BusinessCritical-VoiceSIG
    match access-group 152
    match dscp af21 af31
    !
    !
    policy-map QOS-LLQ
    class Voice-Video
    priority 768
    class BusinessCritical-VoiceSIG
    bandwidth 768
    class class-default
    !
    !
    !
    !
    !
    !
    !
    !
    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    description INSIDE < Brazil LAN Switch >
    ip address 10.14.16.2 255.255.254.0
    ip accounting output-packets
    ip virtual-reassembly in
    ip route-cache policy
    load-interval 30
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0/0:0
    description < L3 MPLS VPN: Pallcorp; Site-Circuit: Diadema 2005335985 >
    ip address ******* 255.255.255.252
    encapsulation ppp
    service-policy output QOS-LLQ
    !
    !
    router eigrp 64
    network 10.14.16.0 0.0.1.255
    network 10.14.18.0 0.0.1.255
    network 10.14.20.0 0.0.0.31
    network 10.14.20.32 0.0.0.31
    network 10.14.20.64 0.0.0.31
    redistribute bgp 65004 metric 1984 1 255 1 1500 route-map BGP-TO-EIGRP
    no eigrp log-neighbor-changes
    !
    router bgp 65004
    bgp log-neighbor-changes
    network 10.14.8.0 mask 255.255.255.0 backdoor
    network 10.14.16.0 mask 255.255.254.0
    network 10.14.18.0 mask 255.255.254.0
    network 10.14.20.0 mask 255.255.255.224
    network 10.14.20.32 mask 255.255.255.224
    network 10.14.20.64 mask 255.255.255.224
    network 100.65.0.128 mask 255.255.255.252
    neighbor ******** remote-as 3549
    neighbor ******** distribute-list BGP-DIST out
    !
    ip forward-protocol nd
    !
    no ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip flow-export source GigabitEthernet0/1
    ip flow-export version 9
    ip flow-export destination 10.2.24.76 9996
    !
    !
    ip access-list standard BGP-DIST
    permit 10.14.16.0 0.0.1.255
    permit 10.14.18.0 0.0.1.255
    permit 10.14.20.0 0.0.0.31
    permit 10.14.20.32 0.0.0.31
    permit 10.14.20.64 0.0.0.31
    ip access-list standard BLOCK-OSV
    remark < Block Registration >
    deny 10.2.26.0 0.0.0.255
    permit any
    ip access-list standard EIGRP-DIST
    permit 10.14.16.0 0.0.0.255
    permit 10.14.18.0 0.0.0.255
    ip access-list standard NYPW-DOM3
    remark < Route NYPW-DOMINO3 Traffic >
    permit 10.2.32.63
    ip access-list standard NYPWEH
    remark < Route NYPW and NYEH Traffic >
    permit 10.2.24.0 0.0.1.255
    permit 10.2.32.0 0.0.3.255
    permit 10.2.40.0 0.0.3.255
    permit 10.2.48.0 0.0.1.255
    ip access-list standard NYPWRT
    remark < Route NYPW Traffic >
    permit 10.2.24.0 0.0.1.255
    permit 10.2.32.0 0.0.3.255
    ip access-list standard PROXY-OUT
    permit 10.14.16.5
    permit 10.14.16.0 0.0.0.255
    ip access-list standard VoIPRT
    remark < Route From NYPW Traffic >
    deny 10.2.26.0 0.0.0.255
    deny 10.2.27.0 0.0.0.31
    deny 10.2.20.0 0.0.3.255
    deny 10.2.27.32 0.0.0.31
    deny 10.2.56.0 0.0.1.255
    deny 10.14.2.0 0.0.0.255
    permit any
    !
    ip radius source-interface GigabitEthernet0/1
    !
    logging trap warnings
    logging source-interface GigabitEthernet0/1
    logging 10.195.36.253
    access-list 15 permit 10.2.24.31
    access-list 15 permit 10.2.24.76
    access-list 15 permit 10.2.24.171
    access-list 15 permit 10.2.25.226
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 152 permit tcp any any range 3200 3299
    access-list 152 permit tcp any any eq telnet
    !
    !
    !
    !
    route-map EIGRP-TO-BGP deny 10
    match tag 65004
    !
    route-map EIGRP-TO-BGP permit 20
    set tag 64
    !
    route-map BGP-TO-EIGRP deny 10
    match tag 64
    !
    route-map BGP-TO-EIGRP permit 20
    set tag 65004
    !
    route-map PROXY-SERVER permit 10
    match ip address PROXYOUT
    set ip next-hop *********
    !
    !
    snmp-server community ******
    snmp-server community ******
    snmp-server community ******
    snmp-server ifindex persist
    snmp-server system-shutdown
    snmp-server host 10.2.48.100 *****
    radius-server host 10.2.24.76 key 7 00271A150754525F
    !
    !
    !
    control-plane
    !
    !
    banner motd ^CC
    ************************************************** *****************************
    * @@@@@@@@ Warning Notice: @@@@@@@@ **
    * ----------------------------------------------------------------------------*
    * This system is restricted solely to authorized users for legitimate *
    * business purposes only. The actual or attempted unauthorized *
    * access, use, or modification of this system is strictly prohibited by law. *
    * Unauthorized users are subject to disciplinary proceedings and/or criminal *
    * and civil penalties under state, federal, or other applicable domestic and *
    * foreign laws. The use of this system may be monitored and recorded for *
    * administrative and security reasons. Anyone accessing this system expressly *
    * consents to such monitoring and is advised that if monitoring reveals *
    * possible evidence of criminal activity, we may provide the evidence of such *
    * activity to law enforcement officials and be used as evidence in court. *
    ************************************************** *****************************
    ^C
    !
    line con 0
    line aux 0
    modem InOut
    transport input all
    speed 115200
    flowcontrol hardware
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    privilege level 15
    password 7 06162F0D080F081D08461C
    transport input ssh
    line vty 5 15
    privilege level 15
    password 7 051B2623650D4F0D145419
    transport input ssh
    !
    scheduler allocate 20000 1000
    ntp server 10.2.40.40
    end
Working...
X