Switch access authentication problems

yanchick · Post by **yanchick** » 17 Mar 2010 04:57

I have the problem with telnet access through radius server(Cisco ACS 4.2).
Error, that I get back from the switch:
"Authentication failure : Server configuration error, contact your administrator"

I've read the knowledge base solutions:
https://service.esd.alcatel-lucent.com/ ... umber=5925

https://service.esd.alcatel-lucent.com/ ... umber=5763

but it didnt help me.

All switches(6800,6850,7800,7700 Software Versions 6.3.1.999.R01, 5.4.1.444.R01) return the same error

Switch configuration:
aaa radius-server "RADIUS" host x.x.x.x key xxx auth-port 1645 acct-port 1646
aaa authentication telnet "RADIUS" "local"

ACS configuration:
UDV with VSAs installed
(VSA 9=Alcatel-Asa-Access
VSA 39=Alcatel-Acce-Priv-F-R1
VSA 40=Alcatel-Acce-Priv-F-R2
VSA 41=Alcatel-Acce-Priv-F-W1
VSA 42=Alcatel-Acce-Priv-F-W2)

Radius Alcatel Attributes:
[800\009] Alcatel-Asa-Access all
[800\039] Alcatel-Acce-Priv-F-R1 4294967295
[800\040] Alcatel-Acce-Priv-F-R2 4294967295
[800\041] Alcatel-Acce-Priv-F-W1 4294967295
[800\042] Alcatel-Acce-Priv-F-W2 4294967295

Any ideas?

Thanx

benny · Post by **benny** » 21 Mar 2010 07:39

What about the logs on the ACS server? The configuration seems to be ok ... (as long as your ACS is really on ports 1645 and 1646, normally it should be 1812 and 1813 ..)

-benny

yanchick · Post by **yanchick** » 22 Mar 2010 10:31

I tried to change authentication and accounting ports - unfortunately I got the same.
About logs... then I enter wrong name or pass Alcatel return Rejected and ACS reports in Failed attemps:

Mesage type - "Authen failed"
User-Name -
Network Access Profile Name-
Authen-Failure-Code - "ACS user unknown" or "ACS password invalid"
NAS-Port -1001 (it depens on value 0,8 or 4294967295 in attributes column- Alcatel-Acce-Priv-F-R1 and other )
NAS-IP-Address - x.x.x.x
Access Device - Device name

Then I enter right name and pass - nothing in Log (Radius accounting report is empty)

Waiting for reply. Thanx

yanchick · Post by **yanchick** » 22 Mar 2010 10:33

I found the same problem in the old forum
http://old.alcatelunleashed.com/viewtop ... 98&start=0
But I cant read the solution in alcatel knowledge base, because it was deleted. (https://service.esd.alcatel-lucent.com/ ... umber=2272)

yanchick · Post by **yanchick** » 23 Mar 2010 06:18

and Passed Authentication Log File:
time,date,User-Name,Group-Name,NAS-IP-Address, Network Access Profile Name, Access Device
Message Type - Authen OK
NAS-Port - 1015

cedric1 · Post by **cedric1** » 07 Apr 2010 15:56

is your pb solved ?

yanchick · Post by **yanchick** » 06 May 2010 01:49

yeah,
after deleting from .ini file the next strings:

Need Internal Length = TRUE
ID Length=2

cedric1 · Post by **cedric1** » 06 May 2010 04:50

ok

thanks for update