|Applies To||Cisco Router 3745|
IOS 12.2(2)XB/12.2(4)T or later
|Issue||Cisco Router with IOS 12.2(2)XB/12.2(4)T or later unable to handle New PIN Mode and Next Tokencode Mode Authentications through RADIUS|
|Resolution||This is a known Cisco bug, and there is no workaround for this problem for Cisco Router model 3745 because this router model is restricted in terms of the code trains that can run on it. This problem exists in IOS 12.2(2)XB/12.2(4)T or later.|
12.2 mainline should not have this problem, but model 3745 only runs 12.2T or 12.3, so there's no other option for the 3745. Bottom line - this is a bug in the IOS. The issue arises because Multitransaction RADIUS authentication uses the state attribute in the server's response packet to maintain continuity of the transaction which is handled in UDP packets. The router fails to respond with the same state attribute in the third packet of the communication. There is no state attribute in the packet.
Cisco is aware of the issue as of November 1, 2003, see Cisco defect CSCed22074. Please contact Cisco for the fix. The problem does appear to be fixed in IOS 12.3.7T.
|Legacy Article ID||a19296|