Cisco Router with IOS 12.2(2)XB/12.2(4)T or later unable to handle New PIN Mode and Next Tokencode Mode Authentications through RADIUS
Originally Published: 2003-11-04
Article Number
Applies To
IOS 12.2(2)XB/12.2(4)T or later
Issue
Resolution
12.2 mainline should not have this problem, but model 3745 only runs 12.2T or 12.3, so there's no other option for the 3745. Bottom line - this is a bug in the IOS. The issue arises because Multitransaction RADIUS authentication uses the state attribute in the server's response packet to maintain continuity of the transaction which is handled in UDP packets. The router fails to respond with the same state attribute in the third packet of the communication. There is no state attribute in the packet.
Cisco is aware of the issue as of November 1, 2003, see Cisco defect CSCed22074. Please contact Cisco for the fix. The problem does appear to be fixed in IOS 12.3.7T.
Related Articles
How long can an Agent wait to send a next tokencode or new pin message? Number of Views Users cannot authenticate successfully when the RSA SecurID token is in either Next Tokencode Mode or New PIN Mode when au… Number of Views SailPoint IdentityNow - End User Logon Experience Number of Views Being prompted to enter PIN when issuing certificate off of an nCipher based CA Number of Views Not being prompted for New Pin or Next Tokencode by Shiva NAS at a client computer with the Shiva Security Pack installed Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
