Cisco Router with IOS 12.2(2)XB/12.2(4)T or later unable to handle New PIN Mode and Next Tokencode Mode Authentications through RADIUS
Originally Published: 2003-11-04
Article Number
Applies To
IOS 12.2(2)XB/12.2(4)T or later
Issue
Resolution
12.2 mainline should not have this problem, but model 3745 only runs 12.2T or 12.3, so there's no other option for the 3745. Bottom line - this is a bug in the IOS. The issue arises because Multitransaction RADIUS authentication uses the state attribute in the server's response packet to maintain continuity of the transaction which is handled in UDP packets. The router fails to respond with the same state attribute in the third packet of the communication. There is no state attribute in the packet.
Cisco is aware of the issue as of November 1, 2003, see Cisco defect CSCed22074. Please contact Cisco for the fix. The problem does appear to be fixed in IOS 12.3.7T.
Related Articles
How to clear next tokencode mode when the agent hosts the user is using is single transaction. Number of Views New PIN and next Tokencode modes fail when dialing through a Cisco NAS Number of Views How to set PINs and navigate Next Tokencode Mode for RSA SecurID Tokens using NTRadPing on SecurID Authentication Manager … Number of Views Users cannot authenticate successfully when the RSA SecurID token is in either Next Tokencode Mode or New PIN Mode when au… Number of Views How to replace an existing token in RSA Authentication Manager 8.x with a specific token and not with the Next Available T… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
