Troubleshooting Aaa; Troubleshooting Radius - H3C S5120-EI Series Operation Manual

<Switch> system-view
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0
[Switch-Vlan-interface2] quit
# Generate RSA and DSA key pairs and enable the SSH server.
[Switch] public-key local create rsa
[Switch] public-key local create dsa
[Switch] ssh server enable
# Configure the switch to use AAA for SSH users.
[Switch] user-interface vty 0 4
[Switch-ui-vty0-4] authentication-mode scheme
# Configure the user interfaces to support SSH.
[Switch-ui-vty0-4] protocol inbound ssh
[Switch-ui-vty0-4] quit
# Configure the RADIUS scheme.
[Switch] radius scheme rad
[Switch-radius-rad] primary authentication 10.1.1.1 1812
[Switch-radius-rad] primary accounting 10.1.1.1 1813
[Switch-radius-rad] key authentication expert
[Switch-radius-rad] key accounting expert
[Switch-radius-rad] user-name-format with-domain
[Switch-radius-rad] quit
# Configure the AAA methods for the domain.
[Switch] domain bbb
[Switch-isp-bbb] authentication login radius-scheme rad
[Switch-isp-bbb] authorization login radius-scheme rad
[Switch-isp-bbb] accounting login radius-scheme rad
[Switch-isp-bbb] quit
When using SSH to log in, a user enters a username in the form userid@bbb for authentication using
domain bbb.
3) Verify the configuration
After the above configuration, the SSH user should be able to use the configured account to access the
user interface of the switch. The commands that the user can access depend on the settings for EXEC
users on the CAMS server.

Troubleshooting AAA

Troubleshooting RADIUS

Symptom 1: User authentication/authorization always fails.
Analysis:
1) A communication failure exists between the NAS and the RADIUS server.
2) The username is not in the format of userid@isp-name or no default ISP domain is specified for the
NAS.
3) The user is not configured on the RADIUS server.
1-40