Aaa And Radius Protocol Fault Diagnosis And Troubleshooting - 3Com 7700 Configuration Manual

Example: AAA and
RADIUS Protocol
Configuration
AAA and RADIUS
Protocol Fault Diagnosis
and Troubleshooting
Table 34 Display and Debug AAA and RADIUS Protocol
Operation
Display related information of
user's connection
Display related information of
the local user
Display information of local
RADIUS server group
Display the configuration
information of all the RADIUS
server groups or a specified
one
Display the statistics
information of RADIUS packets
Display the stopping
accounting requests saved in
buffer without response (from
system view)
Delete the stopping
accounting requests saved in
buffer without response (from
system view)
AAA/RADIUS protocol configuration commands are generally used together with
802.1x configuration commands. Refer to the typical configuration examples
provided in "Configuring 802.1x".
RADIUS protocol of TCP/IP protocol suite is located on the application layer. It
mainly specifies how to exchange user information between NAS and RADIUS
server of ISP. So it is very likely to be invalid.
User authentication/authorization always fails
1 The username may not be in the userid@isp-name format. Or NAS has not been
configured with a default ISP domain. Please use the username in proper format
and configure the default ISP domain on NAS.
2 The user may have not been configured in the RADIUS server database. Check the
database and make sure that the configuration information of the user does exist
in the database.
3 The user may have input a wrong password. Make sure that the supplicant inputs
the correct password.
4 The encryption keys of RADIUS server and NAS may be different. Check carefully
and make sure that they are identical.
5 There might be some communication fault between NAS and RADIUS server,
which can be discovered through pinging RADIUS from NAS. Ensure the normal
communication between NAS and RADIUS.
Configuring the AAA and RADIUS Protocols
Command
display connection {access-type {dot1x | gcm} | domain
isp-name | interface portnum | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | vlan
vlanid | ucibindex ucib-index | user-name user-name}
display local-user [domain isp-name | idle-cut {disable |
enable} | service-type {telnet | ftp | lan-access } | state
{active | block} | user-name user-name | vlan vlan-id]
display local-server statistics
display radius [radius-server-name]
display radius statistics
display stop-accounting-buffer {radius-scheme
radius-scheme-name | session-id session-id | time-range
start-time stop-time | user-name user-name}
reset stop-accounting-buffer {radius-scheme
radius-scheme-name | session-id session-id | time-range
start-time stop-time | user-name user-name}
261