Troubleshooting Aaa; Troubleshooting Radius Configuration - 3Com 5500-EI PWR Install Manual
Hide thumbs
Also See for 5500-EI PWR:
- Reference manual (1314 pages) ,
- Getting started manual (118 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
[Sysname-hwtacacs-hwtac] primary authentication 10.110.91.164 49
[Sysname-hwtacacs-hwtac] primary authorization 10.110.91.164 49
[Sysname-hwtacacs-hwtac] key authentication aabbcc
[Sysname-hwtacacs-hwtac] key authorization aabbcc
[Sysname-hwtacacs-hwtac] user-name-format without-domain
[Sysname-hwtacacs-hwtac] quit
# Configure the domain name of the HWTACACS scheme to hwtac.
[Sysname] domain hwtacacs
[Sysname-isp-hwtacacs] scheme hwtacacs-scheme hwtac
Troubleshooting AAA
Troubleshooting RADIUS Configuration
The RADIUS protocol operates at the application layer in the TCP/IP protocol suite. This protocol
prescribes how the switch and the RADIUS server of the ISP exchange user information with each
other.
Symptom 1: User authentication/authorization always fails.
Possible reasons and solutions:
The username is not in the userid@isp-name or userid.isp-name format, or the default ISP domain
is not correctly specified on the switch — Use the correct username format, or set a default ISP
domain on the switch.
The user is not configured in the database of the RADIUS server — Check the database of the
RADIUS server, make sure that the configuration information about the user exists.
The user input an incorrect password — Be sure to input the correct password.
The switch and the RADIUS server have different shared keys — Compare the shared keys at the
two ends, make sure they are identical.
The switch cannot communicate with the RADIUS server (you can determine by pinging the
RADIUS server from the switch) — Take measures to make the switch communicate with the
RADIUS server normally.
Symptom 2: RADIUS packets cannot be sent to the RADIUS server.
Possible reasons and solutions:
The communication links (physical/link layer) between the switch and the RADIUS server is
disconnected/blocked — Take measures to make the links connected/unblocked.
None or incorrect RADIUS server IP address is set on the switch — Be sure to set a correct
RADIUS server IP address.
One or all AAA UDP port settings are incorrect — Be sure to set the same UDP port numbers as
those on the RADIUS server.
Symptom 3: The user passes the authentication and gets authorized, but the accounting information
cannot be transmitted to the RADIUS server.
Possible reasons and solutions:
The accounting port number is not properly set — Be sure to set a correct port number for RADIUS
accounting.
The switch requests that both the authentication/authorization server and the accounting server
use the same device (with the same IP address), but in fact they are not resident on the same
device — Be sure to configure the RADIUS servers on the switch according to the actual situation.
2-30
Advertisement
Chapters
Table of Contents
Troubleshooting
