Login Authentication Using Radius/Tacacs+ Is Not Possible - Alaxala AX6700S series Troubleshooting Manual

2. Use the
Specify the login number you checked in step 1, to the
Execution example
(config)# $killuser 1
(2) When connected to a remote terminal
Temporarily shut down the remote terminal, and then re-connect it.
If any users are still logged in, see Table 3-5: Problems occurring during connection to a remote
terminal and action to take and follow item number 4 to resolve the problem.

3.3.4 Login authentication using RADIUS/TACACS+ is not possible

If a login cannot be authenticated by using RADIUS or TACACS+, check the following:
1. Communication with the RADIUS or TACACS+ server
Use the
TACACS+ server has been established. If a connection has not been established, see
3.7.1 Communication is not possible or is disconnected. If a local address is specified in the
configuration, use the
from the Switch to the RADIUS or TACACS+ server has been established.
2. Settings for the timeout value and the number of retries
For RADIUS authentication, depending on the
retransmit
length of time required by the Switch to determine that the Switch is unable to connect to the
RADIUS server is calculated as follows: <set-response-timeout-value-(in-seconds)> x
<set-number-of-retries> x <set-number-of-RADIUS-servers>.
For TACACS+ authentication, depending on the
timeout
Switch to determine that the Switch is unable to connect to the TACACS+ server is calculated
as follows: <set-response-timeout-value-(in-seconds)> x
<set-number-of-TACACS+-servers>. If the time increases significantly, an application on a
remote terminal, such as Telnet, might have terminated due to a timeout. If this happens,
change the RADIUS or TACACS+ configuration settings or the timeout setting of an
application running on a remote terminal. In addition, Telnet or FTP might have failed even
when a message indicating successful RADIUS or TACACS+ authentication is output to the
operation log. In this case, an application running on a remote terminal might time out before
the application can connect to a running RADIUS or TACACS+ server of those servers you
specified in the configuration. Change the settings so that a running RADIUS or TACACS+
server takes priority, or decrease the value of <response-timeout-value-(in-seconds)> x
<number-of-retries>.
3. Action to take when a login to the Switch is not possible
If you cannot log in to the Switch due to, for example, incorrect settings, log in from the
console and modify the settings. If login authentication has also been implemented on the
console by the
default restart and then log in.
command to forcibly log out the target user.
killuser
command to check if a connection from the Switch to the RADIUS or
ping
command from the local address to make sure that a connection
ping
, and
radius-server timeout
configuration command settings, the maximum length of time required by the
aaa authentication login console
3. Troubleshooting Functional Failures During Operation
login no.
radius-server host
configuration command settings, the maximum
tacacs-server host
configuration command, perform a
parameter.
,
radius-server
and
tacacs-server
29