Troubleshooting Aaa & Radius & Hwtacacs Configuration; Troubleshooting The Radius Protocol - H3C S7500 Series Operation Manual
Hide thumbs
Also See for S7500 Series:
- Installation manual (79 pages) ,
- Operation manual (47 pages) ,
- Command manual (39 pages)
Table of Contents
Advertisement
Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
[H3C-isp-hwtacacs] scheme hwtacacs-scheme hwtac
1.8 Troubleshooting AAA & RADIUS & HWTACACS
Configuration
1.8.1 Troubleshooting the RADIUS Protocol
The RADIUS protocol is at the application layer in the TCP/IP protocol suite. This
protocol prescribes how the switch and the RADIUS server of the ISP exchange user
information with each other; therefore, it is likely that RADIUS configuration will become
faulty.
Symptom 1: User authentication/authorization always fails.
Possible reasons and solutions:
The entered user name is not in the userid@isp-name format, or no default ISP
domain is specified on the switch — Use the correct user name format, or set a
default ISP domain on the switch.
The user is not configured in the database of the RADIUS server — Check the
database of the RADIUS server; verify that the configuration information about the
user exists.
The user input an incorrect password — Verify that the correct password is input.
The switch and the RADIUS server have different shared keys — Compare the
shared keys at the two ends and verify that they are identical.
The switch cannot communicate with the RADIUS server (you can determine by
pinging the RADIUS server from the switch) — Take measures to make the switch
communicate with the RADIUS server normally.
Symptom 2: RADIUS packets cannot be sent to the RADIUS server.
Possible reasons and solutions:
The communication links (physical/link layer) between the switch and the RADIUS
server is disconnected/blocked — Take measures to make the links
connected/unblocked.
None or incorrect RADIUS server IP address is set on the switch — Be sure to set
a correct RADIUS server IP address.
One or all AAA UDP port settings are incorrect — Be sure to set the same UDP
port numbers as those on the RADIUS server.
Symptom 3: The user passes the authentication and gets authorized, but the
accounting information cannot be transmitted to the RADIUS server.
Possible reasons and solutions:
The accounting port number is not properly set — Be sure to set a correct port
number for RADIUS accounting.
The switch requests that both the authentication/authorization server and the
accounting server use the same device (with the same IP address), but in fact they
Chapter 1 AAA & RADIUS & HWTACACS
1-45
Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
