3Com 4210 PWR - Troubleshooting AAA

567 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

266 CHAPTER 21: AAA CONFIGURATION

This method is similar to the remote authentication method described in “Remote

RADIUS Authentication of Telnet/SSH Users”. However, you need to

■ Change the server IP address, and the UDP port number of the authentication

server to 127.0.0.1, and 1645 respectively in the configuration step "Configure

a RADIUS scheme" in

“Remote RADIUS Authentication of Telnet/SSH Users”.

■ Enable the local RADIUS server function, set the IP address and shared key for

the network access server to 127.0.0.1 and aabbcc, respectively.

■ Configure local users.

Troubleshooting AAA The RADIUS protocol operates at the application layer in the TCP/IP protocol suite.

This protocol prescribes how the switch and the RADIUS server of the ISP

exchange user information with each other.

Symptom 1: User authentication/authorization always fails.

Possible reasons and solutions:

■ The user name is not in the userid@isp-name or userid.isp-name format, or the

default ISP domain is not correctly specified on the switch - Use the correct user

name format, or set a default ISP domain on the switch.

■ The user is not configured in the database of the RADIUS server - Check the

database of the RADIUS server, make sure that the configuration information

about the user exists.

■ The user input an incorrect password - Be sure to input the correct password.

■ The switch and the RADIUS server have different shared keys - Compare the

shared keys at the two ends, make sure they are identical.

■ The switch cannot communicate with the RADIUS server (you can determine by

pinging the RADIUS server from the switch) - Take measures to make the

switch communicate with the RADIUS server normally.

Symptom 2: RADIUS packets cannot be sent to the RADIUS server.

Possible reasons and solutions:

■ The communication links (physical/link layer) between the switch and the

RADIUS server is disconnected/blocked - Take measures to make the links

connected/unblocked.

■ None or incorrect RADIUS server IP address is set on the switch - Be sure to set

a correct RADIUS server IP address.

■ One or all AAA UDP port settings are incorrect - Be sure to set the same UDP

port numbers as those on the RADIUS server.

Symptom 3: The user passes the authentication and gets authorized, but the

accounting information cannot be transmitted to the RADIUS server.

Possible reasons and solutions:

■ The accounting port number is not properly set - Be sure to set a correct port

number for RADIUS accounting.

Table of Contents

Related product manuals

3Com Switch 4210 26-Port

Preview: 3Com 4210

Preview: 3Com Switch 4210 Series

3Com Switch 4210 Series

Preview: 3Com 4200G PWR

3CR17571-91 - Switch 4500 PWR

Preview: 3Com 2924-PWR

Preview: 3Com 5500-EI PWR

3Com 5500-EI PWR

Preview: 3Com Baseline 2426-PWR Plus

3Com Baseline 2426-PWR Plus

Preview: 2928 - Baseline Plus Switch PWR

2928 - Baseline Plus Switch PWR

Preview: 3Com 4200G

3Com 4200G 48-Port

Preview: 3Com SUPERSTACK 4226T

3Com SUPERSTACK 4226T