Troubleshooting AAA/RADIUS/HWTACACS 779
[Switch] hwtacacs scheme hwtac
[Switch-hwtacacs-hwtac] primary authorization 10.1.1.2 49
[Switch-hwtacacs-hwtac] key authorization expert
[Switch-hwtacacs-hwtac] user-name-format without-domain
[Switch-hwtacacs-hwtac] quit
# Configure the RADIUS scheme.
[Switch] radius scheme rd
[Switch-radius-rd] primary accounting 10.1.1.1 1813
[Switch-radius-rd] key accounting expert
[Switch-radius-rd] server-type extended
[Switch-radius-rd] user-name-format without-domain
[Switch-radius-rd] quit
# Create local user named telnet.
[Switch] local-user telnet
[Switch-luser-telnet] service-type telnet
[Switch-luser-telnet] password simple telnet
# Configure the AAA schemes of the ISP domain.
[Switch] domain 1
[Switch-isp-1] authentication login local
[Switch-isp-1] authorization login hwtacacs-scheme hwtac
[Switch-isp-1] accounting login radius-scheme rd
[Switch-isp-1] quit
# Configure the default AAA schemes for all types of users.
[Switch] domain 1
[Switch-isp-1] authentication default local
[Switch-isp-1] authorization default hwtacacs-scheme hwtac
[Switch-isp-1] accounting default radius-scheme cams
Troubleshooting
AAA/RADIUS/HWTAC
ACS
Troubleshooting RADIUS Symptom1: User authentication/authorization always fails.
Analysis:
1 A communication failure exists between the NAS and the RADIUS server.
2 The username is not in the format of userid@isp-name or no default ISP domain is
specified for the NAS.
3 The user is not configured on the RADIUS server.
4 The password of the user is incorrect.
5 The RADIUS server and the NAS are configured with different shared key.
Solution:
To Next Page
Loading...
