Operation Manual – AAA-RADIUS-HWTACACS-EAD
H3C S3600 Series Ethernet Switches-Release 1510
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-46
III. Configuration procedure
# Add a Telnet user.
(Omitted here)
# Configure a HWTACACS scheme.
<H3C> system-view
[H3C] hwtacacs scheme hwtac
[H3C-hwtacacs-hwtac] primary authentication 10.110.91.164 49
[H3C-hwtacacs-hwtac] primary authorization 10.110.91.164 49
[H3C-hwtacacs-hwtac] key authentication expert
[H3C-hwtacacs-hwtac] key authorization expert
[H3C-hwtacacs-hwtac] user-name-format without-domain
[H3C-hwtacacs-hwtac] quit
# Configure the domain name of the HWTACACS scheme to hwtac.
[H3C] domain hwtacacs
[H3C-isp-hwtacacs] scheme hwtacacs-scheme hwtac
1.8 Troubleshooting AAA & RADIUS & HWTACACS
Configuration
1.8.1 Troubleshooting RADIUS Configuration
The RADIUS protocol operates at the application layer in the TCP/IP protocol suite.
This protocol prescribes how the switch and the RADIUS server of the ISP exchange
user information with each other.
Symptom 1: User authentication/authorization always fails.
Possible reasons and solutions:
z The user name is not in the userid@isp-name format, or the default ISP domain is
not correctly specified on the switch — Use the correct user name format, or set a
default ISP domain on the switch.
z The user is not configured in the database of the RADIUS server — Check the
database of the RADIUS server, make sure that the configuration information
about the user exists.
z The user input an incorrect password — Be sure to input the correct password.
z The switch and the RADIUS server have different shared keys — Compare the
shared keys at the two ends, make sure they are identical.
z The switch cannot communicate with the RADIUS server (you can determine by
pinging the RADIUS server from the switch) — Take measures to make the switch
communicate with the RADIUS server normally.
Symptom 2: RADIUS packets cannot be sent to the RADIUS server.
Possible reasons and solutions:
To Next Page
Loading...
Need help?
General