Huawei V200R001C01 - Tacacs Server

Huawei V200R001C01

391 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Figure 10-4 HWTACACS authentication fails

RouterA

RouterB

RouterC

RouterD

Loopback0 Loopback0

Loopback0 Loopback0

TACACS server

202.102.216.245/24

202.97.30.227/32

After the configuration, the user fails to pass the Huawei Terminal Access Controller Access-

Control System (HWTACACS) authentication by using the valid user name and password.

Fault Analysis

1. Check the user name and password configured on the HWTACACS server. The configured

user name and password are the same as those entered by the user.

2. Run the ping command on RouterA to ping the HWTACACS server. The ping operation

is successful.

3. Run the display current-configuration command on RouterA to check the HWTACACS

configuration. The following configuration is displayed in the HWTACACS server

template:

hwtacacs-server source-ip 202.97.30.227

In the preceding information, 202.97.30.227 is the IP address of the loopback interface on

RouterA.

This IP address is contained in the IS-IS routing table and is used as the source IP address

of HWTACACS packets sent by RouterA. The IS-IS configuration has been deleted;

therefore, RouterA cannot receive the authentication response packet with the destination

address 202.97.30.227 sent from the HWTACACS server. This may be the cause for the

HWTACACS authentication failure.

4. Run the ping -a 202.97.30.227 202.102.216.245 command on RouterA to check whether

the loopback interface address can ping the IP address of the HWTACACS server. Here,

the IP address of the HWTACACS server is 202.102.216.245. The ping operation fails.

5. Run the display ip routing-table command on RouterA. The command output shows that

the IP address of this loopback interface is not advertised by the OSPF protocol.

According to the preceding information, you can confirm that the authentication fails

because the IS-IS configuration is deleted and the OSPF protocol does not advertise the

loopback interface address.

Huawei AR2200-S Series Enterprise Routers

Troubleshooting 10 Security

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

281

Table of Contents

Related product manuals

Huawei WS7100 V2

Preview: Huawei EchoLife EG8145V5-V2

Huawei EchoLife EG8145V5-V2

Preview: Huawei V300R005

Huawei V300R005

Preview: Huawei V100R006C00

Huawei V100R006C00

Preview: Huawei Vodafone B970

Huawei Vodafone B970

Preview: Huawei Vodafone AR1220

Huawei Vodafone AR1220

Preview: Huawei E173

Preview: Huawei B2368

Preview: Huawei B310s

Preview: Huawei e5180s

Preview: Huawei HG8245H

Preview: Huawei B311-221

Huawei B311-221