3com 8807 User Guide
Troubleshooting AAA and RADIUS/HWTACACS
265
n
The configuration of the FTP and Telnet users can refer to User Interface
Configuration of Getting Started Operation part in Switch 8800 Family Series
Routing Switches Operation Manual.
Configuration of Getting Started Operation part in Switch 8800 Family Series
Routing Switches Operation Manual.
# Configure a HWTACACS scheme.
[SW8800] hwtacacs scheme hwtac
[3Com-hwtacacs-hwtac] primary authentication 10.110.91.164
[3Com-hwtacacs-hwtac] primary authorization 10.110.91.164
[3Com-hwtacacs-hwtac] key authentication expert
[3Com-hwtacacs-hwtac] key authorization expert
[3Com-hwtacacs-hwtac] user-name-format without-domain
[3Com-hwtacacs-hwtac] quit
# Associate the Domain with the HWTACACS scheme.
[SW8800] domain hwtacacs
[3Com-isp-hwtacacs] scheme hwtacacs-scheme hwtac
Troubleshooting AAA
and
RADIUS/HWTACACS
and
RADIUS/HWTACACS
RADIUS/HWTACACS protocol is located on the application layer of TCP/IP protocol
suite. It mainly specifies how to exchange user information between NAS and
RADIUS/HWTACACS server of ISP. So it is very likely to be invalid.
suite. It mainly specifies how to exchange user information between NAS and
RADIUS/HWTACACS server of ISP. So it is very likely to be invalid.
Symptom: User authentication/authorization always fails
Solution:
■
The username may not be in the userid@isp-name format or NAS has not been
configured with a default ISP domain. Please use the username in proper
format and configure the default ISP domain on NAS.
configured with a default ISP domain. Please use the username in proper
format and configure the default ISP domain on NAS.
■
The user may have not been configured in the RADIUS/HWTACACS server
database. Check the database and make sure that the configuration
information of the user does exist in the database.
database. Check the database and make sure that the configuration
information of the user does exist in the database.
■
The user may have input a wrong password. So please make sure that the
supplicant inputs the correct password.
supplicant inputs the correct password.
■
The encryption keys of RADIUS/HWTACACS server and NAS may be different.
Please check carefully and make sure that they are identical.
Please check carefully and make sure that they are identical.
■
There might be some communication fault between NAS and
RADIUS/HWTACACS server, which can be discovered through pinging
RADIUS/HWTACACS server from NAS. So please ensure the normal
communication between NAS and RADIUS/HWTACACS server.
RADIUS/HWTACACS server, which can be discovered through pinging
RADIUS/HWTACACS server from NAS. So please ensure the normal
communication between NAS and RADIUS/HWTACACS server.
Symptom: RADIUS/HWTACACS packet cannot be transmitted to
RADIUS/HWTACACS server.
RADIUS/HWTACACS server.
Solution:
■
The communication lines (on physical layer or link layer) connecting NAS and
RADIUS/HWTACACS server may not work well. So please ensure the lines work
well.
RADIUS/HWTACACS server may not work well. So please ensure the lines work
well.
■
The IP address of the corresponding RADIUS/HWTACACS server may not have
been set on NAS. Please set a proper IP address for RADIUS/HWTACACS server.
been set on NAS. Please set a proper IP address for RADIUS/HWTACACS server.