Got it
Huawei Enterprise Support Community
Community Forums WLAN
AC devcie cannot login th...

AC devcie cannot login through http but can pass through ssh

Latest reply: Nov 27, 2018 04:33:53 1520 14 8 0 0
View the author 1#

Problem Description: Customer use AC6605 - V200R007C20SPC300. 2 devices with same problem: Web UI is not working ,After displaying authentication page, customer fill login+password, then clicking LOGIN button , this authentication page appearing again

Problem Analysis: Clear the web browser cache or use other browser make test .

1. Use wireshark make a capture at the laptop side during the http login .

2. Confirm customer use which account login .

3. Make a screenshot when customer click login and refresh page .

4. Use ssh login device

Debugging aaa all

T m

T d

Then make test twice

Undo t m

Undo t d

Undo debugging all

<AC2>

Oct 24 2018 18:30:32.299.1+07:00 AC2 AAA/7/DEBUG:

AAA receive AAA_SRV_MSG_AUTHEN_REQ message from UCM module.

<AC2>

Oct 24 2018 18:30:32.299.2+07:00 AC2 AAA/7/DEBUG:

DestIndex:4 SrcIndex:4 Slot:0

User:111 Password:*** MAC:ffff-ffff-ffff

Slot:0 SubSlot:255 Port:255 VLAN:0

IP:91.245.33.150 AccessType:http AuthenType:PAP

AdminLevel:0 EapSize:0 AuthenCode:ADMIN

ulInterface:4294967295 ChallengeLen:16 ChapID:255

LineType:0 LineIndex:0 PortType:5

AcctSessionId:AC2002552550000000003baa260000004

<AC2>

Oct 24 2018 18:30:32.299.3+07:00 AC2 AAA/7/DEBUG:

AAA_MAIN initiate NormalAuthenReq event to AAA_AUTHEN module.

CID:0 Result:0 Info:870435780

<AC2>

Oct 24 2018 18:30:32.299.4+07:00 AC2 AAA/7/DEBUG:

[AAA EVENT]AAA_EventDispatch. (EventCode=1)

<AC2>

Oct 24 2018 18:30:32.299.5+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]Get domain index from authentication request.

<AC2>

Oct 24 2018 18:30:32.299.6+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]User authentication domain name is default_admin

<AC2>

Oct 24 2018 18:30:32.299.7+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]authen scheme index is:0

<AC2>

Oct 24 2018 18:30:32.299.8+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]authen method is:2, Place is 2

<AC2>

Oct 24 2018 18:30:32.299.9+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]No such local user exist, send to the next authen place.

<AC2>

Oct 24 2018 18:30:32.299.10+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]AAA get user group author info. (RadiusAuthenFlag=0)

<AC2>

Oct 24 2018 18:30:32.299.11+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]AAA get service-scheme author info. (RadiusAuthenFlag=0)

<AC2>

Oct 24 2018 18:30:32.299.12+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]Author of DaaTariffLevel.(DaaEnableFlag=0, UpStat=0, DownStat=0, Acct=0, QosProfile1 =, QosProfile2 =,)

<AC2>

Oct 24 2018 18:30:32.299.13+07:00 AC2 AAA/7/DEBUG:

[AAA ERROR]authen finish,the authen fail reason is:3

<AC2>

Oct 24 2018 18:30:32.299.14+07:00 AC2 AAA/7/DEBUG:

AAA send AAA_SRV_MSG_AUTHEN_ACK message to UCM module.

<AC2>

Oct 24 2018 18:30:32.299.15+07:00 AC2 AAA/7/DEBUG:

DestIndex:4 SrcIndex:4 Slot:4294967295

Result:201 DomainIndex:1 ServiceScheme:65535

AuthedPalace:2 VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0

IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0

SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295

EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295

RTAcctInterval:4294967295 Priority:[255,255]

AdminLevel:255 NextHop:4294967295

EapSize:0 ReplyMessage:Authentication fail

TunnelType:0 MediumType:0 PrivateGroupID:

<AC2>

Oct 24 2018 18:30:32.299.16+07:00 AC2 AAA/7/DEBUG:

AAA receive AAA_CM_MSG_RESET_SESSION_REQ message from UCM module.

<AC2>

Oct 24 2018 18:30:32.299.17+07:00 AC2 AAA/7/DEBUG:

DestIndex:4 SrcIndex:4 Slot:0

MsgCode:83

<AC2>

Oct 24 2018 18:30:32.299.18+07:00 AC2 AAA/7/DEBUG:

AAA_MAIN initiate ResetSession event to AAA_AUTHEN module.

CID:0 Result:0 Info:866312768

<AC2>

Oct 24 2018 18:30:32.299.19+07:00 AC2 AAA/7/DEBUG:

[AAA EVENT]AAA_EventDispatch. (EventCode=113)

<AC2>

Oct 24 2018 18:30:32.299.20+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]Reset Authen Session By CID fail for no session exists. (CID=4)

<AC2>

Oct 24 2018 18:30:32+07:00 AC2 %HTTP/4/LOGIN_FAIL(l)[0]:User login failed. (UserName=111, IPAddr=1.2.33.150, AccessType=WEB)

After checked the debugging information , I cannot find any reason caused the same user cannot login the device through http .

5. Use ssh login the device then check aaa online failed reason .

[AC2-diagnose]dis aaa abnormal-offline-record all b

------------------------------------------------------------------------------

UserID Username IP address MAC Reason

------------------------------------------------------------------------------

6 aaaa 1.2.33.150 - Start accounting fail

3 aaaa 1.2.33.150 - Start accounting fail

6. We got the user offline reason is start accounting fail , so we need to check aaa configuration .

<AC2>display aaa configuration

Domain Name Delimiter : @

Domainname parse direction : Left to right

Domainname location : After-delimiter

Administrator user default domain: default_admin

Normal user default domain : default

Domain : total: 64 used: 2

Authentication-scheme : total: 65 used: 2

Accounting-scheme : total: 64 used: 1

Authorization-scheme : total: 64 used: 1

Service-scheme : total: 64 used: 0

Recording-scheme : total: 64 used: 0

Local-user : total: 1000 used: 4

Local-user block retry-interval : 5 Min(s)

Local-user block retry-time : 3

Local-user block time : 5 Min(s)

Remote-user block retry-interval : 30 Min(s)

Remote-user block retry-time : 30

Remote-user block time : 30 Min(s)

Session timeout invalid enable : No

aaa

authentication-scheme default

authentication-scheme radius

authentication-mode radius

authorization-scheme default

accounting-scheme default //we can see the default accounting-scheme configured radius mode .

accounting-mode radius

domain default

authentication-scheme default

domain default_admin

authentication-scheme default

Root Cause:Customer configuration wrong accounting-scheme mode , for customer situation scene , we need to configure local mode

Solution Description:

[AC2-aaa]accounting-scheme test

Info: Create a new accounting scheme.

[AC2-aaa]domain default_admin

[AC2-aaa-domain-default_admin]accounting-scheme test

[AC2-aaa-domain-default_admin]dis this

#

domain default_admin

authentication-scheme default

accounting-scheme test

Like (8) Dislike (0) Favorite(0) Share Report
Previous: helping in deploying configuration from AC6005 to 9 APS AP5130DN
Next: Asking help on wlan planner software
(1) (0)
2#
faysalji
Author Created Oct 25, 2018 06:28:21

Thanks for sharing the case
View more
  • x
  • convention:
(0) (0)
3#
Torrent
Created Oct 25, 2018 06:29:07

When a user frequently uses a command or some commands, the user can use shortcut keys to define these commands. Only management-level users and configuration-level users have the rights to define shortcut keys. The configurations are as follows:
  1. Run the system-view command to enter the system view.
  2. Run the hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_U } command-text command to configure a shortcut key corresponding to a command.
The system supports four user-defined shortcut keys and the default values are as follows:
This post was last edited by Torrent at 2018-10-31 06:55.
View more
  • x
  • convention:
(0) (0)
4#
SupperRobin
Created Oct 25, 2018 06:29:36

To enhance security, a password must meet the minimum strength requirements. That is, the password needs to contain at least three types of the following characters: uppercase letters (A to Z), lowercase letters (a to z), digits (0 to 9), and special characters, such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent (%).
Please keep the new password you entered safe for your next login.

This post was last edited by SupperRobin at 2018-10-31 06:36.
View more
  • x
  • convention:
(0) (0)
5#
Mark.hu
Created Oct 25, 2018 06:29:54

AC devcie cannot login through http but can pass through ssh This is a frequently encountered problem. I want to pay attention to the following information about the key points inside. 
1. Use wireshark make a capture at the laptop side during the http login .
2. Confirm customer use which account login .
3. Make a screenshot when customer click login and refresh page .
4. Use ssh login device
This post was last edited by Mark.hu at 2018-10-31 06:33.
View more
  • x
  • convention:
(0) (0)
6#
yangyong
Created Oct 25, 2018 06:29:56

AC devcie cannot login through http but can pass through ssh The upgrade methods of ACs are as follows:
1. Upgrade using the CLI. For details, see How to upgrade the AC version on the CLI.
2. Upgrade using the BootROM. For details, see How to upgrade an AC through BootROM.
3. Upgrade using the web platform. The web page varies depending on the AC version. For details, see the section "AC Upgrade Using the Web Platform" in the Upgrade Guide of the specified version. This post was last edited by yangyong at 2018-10-31 07:09.
View more
  • x
  • convention:
(0) (0)
7#
littlestone
Created Oct 25, 2018 06:30:05

nullThis is a great article, I am interested in this article, which is very helpful for our daily troubleshooting. I always have similar problems in my daily work, but I don't know how to deal with them. Now I have a definite idea. Thank you very much for sharing. Hopefully you can update to continue like this
View more
  • x
  • convention:
(0) (0)
8#
littlestone
Created Oct 26, 2018 06:15:03

The specifications provided in this manual are tested in lab environment (for example, the tested device has been configured with a certain type of cards or only one protocol is run on the device). Results may differ from the listed specifications when you attempt to obtain the maximum values with multiple functions enabled on the device. This post was last edited by littlestone at 2018-10-31 05:50.
View more
  • x
  • convention:
(0) (0)
9#
GongXiaochuan
Created Oct 26, 2018 06:16:47

thank you for sharing the correct steps

This post was last edited by GongXiaochuan at 2018-10-30 05:58.
View more
  • x
  • convention:
(0) (0)
10#
Finn92
Created Oct 26, 2018 06:21:23

Usage Scenario

After the accounting scheme configuration is complete, run the display accounting-scheme command to view the configuration of accounting schemes.

Before applying an accounting scheme to a domain, run the display accounting-scheme command to check whether configuration of the accounting scheme is correct.

Precautions

The display accounting-scheme command displays the detailed configuration if the name of an accounting scheme is specified. Otherwise, this command displays only the summary of accounting schemes.

 

This post was last edited by Finn92 at 2018-10-31 08:51.
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.