Got it
Huawei Enterprise Support Community
Community Forums WLAN
AC devcie cannot login th...

AC devcie cannot login through http but can pass through ssh

Latest reply: Nov 27, 2018 04:33:53 1518 14 8 0 0
View the author 1#

Problem Description: Customer use AC6605 - V200R007C20SPC300. 2 devices with same problem: Web UI is not working ,After displaying authentication page, customer fill login+password, then clicking LOGIN button , this authentication page appearing again

Problem Analysis: Clear the web browser cache or use other browser make test .

1. Use wireshark make a capture at the laptop side during the http login .

2. Confirm customer use which account login .

3. Make a screenshot when customer click login and refresh page .

4. Use ssh login device

Debugging aaa all

T m

T d

Then make test twice

Undo t m

Undo t d

Undo debugging all

<AC2>

Oct 24 2018 18:30:32.299.1+07:00 AC2 AAA/7/DEBUG:

AAA receive AAA_SRV_MSG_AUTHEN_REQ message from UCM module.

<AC2>

Oct 24 2018 18:30:32.299.2+07:00 AC2 AAA/7/DEBUG:

DestIndex:4 SrcIndex:4 Slot:0

User:111 Password:*** MAC:ffff-ffff-ffff

Slot:0 SubSlot:255 Port:255 VLAN:0

IP:91.245.33.150 AccessType:http AuthenType:PAP

AdminLevel:0 EapSize:0 AuthenCode:ADMIN

ulInterface:4294967295 ChallengeLen:16 ChapID:255

LineType:0 LineIndex:0 PortType:5

AcctSessionId:AC2002552550000000003baa260000004

<AC2>

Oct 24 2018 18:30:32.299.3+07:00 AC2 AAA/7/DEBUG:

AAA_MAIN initiate NormalAuthenReq event to AAA_AUTHEN module.

CID:0 Result:0 Info:870435780

<AC2>

Oct 24 2018 18:30:32.299.4+07:00 AC2 AAA/7/DEBUG:

[AAA EVENT]AAA_EventDispatch. (EventCode=1)

<AC2>

Oct 24 2018 18:30:32.299.5+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]Get domain index from authentication request.

<AC2>

Oct 24 2018 18:30:32.299.6+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]User authentication domain name is default_admin

<AC2>

Oct 24 2018 18:30:32.299.7+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]authen scheme index is:0

<AC2>

Oct 24 2018 18:30:32.299.8+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]authen method is:2, Place is 2

<AC2>

Oct 24 2018 18:30:32.299.9+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]No such local user exist, send to the next authen place.

<AC2>

Oct 24 2018 18:30:32.299.10+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]AAA get user group author info. (RadiusAuthenFlag=0)

<AC2>

Oct 24 2018 18:30:32.299.11+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]AAA get service-scheme author info. (RadiusAuthenFlag=0)

<AC2>

Oct 24 2018 18:30:32.299.12+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]Author of DaaTariffLevel.(DaaEnableFlag=0, UpStat=0, DownStat=0, Acct=0, QosProfile1 =, QosProfile2 =,)

<AC2>

Oct 24 2018 18:30:32.299.13+07:00 AC2 AAA/7/DEBUG:

[AAA ERROR]authen finish,the authen fail reason is:3

<AC2>

Oct 24 2018 18:30:32.299.14+07:00 AC2 AAA/7/DEBUG:

AAA send AAA_SRV_MSG_AUTHEN_ACK message to UCM module.

<AC2>

Oct 24 2018 18:30:32.299.15+07:00 AC2 AAA/7/DEBUG:

DestIndex:4 SrcIndex:4 Slot:4294967295

Result:201 DomainIndex:1 ServiceScheme:65535

AuthedPalace:2 VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0

IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0

SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295

EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295

RTAcctInterval:4294967295 Priority:[255,255]

AdminLevel:255 NextHop:4294967295

EapSize:0 ReplyMessage:Authentication fail

TunnelType:0 MediumType:0 PrivateGroupID:

<AC2>

Oct 24 2018 18:30:32.299.16+07:00 AC2 AAA/7/DEBUG:

AAA receive AAA_CM_MSG_RESET_SESSION_REQ message from UCM module.

<AC2>

Oct 24 2018 18:30:32.299.17+07:00 AC2 AAA/7/DEBUG:

DestIndex:4 SrcIndex:4 Slot:0

MsgCode:83

<AC2>

Oct 24 2018 18:30:32.299.18+07:00 AC2 AAA/7/DEBUG:

AAA_MAIN initiate ResetSession event to AAA_AUTHEN module.

CID:0 Result:0 Info:866312768

<AC2>

Oct 24 2018 18:30:32.299.19+07:00 AC2 AAA/7/DEBUG:

[AAA EVENT]AAA_EventDispatch. (EventCode=113)

<AC2>

Oct 24 2018 18:30:32.299.20+07:00 AC2 AAA/7/DEBUG:

[AAA INFO]Reset Authen Session By CID fail for no session exists. (CID=4)

<AC2>

Oct 24 2018 18:30:32+07:00 AC2 %HTTP/4/LOGIN_FAIL(l)[0]:User login failed. (UserName=111, IPAddr=1.2.33.150, AccessType=WEB)

After checked the debugging information , I cannot find any reason caused the same user cannot login the device through http .

5. Use ssh login the device then check aaa online failed reason .

[AC2-diagnose]dis aaa abnormal-offline-record all b

------------------------------------------------------------------------------

UserID Username IP address MAC Reason

------------------------------------------------------------------------------

6 aaaa 1.2.33.150 - Start accounting fail

3 aaaa 1.2.33.150 - Start accounting fail

6. We got the user offline reason is start accounting fail , so we need to check aaa configuration .

<AC2>display aaa configuration

Domain Name Delimiter : @

Domainname parse direction : Left to right

Domainname location : After-delimiter

Administrator user default domain: default_admin

Normal user default domain : default

Domain : total: 64 used: 2

Authentication-scheme : total: 65 used: 2

Accounting-scheme : total: 64 used: 1

Authorization-scheme : total: 64 used: 1

Service-scheme : total: 64 used: 0

Recording-scheme : total: 64 used: 0

Local-user : total: 1000 used: 4

Local-user block retry-interval : 5 Min(s)

Local-user block retry-time : 3

Local-user block time : 5 Min(s)

Remote-user block retry-interval : 30 Min(s)

Remote-user block retry-time : 30

Remote-user block time : 30 Min(s)

Session timeout invalid enable : No

aaa

authentication-scheme default

authentication-scheme radius

authentication-mode radius

authorization-scheme default

accounting-scheme default //we can see the default accounting-scheme configured radius mode .

accounting-mode radius

domain default

authentication-scheme default

domain default_admin

authentication-scheme default

Root Cause:Customer configuration wrong accounting-scheme mode , for customer situation scene , we need to configure local mode

Solution Description:

[AC2-aaa]accounting-scheme test

Info: Create a new accounting scheme.

[AC2-aaa]domain default_admin

[AC2-aaa-domain-default_admin]accounting-scheme test

[AC2-aaa-domain-default_admin]dis this

#

domain default_admin

authentication-scheme default

accounting-scheme test

Like (8) Dislike (0) Favorite(0) Share Report
Previous: helping in deploying configuration from AC6005 to 9 APS AP5130DN
Next: Asking help on wlan planner software
(0) (0)
11#
wanglei259
Created Oct 26, 2018 07:00:08

Thanks for your sharing ,which is a wonderful guidance, i really interested in this article, which is useful for us and improvement product technology and become to a professional engineer .
I hope that you can insist post new kownlege and skills, i will alawys keep an eye on your sharing.
View more
  • x
  • convention:
(0) (0)
12#
limgsc
Created Oct 30, 2018 11:07:52

your document is work for me , i get the point , fix my issue by your doc thanks you very much ,
also hope you public more doc that levle like this .
would you please also mention where from the technical detail , i can found it from orignial part .
from orignial part i can found more correct parameter
View more
  • x
  • convention:
(0) (0)
13#
limgsc
Created Oct 31, 2018 01:25:53

your document is work for me , i get the point , fix my issue by your doc thanks you very much ,
also hope you public more doc that levle like this .
would you please also mention where from the technical detail , i can found it from orignial part .
from orignial part i can found more correct parameter
View more
  • x
  • convention:
(0) (0)
14#
faysalji
Author Created Nov 27, 2018 04:32:54

Thanks for sharing the case
View more
  • x
  • convention:
(0) (0)
15#
faysalji
Author Created Nov 27, 2018 04:33:53

it would have been good if the screenshots are also added
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.