| Fault Type | Operation and maintenance >> Login |
| Issue Description |
Customer want to
configuration the radius authentication when access the switch use SSH.But it
can’t working after configuration the radius
Switch is CE6810-32T16S4Q-LI Version V200R002C50SPC800 Current configuration as follow: radius server group stmb radius server shared-key-cipher %^%#7&|^Cp[sxP@`&fW1ec*!;M96*IuO38aQ$C=U/25=%^%# radius server authentication 172.18.10.141 1645 radius server authentication 172.18.10.157 1645 secondary radius server accounting 172.18.10.141 1646 radius server accounting 172.18.10.157 1646 secondary
aaa authentication-scheme auth authentication-mode radius domain default # domain default_admin # domain huawei authentication-scheme auth radius server group stmb
stelnet ipv4 server enable stelnet ipv6 server enable ssh user localadmin ssh user localadmin authentication-type password ssh user localadmin service-type stelnet ssh authorization-type default aaa # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256_96 sha2_256 sha1_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep # ssh client first-time enable ssh client 172.18.10.12 assign ecc-key 172.18.10.12 # user-interface vty 0 4 authentication-mode aaa |
| Alarm Information |
|
| Handling Process |
First、check the configuration of radius found customer does not configuration the domain-excluded so when login it need add the domain name.After add the domain name, it still give fail Third、check the user privilege level and change it to 3. |
| Root Cause |
Configuration is wrong with SSH and radius domain. |
| Solution |
Change the
configuration as bellow:
radius server group stmb radius server shared-key-cipher %^%#7&|^Cp[sxP@`&fW1ec*!;M96*IuO38aQ$C=U/25=%^%# radius server authentication 172.18.10.141 1645 radius server authentication 172.18.10.157 1645 secondary radius server accounting 172.18.10.141 1646 radius server accounting 172.18.10.157 1646 secondary radius server user-name domain-excluded aaa default-domain admin Huawei authentication-scheme auth authentication-mode radius domain huawei authentication-scheme auth radius server group stmb
stelnet ipv4 server enable ssh authentication-type default password ssh authorization-type default aaa # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256_96 sha2_256 sha1_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep ssh client first-time enable
user-interface vty 0 4 authentication-mode aaa user privilege level 3 |
| Suggestions |
Make sure the radius and ssh configuration correct. |
Access CE6810 switch by radius authentication
Created: May 4, 2018 07:03:59Latest reply: May 11, 2018 06:49:50
1671
1
0
0
0
- x
- convention:
|
|
|
Comment
Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
- Politically sensitive content
- Content concerning pornography, gambling, and drug abuse
- Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
