Fault Type | Operation and maintenance >> Login |
Issue Description |
Customer want to
configuration the radius authentication when access the switch use SSH.But it
can’t working after configuration the radius
Switch is CE6810-32T16S4Q-LI Version V200R002C50SPC800 Current configuration as follow: radius server group stmb radius server shared-key-cipher %^%#7&|^Cp[sxP@`&fW1ec*!;M96*IuO38aQ$C=U/25=%^%# radius server authentication 172.18.10.141 1645 radius server authentication 172.18.10.157 1645 secondary radius server accounting 172.18.10.141 1646 radius server accounting 172.18.10.157 1646 secondary
aaa authentication-scheme auth authentication-mode radius domain default # domain default_admin # domain huawei authentication-scheme auth radius server group stmb
stelnet ipv4 server enable stelnet ipv6 server enable ssh user localadmin ssh user localadmin authentication-type password ssh user localadmin service-type stelnet ssh authorization-type default aaa # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256_96 sha2_256 sha1_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep # ssh client first-time enable ssh client 172.18.10.12 assign ecc-key 172.18.10.12 # user-interface vty 0 4 authentication-mode aaa |
Alarm Information |
|
Handling Process |
First、check the configuration of radius found customer does not configuration the domain-excluded so when login it need add the domain name.After add the domain name, it still give fail Third、check the user privilege level and change it to 3. |
Root Cause |
Configuration is wrong with SSH and radius domain. |
Solution |
Change the
configuration as bellow:
radius server group stmb radius server shared-key-cipher %^%#7&|^Cp[sxP@`&fW1ec*!;M96*IuO38aQ$C=U/25=%^%# radius server authentication 172.18.10.141 1645 radius server authentication 172.18.10.157 1645 secondary radius server accounting 172.18.10.141 1646 radius server accounting 172.18.10.157 1646 secondary radius server user-name domain-excluded aaa default-domain admin Huawei authentication-scheme auth authentication-mode radius domain huawei authentication-scheme auth radius server group stmb
stelnet ipv4 server enable ssh authentication-type default password ssh authorization-type default aaa # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256_96 sha2_256 sha1_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep ssh client first-time enable
user-interface vty 0 4 authentication-mode aaa user privilege level 3 |
Suggestions |
Make sure the radius and ssh configuration correct. |