Hello everyone,
Today, I'll show you how to handle the failure to log in to the CE through RADIUS authentication.
Issue description
Customer can't login to the CE device, even if through telnet/ssh or console use a local-user account or radius user account.
Issue analysis
Checking the old configuration of this device, and found that there is only configured radius authentication.
Checking the radius log on the agile controller, it is shown that "No access device is found or Enable Radius is deselected for the device".
Checking the device management, and it configured radius, and its IP address is 10.10.10.1; but when we checked the radius log, we found that the radius client IP address is 10.10.20.1.
Checking the configuration of CE device, and found that the 10.10.20.1 is the out interface IP address, and the IP 10.10.10.1 is the management IP of interface vlanif999.
So we change the IP address to 10.10.20.1 on the agile controller device management.
And then we can login to the device.
Root cause
The radius server source interface is not configured on the radius server template, and the radius source ip address is not the same as the management IP address that configured on the Agile controller. So the radius authentication failed;
Solution description
1. Add the radius server source interface vlanif999 under the radius server template;
2. Add the local authentication mode under the authentication-scheme.
That is all I want to share with you! Thank you!