[Issue description]
Customer can't login the CE device, even if through telnet/ssh or console use a local-user account or radius user account.
[Issue analysis]
Checking the old configuration of this device, and found that there is only configured radius authentication.
Checking the radius log on the agile controller, it is shown that "No access device is found or Enable Radius is deselected for the device".
Checking the device management, and it configured radius, and its ip address is 10.10.10.1; but when we checked the radius log, we found that the radius client ip address is 10.10.20.1.
Checking the configuration of CE device, and found that the 10.10.20.1 is the out interface ip address, and the ip 10.10.10.1 is the management ip of interface vlanif999.
So we change the ip address to 10.10.20.1 on the agile controller device management.
And then we can login the device.
[Root cause]
The radius server source interface is not configured on radius server template, and the radius source ip address is not same as the management ip address that configured on agile controller. So the radius authentication failed;
[Solution description]
1. Add the radius server source interface vlanif999 under the radius server template;
2. Add the local authentication mode under the authentication-scheme.
