Why does authentication fail when the RADIUS server template is correct and the AAA authentication mode is RADIUS

0

The possible causes are as follows:
1. The client's IP address is not configured on the server, the IP address is configured incorrectly, and the RADIUS server does not respond to authentication packets.
2. The shared keys on the AR and RADIUS server are different.
3. The user configuration of the RADIUS server is incorrect.

Other related questions:
Why does RADIUS authentication fail when the RADIUS server template and RADIUS server are properly configured
This problem has the following possible causes: -The IP address of the router (a RADIUS client) is not configured on the RADIUS server, so the RADIUS server cannot send an authentication response packet to the router. -Different shared keys are configured on the router and the RADIUS server.

Why does HWTACACS authentication fail when the HWTACACS configuration is correct
The HWTACACS server template configuration of the AR is correct. In AAA mode, the HWTACACS authentication configuration and configuration of the remote TACACS server are correct. The possible causes for HWTACACS authentication failures are as follows: - The client's IP address is not configured on the TACACS server, so the TACACS server does not send authentication packets. - Different shared keys are configured on the AR and TACACS server.

Both RADIUS authentication and local authentication are configured. Is local authentication performed when RADIUS authentication fails
The AR first performs RADIUS authentication. If RADIUS authentication fails, the AR does not perform local authentication. The AR performs local authentication only when the RADIUS server has no response.

The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication on an S series switch
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication. For S series switches (except the S1700), such an authentication failure occurs because the entered user name does not contain a domain name. You need to check whether the user name on the authentication server contains a domain name. - If the user name on the authentication server contains a domain name, run the radius-server user-name domain-included command in the RADIUS server template view or run the hwtacacs-server user-name domain-included command in the HWTACACS server template view. - If the user name on the authentication server does not contain a domain name, run the undo radius-server user-name domain-included command in the RADIUS server template view or run the undo hwtacacs-server user-name domain-included command in the HWTACACS server template view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top