Fault Symptom
The RADIUS server authenticates the Telnet user. However, the Telnet user is forced to log out about 1 minute after logging in to the device. The fault persists after the user re-logs in to the device.
Fault Analysis
1. Delete the authentication-mode aaa command configured on the user-interface vty 0 4 command and use local authentication. No fault occurs.
2. Configure the authentication-mode aaa command again and find that the user still goes offline.
3. Enable the debugging of the RADIUS, the following information is displayed.
[Acct-Status-Type(40) ] [6 ] [2]
Acct-Status-Type(40) indicates the type of accounting request packets; 2 indicates that the accounting is stopped. The accounting function is disabled by the RADIUS server.
4. Check AAA configurations:
domain default
authentication-scheme admin
accounting-scheme admin //Accounting scheme
radius-server admin
accounting-scheme admin
accounting-mode radius //The accounting mode is the RADIUS accounting.
The accounting function is not enabled on the RADIUS server. As a result, the RADIUS server fails to charge the Telnet user and sends the offline packet to the device. The user is logged out.
Procedure
1. Delete the accounting mode of the device, or run the accounting-mode none command in the accounting scheme view to set the accounting mode to none.
After the preceding operation, the Telnet user logs in to the device and keeps online. The fault is rectified.
Summary
AAA needs to be correctly configured based on the actual situation. The user may fail to go online if irrelevant functions are configured.
