Got it

[Troubleshooting Series] Case 32 Network problem when Radius athentication fail

852 0 0 0 0


Physical Network Topology

140834ogflls797k9idrio.png

 

Fault Description

The customer can't log in AR router.

Configuration Files

l   AR

[V200R007C00SPC900]
#
radius-server template shiva
 radius-server shared-key cipher %^%#z3#CA>MtbD=>A]Ts;au$;&I!<sN~"B!++2S8'--;%^%#
 radius-server authentication 10.7.66.66 1812 weight 80
 radius-server authentication 10.7.66.67 1812 weight 40
 radius-server accounting 10.7.66.66 1813 weight 80
 radius-server accounting 10.7.66.67 1813 weight 40
 radius-server retransmit 2
 undo radius-server user-name domain-included
#
pki realm default
 enrollment self-signed
#
ssl policy default_policy type server
 pki-realm default
#
aaa
 authentication-scheme auth
 accounting-scheme abc
  accounting-mode radius
  accounting start-fail online 
 domain huawei
  accounting-scheme abc
  radius-server shiva
 local-user user1 password irreversible-cipher %^%#iv-e(@1]P90{2*&tcll)JN*KQ9c`"Ob^#"Al|p7EHK>qVzB%(7On,d&6iweF%^%#
 local-user user1 privilege level 15                                                       
 local-user user1 service-type http
#
interface GigabitEthernet0/0/0
 ip address 10.1.2.1 255.255.255.0

Troubleshooting Procedure

                               Step 1      Take the  ping test to check whether AR can access to the Radius server.

140835n000xpxx401em20p.jpg

AR can't access to radius server, check the route.

                               Step 2      After adding the default route, AR can access to radius server. Check whether the aaa parameters on AR are correct.

The radius template parameters, the aaa scheme parameters ect.

                               Step 3      After change the authenticate-scheme parameters and domain parameters on AR, users can log on AR and authenticated by radius server successfully.

----End

Root Cause

AR can't access to the radius server for the route cannot reached.

And  the AAA parameters are not matched.


  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.