4 troubleshooting aaa, Troubleshooting radius, Symptom 1 – H3C Technologies H3C S7500E Series Switches User Manual
Page 89: Analysis, Solution, Symptom 2, Troubleshooting aaa
4-1
4
Troubleshooting AAA
This chapter includes these sections:
z
z
Troubleshooting RADIUS
Symptom 1
User authentication/authorization always fails.
Analysis
1) A communication failure exists between the NAS and the RADIUS server.
2) The username is not in the format of userid@isp-name or no default ISP domain is specified for
the NAS.
3) The user is not configured on the RADIUS server.
4) The password entered by the user is incorrect.
5) The RADIUS server and the NAS are configured with different shared key.
Solution
Check that:
1) The NAS and the RADIUS server can ping each other.
2) The username is in the userid@isp-name format and a default ISP domain is specified on the
NAS.
3) The user is configured on the RADIUS server.
4) The correct password is entered.
5) The same shared key is configured on both the RADIUS server and the NAS.
Symptom 2
RADIUS packets cannot reach the RADIUS server.
Analysis
1) The communication link between the NAS and the RADIUS server is down (at the physical
layer and data link layer).
2) The NAS is not configured with the IP address of the RADIUS server.
3) The UDP ports for authentication/authorization and accounting are not correct.
4) The port numbers of the RADIUS server for authentication, authorization and accounting are
being used by other applications.
Solution
Check that:
1) The communication links between the NAS and the RADIUS server work well at both physical
and link layers.
2) The IP address of the RADIUS server is correctly configured on the NAS.