Ii. network diagram, Iii. configuration procedure, 1 troubleshooting radius configuration – H3C Technologies H3C S3100 Series Switches User Manual
Page 344: 1 troubleshooting radius configuration -45
Operation Manual – AAA – RADIUS – HWTACACS
H3C S3100-52P Ethernet Switch
Chapter 1 AAA & RADIUS & HWTACACS
Configuration
1-45
II. Network diagram
Authentication server
Internet
Switch
Telnet user
Internet
Authentication server
Internet
Switch
Authenti
IP addres
cation server
s: 10.110.91.164
Internet
Sw itch
Telnet user
Internet
Authentication server
Internet
Switch
Authentication server
Internet
Switch
Telnet user
Internet
Authentication server
Internet
Switch
Authenti
IP addres
cation server
s: 10.110.91.164
Internet
Sw itch
Telnet user
Internet
Figure 1-9
Remote HWTACACS authentication and authorization of Telnet users
III. Configuration procedure
# Add a Telnet user.
(Omitted here)
# Configure a HWTACACS scheme.
[H3C] hwtacacs scheme hwtac
[H3C-hwtacacs-hwtac] primary authentication 10.110.91.164 49
[H3C-hwtacacs-hwtac] primary authorization 10.110.91.164 49
[H3C-hwtacacs-hwtac] key authentication expert
[H3C-hwtacacs-hwtac] key authorization expert
[H3C-hwtacacs-hwtac] user-name-format without-domain
[H3C-hwtacacs-hwtac] quit
# Configure the domain name of the HWTACACS scheme to hwtac.
[H3C] domain hwtacacs
[H3C-isp-hwtacacs] scheme hwtacacs-scheme hwtac
1.8 Troubleshooting AAA & RADIUS & HWTACACS
Configuration
1.8.1 Troubleshooting RADIUS Configuration
The RADIUS protocol operates at the application layer in the TCP/IP protocol suite.
This protocol prescribes how the switch and the RADIUS server of the ISP exchange
user information with each other.
Symptom 1
: User authentication/authorization always fails.
Possible reasons and solutions
: