beautypg.com

Troubleshooting aaa, Troubleshooting radius configuration – H3C Technologies H3C S3600 Series Switches User Manual

Page 550

background image

2-34

[Switch-radius-bbb] quit

# Create authentication domain aaa, and then enter domain view.

[Switch] domain aaa

# Configure the VLAN assignment mode in domain aaa as VLAN list.

[Switch-isp-aaa] vlan-assignment-mode vlan-list

# Specify the authentication scheme for the domain.

[Switch-isp-aaa] radius-scheme bbb

[Switch-isp-aaa] quit

# Configure the authentication scheme.

[Switch] radius scheme bbb

[Switch-radius-bbb] primary authentication 1.1.1.1

[Switch-radius-bbb] key authentication hello

[Switch-radius-bbb] primary accounting 1.1.1.1

[Switch-radius-bbb] key accounting hello

# Enable 802.1X authentication on Switch.

[Switch] dot1x

# Enable port-based 802.1X authentication on Ethernet 1/0/1.

[Switch] interface Ethernet1/0/1

[Switch-Ethernet1/0/1] dot1x

[Switch-Ethernet1/0/1] dot1x port-method portbased

# Enable port-based 802.1X authentication on Ethernet 1/0/2.

[Switch] interface Ethernet1/0/2

[Switch-Ethernet1/0/2] dot1x

[Switch-Ethernet1/0/2] dot1x port-method portbased

Troubleshooting AAA

Troubleshooting RADIUS Configuration

The RADIUS protocol operates at the application layer in the TCP/IP protocol suite. This protocol

prescribes how the switch and the RADIUS server of the ISP exchange user information with each

other.

Symptom 1: User authentication/authorization always fails.

Possible reasons and solutions:

z

The username is not in the userid@isp-name or userid.isp-name format, or the default ISP domain

is not correctly specified on the switch — Use the correct username format, or set a default ISP

domain on the switch.

z

The user is not configured in the database of the RADIUS server — Check the database of the

RADIUS server, make sure that the configuration information about the user exists.

z

The user input an incorrect password — Be sure to input the correct password.

z

The switch and the RADIUS server have different shared keys — Compare the shared keys at the

two ends, make sure they are identical.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: