Troubleshooting hwtacacs configuration – H3C Technologies H3C S3600 Series Switches User Manual

2-35

z

The switch cannot communicate with the RADIUS server (you can determine by pinging the

RADIUS server from the switch) — Take measures to make the switch communicate with the

RADIUS server normally.

Symptom 2: RADIUS packets cannot be sent to the RADIUS server.

Possible reasons and solutions:

z

The communication links (physical/link layer) between the switch and the RADIUS server is

disconnected/blocked — Take measures to make the links connected/unblocked.

z

None or incorrect RADIUS server IP address is set on the switch — Be sure to set a correct

RADIUS server IP address.

z

One or all AAA UDP port settings are incorrect — Be sure to set the same UDP port numbers as

those on the RADIUS server.

Symptom 3: The user passes the authentication and gets authorized, but the accounting information

cannot be transmitted to the RADIUS server.

Possible reasons and solutions:

z

The accounting port number is not properly set — Be sure to set a correct port number for RADIUS

accounting.

z

The switch requests that both the authentication/authorization server and the accounting server

use the same device (with the same IP address), but in fact they are not resident on the same

device — Be sure to configure the RADIUS servers on the switch according to the actual situation.

Troubleshooting HWTACACS Configuration

See the previous section if you encounter an HWTACACS fault.