Q: When executing display aaa offline-record command to check the failure reason, how to troubleshoot aaa start accounting fail?
Such a prompt indicates user start-authentication fails
Typical debugging information for failure of start-authentication: after checking the debugging information of PPP/PPPOE, the authentication message is normal, but accounting fails; the client shows the user is cut after passing authentication for some seconds, and the system writes down the following records.
% [06/17/2004 16:51:40-] AAA-5-02041000: MA5200E0406171651186a6cf4bd00083 NormalAcct-StartFail
% [06/17/2004 16:51:40-] AAA-5-02041000: test@isp NormalAcct-StartFail
MA5200F sets offline to the policy for accounting failure of user by default. If the prompt occurs, it indicates that user start-accounting fails; at this time, please check if accounting is normal, including:
1) If it is local accounting, please make sure if the local bill is full. The bills saved at the local are limited, so if local accounting is used, set TFTP server to backup the bills to background regularly. With the following commands, check the size of void-blocks in flash; if it is 0, it indicates the local bill is full:
<MA5200E>display local-accounting bill-info
Bills: 0 Void-No: 4945
Max-Volume: 4945 Alarm-Threshold: 75%(3709)
Bill-Size: 208 Locked: No
Bills-Backed: 0 Void-Blocks: 56
WPtr-BlockNo: 0 WPtr-BillNo: 0
Read-BlockNo: 0 Read-BillNo: 0
Total-Blocks: 56 Bad-Blocks: 0
Block-Volume: 1260 Alarm-Threshold: 100%(56)
2) If it is RADIUS accounting, please make sure if the communication to RADIUS is normal, and if RADIUS works well. First use PING command to make sure if the communication to RADIUS is normal; if so, turn on the switch for RADIUS debugging of MA5200 to see if it MA5200F has transmitted and received the relevant accounting packets. Capture packets at MA5200F when necessary.
1) If it is local accounting, back up the bills to background server via TFTP, or change the accounting policy to non-accounting.
2) If it is RADIUS accounting, change it to local accounting or non-accounting. Note: if it is changed to local accounting, TFTP server should be set to backup bills regularly as to avoid the problem when local bill is full.
3) Alternatively, change the accounting policy, that is, users are online when start-accounting fails or during real-time accounting, not cutting them off. For instance, change the start-accounting failure and real-time accounting failure named Huawei to be online, with commands as :
[MA5200F-aaa-accounting-huawei]accounting start-fail online
[MA5200F-aaa-accounting-huawei]accounting interim-fail online