No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Telnet Management Users Fail to Pass RADIUS Authentication Because of Problematic Configuration of Eudemon2200

Publication Date:  2012-08-09 Views:  41 Downloads:  0
Issue Description
Topology: Eudemon2200---S3526---radius
Symptoms: Users who telnet to Eudemon2200 need to pass RADIUS authentication for login, but they cannot pass RADIUS authentication. 
Alarm Information
Null
Handling Process
1. No problem is found in relevant configurations. Executing debug radius packet command could only find code1 packets, as follows: 
<sh_e2200>
*0.1891393566 sh_e2200 RDS/8/debug2:
  Radius Sent a Packet
  Server Template: 0
  Server IP   : 10.10.11.14
  Protocol: Standard
  Code    : 1
  Len     : 214
  ID      : 175
  [User-name(1)                       ] [7 ] [e2200]
  [Password(2)                        ] [18] [aae5a69a23f5707d763b2d4628cf28ca]
  [NAS-Port(5)                        ] [6 ] [0]
  [Service-Type(6)                    ] [6 ] [6]
  [Framed-Protocol(7)                 ] [6 ] [6]
  [Framed-IP-Address(8)               ] [6 ] [10.10.5.24]
  [NAS-Identifier(32)                 ] [10] [sh_e2200]
  [NAS-Port-Type(61)                  ] [6 ] [5]
  [NAS-Port-Id(87)                    ] [34] [slot=0;subslot=0;port=0;vlanid=0]
  [Login-IP-Host(14)                  ] [6 ] [168428824]
  [NAS-Startup-Timestamp(26-59)       ] [6 ] [1127767326]
  [Ip-Host-Addr(26-60)                ] [30] [10.10.5.24 ff:ff:ff:ff:ff:ff]
  [Connect_ID(26-26)                  ] [6 ] [257]
*0.1891393566 sh_e2200 RDS/8/debug2:
  [Version(26-254)                    ] [30] [Huawei VRP Software Version ]
  [Product-ID(26-255)                 ] [5 ] [VRP]
  [NAS-IP-Address(4)                  ] [6 ] [10.10.12.3]
However, according to packets captured at the interface of S3526 at the peer of Eudemon2200, the response packets of code2 from radius exist. 
2. The interface of Eudemon2200 enables fast forwarding , so the functionality to filter UDP packets that do not need to process by SBC is enabled. In system view, it needs to configure undo sbc invalid-packet drop enable command so that telnet users could pass RADIUS authentication. 
Root Cause
The sbc invalid-packet drop enable command is to filter the UDP packets that do not need to process by SBC in fast forwarding mode of interface, viz. the UDP packets except signaling packets, RTP packets, RTCP packets, etc. as to protect the softswitch and enforce the statability and safety of system, accelerating the processing for signaling and media packets. The undo sbc invalid-packet drop enable command is to cancel the filtration. By default, the filtration functionality for UDP packets that do not need to process by SBC is enabled. In non-fast forwarding mode, the functionality to filter UDP packets does not take effect. 
Suggestions
Null

END