No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Client cannot login AC device troubleshooting

Publication Date:  2017-09-27 Views:  576 Downloads:  0
Issue Description

Version:V200R006C10SPC200

Topology: PC---AC6005

 Customer reported one issue, client cannot login device via web, also cannot use telnet/ssh, before the issue happened , customer did some configuration change .now customer only can use console port connect device , customer need Huawei solve this issue asap.



Alarm Information

 When use web login to device has below error message:



Handling Process

First I let the the customer help to login device via console, I can check the configuration and authentication failed reason, so I can use debugging to locate the root cause.

I check the online-failed-reason link below :


Then I check customer configuration:
aaa
 authentication-scheme default
  authentication-mode none
 authentication-scheme radius
  authentication-mode radius
 authentication-scheme guest
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password irreversible-cipher %^%#p;cz)P\3h0V54B;l2zA7`usA>Q/yuW4$Vd;`S%O8N("o<y{pPSSiy",kKeWQ%^%#
 local-user admin privilege level 15
 local-user admin service-type ssh http

user-interface con 0
 authentication-mode password
 set authentication password cipher %^%#/#t$%C[]t4pAArFi6[j,v$k,Z28hN2j~V:"s8yi4y4u6#7S#2Uqzim~jI7o8%^%#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound ssh
user-interface vty 16 20
 protocol inbound all

Form the configuration we know customer use aaa to authentication vty users, so we need to check the aaa configuration. As we know the domain default_admin used for vty user authentication, and the default_admin use authentication-scheme default.


 

Root Cause

Configuration is wrong, because customer used none for vty user authentication,  we know access device users need to authentication, cannot use none as the access device user authentication-mode .

Solution

Change the configuration as bellow:
aaa
 authentication-scheme default
  authentication-mode none
authentication-scheme login
  authentication-mode local

 authentication-scheme radius
  authentication-mode radius
 authentication-scheme guest
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
  authentication-shceme login

Suggestions

For access device user authetication, we suggest use local or radius to authentication.

END