Telnet login to AR158E Router failed

Publication Date:  2015-06-26 Views:  292 Downloads:  0
Issue Description

The AR158E router’s version was V200R003C01SPC900, it was deployed by “telnet” function. Login into the AR158E router through cmd or SecureCRT, but users would always be kicked out immediately by router, and there was a prompt “the link is closed by remote host”.

Alarm Information

none

Handling Process

1Check the quantity of the link between PC and AR158E through ping test. But there was no package lost or delay, the link was stable.

2Check the configuration of “telent”

   aaa
         local-user admin password cipher ***
         local-user admin privilege level 15
         local-user admin service-type telnet
     user-interface vty 0 4
         authentication-mode aaa
         protocol inbound all

   The configuration was correct.

3Check the other configuration of AR158E router. Hwtacas server was deployed, and was used in AAA:

   hwtacacs-server template ***
         hwtacacs-server authentication ****
         hwtacacs-server authorization ****
         hwtacacs-server accounting ****
         hwtacacs-server shared-key cipher ****
     aaa
         authentication-scheme default
            authentication-mode hwtacacs local
         authorization-scheme default
            authorization-mode hwtacacs local none
         accounting-scheme default
            accounting-mode hwtacacs 

Ping test the ip address of hwtacas server, it was unreachable, so authenticated failed. At last, removed the “accounting-mode hwtacas”, used the default accounting-mode—none. Telnet function work normally. User could login successfully and be online all the time, would not be kicked out automatically. Another method to resolve this problem is to add “accounting start-fail online” under the accounting-scheme, this command is to make sure user will be keep online when accounted failed.
Root Cause

1、  link problem

2、  configuration problem

3、  other problem

Suggestions

1When there is requirement to add hwtacas authentication in router, we should make sure the link between router and hwtacas server is stable. If we are not sure about the quantity of this link, we can add “accounting start-fail online” under accounting-scheme view, and then when a user login, it can keep online and won’t be kick out automatically.

END