No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Web Authentication of a User Fails

Web Authentication of a User Fails

Common Causes

This fault is commonly caused by one of the following:
  • Some parameters are set incorrectly or not set, such as the parameters of Web address authentication, authentication domain, authentication server, and authentication server template.
  • The Web authentication server is unreachable or unavailable.
  • The user name or password entered by the user is incorrect.

Troubleshooting Flowchart

A user fails to pass Web authentication.

Figure 22-5 shows the troubleshooting flowchart.

Figure 22-5  Troubleshooting flowchart for Web authentication failure

Troubleshooting Procedure

NOTE:

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide technical support personnel.

Procedure

  1. Run the ping command to check whether the link between the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 and the Web authentication server and the link between the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 and the RADIUS or HWTACACS authentication server work properly.

    • If the ping operation fails on any link, rectify the fault on the link according to The Ping Operation Fails.
    • If the ping operation succeeds, go to step 2.

  2. Check that Web authentication is configured correctly on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.

    • Run the display web-auth-server configuration command to check whether the Web authentication server is configured. If not, run the web-auth-server command in the system view to configure a Web authentication server. Run the server-ip command in the web-auth-server view to configure an IP address for the Web authentication server.

      You can also run the port, shared-key, and url commands in the web-auth-server view to configure the port number, shared key, and URL of the Web authentication server. If these parameters are configured on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600, ensure that the parameter settings are the same as those configured on the Web authentication server. If they are not configured on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600, the default port number is 50100, and there is no shared key or URL.

    • Run the display this command in the VLANIF interface view to check whether the Web authentication server is bound to the VLANIF interface. If not, run the web-auth-server command in the VLANIF interface view to bind the Web authentication server to the VLANIF interface.
    • Run the display web-auth-server configuration command to check the listening port of Portal packets. Go to step 3.

  3. Check the configuration of the Web authentication server.

    • Check whether the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 is in the authenticated device list.

    • Check whether the listening port of Portal packets is the same as that configured on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.

    • Check whether the IP address of the user is in the IP address group of the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.

    Ensure that the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 is in the authenticated device list, the listening port of Portal packets on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 is the same as that configured on the Web authentication server, and the IP address of the user is in the IP address group of the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.

  4. Check the AAA configuration.

    1. Check the configuration of the authentication server template bound to the domain. Ensure that the IP address and port of the authentication server are set correctly in the template and that the user name format and shared key specified in the template are the same as those on the authentication server.

    2. Check the authentication scheme applied to the user domain on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.

      • If RADIUS or HWTACACS authentication is configured for the user domain, check that the user name and password are configured on the authentication server. Ensure that the user enters the correct user name and password. For details on RADIUS troubleshooting and HWTACACS troubleshooting, see RADIUS Authentication Fails and HWTACACS Authentication Fails.
      • If local authentication is configured for the user domain, run the display local-user command to check whether the local user name and password are created on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600. If not, run the local-user command to create the local user name and password.
      • If the authentication scheme is none, go to step 5.
    3. Run the display accounting-scheme command to check the accounting scheme. If accounting is configured on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 but the authentication server does not support accounting, the user will be forced offline after going online. To allow the user to go online, disable the accounting function in the user domain or run the accounting start-fail online command in the accounting scheme view to configure the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 to keep the user online after the accounting fails.

  5. If the fault persists, collect the following information and contact technical support personnel:

    • Results of the preceding troubleshooting procedure
    • Configuration file, log file, and alarm file of the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 444851

Downloads: 4299

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next