No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
When Both RADIUS Authentication and Local Authentication Are Configured, Why Is a User Disconnected After Being Online for More than 10 Seconds?

When Both RADIUS Authentication and Local Authentication Are Configured, Why Is a User Disconnected After Being Online for More than 10 Seconds?

When both RADIUS authentication and local authentication are configured, the device performs local authentication if it does not receive any response from the RADIUS server (for example, if the RADIUS server fails). As shown in the following configuration file, RADIUS authentication and accounting are configured on the device. Even though the user successfully logs in through local authentication, RADIUS accounting fails because the RADIUS server does not respond. Therefore, the user is disconnected.

#
radius-server template rad  //Configure the RADIUS server template.
 radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
 radius-server authentication 10.7.66.66 1812 weight 80 
 radius-server accounting 10.7.66.66 1813 weight 80 
#
aaa
 authentication-scheme default
  authentication-mode radius local  //In the authentication scheme named default, the authentication mode is set to RADIUS authentication and local authentication.
 authorization-scheme default
 accounting-scheme default
  accounting-mode radius  //In the accounting scheme named default, the accounting mode is set to RADIUS accounting.
 domain default_admin
  radius-server rad  //Apply the RADIUS server template to the global default management domain. By default, the domain uses the default authentication and accounting schemes.
 local-user user1 password cipher %^%#9X%T3y\jN;_&5(FU-B4P;);/tc^%VI\mA1KeeH%^%#
 local-user user1 privilege level 15
 local-user user1 service-type telnet terminal
#
Solution:
  • For administrators (logging in through Telnet, SSH, FTP, HTTP, or console port), accounting is not required, so RADIUS accounting configuration can be deleted.
  • For common users (logging in through MAC, Portal, 802.1X, or PPP authentication), run the accounting start-fail online command in the accounting scheme view to configure the device to keep the users online upon accounting failures. However, executing this command can cause inaccurate accounting results. Before using this method, ensure that services will not be affected.
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 22750

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next