No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
S7700 V200R019C10 Log Reference

This document provides the explanations, causes, and recommended actions of logs on the product.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
AAA

AAA

AAA/6/ACCT_SESSION_EXPIRED

Message

AAA/6/ACCT_SESSION_EXPIRED:sessionId = [STRING1]. domain : [STRING2].

Description

An accounting entry will age out. This log contains the session ID and domain name.

Parameters

Parameter Name Parameter Meaning
[STRING1] Session ID.
[STRING2] Domain name.

Possible Causes

An accounting entry was not deleted.

Procedure

  1. The system will automatically delete the entry within 90 minutes. No action is required.

AAA/6/AUTHEN_SESSION_EXPIRED

Message

AAA/6/AUTHEN_SESSION_EXPIRED:sessionId = [STRING1]. USER:[STRING2]. domain : [STRING3].

Description

An authentication entry will age out. This log contains the session ID, user name, and domain name.

Parameters

Parameter Name Parameter Meaning
[STRING1] Session ID.
[STRING2] User name.
[STRING3] Domain name.

Possible Causes

An authentication entry was not deleted.

Procedure

  1. The system will automatically delete the entry within 90 minutes. No action is required.

AAA/6/AUTHOR_SESSION_EXPIRED

Message

AAA/6/AUTHOR_SESSION_EXPIRED:sessionId = [STRING].

Description

An authorization entry will age out. This log contains the session ID.

Parameters

Parameter Name Parameter Meaning
[STRING] Session ID.

Possible Causes

An authorization entry was not deleted.

Procedure

  1. The system will automatically delete the entry within 90 minutes. No action is required.

AAA/6/LOCALACCOUNT_DELETE

Message

AAA/6/LOCALACCOUNT_DELETE:Local account [STRING] has been deleted.

Description

The local account was deleted.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local account name.

Possible Causes

The local account was deleted.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_LOCK

Message

AAA/6/LOCALACCOUNT_LOCK:Local account [STRING] has been locked.

Description

The local account was locked.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local account name.

Possible Causes

  • The local-user user-name state block command was executed.
  • The lock function was enabled for the local account, and the number of consecutive times that a user entered incorrect passwords reached the maximum.

Procedure

  1. Run the local-user user-name state active command to unlock the local account.

AAA/6/LOCALACCOUNT_UNLOCK

Message

AAA/6/LOCALACCOUNT_UNLOCK:Local account [STRING] has been unlocked.

Description

The local account was unlocked.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local account name.

Possible Causes

  • The local-user user-name state active command was executed.
  • The lock function was enabled for the local account, and the number of consecutive times that a user entered incorrect passwords reached the maximum. The local account was locked. The local account was automatically unlocked when the lock duration reached.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_MODIFY

Message

AAA/6/LOCALACCOUNT_MODIFY:Local account [STRING] password has been modified.

Description

The password of the local account was changed.

Parameters

Parameter Name Parameter Meaning

[STRING]

Name of the local account that is changed.

Possible Causes

The password of the local account was changed.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_LOCK

Message

AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_LOCK:The password of local account [STRING] cannot be changed.

Description

A local user is not allowed to change the password.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local user name.

Possible Causes

  • The user has entered incorrect old passwords for specified times within the specified retry interval, and therefore the user account is locked. During the locking period, the user cannot change the password.

  • The administrator has set the state of this local user to block.

Procedure

  1. Ask the administrator to unlock the user account.
  2. Wait until the locking time expires. Then the user account is unlocked automatically.

AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_UNLOCK

Message

AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_UNLOCK:The password of local account [STRING] can be changed.

Description

A local user is allowed to change the password.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local user name.

Possible Causes

  • The user account was locked. When the locking time expires, the user account is unlocked automatically.

  • The administrator has set the state of the local account to active.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_PASSWORD_MODIFY

Message

AAA/6/LOCALACCOUNT_PASSWORD_MODIFY:The user [STRING1] with IP address [STRING2] changed the password of [STRING3] through the web NMS.

Description

A user changes the password of his own or of another user through the Web NMS.

Parameters

Parameter Name Parameter Meaning
[STRING1] Indicates the name of the user who changes the password.
[STRING2] Indicates the IP address of the user who changes the password.
[STRING3] Indicates the name of the user whose password is changed.

Possible Causes

A user changes the password of his own or of another user through the Web NMS.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_PASSWORD_EXPIRED

Message

AAA/6/LOCALACCOUNT_PASSWORD_EXPIRED:The password has expired, so the local account [STRING] becomes invalid.

Description

The password has expired, so the local account becomes invalid.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local account name.

Possible Causes

The validity period of the local account's password has expired. The validity period is set by using the password expire command.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/DOMAIN_ACTIVE

Message

AAA/6/DOMAIN_ACTIVE:The domain [STRING] is changed from blocked to active because the current time is not within the blocking period.

Description

The current time is not included in the block period; therefore, the domain status is changed from blocked to activated.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the domain name.

Possible Causes

The current time is not included in the block period configured by state block time-range, so the domain status is changed from blocked to activated.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/DOMAIN_BLOCK

Message

AAA/6/DOMAIN_BLOCK:The domain [STRING] is changed from active to blocked because the current time is within the blocking period.

Description

The current time is included in the block period; therefore, the domain status is changed from activated to blocked.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the domain name.

Possible Causes

The current time is included in the block period configured by state block time-range, so the domain status is changed from activated to blocked.

Procedure

  1. If you want to activate a domain, perform either of the following operations:

    • Run the time-range command to change the block period.
    • Run the undo state block time-range command to delete the block period.

  2. After the block period expires, the domain status automatically changes from blocked to activated.

AAA/6/LOCALACCOUNT_EXPIRED

Message

AAA/6/LOCALACCOUNT_EXPIRED:The local account [STRING] becomes invalid because the current time is not within the expiry date specified by user.

Description

The current time is not in the expiry date, so the local account becomes invalid.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local user name.

Possible Causes

The current time is not in the expiry date configured by local-user expire-date, so the account becomes invalid.

Procedure

  1. If you need to allow the user to be authenticated through this account, perform either of the following operations to make the account effective:

    • Run the local-user expire-date command to modify the expiry date.
    • Run the undo local-user expire-date command to delete the expiry date so that the account is permanently valid.

AAA/6/LOCALACCOUNT_IN_TIMERANGE

Message

AAA/6/LOCALACCOUNT_IN_TIMERANGE:The local account [STRING] becomes valid because the current time is within the access permission period.

Description

The current time is within the access permission period, so the local account is valid.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local user name.

Possible Causes

The current time is within the access permission period configured by local-user time-range. The user is allowed to be authenticated through this account.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_NOT_EXPIRED

Message

AAA/6/LOCALACCOUNT_NOT_EXPIRED:The local account [STRING] becomes valid because the current time is within the expiry date specified by user.

Description

The current time is in the expiry date, so the local account becomes valid.

Parameters

Parameter Name Parameter Meaning
[STRING] Indicates the local user name.

Possible Causes

The current time is in the expiry date configured by local-user expire-date, so the account becomes valid.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/LOCALACCOUNT_OUT_TIMERANGE

Message

AAA/6/LOCALACCOUNT_OUT_TIMERANGE:The local account [STRING] becomes invalid because the current time is not within the access permission period.

Description

The current time is not within the access permission period, so the local account becomes invalid.

Parameters

Parameter Name Parameter Meaning

[STRING]

Indicates the local user name.

Possible Causes

The current time is not in the access permission period configured by local-user time-range, so the account becomes invalid.

Procedure

  1. If you need to allow the user to be authenticated through this account, perform either of the following operations to make the account effective:

    • Run the time-range command to modify the access permission period.
    • Run the local-user time-range command to delete the access permission time so that the account is permanently valid.

  2. Wait until the access permission period is reached. The user can be authenticated through this account within the access permission period.

AAA/6/LOCALACCOUNT_MODIFY_FAIL

Message

AAA/6/LOCALACCOUNT_MODIFY_FAIL:Failed to modify local account [STRING1] password. FailReason = [STRING2].

Description

The local account password failed to be changed.

Parameters

Parameter Name Parameter Meaning

[STRING1]

Indicates the local account name.

[STRING2]

Indicates the reason why the password failed to be changed.

Possible Causes

The device asks a user to change the password when a user logs in to the device using the default password or initial password for the first time after the local administrator password policy is configured, or a user logs in to the device using an expired password or a password about to expire. If any of the following errors occur in password changing process, the log is recorded:

  • The new password does not meet the length requirement.
  • The new password is the same as a historical password.
  • The original password entered is incorrect.
  • The new password does not meet complexity requirement (the password must contain at least two types of uppercase and lowercase letters, numerals, and special characters).
  • The new password is the same as the user name or the user name in reverse order.
  • The new password is the same as the default password of local users on the device.
  • The new password contains spaces.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/USER_EVENT_RADIUS_PROC

Message

AAA/6/USER_EVENT_RADIUS_PROC: radius authentication procedure. (DeviceMac=[DeviceMac], UserMac=[UserMac], UserIP=[UserIP], UserName=[UserName], Result=[Result], Msg=[Msg], TIME=[TIME], AUTHID=[AUTHID], ReplyMsg=[ReplyMsg])

The last authentication mode is RADIUS authentication during user authentication.

Description

RADIUS authentication is being performed.

Parameters

Parameter Name Parameter Meaning

DeviceMac

Device MAC address.

UserMac

User MAC address.

UserIP

User IP address.

UserName

User name.

Result

Authentication result.

Msg

Authentication message.

TIME

Time when an authentication packet is received or sent.

AUTHID

Global authentication ID.

ReplyMsg

Response message.

Possible Causes

After the protocol replay function is enabled, users use RADIUS authentication.

Procedure

  • This log message is informational only, and no action is required.

AAA/6/REMOTEACCOUNT_LOCK

Message

AAA/6/REMOTEACCOUNT_LOCK:Remote account [STRING] has been locked.

Description

The remote account is locked.

Parameters

Parameter Name Parameter Meaning

[STRING]

Indicates the remote account name.

Possible Causes

The remote AAA authentication account locking function has been enabled using the access-user remote authen-fail or administrator remote authen-fail command. When a user using remote AAA authentication (RADIUS or HWTACACS) entered incorrect user name or password consecutively within the interval, the user was locked.

Procedure

  1. If an account is mislocked or needs to be unlocked due to any reason, run the remote-user authen-fail unblock command to unlock the account.
  2. If the account is not mislocked, check whether an unauthorized user is cracking the user name or password, and enhance account protection on the RADIUS or HWTACACS server.

AAA/6/REMOTEACCOUNT_UNLOCK

Message

AAA/6/REMOTEACCOUNT_UNLOCK:Remote account [STRING] has been unlocked.

Description

A remote account is unlocked.

Parameters

Parameter Name Parameter Meaning

[STRING]

Indicates the remote account name.

Possible Causes

  • Run the remote-user authen-fail unblock command to unlock the remote account.
  • When the locking time of an account exceeds the locking time set by access-user remote authen-fail or administrator remote authen-fail command, the account is automatically unlocked.

Procedure

  1. This log message is informational only, and no action is required.

AAA/6/TAC_ATTRIBUTECHANGE_SUCCESS

Message

AAA/6/TAC_ATTRIBUTECHANGE_SUCCESS:User attribute has been changed. Attribute=password, OperatorName=[STRING], OperatorIPAddress=[STRING], UserName=[STRING], ServerIPAddress=[STRING], VPNName=[STRING].

Description

User attributes have been changed.

Parameters

Parameter Name Parameter Meaning

Attribute

Attribute of the user. The value is a password.

OperatorName

Name of the operator.

OperatorIPAddress

IP address of the operator.

UserName

Name of the user whose attributes need to be changed.

ServerIPAddress

IP address of the HWTACACS server.

VPNName

Name of the VPN instance to which the user belongs. The value may be empty if the user is located on a public network.

Possible Causes

After the HWTACACS user logs in to the device, the execution of the hwtacacs-user change-password hwtacacs-server template-name command succeeds.

Procedure

  1. This log message is informational only, and no action is required

AAA/6/TAC_CHANGEFAILD

Message

AAA/6/TAC_CHANGEFAILD:Failed to change user attribute. Attribute=password, OperatorName=[STRING], OperatorIPAddress=[STRING], UserName=[STRING], ServerIPAddress=[STRING], VPNName=[STRING].

Description

User attributes fail to be changed.

Parameters

Parameter Name Parameter Meaning

Attribute

Attribute of the user. The value is a password.

OperatorName

Name of the operator.

OperatorIPAddress

IP address of the operator.

UserName

Name of the user whose attributes need to be changed.

ServerIPAddress

IP address of the HWTACACS server.

VPNName

Name of the VPN instance to which the user belongs. The value may be empty if the user is located on a public network.

Possible Causes

After the HWTACACS user logs in to the device, user attributes fail to be changed.

Procedure

  1. Run the hwtacacs-user change-password hwtacacs-server template-name command again and enter correct information.

AAA/6/TACCHPASS_SESSION_EXPIRED

Message

AAA/6/TACCHPASS_SESSION_EXPIRED:sessionId = [STRING].

Description

An HWTACACS password modification entry will age out. This log contains the session ID.

Parameters

Parameter Name Parameter Meaning
[STRING] Session ID.

Possible Causes

An HWTACACS password modification entry was not deleted.

Procedure

  1. The system will automatically delete the entry within 90 minutes. No action is required.
Translation
简体中文
Download
Updated: 2022-01-25

Document ID: EDOC1100126883

Views: 34777

Downloads: 18

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :