AAA
- AAA/6/ACCT_SESSION_EXPIRED
- AAA/6/AUTHEN_SESSION_EXPIRED
- AAA/6/AUTHOR_SESSION_EXPIRED
- AAA/6/LOCALACCOUNT_DELETE
- AAA/6/LOCALACCOUNT_LOCK
- AAA/6/LOCALACCOUNT_UNLOCK
- AAA/6/LOCALACCOUNT_MODIFY
- AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_LOCK
- AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_UNLOCK
- AAA/6/LOCALACCOUNT_PASSWORD_MODIFY
- AAA/6/LOCALACCOUNT_PASSWORD_EXPIRED
- AAA/6/DOMAIN_ACTIVE
- AAA/6/DOMAIN_BLOCK
- AAA/6/LOCALACCOUNT_EXPIRED
- AAA/6/LOCALACCOUNT_IN_TIMERANGE
- AAA/6/LOCALACCOUNT_NOT_EXPIRED
- AAA/6/LOCALACCOUNT_OUT_TIMERANGE
- AAA/6/LOCALACCOUNT_MODIFY_FAIL
- AAA/6/USER_EVENT_RADIUS_PROC
- AAA/6/REMOTEACCOUNT_LOCK
- AAA/6/REMOTEACCOUNT_UNLOCK
- AAA/6/TAC_ATTRIBUTECHANGE_SUCCESS
- AAA/6/TAC_CHANGEFAILD
- AAA/6/TACCHPASS_SESSION_EXPIRED
AAA/6/AUTHEN_SESSION_EXPIRED
AAA/6/LOCALACCOUNT_LOCK
AAA/6/LOCALACCOUNT_UNLOCK
Possible Causes
- The local-user user-name state active command was executed.
- The lock function was enabled for the local account, and the number of consecutive times that a user entered incorrect passwords reached the maximum. The local account was locked. The local account was automatically unlocked when the lock duration reached.
AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_LOCK
Message
AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_LOCK:The password of local account [STRING] cannot be changed.
AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_UNLOCK
AAA/6/LOCALACCOUNT_PASSWORD_MODIFY
Message
AAA/6/LOCALACCOUNT_PASSWORD_MODIFY:The user [STRING1] with IP address [STRING2] changed the password of [STRING3] through the web NMS.
AAA/6/LOCALACCOUNT_PASSWORD_EXPIRED
AAA/6/DOMAIN_ACTIVE
Message
AAA/6/DOMAIN_ACTIVE:The domain [STRING] is changed from blocked to active because the current time is not within the blocking period.
Description
The current time is not included in the block period; therefore, the domain status is changed from blocked to activated.
AAA/6/DOMAIN_BLOCK
Message
AAA/6/DOMAIN_BLOCK:The domain [STRING] is changed from active to blocked because the current time is within the blocking period.
Description
The current time is included in the block period; therefore, the domain status is changed from activated to blocked.
Possible Causes
The current time is included in the block period configured by state block time-range, so the domain status is changed from activated to blocked.
Procedure
- If you want to activate a domain, perform either of the
following operations:
- Run the time-range command to change the block period.
- Run the undo state block time-range command to delete the block period.
- After the block period expires, the domain status automatically changes from blocked to activated.
AAA/6/LOCALACCOUNT_EXPIRED
Message
AAA/6/LOCALACCOUNT_EXPIRED:The local account [STRING] becomes invalid because the current time is not within the expiry date specified by user.
Possible Causes
The current time is not in the expiry date configured by local-user expire-date, so the account becomes invalid.
Procedure
- If you need to allow the user to be authenticated through
this account, perform either of the following operations to make the
account effective:
- Run the local-user expire-date command to modify the expiry date.
- Run the undo local-user expire-date command to delete the expiry date so that the account is permanently valid.
AAA/6/LOCALACCOUNT_IN_TIMERANGE
Message
AAA/6/LOCALACCOUNT_IN_TIMERANGE:The local account [STRING] becomes valid because the current time is within the access permission period.
AAA/6/LOCALACCOUNT_NOT_EXPIRED
AAA/6/LOCALACCOUNT_OUT_TIMERANGE
Message
AAA/6/LOCALACCOUNT_OUT_TIMERANGE:The local account [STRING] becomes invalid because the current time is not within the access permission period.
Description
The current time is not within the access permission period, so the local account becomes invalid.
Possible Causes
The current time is not in the access permission period configured by local-user time-range, so the account becomes invalid.
Procedure
- If you need to allow the user to be authenticated through this account, perform either of the following operations to make the account effective:
- Run the time-range command to modify the access permission period.
- Run the local-user time-range command to delete the access permission time so that the account is permanently valid.
- Wait until the access permission period is reached. The user can be authenticated through this account within the access permission period.
AAA/6/LOCALACCOUNT_MODIFY_FAIL
Message
AAA/6/LOCALACCOUNT_MODIFY_FAIL:Failed to modify local account [STRING1] password. FailReason = [STRING2].
Parameters
Parameter Name | Parameter Meaning |
---|---|
[STRING1] |
Indicates the local account name. |
[STRING2] |
Indicates the reason why the password failed to be changed. |
Possible Causes
The device asks a user to change the password when a user logs in to the device using the default password or initial password for the first time after the local administrator password policy is configured, or a user logs in to the device using an expired password or a password about to expire. If any of the following errors occur in password changing process, the log is recorded:
- The new password does not meet the length requirement.
- The new password is the same as a historical password.
- The original password entered is incorrect.
- The new password does not meet complexity requirement (the password must contain at least two types of uppercase and lowercase letters, numerals, and special characters).
- The new password is the same as the user name or the user name in reverse order.
- The new password is the same as the default password of local users on the device.
- The new password contains spaces.
AAA/6/USER_EVENT_RADIUS_PROC
Message
AAA/6/USER_EVENT_RADIUS_PROC: radius authentication procedure. (DeviceMac=[DeviceMac], UserMac=[UserMac], UserIP=[UserIP], UserName=[UserName], Result=[Result], Msg=[Msg], TIME=[TIME], AUTHID=[AUTHID], ReplyMsg=[ReplyMsg])
The last authentication mode is RADIUS authentication during user authentication.
Parameters
Parameter Name | Parameter Meaning |
---|---|
DeviceMac |
Device MAC address. |
UserMac |
User MAC address. |
UserIP |
User IP address. |
UserName |
User name. |
Result |
Authentication result. |
Msg |
Authentication message. |
TIME |
Time when an authentication packet is received or sent. |
AUTHID |
Global authentication ID. |
ReplyMsg |
Response message. |
AAA/6/REMOTEACCOUNT_LOCK
Possible Causes
The remote AAA authentication account locking function has been enabled using the access-user remote authen-fail or administrator remote authen-fail command. When a user using remote AAA authentication (RADIUS or HWTACACS) entered incorrect user name or password consecutively within the interval, the user was locked.
Procedure
- If an account is mislocked or needs to be unlocked due to any reason, run the remote-user authen-fail unblock command to unlock the account.
- If the account is not mislocked, check whether an unauthorized user is cracking the user name or password, and enhance account protection on the RADIUS or HWTACACS server.
AAA/6/REMOTEACCOUNT_UNLOCK
AAA/6/TAC_ATTRIBUTECHANGE_SUCCESS
Message
AAA/6/TAC_ATTRIBUTECHANGE_SUCCESS:User attribute has been changed. Attribute=password, OperatorName=[STRING], OperatorIPAddress=[STRING], UserName=[STRING], ServerIPAddress=[STRING], VPNName=[STRING].
Parameters
Parameter Name | Parameter Meaning |
---|---|
Attribute |
Attribute of the user. The value is a password. |
OperatorName |
Name of the operator. |
OperatorIPAddress |
IP address of the operator. |
UserName |
Name of the user whose attributes need to be changed. |
ServerIPAddress |
IP address of the HWTACACS server. |
VPNName |
Name of the VPN instance to which the user belongs. The value may be empty if the user is located on a public network. |
AAA/6/TAC_CHANGEFAILD
Message
AAA/6/TAC_CHANGEFAILD:Failed to change user attribute. Attribute=password, OperatorName=[STRING], OperatorIPAddress=[STRING], UserName=[STRING], ServerIPAddress=[STRING], VPNName=[STRING].
Parameters
Parameter Name | Parameter Meaning |
---|---|
Attribute |
Attribute of the user. The value is a password. |
OperatorName |
Name of the operator. |
OperatorIPAddress |
IP address of the operator. |
UserName |
Name of the user whose attributes need to be changed. |
ServerIPAddress |
IP address of the HWTACACS server. |
VPNName |
Name of the VPN instance to which the user belongs. The value may be empty if the user is located on a public network. |
- AAA/6/ACCT_SESSION_EXPIRED
- AAA/6/AUTHEN_SESSION_EXPIRED
- AAA/6/AUTHOR_SESSION_EXPIRED
- AAA/6/LOCALACCOUNT_DELETE
- AAA/6/LOCALACCOUNT_LOCK
- AAA/6/LOCALACCOUNT_UNLOCK
- AAA/6/LOCALACCOUNT_MODIFY
- AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_LOCK
- AAA/6/LOCALACCOUNT_MODIFY_PASSWORD_UNLOCK
- AAA/6/LOCALACCOUNT_PASSWORD_MODIFY
- AAA/6/LOCALACCOUNT_PASSWORD_EXPIRED
- AAA/6/DOMAIN_ACTIVE
- AAA/6/DOMAIN_BLOCK
- AAA/6/LOCALACCOUNT_EXPIRED
- AAA/6/LOCALACCOUNT_IN_TIMERANGE
- AAA/6/LOCALACCOUNT_NOT_EXPIRED
- AAA/6/LOCALACCOUNT_OUT_TIMERANGE
- AAA/6/LOCALACCOUNT_MODIFY_FAIL
- AAA/6/USER_EVENT_RADIUS_PROC
- AAA/6/REMOTEACCOUNT_LOCK
- AAA/6/REMOTEACCOUNT_UNLOCK
- AAA/6/TAC_ATTRIBUTECHANGE_SUCCESS
- AAA/6/TAC_CHANGEFAILD
- AAA/6/TACCHPASS_SESSION_EXPIRED