No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

After Some Terminals Are Allowed to log In to a Device, All Terminals Fail in Login

Publication Date:  2019-07-12 Views:  133 Downloads:  0

Issue Description

After some terminals are allowed to log in to a device, all terminals fail in login.

Alarm Information

C:\Users\twx466259>telnet X.X.X.X
Connecting X.X.X.X ...Failed to connect to the host. Port: 23: Connection fails.

Handling Process

1. Check the source IP address involved in the login failure and the ACL configuration.
(1) Check the IP address involved in the login failure.
dis access-user username admin
------------------------------------------------------------------------------
UserID     Username                  Domain-name               IP address    
------------------------------------------------------------------------------
1614       admin                    default_admin            X.X.X.122
(2) Check the ACL configuration.
acl number 2000
rule 10 permit source X.X.X.122 0
rule 16 deny
2. Check the alarm information.
Nov 30 2017 15:16:13 NE20E %%01TTY/5/hwUserLoginFail(t):VS=Admin-VS-CID=0x80c8042d-OID=1.3.6.1.4.1.2011.5.25.207.2.3;A user login failed. (UserIndex=37, UserName=**, UserIP=X.X.216.122, UserChannel=VTY3, AuthType=aaa, VpnInstanceName=test)
It is found that the source IP address is correct and a VPN instance is configured.

Root Cause

If the inbound interface is bound to a VPN instance, the ACL rule must be configured with the corresponding vpn-instance-name configuration. Otherwise, user login fails.

Solution

Change the ACL configuration.
rule permit  source   X.X.X.122 0 vpn-instance test

END