No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Knowledge Base

Cannot SSH login to AR3200

Publication Date:  2020-10-31  |   Views:  918  |   Downloads:  0  |   Author:  lWX511502  |   Document ID:  EKB1100058730

Contents
Issue Description Handling Process Root Cause Solution

Issue Description

device information: AR3200 V200R007C00SPCb00

terminal cannot login AR3200 by SSH with Radius account authentication but telnet is no problem

relevant Radius configuration is as follow:

#
radius-server template radiusA
radius-server shared-key cipher %^%#ZB(yT2fTfIx{TfXNb,jJD_YiI!7{NNh<*B9bGjoE%^%#
radius-server authentication 10.x.x.6 1102 source ip-address 10.x.x.2 weight 80
radius-server retransmit 2 timeout 3
undo radius-server user-name domain-included
#
aaa
authentication-scheme default
authentication-scheme radiusB
  authentication-mode radius local
authorization-scheme default
accounting-scheme default
service-scheme radiusC
  admin-user privilege level 3
service-scheme admin
domain default
domain default_admin
domain radius
  authentication-scheme radiusB
  service-scheme radiusC
  radius-server radiusA

Handling Process

1. check ping between AR and Radius server that is no problem

b28f75e0c24040249c1ef812b3544770

2. test-aaa account, that is also no problem

cbaad5c5f8f2476cac98113cf914f8e2

3. collect debugging information

From the debug information, we see Radius server delivers the [Login-Service] [6] [0] attribute which does not match the SSH supported parameter of AR3200. As a result, the verification fails.

<AR3200>
Sep 18 2018 16:54:50.550.4+00:00 HQYG-2D13F-AR02 RDS/7/DEBUG:
  Server Template: 0
  Server IP   : 10.x.x.6
  Server Port : 1102
  Protocol: Standard
  Code    : 2
  Len     : 126
  ID      : 149
  [Login-Service                      ] [6 ] [0]
  [Service-Type                       ] [6 ] [1]
  [Class                              ] [46] [92 A5 8 D2 0 0 1 37 0 1 2 0 A 28 1 6 0 0 0 0 21 F7 F9 58 64 D1 1F C8 1 D3 E0 14 9 14 F6 12 0 0 0 0 0 3 41 A7 ]

Currently, the device supports the following Login-Service attributes:

349f8fe41dc34087bfd57dfb8e3e66f5

Root Cause

Radius server delivers the [Login-Service] [6] [0] attribute which does not match the SSH supported parameter of AR3200. As a result, the verification fails

Solution

We can run the following commands to shield the attribute in the RADIUS template:

radius-server template radiusA
radius-server attribute translate
radius-attribute disable Login-Service receive

Feedback
Related resources
Documentation Software Download Bulletins Tools
Related searches
By Author
Help us to improve
Write an article

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :