Troubleshooting Procedure
NOTE
Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault,
you will have a record of your actions to provide Huawei technical support personnel.
Procedure
Step 1
Run the
ping
command to check whether the link between the AR2200-S and the HWTACACS
server is working.
l
If the ping operation fails, rectify the link fault according to
.
l
If the ping operation succeeds, go to step 2.
Step 2
Check whether the number of online users has reached the maximum.
Both the AR2200-S and HWTACACS server have a limit on the number of online users. Run
the
display access-user
command on the AR2200-S to check the number of online users.
l
If the number of online users has reached the maximum, you do not need to take any action.
The user can log in after the number of online users falls below the maximum.
l
If the number of online users has not reached the maximum, check the maximum number of
online users set on the HWTACACS server. If the maximum number of online users set on
the HWTACACS server has not been reached, go to step 3.
Step 3
Check the HWTACACS configuration on the AR2200-S to ensure that:
l
The authentication domain of the user is in Active state.
l
The authentication scheme bound to the user domain is HWTACACS authentication.
l
The correct HWTACACS server template is bound to the domain. The IP address and port
of the authentication server, authorization server, and accounting server are set correctly in
the template. The source address in the packet sent by the router must be the same as the
allowed address configured on the HWTACACS server.
l
The user name format and shared key specified in the template are the same as those on the
HWTACACS server.
Before checking the last two items, connecting the AR2200-S to a HWTACACS server.
Action
Command
Check the domain configuration.
display domain
Check which HWTACACS server template
is bound to the domain.
display domain
name
domain-name
Check the authentication scheme bound to the
domain.
display authentication-scheme
Check the authorization scheme bound to the
domain.
display authorization-scheme
Check the accounting scheme bound to the
domain.
display accounting-scheme
Huawei AR2200-S Series Enterprise Routers
Troubleshooting
10 Security
Issue 01 (2012-01-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
274