Figure 10-4
HWTACACS authentication fails
RouterA
RouterB
RouterC
RouterD
Loopback0
Loopback0
Loopback0
Loopback0
TACACS server
202.102.216.245/24
202.97.30.227/32
After the configuration, the user fails to pass the Huawei Terminal Access Controller Access-
Control System (HWTACACS) authentication by using the valid user name and password.
Fault Analysis
1.
Check the user name and password configured on the HWTACACS server. The configured
user name and password are the same as those entered by the user.
2.
Run the
ping
command on RouterA to ping the HWTACACS server. The ping operation
is successful.
3.
Run the
display current-configuration
command on RouterA to check the HWTACACS
configuration. The following configuration is displayed in the HWTACACS server
template:
hwtacacs-server source-ip 202.97.30.227
In the preceding information, 202.97.30.227 is the IP address of the loopback interface on
RouterA.
This IP address is contained in the IS-IS routing table and is used as the source IP address
of HWTACACS packets sent by RouterA. The IS-IS configuration has been deleted;
therefore, RouterA cannot receive the authentication response packet with the destination
address 202.97.30.227 sent from the HWTACACS server. This may be the cause for the
HWTACACS authentication failure.
4.
Run the
ping
-a 202.97.30.227 202.102.216.245
command on RouterA to check whether
the loopback interface address can ping the IP address of the HWTACACS server. Here,
the IP address of the HWTACACS server is 202.102.216.245. The ping operation fails.
5.
Run the
display ip routing-table
command on RouterA. The command output shows that
the IP address of this loopback interface is not advertised by the OSPF protocol.
According to the preceding information, you can confirm that the authentication fails
because the IS-IS configuration is deleted and the OSPF protocol does not advertise the
loopback interface address.
Huawei AR2200-S Series Enterprise Routers
Troubleshooting
10 Security
Issue 01 (2012-01-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
281