Panasonic 8000 User Manual

Page 34

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

1 AAA troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

The preceding display indicates that the RADIUS authentication packet has been sent out.
You must then check whether the response packet is received. If the following display
prompts, the authentication server is not started. You then need to check the RADIUS
authentication server.

#Mar 12 01:49:08 2000 RT1 RDS/5/RDAUTHDOWN:RADIUS authent^icatiDn server(IP 192.168.1.128)

is down!

Step 2 Check the RADIUS authentication server.

Check whether the IP address and the port of the authentication server are configured
correctly. If so, check whether the RADIUS server is running normally.

To check whether the related services are enabled on ports, use the diagnostic tool provided
by the operating system.

If the RADIUS server and the NAS can receive packets from each other, continue to check
the following.

Step 3 Check whether the RADIUS server displays failing authentication information.

Although the NAS and RADIUS server can communicate, the authentication fails. The cause

is the RADIUS server. Check the following:

The NAS address and the shared key are configured on the RADIUS server.

The shared key configured on the RADIUS server is consistent with that on the NAS.

The user is configured on the RADIUS server. Note that the server template configured
on the NAS can strip the domain name from the logon user name.

The password of the user configured on RADIUS server is consistent with that of the
logon user.

If the authentication fails, the output or the logon record is displayed. You can view the
records to determine the causes for the authentication failure. The possible causes are as
follows:

The user name does not exist.

The password including the shared key on the server is not consistent with that on the

NAS.

The NAS address is not configured.

After the preceding check and modifications, most authentication faults disappear.

If FTP fails after the authentication succeeds, continue to check the following.

Step 4 Check that NAS can receive the authorized FTP directory.

If the FTP logon view displays “503 Logged fail, authentication directory is incorrect or
Connection closed by remote host,” the FTP directory authorization is incorrect.

After RADIUS packet debugging is enabled, you can view that the NAS can receive the

debugging information about authentication response packets sent by the RADIUS server.

Radius Received a Packet

Server Template: 0

Server IP : 192.168.1.202

Server Port : 1812

Protocol: Standard

Code

: 2

Len

: 33

1-16

Nortel Networks Inc.

Issue 01.01 (30 March 2009)

Advertising
Popular Brands
Popular manuals