Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
919293949596979899100
78
<RouterB> system-view
[RouterB] radius-server user aaa
# Configure a plaintext password aabbcc for user aaa.
[RouterB-rdsuser-aaa] password simple aabbcc
[RouterB-rdsuser-aaa] quit
# Specify the IP address of the RADIUS client as 10.1.1.1 and the plaintext shared key as abc in
plain text.
[RouterB] radius-server client-ip 10.1.1.1 key simple abc
Verifying the configuration
After entering username aaa@bbb or aaa and password aabbcc, user aaa can Telnet to Router A. Use
the display connection command to view the connection information on Router A.
<RouterA> display connection
Index=1 ,Username=aaa@bbb
IP=192.168.1.2
IPv6=N/A
Total 1 connection(s) matched.
Troubleshooting AAA
Troubleshooting RADIUS
Symptom 1
User authentication/authorization always fails.
Analysis
Possible reasons include:
A communication failure exists between the NAS and the RADIUS server.
The username is not in the format userid@isp-name or the ISP domain is not correctly configured on
the NAS.
The user is not configured on the RADIUS server.
The password entered by the user is incorrect.
The RADIUS server and the NAS are configured with different shared keys.
Solution
Check that:
The NAS and the RADIUS server can ping each other.
The username is in the userid@isp-name format and the ISP domain is correctly configured on the
NAS.
The user is configured on the RADIUS server.
The correct password is entered.
The same shared key is configured on both the RADIUS server and the NAS.