Switch 7700 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch Gigabit-LX Module

201

202

203

204

205

206

207

208

209

210

198 CHAPTER 9: AAA AND RADIUS OPERATION

configuration. Execute the debugging command in user view to debug AAA and

RADIUS.

Example: AAA and

RADIUS Protocol

Configuration

AAA/RADIUS protocol configuration commands are generally used together with

802.1x configuration commands. Refer to the typical configuration examples

provided in

“Configuring 802.1x”.

AAA and RADIUS

Protocol Fault Diagnosis

and Troubleshooting

RADIUS protocol of TCP/IP protocol suite is located on the application layer. It

mainly specifies how to exchange user information between NAS and RADIUS

server of ISP. So it is very likely to be invalid.

User authentication/authorization always fails

1 The username may not be in the userid@isp-name format. Or NAS has not been

configured with a default ISP domain. Please use the username in proper format

and configure the default ISP domain on NAS.

2 The user may have not been configured in the RADIUS server database. Check the

database and make sure that the configuration information of the user does exist

in the database.

3 The user may have input a wrong password. Make sure that the supplicant inputs

the correct password.

4 The encryption keys of RADIUS server and NAS may be different. Check carefully

and make sure that they are identical.

Tab le 33 Display and Debug AAA and RADIUS Protocol

Operation Command

Display the configuration

information of the specified or

all the ISP domains.

display domain [isp-name]

Display related information of

user’s connection

display connection {access-type {dot1x | gcm} | domain

isp-name | interface portnum | ip ip-address | mac

mac-address | radius-scheme radius-scheme-name | vlan

vlanid | ucibindex ucib-index | user-name user-name}

Display related information of

the local user

display local-user [domain isp-name | idle-cut {disable |

enable} | service-type {telnet | ftp | lan-access

} | state

{active | block} | user-name user-name | vlan vlan-id]

Display information of local

RADIUS server group

display local-server statistics

Display the configuration

information of all the RADIUS

server groups or a specified

one

display radius [radius-server-name]

Display the statistics

information of RADIUS packets

display radius statistics

Display the stopping

accounting requests saved in

buffer without response (from

system view)

display stop-accounting-buffer {radius-scheme

radius-scheme-name | session-id session-id | time-range

start-time stop-time | user-name user-name}

Delete the stopping

accounting requests saved in

buffer without response (from

system view)

reset stop-accounting-buffer {radius-scheme

radius-scheme-name | session-id session-id | time-range

start-time stop-time | user-name user-name}