Manualshelf

Router User Manual

ManualsBrandsPanasonic ManualsNetwork Router8000
31323334353637383940
1 AAA troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
1-16 Nortel Networks Inc. Issue 01.01 (30 March 2009)
The preceding display indicates that the RADIUS authentication packet has been sent out.
You must then check whether the response packet is received. If the following display
prompts, the authentication server is not started. You then need to check the RADIUS
authentication server.
#Mar 12 01:49:08 2000 RT1 RDS/5/RDAUTHDOWN:RADIUS authentication server(IP 192.168.1.128)
is down!
Step 2 Check the RADIUS authentication server.
Check whether the IP address and the port of the authentication server are configured
correctly. If so, check whether the RADIUS server is running normally.
To check whether the related services are enabled on ports, use the diagnostic tool provided
by the operating system.
If the RADIUS server and the NAS can receive packets from each other, continue to check
the following.
Step 3 Check whether the RADIUS server displays failing authentication information.
Although the NAS and RADIUS server can communicate, the authentication fails. The cause
is the RADIUS server. Check the following:
z
The NAS address and the shared key are configured on the RADIUS server.
z
The shared key configured on the RADIUS server is consistent with that on the NAS.
z
The user is configured on the RADIUS server. Note that the server template configured
on the NAS can strip the domain name from the logon user name.
z
The password of the user configured on RADIUS server is consistent with that of the
logon user.
If the authentication fails, the output or the logon record is displayed. You can view the
records to determine the causes for the authentication failure. The possible causes are as
follows:
z
The user name does not exist.
z
The password including the shared key on the server is not consistent with that on the
NAS.
z
The NAS address is not configured.
After the preceding check and modifications, most authentication faults disappear.
If FTP fails after the authentication succeeds, continue to check the following.
Step 4 Check that NAS can receive the authorized FTP directory.
If the FTP logon view displays “503 Logged fail, authentication directory is incorrect or
Connection closed by remote host,” the FTP directory authorization is incorrect.
After RADIUS packet debugging is enabled, you can view that the NAS can receive the
debugging information about authentication response packets sent by the RADIUS server.
Radius Received a Packet
Server Template: 0
Server IP : 192.168.1.202
Server Port : 1812
Protocol: Standard
Code : 2
Len : 33