Manuals / NEC / Computer Equipment / Network Hardware

NEC IP8800/S2400, IP8800/S6600, IP8800/S3600 Login Authentication Using RADIUS/TACACS+ Is Disabled

Models: IP8800/S6700 IP8800/S3600 IP8800/S6600 IP8800/S6300 IP8800/S2400

1 250
Download 250 pages 34.34 Kb
Page 87
Image 87

3. Troubleshooting Functional Failures in Operation

No.

Symptom

 

Action to Be Taken or Reference

 

 

 

3

Key entry rejected.

Determine the cause by following the steps below:

 

 

1.

Data sending/receiving may be interrupted by the XON/XOFF flow control. Restart the

 

 

 

data sending/receiving (press [Q] key with the [Ctrl] key pressed). If key entry is still

 

 

 

disabled, check No. 2 or later.

 

 

2.

Check to see if the communication software is configured properly.

 

 

3.

The screen may be suspended by [Ctrl]+[S]. Press any key.

 

 

 

4

Some users remain in the login

Wait for automatic logout or log in again and use the killuser command to delete users

 

state.

in the login state. If editing the configuration is on the way, the possibly changed

 

 

configuration information has not been saved. Log in again and enter the configuration mode

 

 

to save the change and exit from the editing.

 

 

 

 

3.3.3Login Authentication Using RADIUS/TACACS+ Is Disabled

If login authentication using RADIUS/TACACS+ is failed, check the following:

1.Communication with the RADIUS/TACACS+ server

Use the ping command to see if communication from this system to the RADIUS/TACACS+ server is achieved. If it is not possible to communicate with the server, see "3.6.1 Communication Is Disabled or Is Disconnected." If a local address has been defined in configuration, check the connectivity between this system and RADIUS/ TACACS+ servers by issuing ping from the local address.

2.Setting timeout value and retry count

For the RADIUS authentication, you can use configuration commands radius-server host, radius-server retransmit, and radius-server timeout to determine the maximum value of the timeout, which determines that communication between this system and the RADIUS server is faulty. This value is calculated by <set timeout value (sec.)> ⋅ <set retry count> ⋅ <set number of RADIUS servers>.

For the TACACS+ authentication, you can use configuration commands tacacs-server host and tacacs-server timeout to determine the mazimum value of the timeout, which determines that communication between this system and TACACS+ server is faulty. This value is calculated by <set timeout value (sec.)> ⋅ <set number of TACACS+ servers>. If this time is extremely long, applications such as telnet on the remote operation terminal may be terminated as a result of timeout. If this is the case, edit the value on the RADIUS/ TACACS+ configuration or the timeout value on the application running on the remote operation terminal. If telnet or ftp fails despite the "RADIUS/TACACS+ authentication successful" message appears in the operation log, the application on the remote operation terminal may have timed out until it can connect to the running RADIUS/ TACACS+ server out of multiple RADIUS server specified in the configuration. In this case, make sure you set up that the running RADIUS/TACACS+ server will take precedence or decrease the <Timeout value (in seconds)> ⋅ <Number of retries> value.

3.3.4Command Authorization Using RADIUS/TACACS+ Is Disabled

If command authorization fails even when login to this system through RADIUS/TACACS+ authentication was successful, or if an authorization error message is displayed and command cannot be executed, check the following:

1.Check using the show whoami command

Using the show whoami command on this system, the list of operation commands permitted/limited for the current user can be displayed and checked. Confirm that the command list has been acquired according to the setting on the RADIUS or TACACS+ server.

2.Check for server settings

Confirm that setting on command authorization on this system is correct on the RADIUS/TACACS+ server. For RADIUS, beware the settings for vendor-specific attributes. For TACACS+, beware service and attribute name. For detail on the RADIUS/TACACS+ server settings, see the manual "Configuration Settings."

25

Page 86 Page 88
Page 87
Image 87
NEC IP8800/S2400, IP8800/S6600 manual Login Authentication Using RADIUS/TACACS+ Is Disabled, Disabled, check No or later
Page 86 Page 88

IP8800/S6700, IP8800/S3600, IP8800/S6600, IP8800/S6300, IP8800/S2400 specifications

The NEC IP8800 series comprises a range of advanced networking solutions designed for various applications ranging from enterprise networking to service provider environments. This series includes models such as the IP8800/S2400, IP8800/S3600, IP8800/S6300, IP8800/S6600, and IP8800/S6700, each with its unique set of features and capabilities aimed at delivering robust performance, security, and scalability.

The IP8800/S2400 is an entry-level switch tailored for small to medium enterprises. It features a compact design and high port density, making it ideal for network edge applications. The model supports both Layer 2 and Layer 3 switching capabilities, enabling efficient traffic management. With its robust security features, including access control lists and support for VLANs, the IP8800/S2400 ensures secure connectivity.

Moving to the IP8800/S3600, this switch is designed for data center environments and offers high throughput with advanced routing capabilities. It is equipped with high-capacity 10G and 40G Ethernet ports, facilitating faster data transfer rates. The S3600 supports various protocols such as MPLS and Segment Routing, enhancing its ability to manage complex network architectures. Its energy-efficient design also helps reduce operational costs.

The IP8800/S6300 is tailored for high-performance networking scenarios, featuring a flexible architecture that supports both traditional and cloud-based services. With extensive QoS capabilities, the S6300 optimizes traffic flow and manages bandwidth efficiently, ensuring high-quality service delivery. Its virtualization support allows for easier integration into modern, software-defined networking environments.

The IP8800/S6600 provides a comprehensive solution for service providers and large enterprises, boasting high scalability and modularity. This model supports advanced features such as network slicing and the ability to handle high-density 100G interfaces. Its robust management tools, including centralized control and automation capabilities, simplify network operations significantly.

Finally, the IP8800/S6700 represents the pinnacle of the series, designed for mission-critical applications requiring the utmost reliability and performance. It supports advanced analytics, AI-driven insights, and comprehensive telemetry, enabling proactive network management. With high availability features and extensive redundancy options, the S6700 ensures continuous operation, making it ideal for core network functions.

In summary, the NEC IP8800 series offers a versatile range of switches that combine advanced technologies, high performance, and robust security features, catering to various networking needs across different industries. Each model is designed to provide not only superior connectivity but also the flexibility and scalability required in today’s fast-paced digital landscape.