Operation Manual – AAA & RADIUS & HWTACACSH3C S3610&S5510 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACS Configuration1-49#Create local user telnet.[Sysname] local-user telnet[Sysname-luser-telnet] service-type telnet[Sysname-luser-telnet] password simple telnet[Sysname-luser-telnet] quit# Enable Telnet.[Sysname] telnet server enable# Configure AAA scheme for the ISP domain[Sysname] domain test[Sysname-isp-test] authentication login local[Sysname-isp-test] authorization login hwtacacs-scheme hwtac[Sysname-isp-test] accounting login radius-scheme cams[Sysname-isp-test] quit# Configure default AAA schemes, in which user type is not checked.[Sysname] domain test[Sysname-isp-test] authentication default local[Sysname-isp-test] authorization default hwtacacs-scheme hwtac[Sysname-isp-test] accounting default radius-scheme cams1.8 Troubleshooting AAA & RADIUS & HWTACACSConfiguration1.8.1 Troubleshooting the RADIUS ProtocolThe RADIUS protocol is at the application layer in the TCP/IP protocol suite. Thisprotocol prescribes how the switch and the RADIUS server of the ISP exchange userinformation with each other.Symptom 1: User authentication/authorization always fails.Possible reasons and solutions:z The user name is not in the userid@isp-name format, or no default ISP domain isspecified on the switch — Use the correct user name format, or set a default ISPdomain on the switch.z The user is not configured in the database of the RADIUS server — Check thedatabase of the RADIUS server, make sure that the configuration informationabout the user exists.z The user input an incorrect password — Be sure to input the correct password.z The switch and the RADIUS server have different shared keys — Compare theshared keys at the two ends, make sure they are identical.