Добрый день!
Подскажите пожалуйста, что может быть?
Настроен сервер tacacs+. К нему подключаются huawei s6730 через один из свитчей. Сами свитчи соединены по ospf.
Свитчи 1, 2, и 3 нормально авторизуются а остальные нет.
Настройки на всех свитчах идентичны:
aaa
authentication-scheme default
authentication-mode local hwtacacs
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local hwtacacs
authorization-cmd 1 hwtacacs
authorization-cmd 5 hwtacacs
accounting-scheme default
accounting-mode hwtacacs
accounting start-fail online
recording-scheme sch0
recording-mode hwtacacs t1
cmd recording-scheme sch0
outbound recording-scheme sch0
system recording-scheme sch0
local-aaa-user password policy administrator
password history record number 0
undo password alert original
password expire 0
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
authorization-scheme default
hwtacacs-server t1
hwtacacs-server template t1
hwtacacs-server authentication 192.168.112.42
hwtacacs-server authorization 192.168.112.42
hwtacacs-server accounting 192.168.112.42
hwtacacs-server source-ip 172.16.0.5
hwtacacs-server shared-key cipher XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX!!
hwtacacs-server timer response-timeout 30
display hwtacacs-server template t1
---------------------------------------------------------------------------
HWTACACS-server template name : t1
Primary-authentication-server : 192.168.112.42:49 Vrf: Status:UP
Primary-authentication-ipv6-server : -:0 Vrf: Status:-
Primary-authorization-server : 192.168.112.42:49 Vrf: Status:UP
Primary-authorization-ipv6-server : -:0 Vrf: Status:-
Primary-accounting-server : 192.168.112.42:49 Vrf: Status:UP
Primary-accounting-ipv6-server : -:0 Vrf: Status:-
Secondary-authentication-server : -:0 Vrf: Status:-
Secondary-authentication-ipv6-server : -:0 Vrf: Status:-
Secondary-authorization-server : -:0 Vrf: Status:-
Secondary-authorization-ipv6-server : -:0 Vrf: Status:-
Secondary-accounting-server : -:0 Vrf: Status:-
Secondary-accounting-ipv6-server : -:0 Vrf: Status:-
Third-authentication-server : -:0 Vrf: Status:-
Third-authentication-ipv6-server : -:0 Vrf: Status:-
Third-authorization-server : -:0 Vrf: Status:-
Third-authorization-ipv6-server : -:0 Vrf: Status:-
Third-accounting-server : -:0 Vrf: Status:-
Third-accounting-ipv6-server : -:0 Vrf: Status:-
Fourth-authentication-server : -:0 Vrf: Status:-
Fourth-authentication-ipv6-server : -:0 Vrf: Status:-
Fourth-authorization-server : -:0 Vrf: Status:-
Fourth-authorization-ipv6-server : -:0 Vrf: Status:-
Fourth-accounting-server : -:0 Vrf: Status:-
Fourth-accounting-ipv6-server : -:0 Vrf: Status:-
Current-authentication-server : 192.168.112.42:49 Vrf: Status:UP
Current-authentication-ipv6-server : -:0 Vrf: Status:-
Current-authorization-server : 192.168.112.42:49 Vrf: Status:UP
Current-authorization-ipv6-server : -:0 Vrf: Status:-
Current-accounting-server : -:0 Vrf: Status:-
Current-accounting-ipv6-server : -:0 Vrf: Status:-
Source-IP-address : 172.16.0.5
Source-LoopBack : -
Source-Vlanif : -
Source-IPv6-address : -
IPv6 Source-LoopBack : -
IPv6 Source-Vlanif : -
Shared-key : ****************
Quiet-interval(min) : 5
Response-timeout-Interval(sec) : 30
Domain-included : Original
Traffic-unit : B
User name in authen-start message : No
---------------------------------------------------------------------------
Логи
%%01SSH/4/SSH_FAIL(s)[8]:Failed to login through SSH. (IP=172.20.55.4, VpnInstanceName= , UserName=test, Times=1, FailedReason=User password authentication failed)
%%01TAC/4/TACAUTHENDOWN(l)[9]:Communication with the HWTACACS authentication server (IP:192.168.112.42) is interrupted!
%%01TAC/4/TACACCTDOWN(l)[11]:Communication with the HWTACACS accounting server (IP:192.168.112.42) is interrupted!
Тест
test-aaa test admin hwtacacs-template t1
Info: This operation may take a few seconds...
Info: Account test time out.