Print

某局点S6850 super切换用户失败

zhiliao_0iJ9S2
2026-05-19 发表

问题描述

S6850登陆通过tacas认证。super network-operator切换用户时,输入用户名和密码后又弹出用户名登陆界面。

过程分析

查看交换机侧相关配置,未发现异常

line class vty
 user-role network-operator
#
line vty 0 63
 authentication-mode scheme
 user-role network-admin
 user-role network-operator
 protocol inbound ssh
 idle-timeout 5 0
 command authorization
 command accounting
#
 ssh server enable
#
 super authentication-mode scheme
 super password role network-admin simple testsuperlocal-

#
hwtacacs scheme acs
 primary authentication 18.1.185.202
 primary authorization 18.1.185.202
 primary accounting 18.1.185.202

 key authentication simple test
 key authorization simple test
 key accounting simple test
 timer response-timeout 1
 user-name-format without-domain
 nas-ip 18.1.82.2
 vpn-instance management_vpn
#
domain cxmt
 authentication default hwtacacs-scheme acs local    
 authorization default hwtacacs-scheme acs local
 accounting default hwtacacs-scheme acs local

//authentication super hwtacacs-scheme acs
#
domain sdn
#
 domain default enable cxmt 
domain system
 state block

查看手册发现切换到的是不是自定义角色,需要配置allowed-roles=”role的配置(服务器不同,配置的地方不同)。

 

解决方法

在服务器侧配置allowed-roles=”role”后正常