Comware

 View Only

  • 1.  Error : This scheme is referenced in a Domain

    Posted Aug 18, 2015 05:39 AM

    Hello

     

    HP switch 1920

    want to remove RADIUS servers (that are defined), getting this error

    This scheme is referenced in a Domain

     

     

    I want to remove the defined RADIUS and create new again.

     

    Because facing Authentication problems , after implementing port security, AAA, when connecting client to the switch port.

    PC gets connected on the DOMAIN / NETWORK, gets correct VLAN subnet IP (As defined in NPS/NAP server)

    but it is in "Attempting to Authenticate" state.

    And after 2 minutes PC disconnects from the network, and re authentication occurs this cycle goes on again and again.

     

    Thanks

    Regards

     



  • 2.  RE: Error : This scheme is referenced in a Domain

    Posted Aug 18, 2015 03:05 PM

    The error:  "This scheme is referenced in a domain " is actually self explanatory. You have probably entered this RADIUS scheme in an ISP domain in order to be used for authentiction, authorization and/or accounting. Since the domain references to this scheme, the switch assumes that the scheme is in use and doesnt allow it to be deleted.

     

    You can go to authentication -->AAA ->select ISP domain and check whether the radius scheme is defined under Authentication, Authorization and Accounting for some of the domains. After you have removed the scheme, you should be able to delete it.

     

    Regarding the issue with the repeating disconnects, it is hard to tell what exactly is the cause without more information. If you are configuring 802.1x authentication, maybe you could try to disable the "Enable Handshake" option in the 802.1x port configuration menu. I found the following in the manual about this setting:

     

    NOTE:

    If the network has 802.1X clients that cannot exchange handshake packets with

    the network access device, disable the online user handshake function to

    prevent their connections from being inappropriately torn down.

     

     

     



  • 3.  RE: Error : This scheme is referenced in a Domain

    Posted Aug 19, 2015 02:07 AM

    Thanks Emil

     

    Yes I have defined the RADIUS in an isp, but even going to AAA, and trying to remove / unselect that defined RADIUS.

    Able to remove it from "LAN Access Authentication" but not from "Default Authentication" as it says there are currently users connected.

     

    Have not enabled 802.1x, Enabled "port security" though.

     

     



Related Content