[RouterA] domain bbb
[RouterA-isp-bbb] authentication ppp hwtacacs-scheme hwtac
[RouterA-isp-bbb] authorization ppp hwtacacs-scheme hwtac
[RouterA-isp-bbb] accounting ppp hwtacacs-scheme hwtac
[RouterA-isp-bbb] quit
# Enable PPP encapsulation on Serial 2/1/0/1:0.
[RouterA] interface serial 2/1/0/1:0
[RouterA-Serial2/1/0/1:0] link-protocol ppp
# Configure Serial 2/1/0/1:0 to authenticate the peer by using PAP in authentication domain
bbb.
[RouterA-Serial2/1/0/1:0] ppp authentication-mode pap domain bbb
3.
Configure Router B:
# Configure IP addresses for interfaces. (Details not shown.)
# Enable PPP encapsulation on Serial 2/1/0/1:0.
<RouterB> system-view
[RouterB] interface serial 2/1/0/1:0
[RouterB-Serial2/1/0/1:0] link-protocol ppp
# Configure the local username and password for PAP authentication to userb and plaintext
passb, respectively.
[RouterB-Serial2/1/0/1:0] ppp pap local-user userb password simple passb
Verifying the configuration
# Use the display interface serial command to display information for Serial 2/1/0/1:0. The PPP link
is established if the output contains the following information:
•
Both the physical layer and link layer are up.
•
LCP and IPCP have entered the Opened state.
Router A and Router B can ping each other.
Troubleshooting RADIUS
RADIUS authentication failure
Symptom
User authentication always fails.
Analysis
Possible reasons include:
•
A communication failure exists between the NAS and the RADIUS server.
•
The username is not in the userid@isp-name format, or the ISP domain is not correctly
configured on the NAS.
•
The user is not configured on the RADIUS server.
•
The password entered by the user is incorrect.
•
The RADIUS server and the NAS are configured with different shared keys.
Solution
To resolve the problem:
1.
Verify the following items:
79