R3303-HP HSR6800 Routers Security Configuration Guide
71
Solution
Check that:
• The NAS and the RADIUS server can ping each other.
• The username is in the userid@isp-name format and the ISP domain is correctly configured on the
NAS.
• The user is configured on the RADIUS server.
• The correct password is entered.
• The same shared key is configured on both the RADIUS server and the NAS.
Symptom 2
RADIUS packets cannot reach the RADIUS server.
Analysis
Possible reasons include:
• A communication failure exists between the NAS and the RADIUS server.
• The NAS is not configured with the IP address of the RADIUS server.
• The authentication/authorization and accounting UDP ports configured on the NAS are incorrect.
• The RADIUS server's authentication/authorization and accounting port numbers are being used by
other applications.
Solution
Check that:
• The link between the NAS and the RADIUS server work well at both the physical and data link
layers.
• The IP address of the RADIUS server is correctly configured on the NAS.
• The authentication/authorization and accounting UDP ports configured on the NAS are the same
as those of the RADIUS server.
• The RADIUS server's authentication/authorization and accounting port numbers are available.
Symptom 3
A user is authenticated and authorized, but accounting for the user is not normal.
Analysis
The accounting server configuration on the NAS is not correct. Possible reasons include:
• The accounting port number configured on the NAS is incorrect.
• The accounting server IP address configured on the NAS is incorrect. For example, the NAS is
configured to use a single server to provide authentication, authorization, and accounting services,
but in fact the services are provided by different servers.
Solution
Check that:
• The accounting port number is correctly configured.
• The accounting server IP address is correctly configured on the NAS.