R0106-HP MSR Router Series Security Configuration Guide(V7)
64
[RouterA-hwtacacs-hwtac] key accounting simple expert
# Configure the router to send usernames without domain names.
[RouterA-hwtacacs-hwtac] user-name-format without-domain
[RouterA-hwtacacs-hwtac] quit
# Create ISP domain bbb and configure the domain to use the HWTACACS scheme for
authentication, authorization, and accounting for PPP users.
[RouterA] domain bbb
[RouterA-isp-bbb] authentication ppp hwtacacs-scheme hwtac
[RouterA-isp-bbb] authorization ppp hwtacacs-scheme hwtac
[RouterA-isp-bbb] accounting ppp hwtacacs-scheme hwtac
[RouterA-isp-bbb] quit
# Enable PPP encapsulation on Serial 2/2/0.
[RouterA] interface serial 2/2/0
[RouterA-Serial2/2/0] link-protocol ppp
# Configure interface Serial 2/2/0 to authenticate the peer by using PAP in authentication
domain bbb.
[RouterA-Serial2/2/0] ppp authentication-mode pap domain bbb
# Assign an IP address to Serial 2/2/0.
[RouterA-Serial2/2/0] ip address 200.1.1.1 24
[RouterA-Serial2/2/0] quit
3. Configure Router B:
# Enable PPP encapsulation on Serial 2/2/0.
<RouterB> system-view
[RouterB] interface serial 2/2/0
[RouterB-Serial2/2/0] link-protocol ppp
# Configure the local username and password for PAP authentication to userb and plaintext passb,
respectively.
[RouterB-Serial2/2/0] ppp pap local-user userb password simple passb
# Assign an IP address to Serial 2/2/0.
[RouterB-Serial2/2/0] ip address 200.1.1.2 24
[RouterB-Serial2/2/0] quit
Verifying the configuration
# Use the display interface serial command to display information for Serial 2/2/0. The PPP link is
established if the output contains the following information:
• Both the physical layer and link layer are up.
• LCP and IPCP have entered the Opened state.
Router A and Router B can ping each other.
Troubleshooting RADIUS
RADIUS authentication failure
Symptom
User authentication always fails.