Authentication of the local users accessed from an ME60 through PPPoE dialup fails, and the 691 error occurs. It is doubted that the authentication configuration is incorrect.
1. Check the local authentication configuration on the ME60.
<ME60-05>disp cu interface GigabitEthernet 4/1/3.3
interface GigabitEthernet4/1/3.3 //Interface from which the user performs dialup
access-type layer2-subscriber default-domain authentication ceshi
authentication-method ppp web
< ME60-05> sys
[ME60-05-aaa]dis th //Configuration of the authentication template and accounting template
authentication-mode local radius
[ME60-05-aaa-domain-ceshi]dis this //ceshi domain configuration
[ME60-05-local-aaa-server]dis this //Local user configuration
user test123 password irreversible-cipher $1a$s9[l(T8_;5$.z!x-Phrm+:wrQ(HzJ#3`^M.Ofr6u!UxGb0StZQS$ authentication-type A block fail-times 3 interval 5
It is found that the authentication type of the local user is incorrect.
After the authentication type is changed to authentication-type P, perform a
dial-up test again. The configuration is as follows:
[ME60-05-local-aaa-server]user test123 password irreversible-cipher $1a$s9[l(T8_;5$.z!x-Phrm+:wrQ(HzJ#3`^M.Ofr6u!UxGb0StZQS$ authentication-type P
2. The problem still persists. It is doubted that the authentication configuration is still incorrect. Trace the MAC address of the dialup terminal to view the dialup process.
Dec 5 2017 15:41:56.230.8 QDHX-WK-BAS-ME60-05
MAC Address : 80C1-6EE4-5789
IP Address : 255.255.255.255
Interface : GigabitEthernet4/1/3.3
PE VLAN ID : 333
User Name : test123@ceshi]
[trace info:Authen fail: password not match] //Authentication fails. An error message is displayed indicating that the password does not match. Change the user name to cba123@ceshi and test again.
[ME60-05-local-aaa-server]user test123@ceshi password irreversible-cipher $1a$s9[l(T8_;5$.z!x-Phrm+:wrQ(HzJ#3`^M.Ofr6u!UxGb0StZQS$ authentication-type P
3. The problem still persists. Check the product document. It is found that the following information is contained in the description of configuring a local account:
When a PPP user performs local CHAP authentication, the irreversible-cipher configuration is not allowed. Otherwise, the authentication fails.
The account is encrypted based on the irreversible-cipher configuration, which needs to be changed.
The encryption mode configured for the local account does not match, resulting in a dialup failure.
Change the encryption mode of the local account.
[ME60-05-local-aaa-server]user test123@ceshi password cipher $1a$s9[l(T8_;5$.z!x-Phrm+:wrQ(HzJ#3`^M.Ofr6u!UxGb0StZQS$ authentication-type P