After PPoE users originally subordinate to an MA5200 were migrated to a newly added ME60-16, some users failed to access the Internet and the error code was 691.
Networking before the migration: PC-MA5100-S3552-MA5200Networking after the migration: PC-MA5100-S6503-ME60-16
Huawei performed the following operations to address the problem:
1. Confirmed that user data had not been modified after the migration. Therefore, the problem was not caused by incorrect user names or passwords.
2. Verified that the NAS IPs and BRAS interface IDs for users were correct.
3. Verified that the RADIUS server was working properly.
4. Enabled the debug switch for the RADIUS server.
No RADIUS packets were found, indicating that user information was not sent to the RADIUS server.
5. Ran display aaa online-fail-record to check online failure information and found the message "send authentication request fail".According to analysis, all the accounts failed to dial up carried the domain name @north, which was used at the original MA5200, rather than @pppoe on the ME60. The interface under the BAS interface configuration was access-type layer2-subscriber default-domain authentication pppoe. The ME60 sent information from an account with the domain name of @pppoe or without a domain name to the pppoe domain that was configured with the ip-pool and radius-server group. The ME60 sent information from an account with an unknown domain name, such as @north, to the default1 domain that was not configured with radius-server group. Therefore, the information from the account with an unknown domain name was not sent to any RADIUS server and no RADIUS server responded to account. As a result, the account dialing up failed.
Either of the following solutions is effective:
1. Apply roam-domain pppoe to the related interface so that an account with an unknown domain name is allocated to the pppoe domain.2. Configure ip-pool and radius-server group for the default 1 domain. The default1 domain can be modified but cannot be deleted.