Segurança e VPN : Remote Authentication Dial-In User Service (RADIUS)

Atribua a sessão de PPP e rode em marcha lenta intervalos usando o RAIO

14 Outubro 2016 - Tradução por Computador
Outras Versões: Versão em PDFpdf | Inglês (22 Agosto 2015) | Feedback


Índice


Introdução

Esta configuração incorpora um cliente de Windows 95/98/NT com um modem que disque sobre uma linha analógica em um servidor de acesso. O início de uma sessão do usuário é autenticado e autorizado pelo servidor Radius no segmento de Ethernet do roteador. Cisco UNIX seguro e perfis de Windows neste documento usa os atributos padrão do Internet Engineering Task Force (IETF) para a sessão e o idle timeout. Os valores realizam-se nos segundos.

Este documento não fornece instruções de configuração passo a passo no NAS para o acesso de discagem ou o AAA. Para mais informação, refira configurar RADIUS AAA básicos para clientes de discagem de entrada.

Pré-requisitos

Requisitos

Não existem requisitos específicos para este documento.

Componentes Utilizados

As informações neste documento são baseadas nestas versões de software e hardware:

  • Software Release 12.0(5.5)T do ½ do ¿  de Cisco IOSïÂ

  • Versão UNIX segura 2.2.3 de Cisco

  • Cisco access server 2511

As informações neste documento foram criadas a partir de dispositivos em um ambiente de laboratório específico. Todos os dispositivos utilizados neste documento foram iniciados com uma configuração (padrão) inicial. Se a sua rede estiver ativa, certifique-se de que entende o impacto potencial de qualquer comando.

Convenções

Para obter mais informações sobre convenções de documento, consulte as Convenções de dicas técnicas Cisco.

Configurar

Diagrama de Rede

Este documento utiliza a configuração de rede mostrada neste diagrama.

/image/gif/paws/13843/15a.gif

Configurações

Este documento utiliza as configurações mostradas aqui.

Cisco UNIX seguro: Perfil de RADIUS
# ./ViewProfile -p 9900 -u radtime

User Profile Information

user = radtime{
profile_id = 99
profile_cycle = 2
member = raj
radius=IETF {
check_items= {
2=cisco
}
reply_attributes= {
6=2
7=1
27=180
28=60
}
}
}

Cisco Secure ACS for Windows

Termine estas etapas para configurar Cisco seguro para que Windows passe intervalos inativos ao NAS.

  1. Clique o botão User Setup Button na barra esquerda.

  2. Vá ao usuário na pergunta.

  3. Nos atributos de raio de IETF secione, tipo de serviço seleto (atributo 6) = Framed e Framed-Protocol (atributo 7)=PPP do menu de destruição.

    Nota:  Você deve igualmente clicar a caixa de seleção situada ao lado dos atributos selecionados: Tipo de serviço e Framed-Protocol.

  4. Clique sobre o botão Group Setup Button na barra esquerda. Selecione o grupo que o usuário pertence a e o clique edita ajustes.

  5. Na seção para atributos RADIUS do Internet Engineering Task Force (IETF), clique sobre a caixa de seleção situada ao lado do Sessão-intervalo do atributo 27 e atribua o Quietude-intervalo 28. Especifique o valor desejado para cada intervalo (nos segundos) na caixa ao lado de cada atributo.

Roteador A
Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname router_a
!
no logging console

!--- AAA configuration. The authorization statement is needed
!--- to pass timeout values from ACS to the NAS.

aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius
username john password doe
enable password cisco
!
ip subnet-zero
no ip domain-lookup
!
cns event-service server
!
!
interface Ethernet0
ip address 171.68.201.53 255.255.255.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
async mode dedicated
peer default ip address pool default
no cdp enable
ppp authentication pap
group-range 1 16
!
ip local pool default 10.1.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 171.68.201.1
ip route 171.68.0.0 255.255.0.0 171.68.201.1
!

!--- Specify the RADIUS server host and key.


radius-server host 171.68.171.9 auth-port 1645 acct-port 1646
radius-server key ontop
!
line con 0
exec-timeout 0 0
timeout login response 60
transport input pad v120 telnet rlogin udptn
line 1 16
autoselect during-login
autoselect ppp
modem InOut
transport input all
speed 115200
line aux 0
timeout login response 60
line vty 0 4
exec-timeout 0 0
timeout login response 5
password cisco
!
end

Verificar

Esta seção fornece informações que você pode usar para confirmar se sua configuração está funcionando adequadamente.

A Output Interpreter Tool (somente clientes registrados) oferece suporte a determinados comandos show, o que permite exibir uma análise da saída do comando show.

  • show dialer interface async 1 — Indica a informação nas relações configuradas para Perfis de discagem do Dial-on-Demand Routing (DDR).

  • show interfaces async 1 — Indica a informação da interface serial.

Este show command output (resultado do comando show) demonstra como verificar que os intervalos da sessão e da quietude estiveram transferidos corretamente. Cisco recomenda que você executa o comando diversas vezes. Isto permite que você observe decrescer dos contadores.

router#show dialer interface async 1     
Async1 - dialer type = IN-BAND ASYNC NO-PARITY

!--- Check to see that the idletime is 60 seconds for this interface.
!--- This was configured in the RADIUS server.

Idle timer (60 sec), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Time until disconnect 40 secs (radtime)

Dial String      Successes   Failures    Last DNIS   Last status

router#show interface async 1
Async1 is up, line protocol is up 
  Hardware is Async Serial
  Interface is unnumbered. Using address of Ethernet0 (171.68.201.53)
  MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec, 
     reliability 253/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive not set
  DTR is pulsed for 5 seconds on reset

!--- The session (absolute) and idletime decreases.

Time to interface disconnect:  absolute 00:02:41, idle 00:00:36
  LCP Open
  Open: IPCP
  Last input 00:00:18, output 00:00:18, output hang never
  Last clearing of "show interface" counters 3w0d
  Input queue: 1/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
     Conversations  0/1/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3543 packets input, 155629 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     46 input errors, 46 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1903 packets output, 44205 bytes, 0 underruns
     0 output errors, 0 collisions, 44 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions


router#show interface async 1
Async1 is up, line protocol is up 
  Hardware is Async Serial
  Interface is unnumbered. Using address of Ethernet0 (171.68.201.53)
  MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive not set
  DTR is pulsed for 5 seconds on reset

!--- The user is disconnected because the session 
!--- timeout (absolute) is reached.

Time to interface disconnect:  absolute 00:00:00, idle 00:00:56
  LCP Open
  Open: IPCP
  Last input 00:00:02, output 00:00:03, output hang never
  Last clearing of "show interface" counters 3w0d
  Input queue: 1/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
     Conversations  0/1/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3674 packets input, 163005 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     46 input errors, 46 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1984 packets output, 49146 bytes, 0 underruns
     0 output errors, 0 collisions, 44 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

Troubleshooting

Esta seção fornece informações que podem ser usadas para o troubleshooting da sua configuração.

Comandos para Troubleshooting

Nota: Antes de emitir comandos de depuração, consulte as informações importantes sobre eles.

  • debugar a autenticação de PPP — Indica mensagens do protocolo de autenticação. Estas mensagens incluem intercâmbios de pacotes do protocolo challenge authentication (RACHADURA) e trocas do protocolo password authentication (PAP).

  • debugar a negociação ppp — Pacotes do protocolo displays point-to-point (PPP) transmitidos durante a inicialização de PPP, onde as opções de PPP são negociadas.

  • debug aaa authorization — Indica a informação na autorização AAA/RADIUS.

  • debug radius — Exibe informações de debug detalhadas associadas ao RADIUS.

Depurações de roteador

Este resultado do debug mostra a conexão bem sucedida.

*Mar 22 21:11:02.797: AAA: parse name=tty1 idb type=10 tty=1
*Mar 22 21:11:02.801: AAA: name=tty1 flags=0x11 type=4 shelf=0 
   slot=0 adapter=0 port=1 channel=0
*Mar 22 21:11:02.801: AAA/MEMORY: create_user (0x57F3A8) user='' ruser='' 
   port='tty1' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar 22 21:11:02.833: AAA/MEMORY: free_user (0x57F3A8) user='' ruser='' 
   port='tty1' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar 22 21:11:02.909: As1 IPCP: Install route to 10.1.1.1
*Mar 22 21:11:04.869: As1 LCP: I CONFREQ [Closed] id 0 len 23
*Mar 22 21:11:04.873: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:04.877: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:04.877: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:04.881: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:04.881: As1 LCP:    Callback 6  (0x0D0306)
*Mar 22 21:11:04.885: As1 LCP: Lower layer not up, Fast Starting
*Mar 22 21:11:04.889: As1 PPP: Treating connection as a callin
*Mar 22 21:11:04.889: As1 PPP: Phase is ESTABLISHING, Passive Open
*Mar 22 21:11:04.893: As1 LCP: State is Listen
*Mar 22 21:11:04.897: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
*Mar 22 21:11:04.901: As1 LCP: O CONFREQ [Listen] id 104 len 24
*Mar 22 21:11:04.901: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar 22 21:11:04.905: As1 LCP:    AuthProto PAP (0x0304C023)
*Mar 22 21:11:04.909: As1 LCP:    MagicNumber 0x812C7E0C (0x0506812C7E0C)
*Mar 22 21:11:04.913: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:04.913: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:04.917: As1 LCP: O CONFREJ [Listen] id 0 len 7
*Mar 22 21:11:04.921: As1 LCP:    Callback 6  (0x0D0306)
3w0d: %LINK-3-UPDOWN: Interface Async1, changed state to up
*Mar 22 21:11:06.897: As1 LCP: TIMEout: State REQsent
*Mar 22 21:11:06.901: As1 LCP: O CONFREQ [REQsent] id 105 len 24
*Mar 22 21:11:06.901: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar 22 21:11:06.905: As1 LCP:    AuthProto PAP (0x0304C023)
*Mar 22 21:11:06.909: As1 LCP:    MagicNumber 0x812C7E0C (0x0506812C7E0C)
*Mar 22 21:11:06.909: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:06.913: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.045: As1 LCP: I CONFACK [REQsent] id 105 len 24
*Mar 22 21:11:07.049: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar 22 21:11:07.053: As1 LCP:    AuthProto PAP (0x0304C023)
*Mar 22 21:11:07.057: As1 LCP:    MagicNumber 0x812C7E0C (0x0506812C7E0C)
*Mar 22 21:11:07.057: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.061: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.821: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23
*Mar 22 21:11:07.825: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:07.829: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:07.829: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.833: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.833: As1 LCP:    Callback 6  (0x0D0306)
*Mar 22 21:11:07.837: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7
*Mar 22 21:11:07.841: As1 LCP:    Callback 6  (0x0D0306)
*Mar 22 21:11:07.957: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20
*Mar 22 21:11:07.961: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:07.961: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:07.965: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.969: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.969: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20
*Mar 22 21:11:07.973: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:07.977: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:07.977: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.981: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.985: As1 LCP: State is Open
*Mar 22 21:11:07.985: As1 PPP: Phase is AUTHENTICATING, by this end
*Mar 22 21:11:08.245: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 
   0x00005F22 MSRASV4.00
*Mar 22 21:11:08.249: As1 LCP: I IDENTIFY [Open] id 3 len 31 magic 
   0x00005F22 MSRAS-1-RAJESH-SECURITY
*Mar 22 21:11:08.253: As1 PAP: I AUTH-REQ id 30 len 18 from "radtime"
*Mar 22 21:11:08.265: As1 PAP: Authenticating peer radtime
*Mar 22 21:11:08.269: AAA: parse name=Async1 idb type=10 tty=1
*Mar 22 21:11:08.273: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 
   adapter=0 port=1 channel=0
*Mar 22 21:11:08.273: AAA/MEMORY: create_user (0x57F3A8) user='radtime' ruser='' 
   port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1
*Mar 22 21:11:08.281: RADIUS: ustruct sharecount=1
*Mar 22 21:11:08.285: RADIUS: Initial Transmit Async1 id 109 172.16.171.9:1645, 
   Access-Request, len 77
*Mar 22 21:11:08.289:         Attribute 4 6 AB44C935
*Mar 22 21:11:08.293:         Attribute 5 6 00000001
*Mar 22 21:11:08.293:         Attribute 61 6 00000000
*Mar 22 21:11:08.297:         Attribute 1 9 72616474
*Mar 22 21:11:08.297:         Attribute 2 18 486188E4
*Mar 22 21:11:08.301:         Attribute 6 6 00000002
*Mar 22 21:11:08.301:         Attribute 7 6 00000001
*Mar 22 21:11:08.329: RADIUS: Received from id 109 172.16.171.9:1645, 
   Access-Accept, len 44
*Mar 22 21:11:08.333:         Attribute 6 6 00000002
*Mar 22 21:11:08.333:         Attribute 7 6 00000001
*Mar 22 21:11:08.337:         Attribute 27 6 000000B4
*Mar 22 21:11:08.337:         Attribute 28 6 0000003C

Os pares de valor de atributo (AVP) da necessidade do comando debug radius de ser descodificado. Isto ajuda-o a compreender melhor a transação entre o NAS e o servidor Radius.

Nota: Até à data do Cisco IOS Software Release 12.2(11)T, a saída do comando debug radius é descodificada já. Não exige o uso da ferramenta Output Interpreter (clientes registrados somente) descodificar a saída. Refira o RAIO debugam realces para mais informação.

A ferramenta Output Interpreter (clientes registrados somente) permite que você receba uma análise da saída do comando debug radius.

A saída nos itálicos é o resultado obtido da ferramenta Output Interpreter (clientes registrados somente):

Access-Request 172.16.171.9:1645 id 109
Attribute Type 4:  NAS-IP-Address is 171.68.201.53
Attribute Type 5:  NAS-Port is 1
Attribute Type 61: NAS-Port-Type is Asynchronous
Attribute Type 1:  User-Name is radt
Attribute Type 2:  User-Password is (encoded)
Attribute Type 6:  Service-Type is Framed
Attribute Type 7:  Framed-Protocol is PPP
	Access-Accept 172.16.171.9:1645 id 109
Attribute Type 6:  Service-Type is Framed
Attribute Type 7:  Framed-Protocol is PPP
Attribute Type 27: Session-Timeout is 180 seconds
Attribute Type 28: Idle-Timeout is 60 seconds

Note que o timeout de sessão é 180 segundos e o idle timeout é 60 segundos.

*Mar 22 21:11:08.345: RADIUS: saved authorization data for user 57F3A8 at 5AB9A4
*Mar 22 21:11:08.349: As1 AAA/AUTHOR/LCP: Authorize LCP
*Mar 22 21:11:08.353: As1 AAA/AUTHOR/LCP (2107569326): Port='Async1' 
   list='' service=NET
*Mar 22 21:11:08.353: AAA/AUTHOR/LCP: As1 (2107569326) user='radtime'
*Mar 22 21:11:08.357: As1 AAA/AUTHOR/LCP (2107569326): send AV service=ppp
*Mar 22 21:11:08.357: As1 AAA/AUTHOR/LCP (2107569326): send AV protocol=lcp
*Mar 22 21:11:08.361: As1 AAA/AUTHOR/LCP (2107569326): found list "default"
*Mar 22 21:11:08.365: As1 AAA/AUTHOR/LCP (2107569326): Method=radius (radius)
*Mar 22 21:11:08.369: As1 AAA/AUTHOR (2107569326): Post authorization 
   status = PASS_REPL
*Mar 22 21:11:08.369: As1 AAA/AUTHOR/LCP: Processing AV service=ppp

!--- The session timeout and idle timeouts are applied to the interface.

*Mar 22 21:11:08.373: As1 AAA/AUTHOR/LCP: Processing AV timeout=180
*Mar 22 21:11:08.633: As1 AAA/AUTHOR/LCP: Processing AV idletime=60
*Mar 22 21:11:09.049: As1 PAP: O AUTH-ACK id 30 len 5
*Mar 22 21:11:09.053: As1 PPP: Phase is UP
*Mar 22 21:11:09.057: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
*Mar 22 21:11:09.061: As1 AAA/AUTHOR/FSM (1853995855): Port='Async1' 
   list='' service=NET
*Mar 22 21:11:09.061: AAA/AUTHOR/FSM: As1 (1853995855) user='radtime'
*Mar 22 21:11:09.065: As1 AAA/AUTHOR/FSM (1853995855): send AV service=ppp
*Mar 22 21:11:09.065: As1 AAA/AUTHOR/FSM (1853995855): send AV protocol=ip
*Mar 22 21:11:09.069: As1 AAA/AUTHOR/FSM (1853995855): found list "default"
*Mar 22 21:11:09.073: As1 AAA/AUTHOR/FSM (1853995855): Method=radius (radius)
*Mar 22 21:11:09.077: As1 AAA/AUTHOR (1853995855): Post authorization 
   status = PASS_REPL
*Mar 22 21:11:09.077: As1 AAA/AUTHOR/FSM: We can start IPCP
*Mar 22 21:11:09.085: As1 IPCP: O CONFREQ [Closed] id 19 len 10
*Mar 22 21:11:09.089: As1 IPCP:    Address 171.68.201.53 (0x0306AB44C935)
*Mar 22 21:11:09.177: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10
*Mar 22 21:11:09.181: As1 CCP:    MS-PPC supported bits 0x00000001 
   (0x120600000001)
*Mar 22 21:11:09.185: As1 LCP: O PROTREJ [Open] id 106 len 16 
   protocol CCP (0x80FD0104000A120600000001)
*Mar 22 21:11:09.189: As1 IPCP: I CONFREQ [REQsent] id 5 len 40
*Mar 22 21:11:09.193: As1 IPCP:    CompressType VJ 15 slots 
   CompressSlotID (0x0206002D0F01)
*Mar 22 21:11:09.197: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar 22 21:11:09.201: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar 22 21:11:09.205: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
*Mar 22 21:11:09.209: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar 22 21:11:09.213: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
*Mar 22 21:11:09.213: As1 AAA/AUTHOR/IPCP: Start.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.217: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Mar 22 21:11:09.221: As1 AAA/AUTHOR/IPCP: Authorization succeeded
*Mar 22 21:11:09.221: As1 AAA/AUTHOR/IPCP: Done.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.229: As1 IPCP: O CONFREJ [REQsent] id 5 len 34
*Mar 22 21:11:09.229: As1 IPCP:    CompressType VJ 15 slots 
   CompressSlotID (0x0206002D0F01)
*Mar 22 21:11:09.233: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar 22 21:11:09.237: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
*Mar 22 21:11:09.241: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar 22 21:11:09.245: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
*Mar 22 21:11:09.249: As1 IPCP: I CONFACK [REQsent] id 19 len 10
*Mar 22 21:11:09.253: As1 IPCP:    Address 171.68.201.53 (0x0306AB44C935)
*Mar 22 21:11:09.673: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
*Mar 22 21:11:09.677: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar 22 21:11:09.681: As1 AAA/AUTHOR/IPCP: Start.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.685: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Mar 22 21:11:09.685: As1 AAA/AUTHOR/IPCP: Authorization succeeded
*Mar 22 21:11:09.689: As1 AAA/AUTHOR/IPCP: Done.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.693: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
*Mar 22 21:11:09.697: As1 IPCP:    Address 10.1.1.1 (0x03060A010101)
*Mar 22 21:11:09.813: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
*Mar 22 21:11:09.817: As1 IPCP:    Address 10.1.1.1 (0x03060A010101)
*Mar 22 21:11:09.821: As1 AAA/AUTHOR/IPCP: Start.  
   Her address 10.1.1.1, we want 10.1.1.1
*Mar 22 21:11:09.825: As1 AAA/AUTHOR/IPCP (1344088998): Port='Async1' 
   list='' service=NET
*Mar 22 21:11:09.829: AAA/AUTHOR/IPCP: As1 (1344088998) user='radtime'
*Mar 22 21:11:09.833: As1 AAA/AUTHOR/IPCP (1344088998): send AV service=ppp
*Mar 22 21:11:09.833: As1 AAA/AUTHOR/IPCP (1344088998): send AV protocol=ip
*Mar 22 21:11:09.837: As1 AAA/AUTHOR/IPCP (1344088998): send AV addr*10.1.1.1
*Mar 22 21:11:09.837: As1 AAA/AUTHOR/IPCP (1344088998): found list "default"
*Mar 22 21:11:09.841: As1 AAA/AUTHOR/IPCP (1344088998): Method=radius (radius)
*Mar 22 21:11:09.845: As1 AAA/AUTHOR (1344088998): Post authorization 
   status = PASS_REPL
*Mar 22 21:11:09.849: As1 AAA/AUTHOR/IPCP: Reject 10.1.1.1, using 10.1.1.1
*Mar 22 21:11:09.853: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Mar 22 21:11:09.857: As1 AAA/AUTHOR/IPCP: Processing AV addr*10.1.1.1
*Mar 22 21:11:09.857: As1 AAA/AUTHOR/IPCP: Authorization succeeded
*Mar 22 21:11:09.861: As1 AAA/AUTHOR/IPCP: Done.  
   Her address 10.1.1.1, we want 10.1.1.1
*Mar 22 21:11:09.865: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10
*Mar 22 21:11:09.869: As1 IPCP:    Address 10.1.1.1 (0x03060A010101)
*Mar 22 21:11:09.873: As1 IPCP: State is Open
*Mar 22 21:11:09.885: As1 IPCP: Install route to 10.1.1.1
3w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
   changed state to up

Informações Relacionadas


Document ID: 13843