安全 : 用于 Unix 的思科安全访问控制服务器

使用 AAA 服务器管理网络访问服务器的 IP 池

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 23 日) | 反馈


目录


简介

本文为使用AAA服务器管理网络接入服务器(NAS)的IP池提供配置示例。

开始使用前

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

先决条件

本文档没有任何特定的前提条件。

使用的组件

本文档中的信息基于以下软件和硬件版本。

  • Cisco IOS 软件版本12.0.7.T

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。

IP 池

在IP控制协议(IPCP)地址协商中,如果IP池名为用户指定,NAS会核实指定池是否定义本地。如果它是,就不会要求特殊操作,并且本地池被咨询IP地址。如果所需的池不存在,则获取它的授权呼叫被做,使用特殊用户名“pools-nas-name” “nas名称”是NAS的配置的主机名的地方。合情合理AAA服务器下载所需的池的配置。您能配置一不同的池用户名用aaa configuration config-username name of your choosing命令

此命令有更改使用下载从默认名称的池定义“pools-nas-name”到“name-of-your-choosing的用户名效果”。

普尔斯在非易失性存储器下载到Cisco NAS没有保留和自动地消失,每当接入服务器或路由器重新启动。下载池可能通过添加一个适当的AV对也使自动地暂停。下载池被标记作为动态在show ip local pools命令输出中。

RADIUS NAS 配置

aaa new-model 
aaa authentication login default group radius 
aaa authentication ppp default if-needed group radius 
aaa authorization network default group radius
aaa configuration config-username nas1-pools
radius-server host 172.18.124.114 auth-port 1645 acct-port 1646 
radius-server key cisco

AAA 服务器 NAS 池配置文件

./ViewProfile -p 9900 -u nas1-pools
User Profile Information 
user = nas1-pools
profile_id=63
profile_cycle = 7
member = nas_profiles
password = pap "********"
radius=Cisco {
reply_attributes= {
6=5
9,1="ip:pool-def#1= pool1 172.22.83.2 172.22.83.253"
}
}

}

此示例显示用户在CiscoSecure UNIX (CSU)服务器创建的"nas1-pools"。此条目指定a user-service-type出站用户{6=5}。NAS供应此属性防止普通的登录使用nas1-pools/cisco的著名的用户名和密码组合。

AAA 服务器用户配置文件

./ViewProfile -p 9900 -u pool_test 
user = pool_test{
profile_id = 46
profile_cycle = 14
member = dial_rad
password = pap "********"
radius=Cisco {
reply_attributes= {
7=1
6=2
9,1="ip:addr-pool=pool1"
}
}

}

验证

用户“pool_test”拨和分配从pool1的一个IP地址在AAA服务器。

as5300#show debug
General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
PPP:
  PPP protocol negotiation debugging is on
Radius protocol debugging is on
as5300#term mon
as5300#
00:26:01: %LINK-3-UPDOWN: Interface Async5, changed state to up
00:26:01: As5 PPP: Treating connection as a dedicated line
00:26:01: As5 PPP: Phase is ESTABLISHING, Active Open
00:26:01: As5 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
00:26:01: As5 LCP: O CONFREQ [Closed] id 1 len 24
00:26:01: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:01: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:01: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:01: As5 LCP:    PFC (0x0702)
00:26:01: As5 LCP:    ACFC (0x0802)
00:26:01: As5 LCP: I CONFACK [REQsent] id 1 len 24
00:26:01: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:01: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:01: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:01: As5 LCP:    PFC (0x0702)
00:26:01: As5 LCP:    ACFC (0x0802)
00:26:02: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:26:02: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:02: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:02: As5 LCP:    PFC (0x0702)
00:26:02: As5 LCP:    ACFC (0x0802)
00:26:02: As5 LCP:    Callback 6  (0x0D0306)
00:26:02: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:26:02: As5 LCP:    Callback 6  (0x0D0306)
00:26:03: As5 LCP: TIMEout: State ACKrcvd
00:26:03: As5 LCP: O CONFREQ [ACKrcvd] id 2 len 24
00:26:03: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:03: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:03: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:03: As5 LCP:    PFC (0x0702)
00:26:03: As5 LCP:    ACFC (0x0802)
00:26:03: As5 LCP: I CONFACK [REQsent] id 2 len 24
00:26:03: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:03: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:03: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:03: As5 LCP:    PFC (0x0702)
00:26:03: As5 LCP:    ACFC (0x0802)
00:26:05: As5 LCP: TIMEout: State ACKrcvd
00:26:05: As5 LCP: O CONFREQ [ACKrcvd] id 3 len 24
00:26:05: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:05: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:05: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:05: As5 LCP:    PFC (0x0702)
00:26:05: As5 LCP:    ACFC (0x0802)
00:26:05: As5 LCP: I CONFACK [REQsent] id 3 len 24
00:26:05: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:05: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:05: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:05: As5 LCP:    PFC (0x0702)
00:26:05: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP:    Callback 6  (0x0D0306)
00:26:06: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:26:06: As5 LCP:    Callback 6  (0x0D0306)
00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 1 len 20
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: O CONFACK [ACKrcvd] id 1 len 20
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: State is Open
00:26:06: As5 PPP: Phase is AUTHENTICATING, by this end
00:26:06: As5 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00002BF7 MSRASV4.00
00:26:06: As5 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00002BF7 MSRAS-1-ZEKIE
00:26:06: As5 PAP: I AUTH-REQ id 31 len 24 from "pool_test"
00:26:06: As5 PAP: Authenticating peer pool_test
00:26:06: AAA: parse name=Async5 idb type=10 tty=5
00:26:06: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=5 channel=0
00:26:06: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:26:06: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:26:06: AAA/MEMORY: create_user (0x618FFBB0) user='pool_test' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1
00:26:06: AAA/AUTHEN/START (2962877775): port='Async5' list='' action=LOGIN 
service=PPP
00:26:06: AAA/AUTHEN/START (2962877775): using "default" list
00:26:06: AAA/AUTHEN (2962877775): status = UNKNOWN
00:26:06: AAA/AUTHEN/START (2962877775): Method=radius (radius)
00:26:06: RADIUS: ustruct sharecount=1
00:26:06: RADIUS: Initial Transmit Async5 id 10 172.18.124.114:1645, 
Access-Request, len 103
00:26:06:         Attribute 4 6 01010101
00:26:06:         Attribute 5 6 00000005
00:26:06:         Attribute 61 6 00000000
00:26:06:         Attribute 1 11 706F6F6C
00:26:06:         Attribute 30 12 39313934
00:26:06:         Attribute 31 12 39313934
00:26:06:         Attribute 2 18 FC2DE489
00:26:06:         Attribute 6 6 00000002
00:26:06:         Attribute 7 6 00000001
00:26:06: RADIUS: Received from id 10 172.18.124.114:1645, Access-Accept, 
len 58
00:26:06:         Attribute 7 6 00000001
00:26:06:         Attribute 6 6 00000002
00:26:06:         Attribute 26 26 0000000901146970
00:26:06: RADIUS: saved authorization data for user 618FFBB0 at 618FEAE4
00:26:06: AAA/AUTHEN (2962877775): status = PASS
00:26:06: As5 AAA/AUTHOR/LCP: Authorize LCP
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Port='Async5' list='' service=NET
00:26:06: AAA/AUTHOR/LCP: As5 (3264835197) user='pool_test'
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV service=ppp
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV protocol=lcp
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): found list "default"
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Method=radius (radius)
00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" not applied for lcp
00:26:06: As5 AAA/AUTHOR (3264835197): Post authorization status = PASS_REPL
00:26:06: As5 AAA/AUTHOR/LCP: Processing AV service=ppp
00:26:06: As5 PAP: O AUTH-ACK id 31 len 5
00:26:06: As5 PPP: Phase is UP
00:26:06: As5 AAA/AUTHOR/FSM: (0): Can we start IPCP?
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Port='Async5' list='' service=NET
00:26:06: AAA/AUTHOR/FSM: As5 (2404696831) user='pool_test'
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV service=ppp
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV protocol=ip
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): found list "default"
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Method=radius (radius)
00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1"
00:26:06: As5 AAA/AUTHOR (2404696831): Post authorization status = PASS_REPL
00:26:06: As5 AAA/AUTHOR/FSM: We can start IPCP
00:26:06: As5 IPCP: O CONFREQ [Closed] id 1 len 10
00:26:06: As5 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:26:07: As5 CCP: I CONFREQ [Not negotiated] id 4 len 10
00:26:07: As5 CCP:    MS-PPC supported bits 0x00000001 (0x120600000001)
00:26:07: As5 LCP: O PROTREJ [Open] id 4 len 16 protocol CCP 
(0x80FD0104000A120600000001)
00:26:07: As5 IPCP: I CONFREQ [REQsent] id 5 len 40
00:26:07: As5 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:26:07: As5 IPCP:    Address 0.0.0.0 (0x030600000000)
00:26:07: As5 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:26:07: As5 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:26:07: As5 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:26:07: As5 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
00:26:07: As5 AAA/AUTHOR/IPCP: Says use pool pool1
00:26:07: AAA: parse name=Async5 idb type=10 tty=5
00:26:07: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=5 channel=0
00:26:07: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:26:07: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:26:07: AAA/MEMORY: create_user (0x618FFCD8) user='nas1-pools' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Port='Async5' list='' service=NET
00:26:07: AAA/AUTHOR/POOL: As5 (3562270977) user='nas1-pools'
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV service=ppp
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV protocol=ip
00:26:07: Async5 AAA/AUTHOR/POOL (3562270977): found list "default"
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Method=radius (radius)
00:26:07: RADIUS: authenticating to get author data
00:26:07: RADIUS: ustruct sharecount=2
00:26:07: RADIUS: Initial Transmit Async5 id 11 172.18.124.114:1645, Access-Request, 
len 98
00:26:07:         Attribute 4 6 01010101
00:26:07:         Attribute 5 6 00000005
00:26:07:         Attribute 61 6 00000000
00:26:07:         Attribute 1 12 6E617331
00:26:07:         Attribute 30 12 39313934
00:26:07:         Attribute 31 12 39313934
00:26:07:         Attribute 2 18 E6DF8390
00:26:07:         Attribute 6 6 00000005
00:26:07: RADIUS: Received from id 11 172.18.124.114:1645, Access-Accept, len 69
00:26:07:         Attribute 6 6 00000005
00:26:07:         Attribute 26 43 0000000901256970
00:26:07: RADIUS: saved authorization data for user 618FFCD8 at 61450E5C
00:26:07: RADIUS: cisco AVPair "ip:pool-def#1=pool1 1.2.3.4 1.2.3.5"
00:26:07: AAA/AUTHOR (3562270977): Post authorization status = PASS_REPL
00:26:07: As5 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5
00:26:07: AAA/MEMORY: free_user (0x618FFCD8) user='nas1-pools' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE 
priv=1
00:26:07: As5 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFREJ [REQsent] id 5 len 34
00:26:07: As5 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:26:07: As5 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:26:07: As5 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:26:07: As5 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:26:07: As5 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:26:07: As5 IPCP: I CONFACK [REQsent] id 1 len 10
00:26:07: As5 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
00:26:07: As5 IPCP:    Address 0.0.0.0 (0x030600000000)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 1.2.3.4, we want 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 1.2.3.4, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFACK [ACKrcvd] id 7 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 IPCP: State is Open
00:26:07: As5 IPCP: Install route to 1.2.3.4
00:26:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, 
changed state to up
as5300#show caller ip
  Line         User       IP Address      Local Number    Remote Number   <->
  As5          pool_test  1.2.3.4         9194724101      9194722001      
as5300#show ip local pool
 Pool                     Begin           End             Free  In use
 pool1                    1.2.3.4         1.2.3.5            1       1 (dynamic)

TACACS+ NAS 配置

aaa new-model
aaa authentication login default group tacacs+
aaa authentication ppp default if-needed group tacacs+
aaa authorization network default group tacacs+
aaa configuration config-username nas1-pools
tacacs-server host 172.18.124.114 
tacacs-server key cisco

AAA 服务器 NAS 池配置文件

./ViewProfile -p 9900 -u nas1-pools
User Profile Information
user = nas1-pools
profile_id = 63
profile_cycle = 8
service=ppp {
protocol=ip {
set pool-def#1="pool1 1.2.3.4 1.2.3.5"
}
}

}

AAA 服务器用户配置文件

./ViewProfile -p 9900 -u pool_test
User Profile Information
user = pool_test{
profile_id = 46
profile_cycle = 15
password = pap "********"
service=ppp {
protocol=lcp {
}
protocol=ip {
set addr-pool=pool1
}
}

}

调试输出

Script started on Mon Dec 10 13:22:05 2001
ddunlap@rtp-cse-353% telnet 172.18.124.114
Trying 172.18.124.114...
Connected to 172.18.124.114.
Escape character is '^]'.


UNIX(r) System V Release 4.0 (rtp-evergreen)

login: root
Password: 
Last login: Mon Dec 10 10:09:01 from rtp-cse-353.cisc
Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
# telnet 14.36.1.53
Trying 14.36.1.53...
Connected to 14.36.1.53.
Escape character is '^]'.


User Access Verification

Username: testuser
Password: 

as5300>en
Password: 
as5300#show debug
General OS:
  TACACS access control debugging is on
  AAA Authentication debugging is on
  AAA Authorization debugging is on
PPP:
  PPP protocol negotiation debugging is on
as5300#terminal monitor
as5300#
00:06:29: As1 LCP: I CONFREQ [Closed] id 0 len 23
00:06:29: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:29: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:29: As1 LCP:    PFC (0x0702)
00:06:29: As1 LCP:    ACFC (0x0802)
00:06:29: As1 LCP:    Callback 6  (0x0D0306)
00:06:29: As1 LCP: Lower layer not up, Fast Starting
00:06:29: As1 PPP: Treating connection as a dedicated line
00:06:29: As1 PPP: Phase is ESTABLISHING, Active Open
00:06:29: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
00:06:29: As1 LCP: O CONFREQ [Closed] id 1 len 24
00:06:29: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:29: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:29: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:29: As1 LCP:    PFC (0x0702)
00:06:29: As1 LCP:    ACFC (0x0802)
00:06:29: As1 LCP: O CONFREJ [REQsent] id 0 len 7
00:06:29: As1 LCP:    Callback 6  (0x0D0306)
00:06:29: %LINK-3-UPDOWN: Interface Async1, changed state to up
00:06:31: As1 LCP: TIMEout: State REQsent
00:06:31: As1 LCP: O CONFREQ [REQsent] id 2 len 24
00:06:31: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:31: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:31: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:31: As1 LCP:    PFC (0x0702)
00:06:31: As1 LCP:    ACFC (0x0802)
00:06:31: As1 LCP: I CONFACK [REQsent] id 2 len 24
00:06:31: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:31: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:31: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:31: As1 LCP:    PFC (0x0702)
00:06:31: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP:    Callback 6  (0x0D0306)
00:06:32: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:06:32: As1 LCP:    Callback 6  (0x0D0306)
00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: State is Open
00:06:32: As1 PPP: Phase is AUTHENTICATING, by this end
00:06:32: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00006D9C MSRASV4.00
00:06:32: As1 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00006D9C MSRAS-1-ZEKIE
00:06:32: As1 PAP: I AUTH-REQ id 24 len 24 from "pool_test"
00:06:32: As1 PAP: Authenticating peer pool_test
00:06:32: AAA: parse name=Async1 idb type=10 tty=1
00:06:32: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 
adapter=0 port=1 channel=0
00:06:32: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:06:32: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 
adapter=0 port=0 channel=18
00:06:32: AAA/MEMORY: create_user (0x61B26890) user='pool_test' 
ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=PAP 
service=PPP priv=1
00:06:32: AAA/AUTHEN/START (4053426223): port='Async1' list='' 
action=LOGIN service=PPP
00:06:32: AAA/AUTHEN/START (4053426223): using "default" list
00:06:32: AAA/AUTHEN (4053426223): status = UNKNOWN
00:06:32: AAA/AUTHEN/START (4053426223): Method=tacacs+ (tacacs+)
00:06:32: TAC+: send AUTHEN/START packet ver=193 id=4053426223
00:06:32: TAC+: Using default tacacs server-group "tacacs+" list.
00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:32: TAC+: Opened TCP/IP handle 0x618FDF3C to 172.18.124.114/49 
using source 14.36.1.53
00:06:32: TAC+: 172.18.124.114 (4053426223) AUTHEN/START/LOGIN/PAP queued
00:06:32: TAC+: (4053426223) AUTHEN/START/LOGIN/PAP processed
00:06:32: TAC+: ver=193 id=4053426223 received AUTHEN status = PASS
00:06:32: AAA/AUTHEN (4053426223): status = PASS
00:06:32: TAC+: Closing TCP/IP 0x618FDF3C connection to 172.18.124.114/49
00:06:32: As1 AAA/AUTHOR/LCP: Authorize LCP
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Port='Async1' list='' service=NET
00:06:32: AAA/AUTHOR/LCP: As1 (2507907283) user='pool_test'
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV service=ppp
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV protocol=lcp
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): found list "default"
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Method=tacacs+ (tacacs+)
00:06:32: AAA/AUTHOR/TAC+: (2507907283): user=pool_test
00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV service=ppp
00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV protocol=lcp
00:06:32: TAC+: using previously set server 172.18.124.114 from group tacacs+
00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:32: TAC+: Opened TCP/IP handle 0x61B3B1A4 to 172.18.124.114/49 
using source 14.36.1.53
00:06:32: TAC+: Opened 172.18.124.114 index=1
00:06:32: TAC+: 172.18.124.114 (2507907283) AUTHOR/START queued
00:06:33: TAC+: (2507907283) AUTHOR/START processed
00:06:33: TAC+: (2507907283): received author response status = PASS_ADD
00:06:33: TAC+: Closing TCP/IP 0x61B3B1A4 connection to 172.18.124.114/49
00:06:33: As1 AAA/AUTHOR (2507907283): Post authorization status = PASS_ADD
00:06:33: As1 PAP: O AUTH-ACK id 24 len 5
00:06:33: As1 PPP: Phase is UP
00:06:33: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
00:06:33: As1 AAA/AUTHOR/FSM (924563050): Port='Async1' list='' service=NET
00:06:33: AAA/AUTHOR/FSM: As1 (924563050) user='pool_test'
00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV service=ppp
00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV protocol=ip
00:06:33: As1 AAA/AUTHOR/FSM (924563050): found list "default"
00:06:33: As1 AAA/AUTHOR/FSM (924563050): Method=tacacs+ (tacacs+)
00:06:33: AAA/AUTHOR/TAC+: (924563050): user=pool_test
00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV service=ppp
00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV protocol=ip
00:06:33: TAC+: using previously set server 172.18.124.114 from group tacacs+
00:06:33: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:33: TAC+: Opened TCP/IP handle 0x61B3B620 to 172.18.124.114/49 
using source 14.36.1.53
00:06:33: TAC+: Opened 172.18.124.114 index=1
00:06:33: TAC+: 172.18.124.114 (924563050) AUTHOR/START queued
00:06:33: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10
00:06:33: As1 CCP:    MS-PPC supported bits 0x00000001 (0x120600000001)
00:06:33: As1 LCP: O PROTREJ [Open] id 3 len 16 protocol CCP 
(0x80FD0104000A120600000001)
00:06:33: As1 IPCP: I CONFREQ [Closed] id 5 len 40
00:06:33: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:33: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:33: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:33: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:33: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:33: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:33: TAC+: (924563050) AUTHOR/START processed
00:06:33: TAC+: (924563050): received author response status = PASS_ADD
00:06:33: TAC+: Closing TCP/IP 0x61B3B620 connection to 172.18.124.114/49
00:06:33: As1 AAA/AUTHOR (924563050): Post authorization status = PASS_ADD
00:06:33: As1 AAA/AUTHOR/FSM: We can start IPCP
00:06:33: As1 IPCP: O CONFREQ [Closed] id 1 len 10
00:06:33: As1 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:06:33: As1 IPCP: I CONFACK [REQsent] id 1 len 10
00:06:33: As1 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:06:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
changed state to up
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 40
00:06:34: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:34: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:34: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:34: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:34: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:34: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
00:06:34: As1 AAA/AUTHOR/IPCP: Says use pool pool1
00:06:34: AAA: parse name=Async1 idb type=10 tty=1
00:06:34: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=1 channel=0
00:06:34: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:06:34: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:06:34: AAA/MEMORY: create_user (0x61451E1C) user='nas1-pools' ruser='' 
port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Port='Async1' list='' 
service=NET
00:06:34: AAA/AUTHOR/POOL: As1 (2293413778) user='nas1-pools'
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV service=ppp
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV protocol=ip
00:06:34: Async1 AAA/AUTHOR/POOL (2293413778): found list "default"
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Method=tacacs+ (tacacs+)
00:06:34: AAA/AUTHOR/TAC+: (2293413778): user=nas1-pools
00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV service=ppp
00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV protocol=ip
00:06:34: TAC+: Using default tacacs server-group "tacacs+" list.
00:06:34: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:34: TAC+: Opened TCP/IP handle 0x61B3BA9C to 172.18.124.114/49 
using source 14.36.1.53
00:06:34: TAC+: 172.18.124.114 (2293413778) AUTHOR/START queued
00:06:34: TAC+: (2293413778) AUTHOR/START processed
00:06:34: TAC+: (2293413778): received author response status = PASS_ADD
00:06:34: TAC+: Closing TCP/IP 0x61B3BA9C connection to 172.18.124.114/49
00:06:34: AAA/AUTHOR (2293413778): Post authorization status = PASS_ADD
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5
00:06:34: AAA/MEMORY: free_user (0x61451E1C) user='nas1-pools' ruser='' 
port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:06:34: As1 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFREJ [ACKrcvd] id 5 len 34
00:06:34: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:34: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:34: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:34: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:34: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
00:06:34: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 1.2.3.4, we want 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 1.2.3.4, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 IPCP: State is Open
00:06:34: As1 IPCP: Install route to 1.2.3.4

as5300#show caller ip
  Line         User       IP Address      Local Number    Remote Number   <->
  As1          pool_test  1.2.3.4         9194724101      9194722001      
as5300#show ip local pool
 Pool                     Begin           End             Free  In use
 pool1                    1.2.3.4         1.2.3.5            1       1 (dynamic)

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 13573