长距离以太网 (LRE) 和数字用户线 (xDSL) : 非对称数字用户线 (ADSL)

配置 PC 作为使用 L3 SSG/SSD 的 PPPoA 客户端

2016 年 10 月 24 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 11 月 11 日) | 反馈


目录


简介

在本文描述的配置示例显示访问互联网服务提供商网络使用在异步传输模式的点对点协议的远程客户端(PPPoA)。

使用第3层服务选择网关/服务选择公告(SSG/SSD),远程客户端要访问一第2层隧道协议服务。L2TP服务在配置里代表用15.15.15.5的主机IP地址。使用动态主机配置协议(DHCP), Cisco 677提供一个IP地址给从10.0.0.2的IP地址池的PC给10.0.0.254,以255.255.255.0掩码。并且,端口地址转换(PAT)在Cisco 677启用。

有此配置示例的三测验:

  • 在服务的不同的步骤的期间与SS相关的调试由远程客户端登录。

  • 单个登录SSD 2.5.1功能。

  • 启用SSD调试。

开始使用前

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

先决条件

本文档没有任何特定的前提条件。

使用的组件

本文档中的信息基于以下软件和硬件版本。

  • Cisco C6400R软件(C6400R-G4P5-M),版本12.1(5)DC1

  • Cisco7200软件(C7200-IS-M),版本12.2(1)

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。

配置

本部分提供有关如何配置本文档所述功能的信息。

注意: 要查找本文档所用命令的其他信息,请使用命令查找工具仅限注册用户)。

网络图

本文档使用下图所示的网络设置。

/image/gif/paws/4614/l3ssg_ssd.gif

配置

本文档使用如下所示的配置。

Cisco 6400 LAC (airelle_nrp3)
Building configuration... 


Current configuration : 125008 bytes 
! 
! Last configuration change at 02:11:30 UTC Mon Jun 18 2001 
! NVRAM config last updated at 00:43:51 UTC Mon Jun 18 2001 
! 
version 12.1 
no service single-slot-reload-enable 
service timestamps debug datetime msec 
service timestamps log uptime 
no service password-encryption 
! 
hostname arielle_nrp3 
! 
boot system tftp c6400r-g4p5-mz.121-5.DC1 172.17.247.195 
logging rate-limit console 10 except errors 
aaa new-model 
aaa authentication login default none 
aaa authentication login tty enable 
aaa authentication ppp ayman group radius 
aaa nas port extended 
enable password ww 
! 
username ayman@cairo.com password 0 ayman 
redundancy 
main-cpu 
 auto-sync standard 
no secondary console enable 
ip subnet-zero 
ip cef 
no ip finger 
no ip domain-lookup 
! 
! 
vpdn enable 
no vpdn logging 
vpdn search-order domain 
! 
! 
ssg enable 
ssg default-network 10.200.56.0 255.255.255.0 
ssg service-password cisco 
ssg radius-helper auth-port 1645 acct-port 1646 
ssg radius-helper key cisco 
ssg next-hop download nxthoptbl cisco 
ssg bind direction downlink Virtual-Template66 
ssg service-search-order remote local 
! 
! 
interface Loopback3 
ip address 200.200.200.1 255.255.255.252 
! 
! 
interface ATM0/0/0.61 point-to-point 
description LAC L2TP connection to Ior 
ip address 14.14.14.6 255.255.255.252 
pvc 61/61 
 broadcast 
 encapsulation aal5snap 
! 
! 
! 
interface ATM0/0/0.5555 multipoint 
pvc 66/66 
 encapsulation aal5mux ppp Virtual-Template66 
! 
! 
! 
interface Ethernet0/0/1 
no ip address 
! 
interface Ethernet0/0/0 
ip address 3.0.0.2 255.255.255.0 
no ip mroute-cache 
shutdown 
tag-switching ip 
! 
interface FastEthernet0/0/0 
ip address 10.200.56.6 255.255.255.0 
no ip mroute-cache 
half-duplex 
! 
! 
interface Virtual-Template66 
ip unnumbered Loopback3 
peer default ip address pool ayman 
ppp authentication pap ayman 
! 
! 
router eigrp 5 
network 14.14.14.4 0.0.0.3 
no auto-summary 
no eigrp log-neighbor-changes 
! 
ip local pool ayman 212.93.193.114 212.93.193.126 
ip route 10.0.0.0 255.255.255.0 212.93.193.114 
! 
radius-server host 10.200.56.16 auth-port 1645 acct-port 1646 
radius-server retransmit 3 
radius-server attribute 25 nas-port format d 
radius-server attribute nas-port format d 
radius-server key cisco 
! 
! 
line con 0 
exec-timeout 0 0 
login authentication tty 
transport input none 
line aux 0 
line vty 0 4 
exec-timeout 0 0 
password ww 
login authentication tty 
! 
end

Cisco 7204 LNS (主机名ior)
Building configuration... 

Current configuration : 6769 bytes 
! 
version 12.2 
no service single-slot-reload-enable 
service timestamps debug datetime msec localtime show-timezone 
service timestamps log datetime localtime show-timezone 
no service password-encryption 
! 
hostname ior 
! 
boot system flash c7200-is-mz.122-1.bin 
logging buffered 16384 debugging 
logging rate-limit console 10 except errors 
aaa new-model 
aaa authentication login default none 
aaa authentication login tty enable 
aaa authentication ppp ayman local 
aaa nas port extended 
enable password 7 03134C 
! 
username ayman@cairo.com password 0 ayman 
clock timezone GMT+1 1 
clock summer-time PDT recurring 
ip subnet-zero 
no ip source-route 
ip cef 
! 
! 
no ip finger 
ip tcp window-size 8192 
ip ftp username tftp 
ip ftp password 7 061118
ip host rund 172.17.247.195 
ip host PAGENT-SECURITY-V3 57.63.30.76 95.26.0.0 
! 
! 
! 
! 
! 
vpdn enable 
no vpdn logging 
vpdn search-order domain 
! 
vpdn-group 1 
accept-dialin 
  protocol l2tp 
  virtual-template 24 
terminate-from hostname nap 
local name cairo 
l2tp tunnel password 7 052827261363 
! 
! 
interface Loopback1 
ip address 212.93.194.5 255.255.255.252 
! 
interface Loopback2 
ip address 15.15.15.5 255.255.255.252 
! 
! 
interface FastEthernet0/0 
ip address 10.200.56.2 255.255.255.0 
ip ospf network point-to-multipoint 
no ip mroute-cache 
load-interval 60 
duplex half 
no cdp enable 
! 
interface ATM2/0 
no ip mroute-cache 
atm pvc 1 0 5 qsaal 
atm pvc 2 0 16 ilmi 
no atm ilmi-keepalive 
! 
! 
! 
! 
! 
interface ATM2/0.61 point-to-point 
description L2TP tunnel link
ip address 14.14.14.5 255.255.255.252 
pvc 61/61 
  broadcast 
  encapsulation aal5snap 
! 
! 
interface ATM2/0.5555 multipoint 
pvc 55/55 
  encapsulation aal5mux ppp Virtual-Template24 
! 
! 
! 
interface Virtual-Template24 
ip unnumbered Loopback1 
peer default ip address pool SSG-L2TP 
ppp authentication pap ayman 
! 
! 
router eigrp 5 
network 14.14.14.4 0.0.0.3 
network 15.15.15.4 0.0.0.3 
no auto-summary 
no eigrp log-neighbor-changes 
! 
! 
ip route 212.93.193.112 255.255.255.252 14.14.14.6 
ip local pool SSG-L2TP 212.93.197.114 212.93.197.126 
radius-server host 10.200.56.16 auth-port 1645 acct-port 1646 
radius-server retransmit 3 
radius-server attribute 25 nas-port format d 
radius-server attribute nas-port format d 
radius-server key cisco 
radius-server vsa send accounting 
radius-server vsa send authentication 
! 
! 
! 
!
line con 0 
exec-timeout 0 0 
password 7 010411 
login authentication tty 
transport input none 
line aux 0 
password 7 021113 
line vty 0 4 
exec-timeout 0 0 
password 7 010411 
login authentication tty 
line vty 5 15 
! 
end 
!

在您实现新的配置前,您必须重置Cisco 677到其默认配置。恢复默认配置使用set nvram erase命令;例如:

cbos#set nvram erase
Erasing running configuration.
You must use "write" for changes to be permanent.

cbos#write
NVRAM written.

cbos#reboot

启用在Cisco 677 Cisco宽带操作系统(CBOS)的DHCP服务器功能自动地创建池名为"pool0"并且分配10.0.0.0子网与255.255.255.0掩码的。默认情况下, Cisco 677以太网接口的IP地址分配10.0.0.1地址,并且"pool0"然后能租用在10.0.0.2和10.0.0.254之间的IP地址本地LAN clients/PC的。

Cisco 677

!--- This configuration must be done 
!--- after NVRAM has been erased.

set ppp wanipcp 0.0.0.0
set ppp wan0-0 login hisham
set ppp wan0-0 passward hisham
set dhcp server enabled
set nat enabled
set int wan0-0 close
set int wan0-0 vpi 1
set int wan0-0 vci 60
set int wan0-0 open
write
reboot

RADIUS 配置文件

以下远程拨入用户服务(RADIUS)配置文件是为远程用户和为服务。

远程用户希沙姆档案
root@canonball[/opt/csecure/CLI]ViewProfile -p 9900 -u hisham 
User Profile Information 
user = hisham{ 
profile_id = 119 
profile_cycle = 11 
member = ayman 
radius=SSG-6400 { 
check_items= { 
2=hisham 
} 
reply_attributes= { 
6=2 
7=1
9,250="GTravelling" 
} 
} 
}

配置文件服务组传播
root@canonball[/opt/csecure/CLI]ViewProfile -p 9900 -u Travelling 
User Profile Information 
user = Travelling{ 
profile_id = 165 
profile_cycle = 3 
member = Services 
radius=SSG-6400 { 
check_items= { 
2=cisco 
} 
reply_attributes= { 
6=5 
9,250="IMiddle East" 
9,250="GCities" 
} 
} 
} 

服务组城市配置文件
User Profile Information
user = Cities{ 
profile_id = 167
profile_cycle = 3 
member = Services 
radius=SSG-6400 { 
check_items= {
2=cisco
} 
reply_attributes= {
6=5
9,250="ICairo" 
9,250="Ncairo.com" 
}
} 
}

cairo.com服务配置文件
root@canonball[/opt/csecure/CLI]ViewProfile -p 9900 -u cairo.com
User Profile Information
user = cairo.com{
profile_id = 144
profile_cycle = 17
member = Services
radius=SSG-6400 {
check_items= {
2=cisco
}
reply_attributes= {
6=5
9,1="vpdn:tunnel-id=nap"
9,1="vpdn:l2tp-tunnel-password=CAIRO"
9,1="vpdn:tunnel-type=l2tp"
9,1="vpdn:ip-addresses=15.15.15.5"
9,251="Ocairo.com"
9,251="R15.15.15.4;255.255.255.252"
9,251="TT"
9,251="IEgyptian Capital"
9,251="Gcairo.com_key"
}
}
}

下一跳表配置文件
root@canonball[/opt/csecure/CLI]ViewProfile -p 9900 -u nxthoptbl
User Profile Information
user = nxthoptbl{
profile_id = 168
profile_cycle = 2
member = Services
radius=SSG-6400 {
check_items= {
2=cisco
}
reply_attributes= {
6=5
9,253="Gcairo.com_key;14.14.14.5"
}
}
}

验证

当前没有可用于此配置的验证过程。

故障排除

单一登录 SSD 2.5.1的 特性是什么?

此功能适用对SSD服务器。当SSD服务器找不到在其缓存数据库的一个主机对象发送HTTP数据流时的远程客户端的,发送访问请求对SSG。如果SSG有一个主机对象,发送访问接受消息对SSD。用户能然后准许对服务的访问。

如果没有在SSD或SSG的主机对象,则用户在与正常SSD登录认证程序的SSD应该验证。

配置 SSG 和 SSD 之前,需要了解什么?

在您配置SSD或SSG前,您必须验证以下:

  • SSD、SSG,并且验证、授权和统计(AAA)是所有运行和所有网络实体能互相ping。

  • 远程用户能在注册前ping在默认网络(SSG的所有主机, SSD, AAA)到SSD服务器。

  • 网络接入提供商(NAP),在这种情况下Cisco 6400 NRP1,能ping服务目的网络。

  • 远程客户端不能ping远程服务目的地网络。

在起动 PPPoA 会话之后和设置 SSD 登录之前应做什么?

在所有SSG命令配置后,您必须验证用户服务的下一跳表顺利地下载。发出show ssg binding命令

arielle_nrp3# show ssg binding
cairo.com_key        -> 14.14.14.5 (NHT)

arielle_nrp3# show ssg next-hop
Next hop table loaded from profile nxthoptbl:
cairo.com_key        -> 14.14.14.5
End of next hop table.

检查所有您的方向捆绑是活跃的在SSG。

arielle_nrp3# show ssg direction
Virtual-Template66: Downlink

!--- You can verify this by enabling debug ssg ctrl-events after the 
!--- remote user tries to initiate its PPPoA session to access the NRP.

Jun 18 02:13:12.791: SSG-CTL-EVN: Handling PPP logon for user hisham.
Jun 18 02:13:12.791: SSG-CTL-EVN: Locate/create SSG sub-block from/for Virtual-Access3.
Jun 18 02:13:12.791: SSG-CTL-EVN: Checking for old HostObject in the sub-block.
Jun 18 02:13:12.791: SSG-CTL-EVN:  SSG: pppterm: NO extra data for PPP logon
Jun 18 02:13:12.791: SSG-CTL-EVN: Authenticating user hisham for PPP logon.
Jun 18 02:13:12.799: SSG-CTL-EVN: Creating HostObject for the PPP user hisham.
Jun 18 02:13:12.799: SSG-CTL-EVN: Set Host Mac Address .
Jun 18 02:13:12.799: SSG-CTL-EVN: ** attr->type = 6
Jun 18 02:13:12.799: SSG-CTL-EVN: ATTR_LOOP = 1
Jun 18 02:13:12.799: SSG-CTL-EVN: ** attr->type = 7
Jun 18 02:13:12.799: SSG-CTL-EVN: ATTR_LOOP = 2
Jun 18 02:13:12.799: SSG-CTL-EVN: ATTR_LOOP = 3
Jun 18 02:13:12.799: SSG-CTL-EVN: ATTR_LOOP = 4
Jun 18 02:13:12.799: SSG-CTL-EVN: PPP logon for user hisham is accepted.
The link is Virtual-Access3
Jun 18 02:13:12.799: SSG-CTL-EVN: Bind the HostObject to Virtual-Access3.

!--- Downlink binding success.

Jun 18 02:13:12.867: SSG-CTL-EVN: IPCP is up. Locate SSG sub-block from Virtual-Access3.
Jun 18 02:13:12.871: SSG-CTL-EVN: Locate HostObject from the sub-block.
Jun 18 02:13:12.871: SSG-CTL-EVN: Set Host IP 212.93.193.114.

!--- Host object is created.

Jun 18 02:13:12.879: SSG-CTL-EVN: Host Mac Address lookup failed
Jun 18 02:13:12.879: SSG-CTL-EVN: Activate the HostObject.
Link=Virtual-Access3

!--- Host object is active.

Jun 18 02:13:12.879: SSG-CTL-EVN: ##### ssg_l2tp_ip_up:
03:49:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3,
changed state to up

当客户端启动HTTP会话对SSD服务器时,用户看到SSD服务器登录主页。

注意: 切记通过发出unix shell命令root@crazyball[/export/home/ssd251/ssd]startSSD.sh开始SSD服务器操作。

如何测试 SSD 单一登录功能?

  1. 配置参数(REAUTHENTICATE=off)在dashboard.conf文件。默认值是REAUTHENTICATE=on。

  2. 对任何网页的登录在SSD。例如,而您被注册对cairo.com服务主页,请关闭您的浏览器,再然后打开它与http://10.200.56.40:8080。

在SSD的主机对象仍然在缓存,因此您应该能再登录到SSD服务页您被记录了在以前上。默认行为是重新鉴别在SSD;即您必须达到SSD登录主页。

如何运行 SSD 调试?

  1. 键入在浏览器的地址栏的https://10.200.56.40:8443/log

  2. 点击集合选项。所有调试您选择运行,并且输出登陆日志文件。日志文件名的格式是yy_mm_dd.request.log

  3. 导航对在日志文件驻留的SSD服务器的目录。

  4. 使用UNIX编辑器,请打开文件/export/home/ssd251/ssd/logs]vi yy_mm_dd.request.log查看debug输出。

调试输出示例

NRP1 输出

arielle_nrp3# show debugging
SSG:
SSG data path packets debugging is on
SSG control path events debugging is on
SSG control path packets debugging is on
SSG packets debugging is on
Radius protocol debugging is on
Just before the SSD logon, the output of these debugs are :
Jun 18 23:30:08.414:
SSG-DATA:CEF-SSGSubBlock=0(AT0/0/0.61:0.0.0.0->0.0.0.0)
Jun 18 23:30:09.530:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 18 23:30:11.142:
SSG-DATA:CEF-SSGSubBlock=0(AT0/0/0.61:0.0.0.0->0.0.0.0)
Jun 18 23:30:11.494:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 18 23:30:12.482:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 18 23:30:13.310:
SSG-DATA:CEF-SSGSubBlock=0(AT0/0/0.61:0.0.0.0->0.0.0.0)
Jun 18 23:30:14.462:

Jun 18 23:39:39.610: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.638:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.638:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.642: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.642:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.646: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.674:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.678:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.678: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.682:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.686:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 18 23:39:39.686: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.698: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.742: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.926: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.926: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.926: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 18 23:39:39.926: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)

Jun 19 00:39:17.477: RADIUS: Initial Transmit  id 18 10.200.56.16:1645,
Access-Request, len 58
Jun 19 00:39:17.477:         Attribute 4 6 D45DC301
Jun 19 00:39:17.477:         Attribute 61 6 00000000
Jun 19 00:39:17.477:         Attribute 1 8 68697368
Jun 19 00:39:17.477:         Attribute 2 18 31B0CDC2
Jun 19 00:39:17.481: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 19 00:39:17.481: RADIUS: Received from id 18 10.200.56.16:1645,
Access-Accept, len 70
Jun 19 00:39:17.481:         Attribute 6 6 00000002
Jun 19 00:39:17.481:         Attribute 7 6 00000001
Jun 19 00:39:17.481:         Attribute 26 20 00000009FA0E4754
Jun 19 00:39:17.481:         Attribute 26 18 00000009FA0C4742
Jun 19 00:39:17.481: RADIUS: saved authorization data for user 61E73934 at
61E72A58
Jun 19 00:39:17.481: SSG-CTL-EVN: Creating HostObject for host
212.93.193.114.
Jun 19 00:39:17.489: SSG-CTL-EVN: Set Host Mac Address .
Jun 19 00:39:17.489: SSG-CTL-EVN: ** attr->type = 6
Jun 19 00:39:17.489: SSG-CTL-EVN: ATTR_LOOP = 1
Jun 19 00:39:17.489: SSG-CTL-EVN: ** attr->type = 7
Jun 19 00:39:17.493: SSG-CTL-EVN: ATTR_LOOP = 2
Jun 19 00:39:17.493: SSG-CTL-EVN: ATTR_LOOP = 3
Jun 19 00:39:17.493: SSG-CTL-EVN: ATTR_LOOP = 4
Jun 19 00:39:17.493: SSG-CTL-EVN: Account logon is accepted
(212.93.193.114,hisham).


arielle_nrp3# show ssg host 212.93.193.114
------------------------ HostObject Content -----------------------
Activated: TRUE
Interface: Virtual-Access3
User Name: hisham
Host IP: 212.93.193.114
Msg IP: 10.200.56.40 (9902)
Host DNS IP: 0.0.0.0
Maximum Session Timeout: 0 seconds
Host Idle Timeout: 0 seconds
Class Attr: NONE
User logged on since: 01:54:33.000 UTC Tue Jun 19 2001
User last activity at: 01:54:33.000 UTC Tue Jun 19 2001
Default Service: NONE
DNS Default Service: NONE
Active Services: NONE

!--- No Services are active yet.

AutoService: NONE
Subscribed Services:

The following output also results from the debug commands that are turned on before the SSD logon. 

Jun 19 02:06:39.529:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 19 02:06:40.789:
SSG-DATA:CEF-MulticastDest=1(AT0/0/0.61:14.14.14.5->224.0.0.10)
Jun 19 02:06:41.581:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 19 02:06:42.509:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 19 02:06:43.313:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 19 02:06:43.313: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 19 02:06:43.349:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 19 02:06:43.353:


arielle_nrp3# show ssg host 212.93.193.114
------------------------ HostObject Content -----------------------
Activated: TRUE
Interface: Virtual-Access3
User Name: hisham
Host IP: 212.93.193.114
Msg IP: 10.200.56.40 (9902)

!--- Message server IP & port adddress, and TCP port used.
!--- This is configured in the dashboard.conf file.

Host DNS IP: 0.0.0.0
Maximum Session Timeout: 0 seconds
Host Idle Timeout: 0 seconds
Class Attr: NONE
User logged on since: 01:54:33.000 UTC Tue Jun 19 2001
User last activity at: 01:54:33.000 UTC Tue Jun 19 2001
Default Service: NONE
DNS Default Service: NONE
Active Services: NONE
AutoService: NONE
Subscribed Services:
arielle_nrp3#

这时用户未注册对任何服务。客户端首先看到中东,开罗,然后在服务列表的Egyptian Capital在SSD网页。在客户端点击Egyptian Capital后,用户名和密码字段在页上出现。活动服务未关联给客户端。客户端提供获得访问到cairo.com服务的用户名和密码必须匹配由L2TP网络服务器的那些(LNS)配置。在此设置, LNS验证用户本地。用户名是ayman@cairo.com,并且密码是ayman。

(LAC) L2TP 接入集中器输出

arielle_nrp3# show debugging 
SSG:
SSG data path packets debugging is on
SSG control path events debugging is on
SSG control path packets debugging is on
SSG packets debugging is on
VPN:
L2X protocol events debugging is on
L2X data packets debugging is on
L2X control packets debugging is on
L2TP data sequencing debugging is on
Radius protocol debugging is on

Jun 19 02:34:48.121:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 19 02:34:48.157:
SSG-DATA:CEF-FIB_FLAG_RECEIVE=1(Vi3:212.93.193.114->10.200.56.6)
Jun 19 02:34:49.681:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 19 02:34:49.685: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 19 02:34:49.717:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 19 02:34:49.725:
SSG-DATA:CEF-UP-DefaultNetwork=1(Vi3:212.93.193.114->10.200.56.40)
Jun 19 02:34:49.725: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 19 02:34:49.777: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 19 02:34:49.777: SSG-CTL-PAK: Received Packet:
sIP=10.200.56.40 sPort=37638 dIP=10.200.56.6 dPort=1645
Jun 19 02:34:49.777:    header: code=1, id=19, len=102,
auth=3F53BB3F2939DAA1E5D9435792491CD3
Jun 19 02:34:49.777:    attr: type=1, len=17, val=ayman@cairo.com
Jun 19 02:34:49.777:    attr: type=2, len=18, val=(89)(C4)/}(BB)(8F)
Jun 19 02:34:49.777:    attr: type=6, len=6, val=(00)(00)(00)(02)
Jun 19 02:34:49.777:    attr: type=26, len=23,

Jun 19 02:34:49.777: SSG-CTL-EVN: Downloading service profile for service
cairo.com.
Jun 19 02:34:49.777: RADIUS: ustruct sharecount=1
Jun 19 02:34:49.777: RADIUS: Initial Transmit  id 73 10.200.56.16:1645,
Access-Request, len 67
Jun 19 02:34:49.777:         Attribute 4 6 D45DC301
Jun 19 02:34:49.777:         Attribute 61 6 00000000
Jun 19 02:34:49.777:         Attribute 1 11 63616972
Jun 19 02:34:49.777:         Attribute 2 18 51CF64B7
Jun 19 02:34:49.777:         Attribute 6 6 00000005
Jun 19 02:34:49.785: SSG-DATA:CEF-SSGSubBlock=0(Fa0/0/0:0.0.0.0->0.0.0.0)
Jun 19 02:34:49.785: RADIUS: Received from id 73 10.200.56.16:1645,
Access-Accept, len 275
Jun 19 02:34:49.785:         Attribute 6 6 00000005
Jun 19 02:34:49.785:         Attribute 26 27 0000000901157670
Jun 19 02:34:49.785:         Attribute 26 40 0000000901227670
Jun 19 02:34:49.785:         Attribute 26 30 0000000901187670
Jun 19 02:34:49.785:         Attribute 26 37 00000009011F7670

Jun 19 02:34:49.789: SSG-CTL-EVN: ##### ssg_l2tp_disc_cause: termCause=1026
Jun 19 02:34:49.789: SSG-CTL-EVN: ssg_l2tp_disc_routine:
Jun 19 02:34:49.801: SSG-CTL-EVN: Checking service mode.
Jun 19 02:34:49.801: SSG-CTL-EVN: ServiceLogon: Enqueue request of service
cairo.com


arielle_nrp3# show ssg host 212.93.193.114
------------------------ HostObject Content -----------------------
Activated: TRUE
Interface: Virtual-Access3
User Name: hisham
Host IP: 212.93.193.114
Msg IP: 10.200.56.40 (9902)
Host DNS IP: 0.0.0.0
Maximum Session Timeout: 0 seconds
Host Idle Timeout: 0 seconds
Class Attr: NONE
User logged on since: 01:54:33.000 UTC Tue Jun 19 2001
User last activity at: 02:34:49.000 UTC Tue Jun 19 2001
Default Service: NONE
DNS Default Service: NONE
Active Services: cairo.com

!--- A service is active.

AutoService: NONE
Subscribed Services:


arielle_nrp3# show ssg service cairo.com
------------------------ ServiceInfo Content -----------------------
Uplink IDB:
Name: cairo.com
Type: TUNNEL
Mode: CONCURRENT
Service Session Timeout: 0 seconds
Service Idle Timeout: 0 seconds
Authentication Type: CHAP
Next Hop Gateway Key: cairo.com_key
DNS Server(s):
TunnelId: nap
TunnelPassword: CAIRO
HomeGateway Addresses: 15.15.15.5
Included Network Segments:
15.15.15.4/255.255.255.252
Excluded Network Segments:
ConnectionCount 1
Full User Name not used
Domain List: cairo.com;
Active Connections:
1   : RealIP=212.93.197.114, Subscriber=212.93.193.114
------------------------ End of ServiceInfo Content ----------------

在以上输出, RealIP是业务网给的IP地址对用户Hisham。字段显示IP地址用户Hisham的用户通过SSG NRP访问网络给。

arielle_nrp3# show ssg connection 212.93.193.114 cairo.com
------------------------ ConnectionObject Content ----------------------- 
User Name: ayman@cairo.com Owner 
Host: 212.93.193.114 Associated Service: cairo.com Connection State: 0 (UP) Connection 
Started since: 02:34:51.000 UTC Tue Jun 19 2001 User last activity at: 02:34:51.000 
UTC Tue Jun 19 2001 Connection Real IP: 212.93.197.114 L2TP VIDB: Virtual-Access4 
L2TP Session Key: 0 Connection Traffic Statistics: Input Bytes = 0 (HI = 0), Input 
packets = 0 Output Bytes = 0 (HI = 0), Output packets = 0

LNS 输出

ior# show debugging VPN
L2X protocol events debugging is on
L2X data packets debugging is on
L2X control packets debugging is on
L2TP data sequencing debugging is on

*Jun 18 19:27:09.851 PDT: L2X: Parse  AVP 0, len 8, flag 0x8000 (M)
*Jun 18 19:27:09.851 PDT: L2X: Parse SCCRQ
*Jun 18 19:27:09.851 PDT: L2X: Parse  AVP 2, len 8, flag 0x8000 (M)
*Jun 18 19:27:09.851 PDT: L2X: Protocol Ver 256
*Jun 18 19:27:09.851 PDT: L2X: Parse  AVP 3, len 10, flag 0x8000 (M)
*Jun 18 19:27:09.851 PDT: L2X: Framing Cap 0x0
*Jun 18 19:27:09.851 PDT: L2X: Parse  AVP 4, len 10, flag 0x8000 (M)
*Jun 18 19:27:09.851 PDT: L2X: Bearer Cap 0x0
*Jun 18 19:27:09.855 PDT: L2X: Parse  AVP 6, len 8, flag 0x0

*Jun 18 19:27:09.855 PDT: L2X: I SCCRQ, flg TLS, ver 2, len 128, tnl 0, cl 0, ns 0, nr 0
C8 02 00 80 00 00 00 00 00 00 00 00 80 08 00 00
00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00
00 03 00 00 00 00 80 0A 00 00 00 04 00 00 00 ...
*Jun 18 19:27:09.855 PDT: L2TP: I SCCRQ from nap tnl 13552
*Jun 18 19:27:09.855 PDT: Tnl 4818 L2TP: Got a challenge in SCCRQ, nap
*Jun 18 19:27:09.855 PDT: Tnl 4818 L2TP: New tunnel created for remote nap,

相关信息


Document ID: 4614