广域网 : 点对点协议 (PPP)

在 ISDN 上配置 PPP 回呼(使用 AAA 提供的回呼字符串)

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 22 日) | 反馈


目录


简介

本文为在两个Cisco路由器之间的PPP回呼提供一配置示例。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下软件和硬件版本:

  • Cisco IOS�软件版本12.0(3)T或以上。

注意: 在AAA服务器已分配回叫串帮助下要配置PPP回呼,您需要使用dialer aaa命令,是可用的在Cisco IOS软件版本12.0(3)T或以后。然而在Cisco IOS版本12.1(4)T, 12.2(1)T和以后,此命令没有为与分配的AAA服务器的PPP回呼要求回叫串。

注意: dialer aaa命令只支持与传统DDR (如图1所显示)。

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

背景信息

TACACS+ (AAA服务器)用于提供回拨拨号字符串给回拨服务器。然而,您能也使用RADIUS提供回叫串。要配置与本地认证的PPP回呼,授权和核算(AAA),参见配置PPP Callback Over ISDN

在此配置示例、回拨用途PPP和在RFC 1570指定的设施中。在ISDN电路间的PPP回呼按此顺序完成:

  1. 回拨客户端首次并且启动对回拨服务器路由器的ISDN连接。

  2. 回拨客户端和回拨服务器协商点到点协议链路控制协议(LCP)。在LCP协商,回拨是请求的,协商和同意。

  3. 回拨客户端和回拨服务器互相验证与PPP口令验证协议(PAP)或质询握手验证协议(CHAP)。然而,您能配置回拨客户端不通过ppp authentication chap callin命令验证回拨服务器。

  4. 回拨服务器从AAA服务器得到必要的回叫属性,例如回拨拨号字符串(客户端的电话号码)。

  5. 两路由器切ISDN连接。

  6. 回拨服务器启动回拨给客户端。当呼叫连接时,路由器互相验证,并且链路建立。

配置

本部分提供有关如何配置本文档所述功能的信息。

注意: 要查找本文档所用命令的其他信息,请使用命令查找工具仅限注册用户)。

网络图

本文档使用以下网络设置:

图1 – 网络图

PPP回拨aaa.gif

配置

本文档使用以下配置:

  • 免费软件TACACS+配置

  • RADIUS 配置

  • 备选RADIUS配置

  • Tnt-buster (回拨服务器)配置

  • Tremens (回拨客户端)配置

免费软件TACACS+配置
user = tremens {
  default service = permit
  login = cleartext "cisco"
  chap = cleartext "cisco"
  
!--- CHAP password.

  service = ppp protocol = lcp {
  callback-dialstring = "6083"

  !--- Number to callback.

  send-secret = "cisco"
  }
  }

您能也使用RADIUS作为您的AAA服务器供应回叫属性而不是TACACS+。提供得RADIUS配置的示例此处:

RADIUS 配置
tremens         Auth-Type = Local, Password = "cisco"
                Service-Type = Framed-User,

                !--- Service-Type(6) is Framed User(4).

                Cisco-AVPair = "lcp:callback-dialstring=6083", 
                Cisco-AVPair = "lcp:send-secret=cisco"

注意: 在显示的RADIUS配置中如上,思科AVPair lcp :send-secret=cisco在回拨的验证时是需要的。如果不包括此AVPair,您在回拨服务器必须本地配置远程路由器的CHAP用户名和密码。

注意: 本文处理主要TACACS+。在本文提供的调试不显示开始回拨。

注意: 从Cisco IOS版本12.1(7),使用互联网工程任务组(IETF) RADIUS属性19 ISDN和模拟Microsoft回叫是可能的。在这种情况下,在先前配置里使用思科AVPair,显示是多余的。参考显示的备选RADIUS配置示例此处:

备选RADIUS配置
tremens         Auth-Type = Local, Password = "cisco"
                Service-Type = callback framed
                
!--- Service-Type (6) is callback framed (4).

                
!--- Callback framed is also known as 
                !--- Dialback-Framed-User.

                Callback =6083
                
!--- IETF RADIUS Callback attribute (19) with the phone 
                !--- number for the callback.


注意: RADIUS调试将显示IETF RADIUS属性19返回对回拨服务器。

用于此示例的两路由器的配置显示此处:

Tnt-buster (回拨服务器)
version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Tnt-buster
!
boot system flash flash:c5300-i-mz.121-4
logging buffered 1000000 debugging
aaa new-model
aaa authentication login none none
aaa authentication ppp default group tacacs+ local

!--- AAA methods for PPP authentication.

aaa authorization network default group tacacs+

!--- AAA authorization methods for RADIUS implementation. 
!--- Replace TACACS+ with RADIUS in the statements above.

!
spe 1/0 1/23
 firmware location system:/ucode/microcom_firmware
!
resource-pool disable
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type primary-net5
!
controller E1 0

!--- E1 interface that accepts the initial call and performs the callback.

 clock source line primary
 pri-group timeslots 1-31
!
! 

!--- irrelevant output has been omitted.

!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0
 ip address 10.200.20.42 255.255.255.0
!
interface Serial0:15

!--- D-channel for controller E1 0.

 no ip address
 encapsulation ppp
 dialer rotary-group 1

!--- Assign E1 0 to rotary-group 1 (which is necessary for dialout).
!--- Rotary-group properties are defined in interface Dialer 1.

 isdn switch-type primary-net5
 no cdp enable
!
! 

!--- irrelevant output has been omitted.

!
!
interface Dialer1

!--- This is the interface for the dialer rotary-group 1 configuration.

 ip unnumbered Loopback0
 encapsulation ppp
 dialer in-band
 dialer aaa

!--- This allows AAA to retrieve the callback dial string via AAA servers.


!--- This command is required for callback attributes to be obtained 
!--- from the AAA server.

 dialer idle-timeout 60
 dialer enable-timeout 5

!--- The time (in seconds) between initial call disconnect and callback 
!--- initiation.

 dialer hold-queue 20

!--- This holds 20 packets destined for the remote destination until the 
!--- connection is made.

 dialer-group 1
 no peer default ip address

!--- The peer is not given an IP address from a pool.
!--- IP pool can be defined if necessary.

 ppp callback accept

!--- Allows the interface to accept a callback request from a remote host.

 ppp authentication chap callin
!
ip route 0.0.0.0 0.0.0.0 10.200.20.1
no ip http server
!
dialer-list 1 protocol ip permit
tacacs-server host 10.200.20.134 key cisco

!--- The IP address and key of the TACACS+ server.

!
line con 0
 exec-timeout 0 0
 length 30
 transport input none
line 1 24
line aux 0
line vty 0 4
 no exec-banner
 exec-timeout 0 0
 login authentication none
!
end

Tremens (回拨客户端)
version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname tremens
!
username tnt-buster password 0 cisco

!--- Username and shared secret password used for CHAP authentication.
!--- The AAA server must have this router hostname (tnt-buster) and 
!--- shared secret (cisco) configured.

!
ip subnet-zero
no ip finger
no ip domain-lookup
!
isdn switch-type basic-net3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0
 ip address 10.200.16.54 255.255.255.0
!
interface BRI0

!--- The interface used for dialin and dialout.

 no ip address
 encapsulation ppp
 dialer pool-member 1

!--- Assign BRI0 as member of dialer pool 1.
!--- Dialer pool 1 is specified in interface Dialer 1.

 isdn switch-type basic-net3
 ppp authentication chap
!
interface Dialer1
 ip unnumbered Loopback0
 encapsulation ppp
 dialer pool 1

!--- Defines dialer pool 1.
!--- BRI 0 is a member of this pool.

 dialer idle-timeout 60
 dialer string 8211

!--- The number to dial when dialing out for the initial call.

 dialer hold-queue 20

!--- This holds 20 packets destined for the remote destination until the 
!--- connection is made.

 dialer-group 1
 no peer default ip address
 no fair-queue
 no cdp enable
 ppp callback request

!--- Request PPP callback from the server.

 ppp authentication chap
!
ip route 2.2.2.2 255.255.255.255 Dialer1

!--- IP route for the dialer interface.

no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 exec-timeout 0 0
 login
!
end

验证

本部分所提供的信息可用于确认您的配置是否正常工作。

命令输出解释程序工具仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。

  • show dialer interface [type number] —显示为按需拨号路由(DDR)配置的接口的一般诊断信息。启动拨号的数据包的源地址和目标地址显示在 dial reason line 中。此命令也显示连接计时器。

  • show isdn status —使您保证路由器用ISDN交换机正确通信。在输出中,验证第1层状态是否为活跃状态,是否第2层状态=MULTIPLE_FRAME_ESTABLISHED出现。此指令也显示活动的呼叫的数量。

故障排除

本部分提供的信息可用于对配置进行故障排除。

关于调试指令的更多信息参考的Cisco IOS版本12.0 Debug命令参考资料

故障排除命令(可选)

命令输出解释程序工具仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。

注意: 在发出 debug 命令之前,请参阅有关 Debug 命令的重要信息

  • debug isdn q931 -显示ISDN网络连接(第3层)呼叫建立和卸载。

  • debug dialer [events|数据包] —显示关于在拨号接口接收的数据包的DDR调试信息。

  • debug aaa authentication —显示关于AAA认证的信息。

  • debug aaa authorization —显示关于AAA授权的信息。

  • debug tacacs —显示详细的调试信息关联与TACACS+。

  • debug ppp协商—显示关于PPP流量的信息并且交换,当PPP组件的协商是进展中,包括链路控制协议(LCP),验证时和NCP。成功的PPP协商将首先开放LCP状态,然后进行验证,最后进行NCP协商。

  • debug ppp authentication —显示PPP认证协议消息,包括质询验证协议(CHAP)信息包交换和密码认证协议交换。如果观察一失败验证CHAP用户名和密码是否正确地配置。

  • 当路由器使用一个调制解调器和一个对话脚本呼叫在终端线路时的上一步debug callback —显示回拨事件。当此命令是为调制解调器和对话脚本,没有用于此配置。

调试输出示例

tnt-buster#show debug
General OS:
  TACACS access control debugging is on
  AAA Authentication debugging is on
  AAA Authorization debugging is on
Dial on demand:
  Dial on demand events debugging is on
PPP:
  PPP protocol negotiation debugging is on
ISDN:
  ISDN Q931 packets debugging is on
  ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-)
  DSL  0 --> 7
  1 - - - - - - -  
tnt-buster#
*Oct 16 08:59:26.403: ISDN Se0:15: RX <-  SETUP pd = 8  callref = 0x4880

!--- incoming ISDN call setup message.

*Oct 16 08:59:26.403:   Sending Complete
*Oct 16 08:59:26.403:   Bearer Capability i = 0x8890
*Oct 16 08:59:26.403:   Channel ID i = 0xA1839A
*Oct 16 08:59:26.403:   Calling Party Number i = 0xA1, '6083', Plan:ISDN,
 Type:National

!--- Calling Party Number is configured in the callback string on 
!--- the AAA server.
 
*Oct 16 08:59:26.403:   Called Party Number i = 0x81, '211', Plan:ISDN,
 Type:Unknown
*Oct 16 08:59:26.407:   Locking Shift to Codeset 6
*Oct 16 08:59:26.407:   Codeset 6 IE 0x28  i = 'ISDN-EDU-4'
*Oct 16 08:59:26.407:   ISDN Se0:15: TX ->  CALL_PROC pd = 8  callref = 0xC880
*Oct 16 08:59:26.411:   Channel ID i = 0xA9839A
*Oct 16 08:59:26.415: %LINK-3-UPDOWN: Interface Serial0:25, changed state to up
*Oct 16 08:59:26.419: Se0:25 PPP: Treating connection as a callin
*Oct 16 08:59:26.419: Se0:25 PPP: Phase is ESTABLISHING, Passive Open
*Oct 16 08:59:26.419: Se0:25 LCP: State is Listen
*Oct 16 08:59:26.419: ISDN Se0:15: TX ->  CONNECT pd = 8  callref = 0xC880
*Oct 16 08:59:26.419: Channel ID i = 0xA9839A
*Oct 16 08:59:26.459: ISDN Se0:15: RX <-  CONNECT_ACK pd = 8  callref = 0x4880
*Oct 16 08:59:26.463: ISDN Se0:15: CALL_PROGRESS: CALL_CONNECTED call id 0x28,
 bchan 25, dsl 0
*Oct 16 08:59:26.551: Se0:25 LCP: I CONFREQ [Listen] id 126 len 18

!--- PPP LCP negotiation begins.

*Oct 16 08:59:26.555: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.555: Se0:25 LCP:    MagicNumber 0x3E7BCBD2 (0x05063E7BCBD2)
*Oct 16 08:59:26.555: Se0:25 LCP:    Callback 0  (0x0D0300)
*Oct 16 08:59:26.555: Se0:25 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
*Oct 16 08:59:26.555: Se0:25 LCP: O CONFREQ [Listen] id 1 len 15
*Oct 16 08:59:26.555: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.555: Se0:25 LCP:    MagicNumber 0xE06953E4 (0x0506E06953E4)
*Oct 16 08:59:26.555: Se0:25 LCP: O CONFACK [Listen] id 126 len 18
*Oct 16 08:59:26.555: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.555: Se0:25 LCP:    MagicNumber 0x3E7BCBD2 (0x05063E7BCBD2)
*Oct 16 08:59:26.555: Se0:25 LCP:    Callback 0  (0x0D0300)

!--- Callback option is acknowledged (CONFACKed).

*Oct 16 08:59:26.587: Se0:25 LCP: I CONFACK [ACKsent] id 1 len 15
*Oct 16 08:59:26.587: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.587: Se0:25 LCP:    MagicNumber 0xE06953E4 (0x0506E06953E4)
*Oct 16 08:59:26.587: Se0:25 LCP: State is Open
*Oct 16 08:59:26.587: Se0:25 PPP: Phase is AUTHENTICATING, by both

!--- PPP Authentication begins.

*Oct 16 08:59:26.587: Se0:25 CHAP: O CHALLENGE id 1 len 31 from "tnt-buster"
*Oct 16 08:59:26.611: Se0:25 CHAP: I CHALLENGE id 93 len 28 from "tremens"
*Oct 16 08:59:26.611: Se0:25 CHAP: Waiting for peer to authenticate first
*Oct 16 08:59:26.623: Se0:25 CHAP: I RESPONSE id 1 len 28 from "tremens"
*Oct 16 08:59:26.623: AAA: parse name=Serial0:25 idb type=13 tty=-1
*Oct 16 08:59:26.623: AAA: name=Serial0:25 flags=0x51 type=1 shelf=0 slot=0
 adapter=0 port=0 channel=25
*Oct 16 08:59:26.623: AAA: parse name= idb type=-1 tty=-1
*Oct 16 08:59:26.623: AAA/MEMORY: create_user (0x6126C0AC) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:26.623: AAA/AUTHEN/START (199889519): port='Serial0:25' list=''
 action=LOGIN service=PPP
*Oct 16 08:59:26.623: AAA/AUTHEN/START (199889519): using "default" list
*Oct 16 08:59:26.623: AAA/AUTHEN/START (199889519): Method=tacacs+ (tacacs+)

!---  Use TACACS+ as AAA method for the default list.
 
*Oct 16 08:59:26.623: TAC+: send AUTHEN/START packet ver=193 id=199889519
*Oct 16 08:59:26.623: TAC+: Using default tacacs server-group "tacacs+" list.
*Oct 16 08:59:26.623: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:26.627: TAC+: Opened TCP/IP handle 0x610C4D40 to 10.200.20.134/49
*Oct 16 08:59:26.627: TAC+: 10.200.20.134 (199889519) AUTHEN/START/LOGIN/CHAP
 queued
*Oct 16 08:59:26.827: TAC+: (199889519) AUTHEN/START/LOGIN/CHAP processed
*Oct 16 08:59:26.827: TAC+: ver=193 id=199889519 received AUTHEN status = PASS
*Oct 16 08:59:26.827: AAA/AUTHEN (199889519): status = PASS

!---  AAA authentication succeeds.

*Oct 16 08:59:26.827: TAC+: Closing TCP/IP 0x610C4D40 connection to
 10.200.20.134/49
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP: Authorize LCP
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:26.827: AAA/AUTHOR/LCP: Se0:25 (4028243213) user='tremens'
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): send AV service=ppp
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): send AV protocol=lcp
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): found list "default"
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): Method=tacacs+ 
(tacacs+)
*Oct 16 08:59:26.827: AAA/AUTHOR/TAC+: (4028243213): user=tremens
*Oct 16 08:59:26.827: AAA/AUTHOR/TAC+: (4028243213): send AV service=ppp
*Oct 16 08:59:26.827: AAA/AUTHOR/TAC+: (4028243213): send AV protocol=lcp
*Oct 16 08:59:26.827: TAC+: using previously set server 10.200.20.134 from
 group tacacs+
*Oct 16 08:59:26.827: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:26.831: TAC+: Opened TCP/IP handle 0x61269588 to 10.200.20.134/49
*Oct 16 08:59:26.831: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:26.831: TAC+: 10.200.20.134 (4028243213) AUTHOR/START queued
*Oct 16 08:59:27.031: TAC+: (4028243213) AUTHOR/START processed
*Oct 16 08:59:27.031: TAC+: (4028243213): received author response status =
 PASS_ADD
*Oct 16 08:59:27.031: TAC+: Closing TCP/IP 0x61269588 connection to
 10.200.20.134/49
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR (4028243213): Post authorization
 status = PASS_ADD
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV service=ppp
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV protocol=lcp
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV callback-dialstring=
6083

!--- Callback dial string sent from the AAA server.

*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV send-secret=cisco
*Oct 16 08:59:27.031: Se0:25 CHAP: O SUCCESS id 1 len 4
*Oct 16 08:59:27.031: Se0:25 CHAP: Processing saved Challenge, id 93
*Oct 16 08:59:27.031: Se0:25 DDR: Authenticated host tremens with no matching
 dialer map
*Oct 16 08:59:27.031: AAA: parse name=Serial0:25 idb type=13 tty=-1
*Oct 16 08:59:27.031: AAA: name=Serial0:25 flags=0x51 type=1 shelf=0 slot=0
 adapter=0
 port=0 channel=25
*Oct 16 08:59:27.031: AAA: parse name= idb type=-1 tty=-1
*Oct 16 08:59:27.031: AAA/MEMORY: create_user (0x610DD96C) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:27.035: AAA/AUTHEN/START (4099567767): port='Serial0:25'
 list='' action=SENDAUTH service=PPP
*Oct 16 08:59:27.035: AAA/AUTHEN/START (4099567767): using "default" list
*Oct 16 08:59:27.035: AAA/AUTHEN/START (4099567767): Method=tacacs+ (tacacs+)
*Oct 16 08:59:27.035: TAC+: Look for cached secret first for sendauth
*Oct 16 08:59:27.035: AAA/AUTHEN/SENDAUTH (4099567767): found cached secret
 for tremens
*Oct 16 08:59:27.035: AAA/AUTHEN (4099567767): status = PASS
*Oct 16 08:59:27.035: AAA/MEMORY: free_user (0x610DD96C) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:27.035: Se0:25 CHAP: O RESPONSE id 93 len 31 from "tnt-buster"
*Oct 16 08:59:27.055: Se0:25 CHAP: I SUCCESS id 93 len 4

!--- CHAP is successful.

*Oct 16 08:59:27.055: FA0: Same state, 0
*Oct 16 08:59:27.055: DSES FA0: Session create
*Oct 16 08:59:27.055: AAA/MEMORY: dup_user (0x61069398) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1 source='create callback'
*Oct 16 08:59:27.055: Se0:25 DDR: PPP callback Callback server starting to
 tremens 6083

!--- DDR starts PPP calback procedures.

*Oct 16 08:59:27.055: Se0:25 DDR: disconnecting call

!--- Call is disconnected.

*Oct 16 08:59:27.059: ISDN Se0:15: TX ->  DISCONNECT pd = 8  callref = 0xC880
*Oct 16 08:59:27.059:         Cause i = 0x8090 - Normal call clearing
*Oct 16 08:59:27.071: Se0:25 IPCP: PPP phase is AUTHENTICATING,
 discarding packet
*Oct 16 08:59:27.091: ISDN Se0:15: RX <-  RELEASE pd = 8  callref = 0x4880
*Oct 16 08:59:27.091: ISDN Se0:15: TX ->  RELEASE_COMP pd = 8 
 callref = 0xC880
*Oct 16 08:59:27.103: %LINK-3-UPDOWN: Interface Serial0:25,
 changed state to down
*Oct 16 08:59:27.103: Se0:25 PPP: Phase is TERMINATING
*Oct 16 08:59:27.103: Se0:25 LCP: State is Closed
*Oct 16 08:59:27.103: Se0:25 PPP: Phase is DOWN
*Oct 16 08:59:27.103: Se0:25 DDR: disconnecting call
*Oct 16 08:59:32.055: DDR: Callback timer expired

!--- Callback timer (5 seconds) expires.


!--- This is configured through the dialer enable-timeout 5 command.

*Oct 16 08:59:32.055: Di1 DDR: beginning callback to tremens 6083
*Oct 16 08:59:32.055: Se0:15 DDR: rotor dialout [priority]
*Oct 16 08:59:32.055: Se0:15 DDR: Dialing cause dialer session 0xFA0
*Oct 16 08:59:32.055: Se0:15 DDR: Attempting to dial 6083

!--- Callback number dialed.

*Oct 16 08:59:32.055: ISDN Se0:15: TX ->  SETUP pd = 8  callref = 0x0005
*Oct 16 08:59:32.055:         Bearer Capability i = 0x8890
*Oct 16 08:59:32.055:         Channel ID i = 0xA9839F
*Oct 16 08:59:32.055:         Called Party Number i = 0x81, '6083', Plan:ISDN,
 Type:Unknown
*Oct 16 08:59:32.095: ISDN Se0:15: RX <-  CALL_PROC pd = 8  callref = 0x8005
*Oct 16 08:59:32.095:         Channel ID i = 0xA9839F
*Oct 16 08:59:32.311: ISDN Se0:15: RX <-  CONNECT pd = 8  callref = 0x8005

!--- Call is connected.

*Oct 16 08:59:32.311:         Connected Number i = 0xA136303833
*Oct 16 08:59:32.315:         Locking Shift to Codeset 6
*Oct 16 08:59:32.315:         Codeset 6 IE 0x28  i = 'ISDN-EDU-4'
*Oct 16 08:59:32.323: %LINK-3-UPDOWN: Interface Serial0:30, changed state to up
*Oct 16 08:59:32.323: AAA/MEMORY: dup_user (0x612B7F70) user='tremens' ruser=''
 port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP priv=1
 source='callback dialout'
*Oct 16 08:59:32.323: DDR: Freeing callback to tremens 6083
*Oct 16 08:59:32.323: DDR: removing callback, 0 packets unqueued and discarded
*Oct 16 08:59:32.323: AAA/MEMORY: free_user (0x61069398) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:32.323: Se0:30 PPP: Treating connection as a callout

!--- PPP negotiation begins.

*Oct 16 08:59:32.323: Se0:30 PPP: Phase is ESTABLISHING, Active Open
*Oct 16 08:59:32.323: Se0:30 PPP: No remote authentication for callback
*Oct 16 08:59:32.327: Se0:30 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
*Oct 16 08:59:32.327: Se0:30 LCP: O CONFREQ [Closed] id 5 len 10
*Oct 16 08:59:32.327: Se0:30 LCP:    MagicNumber 0xE0696A6F (0x0506E0696A6F)
*Oct 16 08:59:32.327: ISDN Se0:15: TX ->  CONNECT_ACK pd = 8  callref = 0x0005
*Oct 16 08:59:32.351: Se0:30 LCP: I CONFREQ [REQsent] id 127 len 15
*Oct 16 08:59:32.351: Se0:30 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:32.351: Se0:30 LCP:    MagicNumber 0x3E7BE27C (0x05063E7BE27C)
*Oct 16 08:59:32.355: Se0:30 LCP: O CONFACK [REQsent] id 127 len 15
*Oct 16 08:59:32.355: Se0:30 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:32.355: Se0:30 LCP:    MagicNumber 0x3E7BE27C (0x05063E7BE27C)
*Oct 16 08:59:32.359: Se0:30 LCP: I CONFACK [ACKsent] id 5 len 10
*Oct 16 08:59:32.359: Se0:30 LCP:    MagicNumber 0xE0696A6F (0x0506E0696A6F)
*Oct 16 08:59:32.359: Se0:30 LCP: State is Open
*Oct 16 08:59:32.359: Se0:30 PPP: Phase is AUTHENTICATING, by the peer

!--- Authentication begins.

*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP: Authorize LCP
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:32.359: AAA/AUTHOR/LCP: Se0:30 (190918816) user='tremens'
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): send AV service=ppp
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): send AV protocol=lcp
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): found list "default"
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): Method=tacacs+
 (tacacs+)
*Oct 16 08:59:32.363: AAA/AUTHOR/TAC+: (190918816): user=tremens
*Oct 16 08:59:32.363: AAA/AUTHOR/TAC+: (190918816): send AV service=ppp
*Oct 16 08:59:32.363: AAA/AUTHOR/TAC+: (190918816): send AV protocol=lcp
*Oct 16 08:59:32.363: TAC+: using previously set server 10.200.20.134 from
 group tacacs+
*Oct 16 08:59:32.363: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:32.363: TAC+: Opened TCP/IP handle 0x612B6A1C to 10.200.20.134/49
*Oct 16 08:59:32.363: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:32.363: TAC+: 10.200.20.134 (190918816) AUTHOR/START queued
*Oct 16 08:59:32.563: TAC+: (190918816) AUTHOR/START processed
*Oct 16 08:59:32.563: TAC+: (190918816): received author response status =
 PASS_ADD
*Oct 16 08:59:32.563: TAC+: Closing TCP/IP 0x612B6A1C connection to
 10.200.20.134/49
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR (190918816): Post authorization
 status = PASS_ADD
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV service=ppp
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV protocol=lcp
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV callback-dialstring=
6083
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV send-secret=cisco
*Oct 16 08:59:32.563: Se0:30 CHAP: I CHALLENGE id 94 len 28 from "tremens"

!--- An incoming CHAP challenge is received.

*Oct 16 08:59:32.563: AAA: parse name=Serial0:30 idb type=13 tty=-1
*Oct 16 08:59:32.563: AAA: name=Serial0:30 flags=0x51 type=1 shelf=0 slot=0
 adapter=0 port=0 channel=30
*Oct 16 08:59:32.563: AAA: parse name= idb type=-1 tty=-1
*Oct 16 08:59:32.563: AAA/MEMORY: create_user (0x612B8098) user='tremens'
 ruser='' port='Serial0:30' rem_addr='6083/6083' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:32.567: AAA/AUTHEN/START (763006247): port='Serial0:30' list=''
 action=SENDAUTH service=PPP
*Oct 16 08:59:32.567: AAA/AUTHEN/START (763006247): using "default" list
*Oct 16 08:59:32.567: AAA/AUTHEN/START (763006247): Method=tacacs+ (tacacs+)
*Oct 16 08:59:32.567: TAC+: Look for cached secret first for sendauth
*Oct 16 08:59:32.567: AAA/AUTHEN/SENDAUTH (763006247): found cached secret for
 tremens
*Oct 16 08:59:32.567: AAA/AUTHEN (763006247): status = PASS
*Oct 16 08:59:32.567: AAA/MEMORY: free_user (0x612B8098) user='tremens'
 ruser='' port='Serial0:30' rem_addr='6083/6083' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:32.567: Se0:30 CHAP: O RESPONSE id 94 len 31 from "tnt-buster"
*Oct 16 08:59:32.587: Se0:30 CHAP: I SUCCESS id 94 len 4

!--- Authentication is successful.

*Oct 16 08:59:32.587: Se0:30 PPP: Phase is UP
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM: (0): Can we start IPCP?
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:32.587: AAA/AUTHOR/FSM: Se0:30 (3211893880) user='tremens'
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): send AV service=ppp
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): send AV protocol=ip
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): found list "default"
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): Method=tacacs+
 (tacacs+)
*Oct 16 08:59:32.587: AAA/AUTHOR/TAC+: (3211893880): user=tremens
*Oct 16 08:59:32.587: AAA/AUTHOR/TAC+: (3211893880): send AV service=ppp
*Oct 16 08:59:32.587: AAA/AUTHOR/TAC+: (3211893880): send AV protocol=ip
*Oct 16 08:59:32.587: TAC+: using previously set server 10.200.20.134 from group
 tacacs+
*Oct 16 08:59:32.587: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:32.591: TAC+: Opened TCP/IP handle 0x612B6C80 to 10.200.20.134/49
*Oct 16 08:59:32.591: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:32.591: TAC+: 10.200.20.134 (3211893880) AUTHOR/START queued
*Oct 16 08:59:32.791: TAC+: (3211893880) AUTHOR/START processed
*Oct 16 08:59:32.791: TAC+: (3211893880): received author response status =
 PASS_ADD
*Oct 16 08:59:32.791: TAC+: Closing TCP/IP 0x612B6C80 connection to
 10.200.20.134/49
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR (3211893880): Post authorization
 status = PASS_ADD
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/FSM: We can start IPCP

!--- IPCP negotiation begins.

*Oct 16 08:59:32.791: Se0:30 IPCP: O CONFREQ [Closed] id 5 len 10
*Oct 16 08:59:32.791: Se0:30 IPCP:    Address 2.2.2.2 (0x030602020202)
*Oct 16 08:59:32.791: Se0:30 IPCP: I CONFREQ [REQsent] id 111 len 10
*Oct 16 08:59:32.791: Se0:30 IPCP:    Address 3.3.3.3 (0x030603030303)
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP: Start.  Her address 3.3.3.3,
 we want 0.0.0.0
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:32.791: AAA/AUTHOR/IPCP: Se0:30 (3713413027) user='tremens'
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): send AV service=ppp
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): send AV protocol=ip
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): send AV addr*3.3.3.3
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): found list "default"
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): Method=tacacs+
 (tacacs+)
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): user=tremens
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): send AV service=ppp
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): send AV protocol=ip
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): send AV addr*3.3.3.3

!--- AAA Attribute Value Pairs.

*Oct 16 08:59:32.795: TAC+: using previously set server 10.200.20.134 from group
 tacacs+
*Oct 16 08:59:32.795: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:32.795: TAC+: Opened TCP/IP handle 0x61269588 to 10.200.20.134/49
*Oct 16 08:59:32.795: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:32.795: TAC+: 10.200.20.134 (3713413027) AUTHOR/START queued
*Oct 16 08:59:32.995: TAC+: (3713413027) AUTHOR/START processed
*Oct 16 08:59:32.995: TAC+: (3713413027): received author response status =
 PASS_ADD
*Oct 16 08:59:32.995: TAC+: Closing TCP/IP 0x61269588 connection to
 10.200.20.134/49
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR (3713413027): Post authorization
 status = PASS_ADD
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Processing AV protocol=ip
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Processing AV addr*3.3.3.3
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Authorization succeeded
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Done.  Her address 3.3.3.3,
 we want 3.3.3.3
*Oct 16 08:59:32.995: Se0:30 IPCP: O CONFACK [REQsent] id 111 len 10
*Oct 16 08:59:32.995: Se0:30 IPCP:    Address 3.3.3.3 (0x030603030303)
*Oct 16 08:59:32.995: Se0:30 IPCP: I CONFACK [ACKsent] id 5 len 10
*Oct 16 08:59:32.995: Se0:30 IPCP:    Address 2.2.2.2 (0x030602020202)
*Oct 16 08:59:32.995: Se0:30 IPCP: State is Open
*Oct 16 08:59:32.999: Se0:30 DDR: dialer protocol up
*Oct 16 08:59:32.999: Se0:30: Call connected, 0 packets unqueued, 0 transmitted,
 0 discarded
*Oct 16 08:59:32.999: Di1 IPCP: Install route to 3.3.3.3

!--- Route is installed to remote device.

*Oct 16 08:59:33.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:30,
 changed state to up
*Oct 16 08:59:38.323: %ISDN-6-CONNECT: Interface Serial0:30 is now connected
 to 6083 unknown

!--- Call is Connected.

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 10321