セキュリティ : Cisco Secure Access Control Server for Unix

ネットワーク・アクセス・サーバのIPプールを管理するAAAサーバの使用

2016 年 10 月 27 日 - 機械翻訳について
その他のバージョン: PDFpdf | 英語版 (2015 年 8 月 22 日) | フィードバック


目次


概要

このドキュメントでは、AAA サーバを使用してネットワーク アクセス サーバ(NAS)の IP プールを管理するための設定例を紹介しています。

はじめに

表記法

ドキュメント表記の詳細は、『シスコ テクニカル ティップスの表記法』を参照してください。

前提条件

このドキュメントに関する固有の要件はありません。

使用するコンポーネント

このドキュメントの情報は、次のソフトウェアとハードウェアのバージョンに基づくものです。

  • Cisco IOS(R) ソフトウェア リリース 12.0.7.T

このドキュメントの情報は、特定のラボ環境にあるデバイスに基づいて作成されたものです。 このドキュメントで使用するすべてのデバイスは、クリアな(デフォルト)設定で作業を開始しています。 対象のネットワークが実稼働中である場合には、どのような作業についても、その潜在的な影響について確実に理解しておく必要があります。

IP プール

IP 制御プロトコル(IPCP)アドレス ネゴシエーション中、ユーザに対して IP プール名が指定された場合、NAS は指定されたプールがローカルで定義されているかをチェックします。 定義されている場合、特別なアクションは必要とせず、ローカル プールで IP アドレスが参照されます。 必要なプールが存在しない場合、特別なユーザ名「pools-nas-name」(「nas-name」は NAS の設定済みホスト名)を使用して、そのプールを取得するための許可コールが行われます。 これに応答して、AAA サーバは必要なプールの設定をダウンロードします。 aaa configuration config-username name of your choosing コマンドを使用すると、別のプール ユーザ名を設定できます。

このコマンドは、プール定義をダウンロードするために使用されるユーザ名を、デフォルト名「pools-NAS-name」から「name-of-your-choosing」に変更します。

Cisco NAS にダウンロードされたプールは、不揮発性メモリに保持されず、アクセス サーバまたはルータが再起動すると自動的に消去されます。 ダウンロードされたプールは、適切な AV ペアを追加することで自動的にタイムアウトになります。 ダウンロードされたプールは、show ip local pools コマンドの出力でダイナミックとして指定されます。

RADIUS NAS の設定

aaa new-model 
aaa authentication login default group radius 
aaa authentication ppp default if-needed group radius 
aaa authorization network default group radius
aaa configuration config-username nas1-pools
radius-server host 172.18.124.114 auth-port 1645 acct-port 1646 
radius-server key cisco

AAA サーバ NAS プール プロファイル

./ViewProfile -p 9900 -u nas1-pools
User Profile Information 
user = nas1-pools
profile_id=63
profile_cycle = 7
member = nas_profiles
password = pap "********"
radius=Cisco {
reply_attributes= {
6=5
9,1="ip:pool-def#1= pool1 172.22.83.2 172.22.83.253"
}
}

}

この例には、Cisco Secure UNIX(CSU)サーバで作成されたユーザ「nas1-pools」が示されています。 このエントリでは、アウトバウンドユーザのユーザ サービス タイプ {6=5} が指定されています。 この属性は、既知のユーザ名とパスワードの組み合わせである nas1-pools/cisco を使用した通常のログインを防止するために NAS によって提供されます。

AAA サーバ ユーザ プロファイル

./ViewProfile -p 9900 -u pool_test 
user = pool_test{
profile_id = 46
profile_cycle = 14
member = dial_rad
password = pap "********"
radius=Cisco {
reply_attributes= {
7=1
6=2
9,1="ip:addr-pool=pool1"
}
}

}

確認

ログインしたユーザ「pool_test」に、AAA サーバの pool1 から IP アドレスが割り当てられます。

as5300#show debug
General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
PPP:
  PPP protocol negotiation debugging is on
Radius protocol debugging is on
as5300#term mon
as5300#
00:26:01: %LINK-3-UPDOWN: Interface Async5, changed state to up
00:26:01: As5 PPP: Treating connection as a dedicated line
00:26:01: As5 PPP: Phase is ESTABLISHING, Active Open
00:26:01: As5 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
00:26:01: As5 LCP: O CONFREQ [Closed] id 1 len 24
00:26:01: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:01: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:01: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:01: As5 LCP:    PFC (0x0702)
00:26:01: As5 LCP:    ACFC (0x0802)
00:26:01: As5 LCP: I CONFACK [REQsent] id 1 len 24
00:26:01: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:01: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:01: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:01: As5 LCP:    PFC (0x0702)
00:26:01: As5 LCP:    ACFC (0x0802)
00:26:02: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:26:02: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:02: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:02: As5 LCP:    PFC (0x0702)
00:26:02: As5 LCP:    ACFC (0x0802)
00:26:02: As5 LCP:    Callback 6  (0x0D0306)
00:26:02: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:26:02: As5 LCP:    Callback 6  (0x0D0306)
00:26:03: As5 LCP: TIMEout: State ACKrcvd
00:26:03: As5 LCP: O CONFREQ [ACKrcvd] id 2 len 24
00:26:03: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:03: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:03: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:03: As5 LCP:    PFC (0x0702)
00:26:03: As5 LCP:    ACFC (0x0802)
00:26:03: As5 LCP: I CONFACK [REQsent] id 2 len 24
00:26:03: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:03: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:03: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:03: As5 LCP:    PFC (0x0702)
00:26:03: As5 LCP:    ACFC (0x0802)
00:26:05: As5 LCP: TIMEout: State ACKrcvd
00:26:05: As5 LCP: O CONFREQ [ACKrcvd] id 3 len 24
00:26:05: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:05: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:05: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:05: As5 LCP:    PFC (0x0702)
00:26:05: As5 LCP:    ACFC (0x0802)
00:26:05: As5 LCP: I CONFACK [REQsent] id 3 len 24
00:26:05: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:05: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:05: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:05: As5 LCP:    PFC (0x0702)
00:26:05: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP:    Callback 6  (0x0D0306)
00:26:06: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:26:06: As5 LCP:    Callback 6  (0x0D0306)
00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 1 len 20
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: O CONFACK [ACKrcvd] id 1 len 20
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: State is Open
00:26:06: As5 PPP: Phase is AUTHENTICATING, by this end
00:26:06: As5 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00002BF7 MSRASV4.00
00:26:06: As5 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00002BF7 MSRAS-1-ZEKIE
00:26:06: As5 PAP: I AUTH-REQ id 31 len 24 from "pool_test"
00:26:06: As5 PAP: Authenticating peer pool_test
00:26:06: AAA: parse name=Async5 idb type=10 tty=5
00:26:06: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=5 channel=0
00:26:06: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:26:06: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:26:06: AAA/MEMORY: create_user (0x618FFBB0) user='pool_test' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1
00:26:06: AAA/AUTHEN/START (2962877775): port='Async5' list='' action=LOGIN 
service=PPP
00:26:06: AAA/AUTHEN/START (2962877775): using "default" list
00:26:06: AAA/AUTHEN (2962877775): status = UNKNOWN
00:26:06: AAA/AUTHEN/START (2962877775): Method=radius (radius)
00:26:06: RADIUS: ustruct sharecount=1
00:26:06: RADIUS: Initial Transmit Async5 id 10 172.18.124.114:1645, 
Access-Request, len 103
00:26:06:         Attribute 4 6 01010101
00:26:06:         Attribute 5 6 00000005
00:26:06:         Attribute 61 6 00000000
00:26:06:         Attribute 1 11 706F6F6C
00:26:06:         Attribute 30 12 39313934
00:26:06:         Attribute 31 12 39313934
00:26:06:         Attribute 2 18 FC2DE489
00:26:06:         Attribute 6 6 00000002
00:26:06:         Attribute 7 6 00000001
00:26:06: RADIUS: Received from id 10 172.18.124.114:1645, Access-Accept, 
len 58
00:26:06:         Attribute 7 6 00000001
00:26:06:         Attribute 6 6 00000002
00:26:06:         Attribute 26 26 0000000901146970
00:26:06: RADIUS: saved authorization data for user 618FFBB0 at 618FEAE4
00:26:06: AAA/AUTHEN (2962877775): status = PASS
00:26:06: As5 AAA/AUTHOR/LCP: Authorize LCP
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Port='Async5' list='' service=NET
00:26:06: AAA/AUTHOR/LCP: As5 (3264835197) user='pool_test'
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV service=ppp
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV protocol=lcp
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): found list "default"
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Method=radius (radius)
00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" not applied for lcp
00:26:06: As5 AAA/AUTHOR (3264835197): Post authorization status = PASS_REPL
00:26:06: As5 AAA/AUTHOR/LCP: Processing AV service=ppp
00:26:06: As5 PAP: O AUTH-ACK id 31 len 5
00:26:06: As5 PPP: Phase is UP
00:26:06: As5 AAA/AUTHOR/FSM: (0): Can we start IPCP?
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Port='Async5' list='' service=NET
00:26:06: AAA/AUTHOR/FSM: As5 (2404696831) user='pool_test'
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV service=ppp
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV protocol=ip
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): found list "default"
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Method=radius (radius)
00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1"
00:26:06: As5 AAA/AUTHOR (2404696831): Post authorization status = PASS_REPL
00:26:06: As5 AAA/AUTHOR/FSM: We can start IPCP
00:26:06: As5 IPCP: O CONFREQ [Closed] id 1 len 10
00:26:06: As5 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:26:07: As5 CCP: I CONFREQ [Not negotiated] id 4 len 10
00:26:07: As5 CCP:    MS-PPC supported bits 0x00000001 (0x120600000001)
00:26:07: As5 LCP: O PROTREJ [Open] id 4 len 16 protocol CCP 
(0x80FD0104000A120600000001)
00:26:07: As5 IPCP: I CONFREQ [REQsent] id 5 len 40
00:26:07: As5 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:26:07: As5 IPCP:    Address 0.0.0.0 (0x030600000000)
00:26:07: As5 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:26:07: As5 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:26:07: As5 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:26:07: As5 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
00:26:07: As5 AAA/AUTHOR/IPCP: Says use pool pool1
00:26:07: AAA: parse name=Async5 idb type=10 tty=5
00:26:07: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=5 channel=0
00:26:07: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:26:07: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:26:07: AAA/MEMORY: create_user (0x618FFCD8) user='nas1-pools' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Port='Async5' list='' service=NET
00:26:07: AAA/AUTHOR/POOL: As5 (3562270977) user='nas1-pools'
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV service=ppp
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV protocol=ip
00:26:07: Async5 AAA/AUTHOR/POOL (3562270977): found list "default"
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Method=radius (radius)
00:26:07: RADIUS: authenticating to get author data
00:26:07: RADIUS: ustruct sharecount=2
00:26:07: RADIUS: Initial Transmit Async5 id 11 172.18.124.114:1645, Access-Request, 
len 98
00:26:07:         Attribute 4 6 01010101
00:26:07:         Attribute 5 6 00000005
00:26:07:         Attribute 61 6 00000000
00:26:07:         Attribute 1 12 6E617331
00:26:07:         Attribute 30 12 39313934
00:26:07:         Attribute 31 12 39313934
00:26:07:         Attribute 2 18 E6DF8390
00:26:07:         Attribute 6 6 00000005
00:26:07: RADIUS: Received from id 11 172.18.124.114:1645, Access-Accept, len 69
00:26:07:         Attribute 6 6 00000005
00:26:07:         Attribute 26 43 0000000901256970
00:26:07: RADIUS: saved authorization data for user 618FFCD8 at 61450E5C
00:26:07: RADIUS: cisco AVPair "ip:pool-def#1=pool1 1.2.3.4 1.2.3.5"
00:26:07: AAA/AUTHOR (3562270977): Post authorization status = PASS_REPL
00:26:07: As5 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5
00:26:07: AAA/MEMORY: free_user (0x618FFCD8) user='nas1-pools' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE 
priv=1
00:26:07: As5 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFREJ [REQsent] id 5 len 34
00:26:07: As5 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:26:07: As5 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:26:07: As5 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:26:07: As5 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:26:07: As5 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:26:07: As5 IPCP: I CONFACK [REQsent] id 1 len 10
00:26:07: As5 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
00:26:07: As5 IPCP:    Address 0.0.0.0 (0x030600000000)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 1.2.3.4, we want 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 1.2.3.4, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFACK [ACKrcvd] id 7 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 IPCP: State is Open
00:26:07: As5 IPCP: Install route to 1.2.3.4
00:26:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, 
changed state to up
as5300#show caller ip
  Line         User       IP Address      Local Number    Remote Number   <->
  As5          pool_test  1.2.3.4         9194724101      9194722001      
as5300#show ip local pool
 Pool                     Begin           End             Free  In use
 pool1                    1.2.3.4         1.2.3.5            1       1 (dynamic)

TACACS+ NAS の設定

aaa new-model
aaa authentication login default group tacacs+
aaa authentication ppp default if-needed group tacacs+
aaa authorization network default group tacacs+
aaa configuration config-username nas1-pools
tacacs-server host 172.18.124.114 
tacacs-server key cisco

AAA サーバ NAS プール プロファイル

./ViewProfile -p 9900 -u nas1-pools
User Profile Information
user = nas1-pools
profile_id = 63
profile_cycle = 8
service=ppp {
protocol=ip {
set pool-def#1="pool1 1.2.3.4 1.2.3.5"
}
}

}

AAA サーバ ユーザ プロファイル

./ViewProfile -p 9900 -u pool_test
User Profile Information
user = pool_test{
profile_id = 46
profile_cycle = 15
password = pap "********"
service=ppp {
protocol=lcp {
}
protocol=ip {
set addr-pool=pool1
}
}

}

デバッグ出力

Script started on Mon Dec 10 13:22:05 2001
ddunlap@rtp-cse-353% telnet 172.18.124.114
Trying 172.18.124.114...
Connected to 172.18.124.114.
Escape character is '^]'.


UNIX(r) System V Release 4.0 (rtp-evergreen)

login: root
Password: 
Last login: Mon Dec 10 10:09:01 from rtp-cse-353.cisc
Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
# telnet 14.36.1.53
Trying 14.36.1.53...
Connected to 14.36.1.53.
Escape character is '^]'.


User Access Verification

Username: testuser
Password: 

as5300>en
Password: 
as5300#show debug
General OS:
  TACACS access control debugging is on
  AAA Authentication debugging is on
  AAA Authorization debugging is on
PPP:
  PPP protocol negotiation debugging is on
as5300#terminal monitor
as5300#
00:06:29: As1 LCP: I CONFREQ [Closed] id 0 len 23
00:06:29: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:29: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:29: As1 LCP:    PFC (0x0702)
00:06:29: As1 LCP:    ACFC (0x0802)
00:06:29: As1 LCP:    Callback 6  (0x0D0306)
00:06:29: As1 LCP: Lower layer not up, Fast Starting
00:06:29: As1 PPP: Treating connection as a dedicated line
00:06:29: As1 PPP: Phase is ESTABLISHING, Active Open
00:06:29: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
00:06:29: As1 LCP: O CONFREQ [Closed] id 1 len 24
00:06:29: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:29: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:29: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:29: As1 LCP:    PFC (0x0702)
00:06:29: As1 LCP:    ACFC (0x0802)
00:06:29: As1 LCP: O CONFREJ [REQsent] id 0 len 7
00:06:29: As1 LCP:    Callback 6  (0x0D0306)
00:06:29: %LINK-3-UPDOWN: Interface Async1, changed state to up
00:06:31: As1 LCP: TIMEout: State REQsent
00:06:31: As1 LCP: O CONFREQ [REQsent] id 2 len 24
00:06:31: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:31: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:31: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:31: As1 LCP:    PFC (0x0702)
00:06:31: As1 LCP:    ACFC (0x0802)
00:06:31: As1 LCP: I CONFACK [REQsent] id 2 len 24
00:06:31: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:31: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:31: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:31: As1 LCP:    PFC (0x0702)
00:06:31: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP:    Callback 6  (0x0D0306)
00:06:32: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:06:32: As1 LCP:    Callback 6  (0x0D0306)
00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: State is Open
00:06:32: As1 PPP: Phase is AUTHENTICATING, by this end
00:06:32: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00006D9C MSRASV4.00
00:06:32: As1 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00006D9C MSRAS-1-ZEKIE
00:06:32: As1 PAP: I AUTH-REQ id 24 len 24 from "pool_test"
00:06:32: As1 PAP: Authenticating peer pool_test
00:06:32: AAA: parse name=Async1 idb type=10 tty=1
00:06:32: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 
adapter=0 port=1 channel=0
00:06:32: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:06:32: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 
adapter=0 port=0 channel=18
00:06:32: AAA/MEMORY: create_user (0x61B26890) user='pool_test' 
ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=PAP 
service=PPP priv=1
00:06:32: AAA/AUTHEN/START (4053426223): port='Async1' list='' 
action=LOGIN service=PPP
00:06:32: AAA/AUTHEN/START (4053426223): using "default" list
00:06:32: AAA/AUTHEN (4053426223): status = UNKNOWN
00:06:32: AAA/AUTHEN/START (4053426223): Method=tacacs+ (tacacs+)
00:06:32: TAC+: send AUTHEN/START packet ver=193 id=4053426223
00:06:32: TAC+: Using default tacacs server-group "tacacs+" list.
00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:32: TAC+: Opened TCP/IP handle 0x618FDF3C to 172.18.124.114/49 
using source 14.36.1.53
00:06:32: TAC+: 172.18.124.114 (4053426223) AUTHEN/START/LOGIN/PAP queued
00:06:32: TAC+: (4053426223) AUTHEN/START/LOGIN/PAP processed
00:06:32: TAC+: ver=193 id=4053426223 received AUTHEN status = PASS
00:06:32: AAA/AUTHEN (4053426223): status = PASS
00:06:32: TAC+: Closing TCP/IP 0x618FDF3C connection to 172.18.124.114/49
00:06:32: As1 AAA/AUTHOR/LCP: Authorize LCP
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Port='Async1' list='' service=NET
00:06:32: AAA/AUTHOR/LCP: As1 (2507907283) user='pool_test'
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV service=ppp
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV protocol=lcp
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): found list "default"
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Method=tacacs+ (tacacs+)
00:06:32: AAA/AUTHOR/TAC+: (2507907283): user=pool_test
00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV service=ppp
00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV protocol=lcp
00:06:32: TAC+: using previously set server 172.18.124.114 from group tacacs+
00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:32: TAC+: Opened TCP/IP handle 0x61B3B1A4 to 172.18.124.114/49 
using source 14.36.1.53
00:06:32: TAC+: Opened 172.18.124.114 index=1
00:06:32: TAC+: 172.18.124.114 (2507907283) AUTHOR/START queued
00:06:33: TAC+: (2507907283) AUTHOR/START processed
00:06:33: TAC+: (2507907283): received author response status = PASS_ADD
00:06:33: TAC+: Closing TCP/IP 0x61B3B1A4 connection to 172.18.124.114/49
00:06:33: As1 AAA/AUTHOR (2507907283): Post authorization status = PASS_ADD
00:06:33: As1 PAP: O AUTH-ACK id 24 len 5
00:06:33: As1 PPP: Phase is UP
00:06:33: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
00:06:33: As1 AAA/AUTHOR/FSM (924563050): Port='Async1' list='' service=NET
00:06:33: AAA/AUTHOR/FSM: As1 (924563050) user='pool_test'
00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV service=ppp
00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV protocol=ip
00:06:33: As1 AAA/AUTHOR/FSM (924563050): found list "default"
00:06:33: As1 AAA/AUTHOR/FSM (924563050): Method=tacacs+ (tacacs+)
00:06:33: AAA/AUTHOR/TAC+: (924563050): user=pool_test
00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV service=ppp
00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV protocol=ip
00:06:33: TAC+: using previously set server 172.18.124.114 from group tacacs+
00:06:33: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:33: TAC+: Opened TCP/IP handle 0x61B3B620 to 172.18.124.114/49 
using source 14.36.1.53
00:06:33: TAC+: Opened 172.18.124.114 index=1
00:06:33: TAC+: 172.18.124.114 (924563050) AUTHOR/START queued
00:06:33: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10
00:06:33: As1 CCP:    MS-PPC supported bits 0x00000001 (0x120600000001)
00:06:33: As1 LCP: O PROTREJ [Open] id 3 len 16 protocol CCP 
(0x80FD0104000A120600000001)
00:06:33: As1 IPCP: I CONFREQ [Closed] id 5 len 40
00:06:33: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:33: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:33: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:33: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:33: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:33: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:33: TAC+: (924563050) AUTHOR/START processed
00:06:33: TAC+: (924563050): received author response status = PASS_ADD
00:06:33: TAC+: Closing TCP/IP 0x61B3B620 connection to 172.18.124.114/49
00:06:33: As1 AAA/AUTHOR (924563050): Post authorization status = PASS_ADD
00:06:33: As1 AAA/AUTHOR/FSM: We can start IPCP
00:06:33: As1 IPCP: O CONFREQ [Closed] id 1 len 10
00:06:33: As1 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:06:33: As1 IPCP: I CONFACK [REQsent] id 1 len 10
00:06:33: As1 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:06:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
changed state to up
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 40
00:06:34: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:34: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:34: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:34: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:34: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:34: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
00:06:34: As1 AAA/AUTHOR/IPCP: Says use pool pool1
00:06:34: AAA: parse name=Async1 idb type=10 tty=1
00:06:34: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=1 channel=0
00:06:34: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:06:34: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:06:34: AAA/MEMORY: create_user (0x61451E1C) user='nas1-pools' ruser='' 
port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Port='Async1' list='' 
service=NET
00:06:34: AAA/AUTHOR/POOL: As1 (2293413778) user='nas1-pools'
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV service=ppp
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV protocol=ip
00:06:34: Async1 AAA/AUTHOR/POOL (2293413778): found list "default"
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Method=tacacs+ (tacacs+)
00:06:34: AAA/AUTHOR/TAC+: (2293413778): user=nas1-pools
00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV service=ppp
00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV protocol=ip
00:06:34: TAC+: Using default tacacs server-group "tacacs+" list.
00:06:34: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:34: TAC+: Opened TCP/IP handle 0x61B3BA9C to 172.18.124.114/49 
using source 14.36.1.53
00:06:34: TAC+: 172.18.124.114 (2293413778) AUTHOR/START queued
00:06:34: TAC+: (2293413778) AUTHOR/START processed
00:06:34: TAC+: (2293413778): received author response status = PASS_ADD
00:06:34: TAC+: Closing TCP/IP 0x61B3BA9C connection to 172.18.124.114/49
00:06:34: AAA/AUTHOR (2293413778): Post authorization status = PASS_ADD
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5
00:06:34: AAA/MEMORY: free_user (0x61451E1C) user='nas1-pools' ruser='' 
port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:06:34: As1 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFREJ [ACKrcvd] id 5 len 34
00:06:34: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:34: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:34: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:34: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:34: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
00:06:34: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 1.2.3.4, we want 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 1.2.3.4, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 IPCP: State is Open
00:06:34: As1 IPCP: Install route to 1.2.3.4

as5300#show caller ip
  Line         User       IP Address      Local Number    Remote Number   <->
  As1          pool_test  1.2.3.4         9194724101      9194722001      
as5300#show ip local pool
 Pool                     Begin           End             Free  In use
 pool1                    1.2.3.4         1.2.3.5            1       1 (dynamic)

関連情報


Document ID: 13573