セキュリティ : Cisco IOS ファイアウォール

認証委任状のトラブルシューティング

2015 年 10 月 17 日 - 機械翻訳について
その他のバージョン: PDFpdf | ライター翻訳版 (2002 年 10 月 29 日) | 英語版 (2015 年 8 月 22 日) | フィードバック


目次


概要

この文書は利用可能な Cisco IOS 内のメカニズムを解決すること定義し、示したものですか。 認証委任状(Auth-proxy)を解決することは問題を関連付けました。 この文書はデバッグを定義し、コマンドを示し、次にこれらのデバッグおよびコマンドの例を説明したものです。

前提条件

要件

この文書のための特定の要件がありません。

使用するコンポーネント

この文書は特定のソフトウェアおよびハードウェア バージョンに制限されません。

表記法

文書規定に関する詳細については、Cisco テクニカル・ティップ規定を参照して下さい。

デバッグおよび消去指令

のデバッグ・コマンド試みる前に、デバッグ・コマンドの重要な情報を参照して下さい。

  • tacacs をデバッグして下さい | 半径- TACACS か RADIUS と関連付けられる情報を表示します。

  • デバッグ AAA 認証- AAA/TACACS+ 認証の情報を表示します。 どんな認証方式が使用され、ものこれらの方式の結果がであるか見るのに使用しました。

  • デバッグ AAA 許可- AAA/TACACS+ 許可の情報を表示します。 許可のどんな方式が使用され、ものこれらの方式の結果がであるか見るのに使用しました。

必要ならば、これらのコマンドを使用して下さい:

  • IP auth-proxy を{機能は-トレース} -デバッグして下さい認証委任状機能を表示します。

  • デバッグして下さい IP auth-proxy {http を} -認証委任状に関する HTTP イベントを表示します。

セッションの間でクリアするために、このコマンドを使用して下さい:

  • IP auth-proxy キャッシュを消去して下さい{* | IP アドレスをホストして下さい} -ユーザ・プロファイルおよびダイナミック アクセス・コントロール・リスト(ACL)を含むすべての認証委任状エントリを、削除します。 IP アドレスが指定される場合、指定ホストのための認証委任状エントリを削除します。

提示 IP access-list コマンド-送信

access-list の前にコマンドは伝えられます:

sec-3640#show ip access-lists       
Extended IP access list 116
    permit tcp host 10.31.1.47 host 10.31.1.150 eq www
    deny tcp host 10.31.1.47 any (16 matches)
    deny udp host 10.31.1.47 any (26 matches)
    deny icmp host 10.31.1.47 any
    permit tcp 10.31.1.0 0.0.0.255 any (53 matches)
    permit udp 10.31.1.0 0.0.0.255 any (74 matches)
    permit icmp 10.31.1.0 0.0.0.255 any
    permit icmp 171.68.118.0 0.0.0.255 any
    permit tcp 171.68.118.0 0.0.0.255 any (242 matches)
    permit udp 171.68.118.0 0.0.0.255 any

access-list の後でコマンドは伝えられます:

Extended IP access list 116
    permit udp host 10.31.1.47 any (3 matches) <  added by authproxy 
    permit tcp host 10.31.1.47 any <  added by authproxy 
    permit icmp host 10.31.1.47 any < added by authproxy 

    permit tcp host 10.31.1.47 host 10.31.1.150 eq www
    deny tcp host 10.31.1.47 any (18 matches)
    deny udp host 10.31.1.47 any (26 matches)
    deny icmp host 10.31.1.47 any
    permit tcp 10.31.1.0 0.0.0.255 any (53 matches)
    permit udp 10.31.1.0 0.0.0.255 any (74 matches)
    permit icmp 10.31.1.0 0.0.0.255 any
    permit icmp 171.68.118.0 0.0.0.255 any
    permit tcp 171.68.118.0 0.0.0.255 any (264 matches)
    permit udp 171.68.118.0 0.0.0.255 any

デバッグ

よいルータ デバッグ- TACACS -送信

00:32:30: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:30: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:30: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:30:  F ack 1260991237 seq 410073(0)
00:32:30: dst_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521
00:32:30: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:30: AUTH_PROXY: not a SYN packet
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32:  F ack 1260991237 seq 410073(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH_PROXY: not a SYN packet
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32:  S seq 410077(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
00:32:32: AUTH-PROXY FUNC: auth_proxy_new_connection
00:32:32: AUTH-PROXY FUNC: auth_proxy_add_conn_info
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32:  ack 2957488078 seq 410078(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: clientport 4535 state 0
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32:  P ack 2957488078 seq 410078(290)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: clientport 4535 state 0
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:32: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
00:32:32: AUTH-PROXY FUNC: auth_proxy_received_get
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:32: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_save_timestamp
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32:  ack 2957489275 seq 410368(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: clientport 4535 state 0
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32:  F ack 2957489275 seq 410368(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:32: clientport 4535 state 0
00:32:36: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:36: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:36:  F ack 1260991237 seq 410073(0)
00:32:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521
00:32:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:36: clientport 4535 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:45:  S seq 410193(0)
00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:45: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: clientport 4521 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:45:  ack 2970312961 seq 410194(0)
00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:45: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: clientport 4542 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:45:  P ack 2970312961 seq 410194(449)
00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:45: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: clientport 4542 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:45: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:45: AUTH-PROXY FUNC: auth_proxy_required_reauth
00:32:45: AUTH-PROXY FUNC: auth_proxy_same_timestamp
00:32:45: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
00:32:45: AAA: parse name=a} idb type=-1 tty=-1
00:32:45: AAA/MEMORY: create_user (0x61C23FE4) user='' ruser='' 
port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0
00:32:45: AAA/AUTHEN/START (3351494599): port='a}' list='default' 
action=LOGIN service=LOGIN
00:32:45: AAA/AUTHEN/START (3351494599): found list default
00:32:45: AAA/AUTHEN/START (3351494599): Method=RTP (tacacs+)
00:32:45: TAC+: send AUTHEN/START packet ver=192 id=3351494599
00:32:45: TAC+: Using default tacacs server-group "RTP" list.
00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: Opened TCP/IP handle 0x61CA39A0 to 171.68.118.84/49
00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/START/LOGIN/ASCII queued
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: (3351494599) AUTHEN/START/LOGIN/ASCII processed
00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETUSER
00:32:45: AAA/AUTHEN (3351494599): status = GETUSER
00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='(undef)')
00:32:45: AAA/AUTHEN (3351494599): status = GETUSER
00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+)
00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599
00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: (3351494599) AUTHEN/CONT processed
00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETPASS
00:32:45: AAA/AUTHEN (3351494599): status = GETPASS
00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='proxyonly')
00:32:45: AAA/AUTHEN (3351494599): status = GETPASS
00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+)
00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599
00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: (3351494599) AUTHEN/CONT processed
00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = PASS
00:32:45: AAA/AUTHEN (3351494599): status = PASS
00:32:45: TAC+: Closing TCP/IP 0x61CA39A0 connection to 171.68.118.84/49
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Port='a}' list='default'
 service=AUTH-PROXY
00:32:45: AAA/AUTHOR/HTTP: a} (4113551585) user='proxyonly'
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV service=auth-proxy
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV cmd*
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): found list "default"
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Method=RTP (tacacs+)
00:32:45: AAA/AUTHOR/TAC+: (4113551585): user=proxyonly
00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV service=auth-proxy
00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV cmd*
00:32:45: TAC+: using previously set server 171.68.118.84 from group RTP
00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: Opened TCP/IP handle 0x61CA3E1C to 171.68.118.84/49
00:32:45: TAC+: Opened 171.68.118.84 index=1
00:32:45: TAC+: 171.68.118.84 (4113551585) AUTHOR/START queued
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: TAC+: (4113551585) AUTHOR/START processed
00:32:46: TAC+: (4113551585): received author response status = PASS_ADD
00:32:46: TAC+: Closing TCP/IP 0x61CA3E1C connection to 171.68.118.84/49
00:32:46: AAA/AUTHOR (4113551585): Post authorization status = PASS_ADD
00:32:46: AUTH-PROXY FUNC: auth_proxy_copy_attrs
00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:46: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:46: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:46: AUTH-PROXY FUNC: auth_proxy_http_accept
00:32:46: AUTH-PROXY FUNC: auth_proxy_proc_profile
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AAA/MEMORY: free_user (0x61C23FE4) user='proxyonly' 
ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:46:  ack 2970313958 seq 410643(0)
00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:46: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:46: clientport 4542 state 2
00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:46:  F ack 2970313958 seq 410643(0)
00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:46: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:46: clientport 4542 state 2
00:32:49: AUTH-PROXY FUNC: auth_proxy_timers
00:32:49: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:54: AUTH-PROXY FUNC: auth_proxy_fast_path

よいルータ デバッグ- RADIUS -送信

01:23:18: AUTH-PROXY FUNC: auth_proxy_destroy_all_conn_info
01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_conn_info
01:23:18: AUTH-PROXY FUNC: auth_proxy_delete_conn_info
01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_all_acl
01:23:21: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:21: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:21: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:21:  F ack 3679167246 seq 413771(0)
01:23:21: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851
01:23:21: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:21: AUTH_PROXY: not a SYN packet
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23:  S seq 414827(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
01:23:23: AUTH-PROXY FUNC: auth_proxy_new_connection
01:23:23: AUTH-PROXY FUNC: auth_proxy_add_conn_info
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23:  ack 1713887638 seq 414828(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: clientport 4943 state 0
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23:  P ack 1713887638 seq 414828(290)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: clientport 4943 state 0
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:23: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
01:23:23: AUTH-PROXY FUNC: auth_proxy_received_get
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:23: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_save_timestamp
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23:  ack 1713888835 seq 415118(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: clientport 4943 state 0
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23:  F ack 1713888835 seq 415118(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:23: clientport 4943 state 0
01:23:24: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:24: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:24: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:24:  F ack 3679167246 seq 413771(0)
01:23:24: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851
01:23:24: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:24: clientport 4943 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36:  S seq 414841(0)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: clientport 4851 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36:  ack 1726143121 seq 414842(0)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: clientport 4944 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36:  P ack 1726143121 seq 414842(449)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: clientport 4944 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:36: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_required_reauth
01:23:36: AUTH-PROXY FUNC: auth_proxy_same_timestamp
01:23:36: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
01:23:36: AAA: parse name=a} idb type=-1 TTY=-1
01:23:36: AAA/MEMORY: create_user (0x61C52DD8) user='' ruser='' port='a}' 
rem_addr='' authen_type=ASCII service=LOGIN priv=0
01:23:36: AAA/AUTHEN/START (1504053479): port='a}' list='default' 
action=LOGIN service=LOGIN
01:23:36: AAA/AUTHEN/START (1504053479): found list default
01:23:36: AAA/AUTHEN/START (1504053479): Method=LOCAL
01:23:36: AAA/AUTHEN (1504053479): status = GETUSER
01:23:36: AAA/AUTHEN/CONT (1504053479): continue_login (user='(undef)')
01:23:36: AAA/AUTHEN (1504053479): status = GETUSER
01:23:36: AAA/AUTHEN/CONT (1504053479): Method=LOCAL
01:23:36: AAA/AUTHEN (1504053479): User not found, emulating local-override
01:23:36: AAA/AUTHEN (1504053479): status = ERROR
01:23:36: AAA/AUTHEN/START (58099628): port='a}' list='' action=LOGIN service=LOGIN
01:23:36: AAA/AUTHEN/START (58099628): Restart
01:23:36: AAA/AUTHEN/START (58099628): Method=RTP (radius)
01:23:36: AAA/AUTHEN (58099628): status = GETPASS
01:23:36: AAA/AUTHEN/CONT (58099628): continue_login (user='proxyonly')
01:23:36: AAA/AUTHEN (58099628): status = GETPASS
01:23:36: AAA/AUTHEN (58099628): Method=RTP (radius)
01:23:36: RADIUS: ustruct sharecount=1
01:23:36: RADIUS: Initial Transmit a} id 2 171.68.118.84:1645, 
Access-Request, len 67
01:23:36:         Attribute 4 6 0A1F0196
01:23:36:         Attribute 61 6 00000000
01:23:36:         Attribute 1 11 70726F78
01:23:36:         Attribute 2 18 7CC79416
01:23:36:         Attribute 6 6 00000005
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: RADIUS: Received from id 2 171.68.118.84:1645, Access-Accept, Len 207
01:23:36:         Attribute 6 6 00000005
01:23:36:         Attribute 26 30 0000000901186175
01:23:36:         Attribute 26 49 00000009012B6175
01:23:36:         Attribute 26 48 00000009012A6175
01:23:36:         Attribute 26 48 00000009012A6175
01:23:36:         Attribute 8 6 FFFFFFFF
01:23:36: RADIUS: saved authorization data for user 61C52DD8 at 619E0D8C
01:23:36: AAA/AUTHEN (58099628): status = PASS
01:23:36: a} AAA/AUTHOR/HTTP (147390869): Port='a}' list='default' 
service=AUTH-PROXY
01:23:36: AAA/AUTHOR/HTTP: a} (147390869) user='proxyonly'
01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV service=auth-proxy
01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV cmd*
01:23:36: a} AAA/AUTHOR/HTTP (147390869): found list "default"
01:23:36: a} AAA/AUTHOR/HTTP (147390869): Method=RTP (radius)
01:23:36: RADIUS: cisco AVPair "auth-proxy:priv-lvl=15"
01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#1=permit icmp any any"
01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#2=permit tcp any any"
01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#3=permit udp any any"
01:23:36: AAA/AUTHOR (147390869): Post authorization status = PASS_ADD
01:23:36: AUTH-PROXY FUNC: auth_proxy_copy_attrs
01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:36: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:36: AUTH-PROXY : auth_proxy_find_cache
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_http_accept
01:23:36: AUTH-PROXY FUNC: auth_proxy_proc_profile
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AAA/MEMORY: free_user (0x61C52DD8) user='proxyonly' 
ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36:  ack 1726144118 seq 415291(0)
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: clientport 4944 state 2
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36:  F ack 1726144118 seq 415291(0)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:36: clientport 4944 state 2
01:23:39: AUTH-PROXY FUNC: auth_proxy_timers
01:23:39: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info : 
         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
                 ip-srcaddr 10.31.1.47
                 pak-srcaddr 0.0.0.0
 
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit

潜在的問題

RADIUS サーバは到達不能です

デバッグは示します:

01:30:39: RADIUS: Initial Transmit  id 6 171.68.118.115:1645, 
Access-Request, Len 67
01:30:39:         Attribute 4 6 0A1F0196
01:30:39:         Attribute 61 6 00000000
01:30:39:         Attribute 1 11 70726F78
01:30:39:         Attribute 2 18 E552A3E5
01:30:39:         Attribute 6 6 00000005
01:30:44: RADIUS: Retransmit id 6
01:30:49: RADIUS: Retransmit id 6
01:30:59: RADIUS: Marking server 171.68.118.115 dead
01:30:59: RADIUS: Tried all servers.
01:30:59: RADIUS: No valid server found. Trying any viable server
01:30:59: RADIUS: Tried all servers.
01:30:59: RADIUS: No response for id 6
01:30:59: RADIUS: No response from server
01:30:59: AAA/AUTHEN (1597176845): status = ERROR

ユーザは結局見ます "500 内部サーバ エラーを」。

TACACS サーバは到達不能です

デバッグは示します:

02:13:41: AAA/AUTHEN/START (3727404152): Method=RTP (tacacs+)
02:13:41: TAC+: send AUTHEN/START packet ver=192 id=3727404152
02:13:41: TAC+: Using default tacacs server-group "RTP" list.
02:13:41: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5
02:13:41: TAC+: TCP/IP open to 171.68.118.115/49 failed 
-- Connection refused by remote host
02:13:41: AAA/AUTHEN (3727404152): status = ERROR

ユーザは結局見ます "500 内部サーバ エラーを」。

RADIUS ユーザは間違ったユーザ名かパスワードを入力します

デバッグは示します:

01:37:42: RADIUS: Received from id 10 171.68.118.115:1645, Access-Reject, Len 20
01:37:42: AAA/AUTHEN (3558550985): status = FAIL
01:37:42: AAA/MEMORY: free_user (0x61C549F0) user='junk' ruser='' 
          port='' rem_addr='' authen_type=ASCII service=LOGIN priv=0

ユーザは見ます「失敗される認証!」を

TACACS ユーザは間違ったユーザ名かパスワードを入力します

デバッグは示します:

02:15:03: AAA/AUTHEN/START (1400571814): Method=RTP (tacacs+)
02:15:03: TAC+: send AUTHEN/START packet ver=192 id=1400571814
02:15:03: TAC+: Using default tacacs server-group "RTP" list.
02:15:03: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5
02:15:03: TAC+: Opened TCP/IP handle 0x61CAFEA8 to 171.68.118.115/49
02:15:03: TAC+: 171.68.118.115 (1400571814) AUTHEN/START/LOGIN/ASCII queued
02:15:04: TAC+: (1400571814) AUTHEN/START/LOGIN/ASCII processed
02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = GETPASS
02:15:04: AAA/AUTHEN (1400571814): status = GETPASS
02:15:04: AAA/AUTHEN/CONT (1400571814): continue_login (user='junkuser')
02:15:04: AAA/AUTHEN (1400571814): status = GETPASS
02:15:04: AAA/AUTHEN (1400571814): Method=RTP (tacacs+)
02:15:04: TAC+: send AUTHEN/CONT packet id=1400571814
02:15:04: TAC+: 171.68.118.115 (1400571814) AUTHEN/CONT queued
02:15:04: TAC+: (1400571814) AUTHEN/CONT processed
02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = FAIL
02:15:04: AAA/AUTHEN (1400571814): status = FAIL

ユーザは見ます「失敗される認証!」を

TACACS ユーザは正しいユーザ名およびパスワードを入力しますが、許可を失敗します

デバッグは示します:

02:17:01: TAC+: ver=192 id=945629484 received AUTHEN status = PASS
02:17:02: TAC+: (1368282367): received author response status = FAIL
02:17:02: TAC+: Closing TCP/IP 0x61CAFFC8 connection to 171.68.118.115/49
02:17:02: AAA/AUTHOR (1368282367): Post authorization status = FAIL

ユーザは見ます「失敗される認証!」を

RADIUS ユーザは正しいユーザ名およびパスワードを入力しますが、ACL は無効なフォーマットで戻ります

デバッグは来る ACL を示しますが、適用しないし、ユーザはファイアウォールを通って得ることができません。

ユーザは見ます「巧妙な認証!」を

TACACS ユーザは正しいユーザ名およびパスワードを入力しますが、ACL は無効なフォーマットで戻ります

デバッグは巧妙な認証でと異なっている見えませんが、ACL は適用しないし、ユーザはファイアウォールを通って得ることができません。

ユーザは見ます「巧妙な認証!」を

RADIUS ユーザは戻らない正しいユーザ名およびパスワード Priv lvl 15 を入れます

デバッグは示します:

02:00:54: RADIUS: saved authorization data for user 61CA670C at 61C5585C
02:00:54: AAA/AUTHEN (706562375): status = PASS
02:00:54:  AAA/AUTHOR/HTTP (4224202114): Port='' list='default' service=AUTH-PROXY
02:00:54: AAA/AUTHOR/HTTP:  (4224202114) user='baduser'
02:00:54:  AAA/AUTHOR/HTTP (4224202114): send AV service=auth-proxy
02:00:54:  AAA/AUTHOR/HTTP (4224202114): send AV cmd*
02:00:54:  AAA/AUTHOR/HTTP (4224202114): found list "default"
02:00:54:  AAA/AUTHOR/HTTP (4224202114): Method=RTP (radius)
02:00:54: RADIUS: cisco AVPair "auth-proxy:priv-lvl=1"

ユーザはルータ デバッグが間違った特権レベルを除いて珍しい何も示さないのに「失敗される」を認証見ます。 ACL は適用しません。

TACACS ユーザは戻らない正しいユーザ名およびパスワード Priv lvl 15 を入れます

デバッグは巧妙な認証でと異なっている見えません。

ユーザは見ます「失敗された認証!」を

関連するシスコ サポート コミュニティ ディスカッション

シスコ サポート コミュニティは、どなたでも投稿や回答ができる情報交換スペースです。


関連情報


Document ID: 13896