セキュリティ : Cisco Secure Access Control Server for Windows

RADIUS による PPP コールバックの設定

2002 年 11 月 19 日 - ライター翻訳版
その他のバージョン: PDFpdf | 機械翻訳版 (2013 年 8 月 21 日) | 英語版 (2008 年 2 月 26 日) | フィードバック

目次

概要
はじめに
     表記法
     前提条件
     使用するコンポーネント
設定
     ネットワーク ダイアグラム
     サーバのセットアップ - CiscoSecure NT
     サーバのセットアップ - CiscoSecure UNIX
     サーバのセットアップ - Livingston RADIUS(シスコの AV ペア使用)
     設定
確認
トラブルシューティング
     トラブルシューティングのためのコマンド
debug の出力例
ユーザが指定した番号による PPP コールバック
サーバの設定
     サーバのセットアップ - CiscoSecure NT
     サーバのセットアップ - CiscoSecure UNIX
     サーバのセットアップ - Livingston RADIUS
debug の出力例
関連するシスコ サポート コミュニティ ディスカッション
関連情報

概要

この文書では、ルータとサーバを設定して、RADIUS による Point-to-Point Protocol(PPP; ポイントツーポイント プロトコル)コールバックを行う例について説明します。

はじめに

表記法

文書表記の詳細については、「シスコ テクニカル ティップスの表記法」を参照してください。

前提条件

この設定の動作のために。

  • ローカル認証とコールバックで初期テストを行います(つまり、aaa new-model コマンドを削除することを意味します)。コールバックがローカル認証で動作しない場合は、RADIUS を使用しても動作しません。ローカル認証の使用については、この例を参照してください。

  • コールバックを行わずに、RADIUS を使用した詳細な PPP 認証テストを行います。コールバックなしでの認証または許可、およびその両方に失敗した場合は、コールバックありでの認証および許可も動作しません。

  • RADIUS を使用したコールバックと PPP 認証のためのローカル認証が動作したら、ルータ上のローカル ユーザの情報(コールバック用のダイヤル ストリングなど)を、サーバ上のそのユーザのプロファイルに追加します。

注:これらのテストで使用するクライアントは、PPP 接続用に通常どおりに設定された NT 4.0 Server、DUN ですが、Server の下で Enable PPP/LCP 拡張機能をチェックすると、Microsoft Callback が許可されます。 Microsoft Callback は、Cisco IOS(R) ソフトウェア リリース 11.3.2.T 以降でサポートされています。

使用するコンポーネント

この設定例は、次のバージョンのソフトウェアを使用して開発およびテストしました。

  • Cisco IOS ソフトウェア リリース 11.3.2.T 以降

  • CiscoSecure ACS UNIX 2.x または CiscoSecure ACS NT 2.x

設定

この項では、この文書に記載されている機能を設定するための情報を示します。

注:この文書で使用するコマンドの詳細については、IOS Command Lookup ツールを使用してください。

ネットワーク ダイアグラム

この文書では次の図に示すネットワーク設定を使用しています。

pppcallback_rad.gif

サーバのセットアップ - CiscoSecure NT

  • ユーザは、パスワードと確認用パスワードを取得します。

  • グループの設定は次のようにします。attribute 006 Service-Type = Framed attribute 007 Framed-Protocol = PPP

  • 画面の最後のボックスである Cisco RADIUS Attributes で、[009\001 - AV-Pair] をチェックし、その下に次のように入力します。lcp:callback-dialstring=20367

サーバのセットアップ - CiscoSecure UNIX

rtp-berry# ./ViewProfile -p 9900 -u callback

  User Profile Information

  user = callback{

  profile_id = 34

  profile_cycle = 1

  radius=Cisco {

  check_items= {

  2="callback"

  }

  reply_attributes= {

  6=2

  7=1

  9,1="lcp:callback-dialstring=20367"

  }

  }

  

  }

  

  

サーバのセットアップ - Livingston RADIUS(シスコの AV ペア使用)

callback2 Password = "callback2"

  User-Service-Type = Framed-User,

  Framed-Protocol = PPP,

  cisco-avpair = "lcp:callback-dialstring=20367"

  

設定

ルータの設定

rtpkrb#show run

  Building configuration...

  

  Current configuration:

  !

  version 11.3

  service timestamps debug uptime

  service timestamps log uptime

  no service password-encryption

  service udp-small-servers

  service tcp-small-servers

  !

  hostname rtpkrb

  !

  aaa new-model

  aaa authentication login default radius none

  aaa authentication ppp default radius none

  aaa authorization exec default radius none

  aaa authorization network default radius none

  enable secret 5 $1$pkX.$JdAySRE1SbdbDe7bj0wyt0

  enable password ww

  !

  ip host rtpkrb 10.31.1.5

  ip domain-name RTP.CISCO.COM

  ip name-server 171.68.118.103

  chat-script offhook "" "ATH1" OK

  chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T"

     TIMEOUT 30 CONNECT \c

  !

  interface Loopback0

  ip address 1.1.1.1 255.255.255.0

  !

  interface Ethernet0

  ip address 10.31.1.5 255.255.0.0

  !

  interface Serial0

  no ip address

  no ip mroute-cache

  shutdown

  !

  interface Serial1

  no ip address

  shutdown

  !

  interface Async1

  ip unnumbered Ethernet0

  encapsulation ppp

  async mode dedicated

  peer default ip address pool async

  no cdp enable

  ppp max-bad-auth 3

  ppp callback accept

  ppp authentication pap

  !

  ip local pool async 15.15.15.15

  ip classless

  ip route 0.0.0.0 0.0.0.0 10.31.1.1

  snmp-server community public RW

  snmp-server host 171.68.118.100 traps public

  radius-server host 171.68.118.101 auth-port 1645 acct-port 1646

  radius-server key cisco

  !

  line con 0

  line 1

  session-timeout 20

  exec-timeout 20 0

  password ww

  autoselect ppp

  script modem-off-hook offhook

  script callback callback

  modem InOut

  transport input all

  stopbits 1

  speed 38400

  flowcontrol hardware

  line 2

  modem InOut

  speed 38400

  flowcontrol hardware

  line 3 16

  line aux 0

  line vty 0 4

  exec-timeout 0 0

  timeout login response 100

  password ww

  !

  end

  

確認

この設定に関して、現段階では確認手順はありません。

トラブルシューティング

このセクションでは、設定に対してトラブルシューティングを行う方法について説明します。

トラブルシューティングのためのコマンド

一部の show コマンドは、show コマンド出力の分析を表示する Output Interpreter ツールでサポートされています。

注:debug コマンドを使用する前に、「debug コマンドに関する重要な情報」を参照してください。 

  • debug aaa authentication - AAA 認証に関する情報を表示します。

  • debug aaa authorization - AAA 許可に関する情報を表示します。

  • debug callback - ルータがモデムとチャット スクリプトを使用して端末回線にコールバックしているときに、コールバック イベントを表示します。

  • debug chat - Network Access Server(NAS; ネットワーク アクセス サーバ)と PC の間で送信されている文字列を表示します。チャット スクリプトは、Data Terminal Equipment(DTE; データ端末装置)-DTE または DTE-Data Communications Equipment(DCE; データ通信機器)デバイス間のハンドシェイクを定義する、expect-send 文字列ペアのセットです。

  • debug modem - アクセス サーバのモデム回線のアクティビティを監視します。

  • debug ppp negotiation - PPP の開始時に送信される PPP パケットを表示します。PPP の開始時には PPP オプションがネゴシエートされます。

  • debug ppp authentication - Challenge Handshake Authentication Protocol(CHAP)パケット交換や Password Authentication Protocol(PAP; パスワード認証プロトコル)交換などの認証プロトコル メッセージを表示します。

  • debug radius - RADIUS に関係する詳細なデバッグ情報を表示します。

debug の出力例

General OS:

  Modem control/process activation debugging is on

  AAA Authentication debugging is on

  AAA Authorization debugging is on

  PPP:

  PPP protocol negotiation debugging is on

  Chat Scripts:

  Chat scripts activity debugging is on

  Callback:

  Callback activity debugging is on

  Radius protocol debugging is on

  rtpkrb#

  04:04:42: TTY1: DSR came up

  04:04:42: tty1: Modem: IDLE->READY

  04:04:42: TTY1: Autoselect started

  04:04:44: TTY1: Autoselect sample 7E

  04:04:44: TTY1: Autoselect sample 7EFF

  04:04:44: TTY1: Autoselect sample 7EFF7D

  04:04:44: TTY1: Autoselect sample 7EFF7D23

  04:04:44: TTY1 Autoselect cmd: ppp negotiate

  04:04:44: TTY1: EXEC creation

  04:04:46: %LINK-3-UPDOWN: Interface Async1, changed state to up

  04:04:46: As1 PPP: Treating connection as a dedicated line

  04:04:46: As1 PPP: Phase is ESTABLISHING, Active Open

  04:04:46: As1 LCP: O CONFREQ [Closed] id 224 len 24

  04:04:46: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  04:04:46: As1 LCP: AuthProto PAP (0x0304C023)

  04:04:46: As1 LCP: MagicNumber 0xE0FE5C09 (0x0506E0FE5C09)

  04:04:46: As1 LCP: PFC (0x0702)

  04:04:46: As1 LCP: ACFC (0x0802)

  04:04:46: As1 LCP: I CONFACK [REQsent] id 224 len 24

  04:04:46: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  04:04:46: As1 LCP: AuthProto PAP (0x0304C023)

  04:04:46: As1 LCP: MagicNumber 0xE0FE5C09 (0x0506E0FE5C09)

  04:04:46: As1 LCP: PFC (0x0702)

  04:04:46: As1 LCP: ACFC (0x0802)

  04:04:47: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23

  04:04:47: As1 LCP: ACCM 0x00000000 (0x020600000000)

  04:04:47: As1 LCP: MagicNumber 0x00006CCD (0x050600006CCD)

  04:04:47: As1 LCP: PFC (0x0702)

  04:04:47: As1 LCP: ACFC (0x0802)

  04:04:47: As1 LCP: Callback 6 (0x0D0306)

  04:04:47: As1 LCP: O CONFACK [ACKrcvd] id 0 len 23

  04:04:47: As1 LCP: ACCM 0x00000000 (0x020600000000)

  04:04:47: As1 LCP: MagicNumber 0x00006CCD (0x050600006CCD)

  04:04:47: As1 LCP: PFC (0x0702)

  04:04:47: As1 LCP: ACFC (0x0802)

  04:04:47: As1 LCP: Callback 6 (0x0D0306)

  04:04:47: As1 LCP: State is Open

  04:04:47: As1 PPP: Phase is AUTHENTICATING, by this end

  04:04:47: As1 LCP: I IDENTIFY [Open] id 1 len 18 magic

     0x00006CCD MSRASV4.00

  04:04:47: As1 LCP: I IDENTIFY [Open] id 2 len 21 magic

     0x00006CCD MSRAS-1-ZEKIE

  04:04:47: As1 PAP: I AUTH-REQ id 15 len 24 from "callback2"

  04:04:47: As1 PAP: Authenticating peer callback2

  04:04:47: AAA/AUTHEN: create_user (0x14B1CC) user='callback2' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  04:04:47: AAA/AUTHEN/START (3229557248): port='Async1' list=''

     action=LOGIN service=PPP

  04:04:47: AAA/AUTHEN/START (3229557248): using "default" list

  04:04:47: AAA/AUTHEN/START (3229557248): Method=RADIUS

  04:04:47: RADIUS: Computed extended port value 0:1:

  04:04:47: RADIUS: Initial Transmit id 156 171.68.118.101:1645,

     Access-Request, len 79

  04:04:47: Attribute 4 6 0A1F0105

  04:04:47: Attribute 5 6 00000001

  04:04:47: Attribute 61 6 00000000

  04:04:47: Attribute 1 11 63616C6C

  04:04:47: Attribute 2 18 47E86FBC

  04:04:47: Attribute 6 6 00000002

  04:04:47: Attribute 7 6 00000001

  04:04:47: RADIUS: Received from id 156 171.68.118.101:1645,

     Access-Accept, len 69

  04:04:47: Attribute 6 6 00000002

  04:04:47: Attribute 7 6 00000001

  04:04:47: Attribute 26 37 00000009011F6C63

  04:04:47: RADIUS: saved authorization data for user 14B1CC at 14A684

  04:04:47: AAA/AUTHEN (3229557248): status = PASS

  04:04:47: AAA/AUTHOR/LCP As1: Authorize LCP

  04:04:47: AAA/AUTHOR/LCP As1 (101984404): Port='Async1'

     list='' service=NET

  04:04:47: AAA/AUTHOR/LCP: As1 (101984404) user='callback2'

  04:04:47: AAA/AUTHOR/LCP: As1 (101984404) send AV service=ppp

  04:04:47: AAA/AUTHOR/LCP: As1 (101984404) send AV protocol=lcp

  04:04:47: AAA/AUTHOR/LCP (101984404) found list "default"

  04:04:47: AAA/AUTHOR/LCP: As1 (101984404) Method=RADIUS

  04:04:47: RADIUS: cisco AVPair "lcp:callback-dialstring=20367"

  04:04:47: AAA/AUTHOR (101984404): Post authorization status = PASS_REPL

  04:04:47: AAA/AUTHOR/LCP As1: Processing AV service=ppp

  04:04:47: AAA/AUTHOR/LCP As1: Processing AV callback-dialstring=20367

  04:04:47: As1 PAP: O AUTH-ACK id 15 len 5

  04:04:47: As1 MCB: User callback2 Callback Number - Server 20367

  04:04:47: Async1 PPP: O MCB Request(1) id 47 len 7

  04:04:47: Async1 MCB: O 1 2F 0 7 3 3 0

  04:04:47: As1 MCB: O Request Id 47 Callback Type Server-Num delay 0

  04:04:47: Async1 PPP: I MCB Response(2) id 47 len 7

  04:04:47: Async1 MCB: I 2 2F 0 7 3 3 C

  04:04:47: As1 MCB: Received response

  04:04:47: As1 MCB: Response CBK-Server-Num 3 3 12

  04:04:47: Async1 PPP: O MCB Ack(3) id 48 len 7

  04:04:47: Async1 MCB: O 3 30 0 7 3 3 C

  04:04:47: As1 MCB: O Ack Id 48 Callback Type Server-Num delay 12

  04:04:47: As1 MCB: Negotiated MCB with peer

  04:04:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1,

     changed state to up

  04:04:47: As1 LCP: I TERMREQ [Open] id 3 len 8 (0x00000000)

  04:04:47: As1 LCP: O TERMACK [Open] id 3 len 4

  04:04:47: As1 MCB: Peer terminating the link

  04:04:47: As1 PPP: Phase is TERMINATING

  04:04:47: As1 MCB: Link terminated by peer, Callback Needed

  04:04:47: As1 MCB: Initiate Callback for callback2 at 20367 using Async

  04:04:47: As1 MCB: Async-callback in progress

  04:04:47: TTY1 Callback PPP process creation

  04:04:47: As1 AAA/ACCT: Using PPP accounting list ""

  04:04:47: TTY1 Callback process initiated, user: dialstring 20367

  04:04:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1,

     changed state to down

  04:04:48: TTY1: Async Int reset: Dropping DTR

  04:04:49: As1 LCP: TIMEout: Time 0xE02574 State TERMsent

  04:04:49: As1 LCP: State is Closed

  04:04:49: As1 PPP: Phase is DOWN

  04:04:49: As1 PPP: Phase is ESTABLISHING, Passive Open

  04:04:49: As1 LCP: State is Listen

  04:04:50: %LINK-5-CHANGED: Interface Async1, changed state to reset

  04:04:50: As1 LCP: State is Closed

  04:04:50: As1 PPP: Phase is DOWN

  04:04:50: As1 IPCP: Remove route to 15.15.15.15

  04:04:53: AAA/AUTHEN: free_user (0x14B1CC) user='callback2' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  04:04:53: TTY1 Callback forced wait = 4 seconds

  04:04:55: %LINK-3-UPDOWN: Interface Async1, changed state to down

  04:04:55: As1 LCP: State is Closed

  04:04:55: As1 PPP: Phase is DOWN

  04:04:57: CHAT1: Matched chat script offhook to string offhook

  04:04:57: CHAT1: Asserting DTR

  04:04:57: CHAT1: Chat script offhook started

  04:04:57: CHAT1: Sending string: ATH1

  04:04:57: CHAT1: Expecting string: OK

  04:04:57: CHAT1: Completed match for expect: OK

  04:04:57: CHAT1: Chat script offhook finished, status = Success

  04:04:57: CHAT1: Matched chat script callback to string callback

  04:04:57: CHAT1: Asserting DTR

  04:04:57: CHAT1: Chat script callback started

  04:04:57: CHAT1: Sending string: ATZ

  04:04:57: CHAT1: Expecting string: OK

  04:04:57: CHAT1: Completed match for expect: OK

  04:04:57: CHAT1: Sending string: ATDT \T<20367>

  04:04:57: CHAT1: Expecting string: CONNECT

  04:05:14: CHAT1: Completed match for expect: CONNECT

  04:05:14: CHAT1: Sending string: \c

  04:05:14: CHAT1: Chat script callback finished, status = Success

  04:05:14: TTY1 PPP Callback Successful - await exec/autoselect pickup

  04:05:16: TTY1: DSR came up

  04:05:16: TTY1: Callback in effect

  04:05:16: tty1: Modem: IDLE->READY

  04:05:16: TTY1: Autoselect started

  04:05:16: As1 LCP: I CONFREQ [Closed] id 0 len 20

  04:05:16: As1 LCP: ACCM 0x00000000 (0x020600000000)

  04:05:16: As1 LCP: MagicNumber 0x000007A0 (0x0506000007A0)

  04:05:16: As1 LCP: PFC (0x0702)

  04:05:16: As1 LCP: ACFC (0x0802)

  04:05:16: As1 LCP: Lower layer not up, discarding packet

  04:05:18: %LINK-3-UPDOWN: Interface Async1, changed state to up

  04:05:18: As1 PPP: Treating connection as a dedicated line

  04:05:18: As1 PPP: Phase is ESTABLISHING, Active Open

  04:05:18: As1 LCP: O CONFREQ [Closed] id 225 len 24

  04:05:18: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  04:05:18: As1 LCP: AuthProto PAP (0x0304C023)

  04:05:18: As1 LCP: MagicNumber 0xE0FED8A0 (0x0506E0FED8A0)

  04:05:18: As1 LCP: PFC (0x0702)

  04:05:18: As1 LCP: ACFC (0x0802)

  04:05:18: As1 LCP: I CONFACK [REQsent] id 225 len 24

  04:05:18: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  04:05:18: As1 LCP: AuthProto PAP (0x0304C023)

  04:05:18: As1 LCP: MagicNumber 0xE0FED8A0 (0x0506E0FED8A0)

  04:05:18: As1 LCP: PFC (0x0702)

  04:05:18: As1 LCP: ACFC (0x0802)

  04:05:19: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 20

  04:05:19: As1 LCP: ACCM 0x00000000 (0x020600000000)

  04:05:19: As1 LCP: MagicNumber 0x000007A0 (0x0506000007A0)

  04:05:19: As1 LCP: PFC (0x0702)

  04:05:19: As1 LCP: ACFC (0x0802)

  04:05:19: As1 LCP: O CONFACK [ACKrcvd] id 0 len 20

  04:05:19: As1 LCP: ACCM 0x00000000 (0x020600000000)

  04:05:19: As1 LCP: MagicNumber 0x000007A0 (0x0506000007A0)

  04:05:19: As1 LCP: PFC (0x0702)

  04:05:19: As1 LCP: ACFC (0x0802)

  04:05:19: As1 LCP: State is Open

  04:05:19: As1 PPP: Phase is AUTHENTICATING, by this end

  04:05:19: As1 LCP: I IDENTIFY [Open] id 1 len 18 magic

     0x000007A0 MSRASV4.00

  04:05:19: As1 LCP: I IDENTIFY [Open] id 2 len 21 magic

     0x000007A0 MSRAS-1-ZEKIE

  04:05:19: As1 PAP: I AUTH-REQ id 16 len 24 from "callback2"

  04:05:19: As1 PAP: Authenticating peer callback2

  04:05:19: AAA/AUTHEN: create_user (0x14A640) user='callback2' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  04:05:19: AAA/AUTHEN/START (1256800753): port='Async1' list=''

     action=LOGIN service=PPP

  04:05:19: AAA/AUTHEN/START (1256800753): using "default" list

  04:05:19: AAA/AUTHEN/START (1256800753): Method=RADIUS

  04:05:19: RADIUS: Computed extended port value 0:1:

  04:05:19: RADIUS: Initial Transmit id 157 171.68.118.101:1645,

     Access-Request, len 79

  04:05:19: Attribute 4 6 0A1F0105

  04:05:19: Attribute 5 6 00000001

  04:05:19: Attribute 61 6 00000000

  04:05:19: Attribute 1 11 63616C6C

  04:05:19: Attribute 2 18 C29C6276

  04:05:19: Attribute 6 6 00000002

  04:05:19: Attribute 7 6 00000001

  04:05:19: RADIUS: Received from id 157 171.68.118.101:1645,

     Access-Accept, len 69

  04:05:19: Attribute 6 6 00000002

  04:05:19: Attribute 7 6 00000001

  04:05:19: Attribute 26 37 00000009011F6C63

  04:05:19: RADIUS: saved authorization data for user 14A640 at 14B1CC

  04:05:19: AAA/AUTHEN (1256800753): status = PASS

  04:05:19: AAA/AUTHOR/LCP As1: Authorize LCP

  04:05:19: AAA/AUTHOR/LCP As1 (1783017574): Port='Async1'

     list='' service=NET

  04:05:19: AAA/AUTHOR/LCP: As1 (1783017574) user='callback2'

  04:05:19: AAA/AUTHOR/LCP: As1 (1783017574) send AV service=ppp

  04:05:19: AAA/AUTHOR/LCP: As1 (1783017574) send AV protocol=lcp

  04:05:19: AAA/AUTHOR/LCP (1783017574) found list "default"

  04:05:19: AAA/AUTHOR/LCP: As1 (1783017574) Method=RADIUS

  04:05:19: RADIUS: cisco AVPair "lcp:callback-dialstring=20367"

  04:05:19: AAA/AUTHOR (1783017574): Post authorization status = PASS_REPL

  04:05:19: AAA/AUTHOR/LCP As1: Processing AV service=ppp

  04:05:19: AAA/AUTHOR/LCP As1: Processing AV callback-dialstring=20367

  04:05:19: As1 PAP: O AUTH-ACK id 16 len 5

  04:05:19: As1 PPP: Phase is UP

  04:05:19: AAA/AUTHOR/FSM As1: (0): Can we start IPCP?

  04:05:19: AAA/AUTHOR/FSM As1 (1621572650): Port='Async1'

     list='' service=NET

  04:05:19: AAA/AUTHOR/FSM: As1 (1621572650) user='callback2'

  04:05:19: AAA/AUTHOR/FSM: As1 (1621572650) send AV service=ppp

  04:05:19: AAA/AUTHOR/FSM: As1 (1621572650) send AV protocol=ip

  04:05:19: AAA/AUTHOR/FSM (1621572650) found list "default"

  04:05:19: AAA/AUTHOR/FSM: As1 (1621572650) Method=RADIUS

  04:05:19: RADIUS: cisco AVPair "lcp:callback-dialstring=20367"

     not applied for ip

  04:05:19: AAA/AUTHOR (1621572650): Post authorization status = PASS_REPL

  04:05:19: AAA/AUTHOR/FSM As1: We can start IPCP

  04:05:19: As1 IPCP: O CONFREQ [Closed] id 24 len 10

  04:05:19: As1 IPCP: Address 10.31.1.5 (0x03060A1F0105)

  04:05:19: As1 IPCP: I CONFREQ [REQsent] id 3 len 40

  04:05:19: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

  04:05:19: As1 IPCP: Address 0.0.0.0 (0x030600000000)

  04:05:19: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

  04:05:19: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

  04:05:19: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

  04:05:19: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

  04:05:19: AAA/AUTHOR/IPCP As1: Start. Her address 0.0.0.0, we want 0.0.0.0

  04:05:19: AAA/AUTHOR/IPCP As1: Processing AV service=ppp

  04:05:19: AAA/AUTHOR/IPCP As1: Authorization succeeded

  04:05:19: AAA/AUTHOR/IPCP As1: Done. Her address 0.0.0.0, we want 0.0.0.0

  04:05:19: As1 IPCP: Using pool 'async'

  04:05:19: As1 IPCP: Pool returned 15.15.15.15

  04:05:19: As1 IPCP: O CONFREJ [REQsent] id 3 len 28

  04:05:19: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)

  04:05:19: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

  04:05:19: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

  04:05:19: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

  04:05:19: As1 IPCP: I CONFACK [REQsent] id 24 len 10

  04:05:19: As1 IPCP: Address 10.31.1.5 (0x03060A1F0105)

  04:05:19: As1 IPCP: I CONFREQ [ACKrcvd] id 4 len 16

  04:05:19: As1 IPCP: Address 0.0.0.0 (0x030600000000)

  04:05:19: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

  04:05:19: AAA/AUTHOR/IPCP As1: Start. Her address 0.0.0.0,

     we want 15.15.15.15

  04:05:19: AAA/AUTHOR/IPCP As1: Processing AV service=ppp

  04:05:19: AAA/AUTHOR/IPCP As1: Authorization succeeded

  04:05:19: AAA/AUTHOR/IPCP As1: Done. Her address 0.0.0.0,

     we want 15.15.15.15

  04:05:19: As1 IPCP: O CONFNAK [ACKrcvd] id 4 len 16

  04:05:19: As1 IPCP: Address 15.15.15.15 (0x03060F0F0F0F)

  04:05:19: As1 IPCP: PrimaryDNS 171.68.118.103 (0x8106AB447667)

  04:05:20: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 16

  04:05:20: As1 IPCP: Address 15.15.15.15 (0x03060F0F0F0F)

  04:05:20: As1 IPCP: PrimaryDNS 171.68.118.103 (0x8106AB447667)

  04:05:20: AAA/AUTHOR/IPCP As1: Start. Her address 15.15.15.15,

     we want 15.15.15.15

  04:05:20: AAA/AUTHOR/IPCP As1 (2922034935): Port='Async1'

     list='' service=NET

  04:05:20: AAA/AUTHOR/IPCP: As1 (2922034935) user='callback2'

  04:05:20: AAA/AUTHOR/IPCP: As1 (2922034935) send AV service=ppp

  04:05:20: AAA/AUTHOR/IPCP: As1 (2922034935) send AV protocol=ip

  04:05:20: AAA/AUTHOR/IPCP: As1 (2922034935) send AV addr*15.15.15.15

  04:05:20: AAA/AUTHOR/IPCP (2922034935) found list "default"

  04:05:20: AAA/AUTHOR/IPCP: As1 (2922034935) Method=RADIUS

  04:05:20: RADIUS: cisco AVPair "lcp:callback-dialstring=20367"

     not applied for ip

  04:05:20: AAA/AUTHOR (2922034935): Post authorization status = PASS_REPL

  04:05:20: AAA/AUTHOR/IPCP As1: Reject 15.15.15.15, using 15.15.15.15

  04:05:20: AAA/AUTHOR/IPCP As1: Processing AV service=ppp

  04:05:20: AAA/AUTHOR/IPCP As1: Processing AV addr*15.15.15.15

  04:05:20: AAA/AUTHOR/IPCP As1: Authorization succeeded

  04:05:20: AAA/AUTHOR/IPCP As1: Done. Her address 15.15.15.15,

     we want 15.15.15.15

  04:05:20: As1 IPCP: O CONFACK [ACKrcvd] id 5 len 16

  04:05:20: As1 IPCP: Address 15.15.15.15 (0x03060F0F0F0F)

  04:05:20: As1 IPCP: PrimaryDNS 171.68.118.103 (0x8106AB447667)

  04:05:20: As1 IPCP: State is Open

  04:05:20: As1 IPCP: Install route to 15.15.15.15

  04:05:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1,

     changed state to up

  

  

ユーザが指定した番号による PPP コールバック

前の例は、事前に定義された(サーバに設定された)番号でのコールバックでした。コールバックはユーザが指定した番号で行われる場合もあり、この場合、認証サーバではコールバック番号はヌルで指定されます。これにより、ルータからユーザにコールバック番号を問い合せるようになります。ここで再度、指定したローカル コールバックを使用して、初期テストを行う必要があります。ローカル コールバックとヌル コールバック ストリングが動作しない場合は(つまり、aaa new-model コマンドの削除)、RADIUS コールバックも動作しません。ヌル コールバック ストリング ローカルをルータに対してローカルに指定するには、次のようにします。


  username callback callback-dialstring "" password 0 callback

  

PC の Dial-UP-Networking(Windows NT Server)の User Preferences で、Callback - maybe ask me during redial if server offers ボックスをチェックします。ユーザが認証されると、PC 上に表示されたウィンドウで「Callback - You have entered "Set by caller"」で始まるメッセージが表示され、さらに「Enter modem phone number」と表示されます。

サーバの設定

サーバのセットアップ - CiscoSecure NT

  • ユーザは、パスワードと確認用パスワードを取得します。

  • グループの設定は次のように行います。attribute 006 Service-Type = Framed attribute 007 Framed-Protocol = PPP

  • 画面の最後のボックスである Cisco RADIUS Attributes で、[009\001 - AV-Pair] をチェックし、その下に次のように入力します。lcp:callback-dialstring=20367

サーバのセットアップ - CiscoSecure UNIX

rtp-berry# ./ViewProfile -p 9900 -u callback

  User Profile Information

  user = callback{

  profile_id = 34

  profile_cycle = 1

  radius=Cisco {

  check_items= {

  2="callback"

  }

  reply_attributes= {

  6=2

  7=1

  9,1="lcp:callback-dialstring=20367"

  }

  }

  

  }

  

  

サーバのセットアップ - Livingston RADIUS

callback2 Password = "callback2"

  User-Service-Type = Framed-User,

  Framed-Protocol = PPP,

  cisco-avpair = "lcp:callback-dialstring=20367"

  

debug の出力例

koala#show debug

  General OS:

  Modem control/process activation debugging is on

  AAA Authentication debugging is on

  AAA Authorization debugging is on

  Dial on demand:

  Dial on demand events debugging is on

  PPP:

  PPP authentication debugging is on

  PPP protocol negotiation debugging is on

  Chat Scripts:

  Chat scripts activity debugging is on

  Callback:

  Callback activity debugging is on

  Radius protocol debugging is on

  koala#

  02:23:01: TTY1: DSR came up

  02:23:01: tty1: Modem: IDLE->READY

  02:23:01: TTY1: Autoselect started

  02:23:03: TTY1: Autoselect sample 7E

  02:23:03: TTY1: Autoselect sample 7EFF

  02:23:03: TTY1: Autoselect sample 7EFF7D

  02:23:03: TTY1: Autoselect sample 7EFF7D23

  02:23:03: TTY1 Autoselect cmd: ppp negotiate

  02:23:03: TTY1: EXEC creation

  02:23:05: %LINK-3-UPDOWN: Interface Async1, changed state to up

  02:23:05: As1 PPP: Treating connection as a dedicated line

  02:23:05: As1 PPP: Phase is ESTABLISHING, Active Open

  02:23:05: As1 LCP: O CONFREQ [Closed] id 27 len 24

  02:23:05: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  02:23:05: As1 LCP: AuthProto PAP (0x0304C023)

  02:23:05: As1 LCP: MagicNumber 0xE0A14386 (0x0506E0A14386)

  02:23:05: As1 LCP: PFC (0x0702)

  02:23:05: As1 LCP: ACFC (0x0802)

  02:23:05: As1 LCP: I CONFACK [REQsent] id 27 len 24

  02:23:05: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  02:23:05: As1 LCP: AuthProto PAP (0x0304C023)

  02:23:05: As1 LCP: MagicNumber 0xE0A14386 (0x0506E0A14386)

  02:23:05: As1 LCP: PFC (0x0702)

  02:23:05: As1 LCP: ACFC (0x0802)

  02:23:06: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23

  02:23:06: As1 LCP: ACCM 0x00000000 (0x020600000000)

  02:23:06: As1 LCP: MagicNumber 0x0000152B (0x05060000152B)

  02:23:06: As1 LCP: PFC (0x0702)

  02:23:06: As1 LCP: ACFC (0x0802)

  02:23:06: As1 LCP: Callback 6 (0x0D0306)

  02:23:06: As1 LCP: O CONFACK [ACKrcvd] id 0 len 23

  02:23:06: As1 LCP: ACCM 0x00000000 (0x020600000000)

  02:23:06: As1 LCP: MagicNumber 0x0000152B (0x05060000152B)

  02:23:06: As1 LCP: PFC (0x0702)

  02:23:06: As1 LCP: ACFC (0x0802)

  02:23:06: As1 LCP: Callback 6 (0x0D0306)

  02:23:06: As1 LCP: State is Open

  02:23:06: As1 PPP: Phase is AUTHENTICATING, by this end

  02:23:06: As1 LCP: I IDENTIFY [Open] id 1 len 18 magic

     0x0000152B MSRASV4.00

  02:23:06: As1 LCP: I IDENTIFY [Open] id 2 len 21 magic

     0x0000152B MSRAS-1-ZEKIE

  02:23:06: As1 PAP: I AUTH-REQ id 64 len 22 from "userspec"

  02:23:06: As1 PAP: Authenticating peer userspec

  02:23:06: AAA/AUTHEN: create_user (0x16E284) user='userspec' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  02:23:06: AAA/AUTHEN/START (835406208): port='Async1' list=''

     action=LOGIN service=PPP

  02:23:06: AAA/AUTHEN/START (835406208): using "default" list

  02:23:06: AAA/AUTHEN (835406208): status = UNKNOWN

  02:23:06: AAA/AUTHEN/START (835406208): Method=RADIUS

  02:23:06: RADIUS: Computed extended port value 0:1:

  02:23:06: RADIUS: Initial Transmit id 25 171.68.120.194:1645,

     Access-Request, len 78

  02:23:06: Attribute 4 6 0A1F0105

  02:23:06: Attribute 5 6 00000001

  02:23:06: Attribute 61 6 00000000

  02:23:06: Attribute 1 10 75736572

  02:23:06: Attribute 2 18 E1377DA0

  02:23:06: Attribute 6 6 00000002

  02:23:06: Attribute 7 6 00000001

  02:23:06: RADIUS: Received from id 25 171.68.120.194:1645,

     Access-Accept, len 64

  02:23:06: Attribute 6 6 00000002

  02:23:06: Attribute 7 6 00000001

  02:23:06: Attribute 26 32 00000009011A6C63

  02:23:06: RADIUS: saved authorization data for user 16E284 at A1B44

  02:23:06: AAA/AUTHEN (835406208): status = PASS

  02:23:06: AAA/AUTHOR/LCP As1: Authorize LCP

  02:23:06: AAA/AUTHOR/LCP As1 (2812925385): Port='Async1'

     list='' service=NET

  02:23:06: AAA/AUTHOR/LCP: As1 (2812925385) user='userspec'

  02:23:06: AAA/AUTHOR/LCP: As1 (2812925385) send AV service=ppp

  02:23:06: AAA/AUTHOR/LCP: As1 (2812925385) send AV protocol=lcp

  02:23:06: AAA/AUTHOR/LCP (2812925385) found list "default"

  02:23:06: AAA/AUTHOR/LCP: As1 (2812925385) Method=RADIUS

  02:23:06: RADIUS: cisco AVPair "lcp:callback-dialstring="

  02:23:06: AAA/AUTHOR (2812925385): Post authorization status = PASS_REPL

  02:23:06: AAA/AUTHOR/LCP As1: Processing AV service=ppp

  02:23:06: AAA/AUTHOR/LCP As1: Processing AV callback-dialstring=

  02:23:06: As1 PAP: O AUTH-ACK id 64 len 5

  

  !--- ルータがクライアントからの番号受信であることを認識し、

  !--- PC への要求を送出し始めます。

  

  02:23:06: As1 MCB: User userspec Callback Number - Client ANY

  02:23:06: Async1 PPP: O MCB Request(1) id 92 len 9

  02:23:06: Async1 MCB: O 1 5C 0 9 2 5 0 1 0

  02:23:06: As1 MCB: O Request Id 92 Callback Type Client-Num delay 0

  02:23:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1,

     changed state to up

  

  !--- ルータ側で PC からの応答を受信します。

  

  02:23:09: Async1 PPP: I MCB Response(2) id 92 len 14

  02:23:09: Async1 MCB: I 2 5C 0 E 2 A C 1 32 30 33 36 37 0

  02:23:09: As1 MCB: Received response

  02:23:09: As1 MCB: Response CBK-Client-Num 2 10 12, addr 1-20367

  02:23:09: Async1 PPP: O MCB Ack(3) id 93 len 14

  02:23:09: Async1 MCB: O 3 5D 0 E 2 A C 1 32 30 33 36 37 0

  02:23:09: As1 MCB: O Ack Id 93 Callback Type Client-Num delay 12

  02:23:09: As1 MCB: Negotiated MCB with peer

  02:23:09: As1 LCP: I TERMREQ [Open] id 3 len 8 (0x00000000)

  02:23:09: As1 LCP: O TERMACK [Open] id 3 len 4

  02:23:09: As1 MCB: Peer terminating the link

  02:23:09: As1 PPP: Phase is TERMINATING

  02:23:09: As1 MCB: Link terminated by peer, Callback Needed

  02:23:09: As1 MCB: Initiate Callback for userspec at 20367 using Async

  02:23:09: TTY1 Callback user dialstring 20367 from PPP negotiation

  02:23:09: As1 MCB: Async-callback in progress

  02:23:09: TTY1 Callback PPP process creation

  02:23:09: As1 AAA/ACCT: Using PPP accounting list ""

  02:23:09: TTY1 Callback process initiated, user: dialstring 20367

  02:23:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1,

     changed state to down

  02:23:10: TTY1: Async Int reset: Dropping DTR

  02:23:11: As1 LCP: TIMEout: Time 0x831824 State TERMsent

  02:23:11: As1 LCP: State is Closed

  02:23:11: As1 PPP: Phase is DOWN

  02:23:11: As1 VP: Cleaning already proceeding

  02:23:11: As1 PPP: Phase is ESTABLISHING, Passive Open

  02:23:11: AAA/AUTHEN: dup_user (0x16E558) user='userspec' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP

     priv=1 source='AAA dup lcp_reset'

  02:23:11: AAA/AUTHEN: Method=IF-NEEDED: no authentication needed.

     user='userspec' port='Async1' rem_addr='async'

  02:23:11: As1 LCP: State is Listen

  02:23:11: AAA/AUTHEN: free_user (0x16E284) user='userspec' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  02:23:12: %LINK-5-CHANGED: Interface Async1, changed state to reset

  02:23:12: As1 LCP: State is Closed

  02:23:12: As1 PPP: Phase is DOWN

  02:23:12: As1 VP: Cleaning already proceeding

  02:23:12: As1 IPCP: Remove route to 15.15.15.15

  02:23:15: AAA/AUTHEN: free_user (0x16E558) user='userspec' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  02:23:15: TTY1 Callback forced wait = 4 seconds

  02:23:17: %LINK-3-UPDOWN: Interface Async1, changed state to down

  02:23:17: As1 LCP: State is Closed

  02:23:17: As1 PPP: Phase is DOWN

  02:23:17: As1 VP: Cleaning already proceeding

  02:23:19: CHAT1: Matched chat script offhook to string offhook

  02:23:19: CHAT1: Asserting DTR

  02:23:19: CHAT1: Chat script offhook started

  02:23:19: CHAT1: Sending string: ATH1

  02:23:19: CHAT1: Expecting string: OK

  02:23:19: CHAT1: Completed match for expect: OK

  02:23:19: CHAT1: Chat script offhook finished, status = Success

  02:23:19: CHAT1: Matched chat script callback to string callback

  02:23:19: CHAT1: Asserting DTR

  02:23:19: CHAT1: Chat script callback started

  02:23:19: CHAT1: Sending string: ATZ

  02:23:19: CHAT1: Expecting string: OK

  02:23:19: CHAT1: Completed match for expect: OK

  02:23:19: CHAT1: Sending string: ATDT \T<20367>

  02:23:19: CHAT1: Expecting string: CONNECT

  02:23:35: CHAT1: Completed match for expect: CONNECT

  02:23:35: CHAT1: Sending string: \c

  02:23:35: CHAT1: Chat script callback finished, status = Success

  02:23:35: TTY1 PPP Callback Successful - await exec/autoselect pickup

  02:23:37: TTY1: DSR came up

  02:23:37: TTY1: Callback in effect

  02:23:37: tty1: Modem: IDLE->READY

  02:23:37: TTY1: Autoselect started

  02:23:37: As1 LCP: I CONFREQ [Closed] id 0 len 20

  02:23:37: As1 LCP: ACCM 0x00000000 (0x020600000000)

  02:23:37: As1 LCP: MagicNumber 0x00005156 (0x050600005156)

  02:23:37: As1 LCP: PFC (0x0702)

  02:23:37: As1 LCP: ACFC (0x0802)

  02:23:37: As1 LCP: Lower layer not up, discarding packet

  02:23:39: %LINK-3-UPDOWN: Interface Async1, changed state to up

  02:23:39: As1 PPP: Treating connection as a dedicated line

  02:23:39: As1 PPP: Phase is ESTABLISHING, Active Open

  02:23:39: As1 LCP: O CONFREQ [Closed] id 28 len 24

  02:23:39: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  02:23:39: As1 LCP: AuthProto PAP (0x0304C023)

  02:23:39: As1 LCP: MagicNumber 0xE0A1CAB2 (0x0506E0A1CAB2)

  02:23:39: As1 LCP: PFC (0x0702)

  02:23:39: As1 LCP: ACFC (0x0802)

  02:23:40: As1 LCP: I CONFACK [REQsent] id 28 len 24

  02:23:40: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)

  02:23:40: As1 LCP: AuthProto PAP (0x0304C023)

  02:23:40: As1 LCP: MagicNumber 0xE0A1CAB2 (0x0506E0A1CAB2)

  02:23:40: As1 LCP: PFC (0x0702)

  02:23:40: As1 LCP: ACFC (0x0802)

  02:23:40: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 20

  02:23:40: As1 LCP: ACCM 0x00000000 (0x020600000000)

  02:23:40: As1 LCP: MagicNumber 0x00005156 (0x050600005156)

  02:23:40: As1 LCP: PFC (0x0702)

  02:23:40: As1 LCP: ACFC (0x0802)

  02:23:40: As1 LCP: O CONFACK [ACKrcvd] id 0 len 20

  02:23:40: As1 LCP: ACCM 0x00000000 (0x020600000000)

  02:23:40: As1 LCP: MagicNumber 0x00005156 (0x050600005156)

  02:23:40: As1 LCP: PFC (0x0702)

  02:23:40: As1 LCP: ACFC (0x0802)

  02:23:40: As1 LCP: State is Open

  02:23:40: As1 PPP: Phase is AUTHENTICATING, by this end

  02:23:41: As1 LCP: I IDENTIFY [Open] id 1 len 18 magic

     0x00005156 MSRASV4.00

  02:23:41: As1 LCP: I IDENTIFY [Open] id 2 len 21 magic

     0x00005156 MSRAS-1-ZEKIE

  02:23:41: As1 PAP: I AUTH-REQ id 65 len 22 from "userspec"

  02:23:41: As1 PAP: Authenticating peer userspec

  02:23:41: AAA/AUTHEN: create_user (0x16E284) user='userspec' ruser=''

     port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1

  02:23:41: AAA/AUTHEN/START (2883652190): port='Async1'

     list='' action=LOGIN service=PPP

  02:23:41: AAA/AUTHEN/START (2883652190): using "default" list

  02:23:41: AAA/AUTHEN (2883652190): status = UNKNOWN

  02:23:41: AAA/AUTHEN/START (2883652190): Method=RADIUS

  02:23:41: RADIUS: Computed extended port value 0:1:

  02:23:41: RADIUS: Initial Transmit id 26 171.68.120.194:1645,

     Access-Request, len 78

  02:23:41: Attribute 4 6 0A1F0105

  02:23:41: Attribute 5 6 00000001

  02:23:41: Attribute 61 6 00000000

  02:23:41: Attribute 1 10 75736572

  02:23:41: Attribute 2 18 8150DA02

  02:23:41: Attribute 6 6 00000002

  02:23:41: Attribute 7 6 00000001

  02:23:41: RADIUS: Received from id 26 171.68.120.194:1645,

     Access-Accept, len 64

  02:23:41: Attribute 6 6 00000002

  02:23:41: Attribute 7 6 00000001

  02:23:41: Attribute 26 32 00000009011A6C63

  02:23:41: RADIUS: saved authorization data for user 16E284 at A1B44

  02:23:41: AAA/AUTHEN (2883652190): status = PASS

  02:23:41: AAA/AUTHOR/LCP As1: Authorize LCP

  02:23:41: AAA/AUTHOR/LCP As1 (3660077691): Port='Async1'

     list='' service=NET

  02:23:41: AAA/AUTHOR/LCP: As1 (3660077691) user='userspec'

  02:23:41: AAA/AUTHOR/LCP: As1 (3660077691) send AV service=ppp

  02:23:41: AAA/AUTHOR/LCP: As1 (3660077691) send AV protocol=lcp

  02:23:41: AAA/AUTHOR/LCP (3660077691) found list "default"

  02:23:41: AAA/AUTHOR/LCP: As1 (3660077691) Method=RADIUS

  02:23:41: RADIUS: cisco AVPair "lcp:callback-dialstring="

  02:23:41: AAA/AUTHOR (3660077691): Post authorization status = PASS_REPL

  02:23:41: AAA/AUTHOR/LCP As1: Processing AV service=ppp

  02:23:41: AAA/AUTHOR/LCP As1: Processing AV callback-dialstring=

  02:23:41: As1 PAP: O AUTH-ACK id 65 len 5

  02:23:41: As1 PPP: Phase is UP

  02:23:41: AAA/AUTHOR/FSM As1: (0): Can we start IPCP?

  02:23:41: AAA/AUTHOR/FSM As1 (2418882911): Port='Async1'

     list='' service=NET

  02:23:41: AAA/AUTHOR/FSM: As1 (2418882911) user='userspec'

  02:23:41: AAA/AUTHOR/FSM: As1 (2418882911) send AV service=ppp

  02:23:41: AAA/AUTHOR/FSM: As1 (2418882911) send AV protocol=ip

  02:23:41: AAA/AUTHOR/FSM (2418882911) found list "default"

  02:23:41: AAA/AUTHOR/FSM: As1 (2418882911) Method=RADIUS

  02:23:41: RADIUS: cisco AVPair "lcp:callback-dialstring="

     not applied for ip

  02:23:41: AAA/AUTHOR (2418882911): Post authorization

     status = PASS_REPL

  02:23:41: AAA/AUTHOR/FSM As1: We can start IPCP

  02:23:41: As1 IPCP: O CONFREQ [Closed] id 12 len 10

  02:23:41: As1 IPCP: Address 10.31.1.5 (0x03060A1F0105)

  02:23:41: As1 IPCP: I CONFREQ [REQsent] id 3 len 40

  02:23:41: As1 IPCP: CompressType VJ 15 slots

     CompressSlotID (0x0206002D0F01)

  02:23:41: As1 IPCP: Address 0.0.0.0 (0x030600000000)

  02:23:41: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

  02:23:41: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

  02:23:41: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

  02:23:41: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

  02:23:41: AAA/AUTHOR/IPCP As1: Start. Her address 0.0.0.0,

     we want 0.0.0.0

  02:23:41: AAA/AUTHOR/IPCP As1: Processing AV service=ppp

  02:23:41: AAA/AUTHOR/IPCP As1: Authorization succeeded

  02:23:41: AAA/AUTHOR/IPCP As1: Done. Her address 0.0.0.0,

     we want 0.0.0.0

  02:23:41: As1 IPCP: Using pool 'async'

  02:23:41: As1 IPCP: Pool returned 15.15.15.15

  02:23:41: As1 IPCP: O CONFREJ [REQsent] id 3 len 28

  02:23:41: As1 IPCP: CompressType VJ 15 slots

     CompressSlotID (0x0206002D0F01)

  02:23:41: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)

  02:23:41: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)

  02:23:41: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)

  02:23:41: As1 IPCP: I CONFACK [REQsent] id 12 len 10

  02:23:41: As1 IPCP: Address 10.31.1.5 (0x03060A1F0105)

  02:23:41: As1 IPCP: I CONFREQ [ACKrcvd] id 4 len 16

  02:23:41: As1 IPCP: Address 0.0.0.0 (0x030600000000)

  02:23:41: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)

  02:23:41: AAA/AUTHOR/IPCP As1: Start. Her address 0.0.0.0,

     we want 15.15.15.15

  02:23:41: AAA/AUTHOR/IPCP As1: Processing AV service=ppp

  02:23:41: AAA/AUTHOR/IPCP As1: Authorization succeeded

  02:23:41: AAA/AUTHOR/IPCP As1: Done. Her address 0.0.0.0,

     we want 15.15.15.15

  02:23:41: As1 IPCP: O CONFNAK [ACKrcvd] id 4 len 16

  02:23:41: As1 IPCP: Address 15.15.15.15 (0x03060F0F0F0F)

  02:23:41: As1 IPCP: PrimaryDNS 171.68.118.103 (0x8106AB447667)

  02:23:41: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 16

  02:23:41: As1 IPCP: Address 15.15.15.15 (0x03060F0F0F0F)

  02:23:41: As1 IPCP: PrimaryDNS 171.68.118.103 (0x8106AB447667)

  02:23:41: AAA/AUTHOR/IPCP As1: Start. Her address 15.15.15.15,

     we want 15.15.15.15

  02:23:41: AAA/AUTHOR/IPCP As1 (2792483333): Port='Async1'

     list='' service=NET

  02:23:41: AAA/AUTHOR/IPCP: As1 (2792483333) user='userspec'

  02:23:41: AAA/AUTHOR/IPCP: As1 (2792483333) send AV service=ppp

  02:23:41: AAA/AUTHOR/IPCP: As1 (2792483333) send AV protocol=ip

  02:23:41: AAA/AUTHOR/IPCP: As1 (2792483333) send AV addr*15.15.15.15

  02:23:41: AAA/AUTHOR/IPCP (2792483333) found list "default"

  02:23:41: AAA/AUTHOR/IPCP: As1 (2792483333) Method=RADIUS

  02:23:41: RADIUS: cisco AVPair "lcp:callback-dialstring="

     not applied for ip

  02:23:41: AAA/AUTHOR (2792483333): Post authorization status = PASS_REPL

  02:23:41: AAA/AUTHOR/IPCP As1: Reject 15.15.15.15, using 15.15.15.15

  02:23:41: AAA/AUTHOR/IPCP As1: Processing AV service=ppp

  02:23:41: AAA/AUTHOR/IPCP As1: Processing AV addr*15.15.15.15

  02:23:41: AAA/AUTHOR/IPCP As1: Authorization succeeded

  02:23:41: AAA/AUTHOR/IPCP As1: Done. Her address 15.15.15.15,

     we want 15.15.15.15

  02:23:41: As1 IPCP: O CONFACK [ACKrcvd] id 5 len 16

  02:23:41: As1 IPCP: Address 15.15.15.15 (0x03060F0F0F0F)

  02:23:41: As1 IPCP: PrimaryDNS 171.68.118.103 (0x8106AB447667)

  02:23:41: As1 IPCP: State is Open

  02:23:41: dialer Protocol up for As1

  02:23:41: As1 IPCP: Install route to 15.15.15.15

  02:23:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1,

     changed state to up

  

  

関連するシスコ サポート コミュニティ ディスカッション

シスコ サポート コミュニティは、どなたでも投稿や回答ができる情報交換スペースです。


関連情報


Document ID: 12427