セキュリティ : Cisco IOS ファイアウォール

認証プロキシのトラブルシューティング

2002 年 10 月 29 日 - ライター翻訳版
その他のバージョン: PDFpdf | 機械翻訳版 (2013 年 8 月 21 日) | 英語版 (2008 年 1 月 14 日) | フィードバック

目次


debugclearshow コマンド

debug コマンドを使用する前に、「debug コマンドに関する重要な情報」を参照してください。

  • debug tacacs | radius - TACACS あるいは RADIUS に関する情報を表示。

  • debug aaa authentication - AAA/TACACS+ の認証に関する情報を表示。使用されている認証方式と、それらの方式の結果が分かります。

  • debug aaa authorization - AAA/TACACS+ の許可に関する情報を表示。使用されている許可方式と、それらの方式の結果が分かります。

必要であれば、次のコマンドを使用できます。

  • debug ip auth-proxy {function - trace} - 認証プロキシの機能を表示。

  • debug ip auth-proxy {http} - 認証プロキシに関連する HTTP イベントを表示。

セッション間でクリアーするには、次のコマンドを使用してください。

  • clear ip auth-proxy cache {* | host ip address}- ユーザプロファイルおよびダイナミック アクセス制御リスト(ACL)など、すべての認証プロキシのエントリをクリアーします。IP アドレスが指定された場合、その指定されたホストに対する認証プロキシのエントリがクリアーされます。

show ip access-lists コマンド - 発信

access-list コマンドの実行前:

    
    sec-3640#show ip access-lists
    
    Extended IP access list 116
    
        permit tcp host 10.31.1.47 host 10.31.1.150 eq www
    
        deny tcp host 10.31.1.47 any (16 matches)
    
        deny udp host 10.31.1.47 any (26 matches)
    
        deny icmp host 10.31.1.47 any
    
        permit tcp 10.31.1.0 0.0.0.255 any (53 matches)
    
        permit udp 10.31.1.0 0.0.0.255 any (74 matches)
    
        permit icmp 10.31.1.0 0.0.0.255 any
    
        permit icmp 171.68.118.0 0.0.0.255 any
    
        permit tcp 171.68.118.0 0.0.0.255 any (242 matches)
    
        permit udp 171.68.118.0 0.0.0.255 any
    
    
access-list コマンドの実行後:
    
    Extended IP access list 116
    
        permit udp host 10.31.1.47 any (3 matches) <  added by authproxy 
    
        permit tcp host 10.31.1.47 any <  added by authproxy 
    
        permit icmp host 10.31.1.47 any < added by authproxy 
    
        permit tcp host 10.31.1.47 host 10.31.1.150 eq www
    
        deny tcp host 10.31.1.47 any (18 matches)
    
        deny udp host 10.31.1.47 any (26 matches)
    
        deny icmp host 10.31.1.47 any
    
        permit tcp 10.31.1.0 0.0.0.255 any (53 matches)
    
        permit udp 10.31.1.0 0.0.0.255 any (74 matches)
    
        permit icmp 10.31.1.0 0.0.0.255 any
    
        permit icmp 171.68.118.0 0.0.0.255 any
    
        permit tcp 171.68.118.0 0.0.0.255 any (264 matches)
    
        permit udp 171.68.118.0 0.0.0.255 any
    
    

デバッグ

正常なルータのデバッグ - TACACS - 発信


00:32:30: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:30: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:30: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:30:  F ack 1260991237 seq 410073(0)

00:32:30: dst_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521

00:32:30: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:30: AUTH_PROXY: not a SYN packet



00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:32:  F ack 1260991237 seq 410073(0)

00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH_PROXY: not a SYN packet



00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy

00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb

00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol

00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:32:  S seq 410077(0)

00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy

00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb

00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol

00:32:32: AUTH-PROXY FUNC: auth_proxy_new_connection

00:32:32: AUTH-PROXY FUNC: auth_proxy_add_conn_info

00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:32:  ack 2957488078 seq 410078(0)

00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: clientport 4535 state 0

00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:32:  P ack 2957488078 seq 410078(290)

00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: clientport 4535 state 0

00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache

00:32:32: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd

00:32:32: AUTH-PROXY FUNC: auth_proxy_received_get

00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache

00:32:32: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_save_timestamp

00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:32:  ack 2957489275 seq 410368(0)

00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: clientport 4535 state 0

00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:32:  F ack 2957489275 seq 410368(0)

00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535

00:32:32: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:32: clientport 4535 state 0

00:32:36: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:36: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:36:  F ack 1260991237 seq 410073(0)

00:32:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521

00:32:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:36: clientport 4535 state 0

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:45:  S seq 410193(0)

00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542

00:32:45: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: clientport 4521 state 0

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:45:  ack 2970312961 seq 410194(0)

00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542

00:32:45: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: clientport 4542 state 0

00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:45:  P ack 2970312961 seq 410194(449)

00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542

00:32:45: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: clientport 4542 state 0

00:32:45: AUTH-PROXY FUNC: auth_proxy_find_cache

00:32:45: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:45: AUTH-PROXY FUNC: auth_proxy_required_reauth

00:32:45: AUTH-PROXY FUNC: auth_proxy_same_timestamp

00:32:45: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd

00:32:45: AAA: parse name=a} idb type=-1 tty=-1

00:32:45: AAA/MEMORY: create_user (0x61C23FE4) user='' ruser=''

port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0

00:32:45: AAA/AUTHEN/START (3351494599): port='a}' list='default'

action=LOGIN service=LOGIN

00:32:45: AAA/AUTHEN/START (3351494599): found list default

00:32:45: AAA/AUTHEN/START (3351494599): Method=RTP (tacacs+)

00:32:45: TAC+: send AUTHEN/START packet ver=192 id=3351494599

00:32:45: TAC+: Using default tacacs server-group "RTP" list.

00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: TAC+: Opened TCP/IP handle 0x61CA39A0 to 171.68.118.84/49

00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/START/LOGIN/ASCII queued

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: TAC+: (3351494599) AUTHEN/START/LOGIN/ASCII processed

00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETUSER

00:32:45: AAA/AUTHEN (3351494599): status = GETUSER

00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='(undef)')

00:32:45: AAA/AUTHEN (3351494599): status = GETUSER

00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+)

00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599

00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: TAC+: (3351494599) AUTHEN/CONT processed

00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETPASS

00:32:45: AAA/AUTHEN (3351494599): status = GETPASS

00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='proxyonly')

00:32:45: AAA/AUTHEN (3351494599): status = GETPASS

00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+)

00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599

00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: TAC+: (3351494599) AUTHEN/CONT processed

00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = PASS

00:32:45: AAA/AUTHEN (3351494599): status = PASS

00:32:45: TAC+: Closing TCP/IP 0x61CA39A0 connection to 171.68.118.84/49

00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Port='a}' list='default' service=AUTH-PROXY

00:32:45: AAA/AUTHOR/HTTP: a} (4113551585) user='proxyonly'

00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV service=auth-proxy

00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV cmd*

00:32:45: a} AAA/AUTHOR/HTTP (4113551585): found list "default"

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Method=RTP (tacacs+)

00:32:45: AAA/AUTHOR/TAC+: (4113551585): user=proxyonly

00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV service=auth-proxy

00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV cmd*

00:32:45: TAC+: using previously set server 171.68.118.84 from group RTP

00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5

00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:45: TAC+: Opened TCP/IP handle 0x61CA3E1C to 171.68.118.84/49

00:32:45: TAC+: Opened 171.68.118.84 index=1

00:32:45: TAC+: 171.68.118.84 (4113551585) AUTHOR/START queued

00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:46: TAC+: (4113551585) AUTHOR/START processed

00:32:46: TAC+: (4113551585): received author response status = PASS_ADD

00:32:46: TAC+: Closing TCP/IP 0x61CA3E1C connection to 171.68.118.84/49

00:32:46: AAA/AUTHOR (4113551585): Post authorization status = PASS_ADD

00:32:46: AUTH-PROXY FUNC: auth_proxy_copy_attrs

00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache

00:32:46: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache

00:32:46: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:46: AUTH-PROXY FUNC: auth_proxy_http_accept

00:32:46: AUTH-PROXY FUNC: auth_proxy_proc_profile

00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item

00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item

00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item

00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item

00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item

00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item

00:32:46: AAA/MEMORY: free_user (0x61C23FE4) user='proxyonly'

ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0

00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:46: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:46: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:46:  ack 2970313958 seq 410643(0)

00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542

00:32:46: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:46: clientport 4542 state 2

00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path

00:32:46:  F ack 2970313958 seq 410643(0)

00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542

00:32:46: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:46: clientport 4542 state 2

00:32:49: AUTH-PROXY FUNC: auth_proxy_timers

00:32:49: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout

00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:51: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit

00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:51: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit

00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:51: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit

00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path

00:32:51: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit

00:32:54: AUTH-PROXY FUNC: auth_proxy_fast_path

正常なルータのデバッグ - RADIUS - 発信


01:23:18: AUTH-PROXY FUNC: auth_proxy_destroy_all_conn_info

01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_conn_info

01:23:18: AUTH-PROXY FUNC: auth_proxy_delete_conn_info

01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_all_acl

01:23:21: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:21: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:21: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:21:  F ack 3679167246 seq 413771(0)

01:23:21: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851

01:23:21: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:21: AUTH_PROXY: not a SYN packet



01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy

01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb

01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol

01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:23:  S seq 414827(0)

01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy

01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb

01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol

01:23:23: AUTH-PROXY FUNC: auth_proxy_new_connection

01:23:23: AUTH-PROXY FUNC: auth_proxy_add_conn_info

01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:23:  ack 1713887638 seq 414828(0)

01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: clientport 4943 state 0

01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:23:  P ack 1713887638 seq 414828(290)

01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: clientport 4943 state 0

01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache

01:23:23: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd

01:23:23: AUTH-PROXY FUNC: auth_proxy_received_get

01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache

01:23:23: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_save_timestamp

01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:23:  ack 1713888835 seq 415118(0)

01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: clientport 4943 state 0

01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:23:  F ack 1713888835 seq 415118(0)

01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943

01:23:23: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:23: clientport 4943 state 0

01:23:24: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:24: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:24: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:24:  F ack 3679167246 seq 413771(0)

01:23:24: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851

01:23:24: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:24: clientport 4943 state 0

01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:36:  S seq 414841(0)

01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: clientport 4851 state 0

01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:36:  ack 1726143121 seq 414842(0)

01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: clientport 4944 state 0

01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:36:  P ack 1726143121 seq 414842(449)

01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: clientport 4944 state 0

01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache

01:23:36: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_required_reauth

01:23:36: AUTH-PROXY FUNC: auth_proxy_same_timestamp

01:23:36: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd

01:23:36: AAA: parse name=a} idb type=-1 TTY=-1

01:23:36: AAA/MEMORY: create_user (0x61C52DD8) user='' ruser='' port='a}'

rem_addr='' authen_type=ASCII service=LOGIN priv=0

01:23:36: AAA/AUTHEN/START (1504053479): port='a}' list='default'

action=LOGIN service=LOGIN

01:23:36: AAA/AUTHEN/START (1504053479): found list default

01:23:36: AAA/AUTHEN/START (1504053479): Method=LOCAL

01:23:36: AAA/AUTHEN (1504053479): status = GETUSER

01:23:36: AAA/AUTHEN/CONT (1504053479): continue_login (user='(undef)')

01:23:36: AAA/AUTHEN (1504053479): status = GETUSER

01:23:36: AAA/AUTHEN/CONT (1504053479): Method=LOCAL

01:23:36: AAA/AUTHEN (1504053479): User not found, emulating local-override

01:23:36: AAA/AUTHEN (1504053479): status = ERROR

01:23:36: AAA/AUTHEN/START (58099628): port='a}' list='' action=LOGIN service=LOGIN

01:23:36: AAA/AUTHEN/START (58099628): Restart

01:23:36: AAA/AUTHEN/START (58099628): Method=RTP (radius)

01:23:36: AAA/AUTHEN (58099628): status = GETPASS

01:23:36: AAA/AUTHEN/CONT (58099628): continue_login (user='proxyonly')

01:23:36: AAA/AUTHEN (58099628): status = GETPASS

01:23:36: AAA/AUTHEN (58099628): Method=RTP (radius)

01:23:36: RADIUS: ustruct sharecount=1

01:23:36: RADIUS: Initial Transmit a} id 2 171.68.118.84:1645,

Access-Request, len 67

01:23:36:         Attribute 4 6 0A1F0196

01:23:36:         Attribute 61 6 00000000

01:23:36:         Attribute 1 11 70726F78

01:23:36:         Attribute 2 18 7CC79416

01:23:36:         Attribute 6 6 00000005

01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:36: RADIUS: Received from id 2 171.68.118.84:1645, Access-Accept, Len 207

01:23:36:         Attribute 6 6 00000005

01:23:36:         Attribute 26 30 0000000901186175

01:23:36:         Attribute 26 49 00000009012B6175

01:23:36:         Attribute 26 48 00000009012A6175

01:23:36:         Attribute 26 48 00000009012A6175

01:23:36:         Attribute 8 6 FFFFFFFF

01:23:36: RADIUS: saved authorization data for user 61C52DD8 at 619E0D8C

01:23:36: AAA/AUTHEN (58099628): status = PASS

01:23:36: a} AAA/AUTHOR/HTTP (147390869): Port='a}' list='default'

service=AUTH-PROXY

01:23:36: AAA/AUTHOR/HTTP: a} (147390869) user='proxyonly'

01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV service=auth-proxy

01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV cmd*

01:23:36: a} AAA/AUTHOR/HTTP (147390869): found list "default"

01:23:36: a} AAA/AUTHOR/HTTP (147390869): Method=RTP (radius)

01:23:36: RADIUS: cisco AVPair "auth-proxy:priv-lvl=15"

01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#1=permit icmp any any"

01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#2=permit tcp any any"

01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#3=permit udp any any"

01:23:36: AAA/AUTHOR (147390869): Post authorization status = PASS_ADD

01:23:36: AUTH-PROXY FUNC: auth_proxy_copy_attrs

01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache

01:23:36: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache

01:23:36: AUTH-PROXY : auth_proxy_find_cache

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_http_accept

01:23:36: AUTH-PROXY FUNC: auth_proxy_proc_profile

01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item

01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item

01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item

01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item

01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item

01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item

01:23:36: AAA/MEMORY: free_user (0x61C52DD8) user='proxyonly'

ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0

01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:36:  ack 1726144118 seq 415291(0)

01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: clientport 4944 state 2

01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path

01:23:36:  F ack 1726144118 seq 415291(0)

01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944

01:23:36: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:36: clientport 4944 state 2

01:23:39: AUTH-PROXY FUNC: auth_proxy_timers

01:23:39: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout

01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:41: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit

01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:41: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit

01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:41: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit

01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path

01:23:41: AUTH-PROXY auth_proxy_find_conn_info :

         find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12

                 ip-srcaddr 10.31.1.47

                 pak-srcaddr 0.0.0.0



01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit

潜在的な問題

RADIUS サーバに到達不可能

デバッグは次のように表示されます。
    
    01:30:39: RADIUS: Initial Transmit  id 6 171.68.118.115:1645, Access-Request, Len 67
    
    01:30:39:         Attribute 4 6 0A1F0196
    
    01:30:39:         Attribute 61 6 00000000
    
    01:30:39:         Attribute 1 11 70726F78
    
    01:30:39:         Attribute 2 18 E552A3E5
    
    01:30:39:         Attribute 6 6 00000005
    
    01:30:44: RADIUS: Retransmit id 6
    
    01:30:49: RADIUS: Retransmit id 6
    
    01:30:59: RADIUS: Marking server 171.68.118.115 dead
    
    01:30:59: RADIUS: Tried all servers.
    
    01:30:59: RADIUS: No valid server found. Trying any viable server
    
    01:30:59: RADIUS: Tried all servers.
    
    01:30:59: RADIUS: No response for id 6
    
    01:30:59: RADIUS: No response from server
    
    01:30:59: AAA/AUTHEN (1597176845): status = ERROR
    
    

最終的に、ユーザには「500 Internal Server Error」と表示されます。

TACACS サーバに到達不可能

デバッグは次のように表示されます。
    
    02:13:41: AAA/AUTHEN/START (3727404152): Method=RTP (tacacs+)
    
    02:13:41: TAC+: send AUTHEN/START packet ver=192 id=3727404152
    
    02:13:41: TAC+: Using default tacacs server-group "RTP" list.
    
    02:13:41: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5
    
    02:13:41: TAC+: TCP/IP open to 171.68.118.115/49 failed -- Connection refused by remote host
    
    02:13:41: AAA/AUTHEN (3727404152): status = ERROR
    
    

最終的に、ユーザには「500 Internal Server Error」と表示されます。

RADIUS ユーザが誤ったユーザ名またはパスワードを入力

デバッグは次のように表示されます。

    
    01:37:42: RADIUS: Received from id 10 171.68.118.115:1645, Access-Reject, Len 20
    
    01:37:42: AAA/AUTHEN (3558550985): status = FAIL
    
    01:37:42: AAA/MEMORY: free_user (0x61C549F0) user='junk' ruser='' port='' rem_addr='' authen_type=ASCII service=LOGIN priv=0
    
    

ユーザには「Authentication Failed!」と表示されます。

TACACS ユーザが誤ったユーザ名またはパスワードを入力

デバッグは次のように表示されます。

    
    02:15:03: AAA/AUTHEN/START (1400571814): Method=RTP (tacacs+)
    
    02:15:03: TAC+: send AUTHEN/START packet ver=192 id=1400571814
    
    02:15:03: TAC+: Using default tacacs server-group "RTP" list.
    
    02:15:03: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5
    
    02:15:03: TAC+: Opened TCP/IP handle 0x61CAFEA8 to 171.68.118.115/49
    
    02:15:03: TAC+: 171.68.118.115 (1400571814) AUTHEN/START/LOGIN/ASCII queued
    
    02:15:04: TAC+: (1400571814) AUTHEN/START/LOGIN/ASCII processed
    
    02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = GETPASS
    
    02:15:04: AAA/AUTHEN (1400571814): status = GETPASS
    
    02:15:04: AAA/AUTHEN/CONT (1400571814): continue_login (user='junkuser')
    
    02:15:04: AAA/AUTHEN (1400571814): status = GETPASS
    
    02:15:04: AAA/AUTHEN (1400571814): Method=RTP (tacacs+)
    
    02:15:04: TAC+: send AUTHEN/CONT packet id=1400571814
    
    02:15:04: TAC+: 171.68.118.115 (1400571814) AUTHEN/CONT queued
    
    02:15:04: TAC+: (1400571814) AUTHEN/CONT processed
    
    02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = FAIL
    
    02:15:04: AAA/AUTHEN (1400571814): status = FAIL
    
    

ユーザには「Authentication Failed!」と表示されます。

TACACS ユーザが正しいユーザ名またはパスワードを入力したが、許可に失敗

デバッグは次のように表示されます。

    
    02:17:01: TAC+: ver=192 id=945629484 received AUTHEN status = PASS
    
    02:17:02: TAC+: (1368282367): received author response status = FAIL
    
    02:17:02: TAC+: Closing TCP/IP 0x61CAFFC8 connection to 171.68.118.115/49
    
    02:17:02: AAA/AUTHOR (1368282367): Post authorization status = FAIL
    
    

ユーザには「Authentication Failed!」と表示されます。

RADIUS ユーザが正しいユーザ名またはパスワードを入力したが、ACL が正しくない形式で返される

ACL が設定されていても、それが正しく適用されないためにユーザがファイアウォールを通過できないことが、デバッグで示されます。

ユーザには、「Authentication Successful!」と表示されます。

TACACS ユーザが正しいユーザ名またはパスワードを入力したが、ACL が正しくない形式で返される

デバッグには、認証に成功した場合との違いがありませんが、ACL は適用されず、ユーザはファイアウォールを通過することができません。

ユーザには、「Authentication Successful!」と表示されます。

RADIUS ユーザが正しいユーザ名またはパスワードを入力したが、Priv-lvl 15 が返されない

デバッグは次のように表示されます。

    
    02:00:54: RADIUS: saved authorization data for user 61CA670C at 61C5585C
    
    02:00:54: AAA/AUTHEN (706562375): status = PASS
    
    02:00:54:  AAA/AUTHOR/HTTP (4224202114): Port='' list='default' service=AUTH-PROXY
    
    02:00:54: AAA/AUTHOR/HTTP:  (4224202114) user='baduser'
    
    02:00:54:  AAA/AUTHOR/HTTP (4224202114): send AV service=auth-proxy
    
    02:00:54:  AAA/AUTHOR/HTTP (4224202114): send AV cmd*
    
    02:00:54:  AAA/AUTHOR/HTTP (4224202114): found list "default"
    
    02:00:54:  AAA/AUTHOR/HTTP (4224202114): Method=RTP (radius)
    
    02:00:54: RADIUS: cisco AVPair "auth-proxy:priv-lvl=1"
    
    

ルータのデバッグには、特権レベルが誤っていることの他には異常は示されていませんが、ユーザには「Authentication Failed」と表示されます。ACL は適用されません。

TACACS ユーザが正しいユーザ名またはパスワードを入力したが、Priv-lvl 15 が返されない

デバッグには、認証に成功した場合との違いはありません。

ユーザには「Authentication Failed!」と表示されます。

既知の不具合

次の問題を引き起こすバグが存在しています。登録済み CCO ユーザとしてログインしている場合は、バグの詳細を表示できます。

  • 不十分なデバッグ  
  • 認証プロキシが設定されたときに、応答がなく、ウィンドウも表示されない  
  • NAT、CBAC の着信に対し、認証プロキシから応答がない  
  • 認証プロキシがダウンロードした ACL の内容よりも多くのトラフィックを許可する  
  • ACL でのサブネットのサポートに関する問題  


関連するシスコ サポート コミュニティ ディスカッション

シスコ サポート コミュニティは、どなたでも投稿や回答ができる情報交換スペースです。


関連情報


Document ID: 13896