Безопасность : Сервер управления безопасного доступа Cisco для Unix

Использование сервера AAA (проверка подлинности, авторизация и учет) для управления пулами IP на сервере сетевого доступа

5 апреля 2016 - Машинный перевод
Другие версии: PDF-версия:pdf | Отзыв


Содержание


Введение

Этот документ предоставляет примеры конфигурации для использования AAA-сервера для управления пулами IP в Сервере доступа к сети (NAS).

Перед началом работы

Условные обозначения

Дополнительные сведения об условных обозначениях см. в документе Технические рекомендации Cisco. Условные обозначения.

Предварительные условия

Для данного документа отсутствуют предварительные условия.

Используемые компоненты

Сведения, содержащиеся в данном документе, относятся к следующим версиям программного и аппаратного обеспечения.

  • Cisco выпуск ПО IOS� 12.0.7. T

Сведения, представленные в этом документе, были получены от устройств в специфической лабораторной среде. Все устройства, используемые в этом документе, были запущены с чистой конфигурацией (конфигурацией по умолчанию). При работе с реальной сетью необходимо полностью осознавать возможные результаты использования всех команд.

Пулы IP

Во время IP Control Protocol согласование адреса (IPCP), если название пула IP задано для пользователя, проверки NAS, определен ли именованный пул локально. Если это, никакое специальное действие не требуется, и с локальным пулом консультируются для IP-адреса. Если требуемый пул не присутствует, то вызов авторизации получить его выполнен, с помощью специального имени пользователя "Pools-nas-name", где "nas-название" является настроенным именем хоста NAS. В ответ AAA-сервер загружает конфигурацию требуемого пула. Можно настроить другое имя пользователя пула с названием имени пользователя config aaa configuration команды выбора.

Эта команда имеет эффект изменения имени пользователя, которое используется для загрузки определений пула от имени по умолчанию "Pools-nas-name" "name-of-your-choosing".

Пулы, загруженные к NAS Cisco, не сохранены в энергонезависимой памяти и автоматически исчезают каждый раз, когда сервер доступа или маршрутизатор перезапускают. Загруженные пулы могут также быть сделаны к таймауту автоматически путем добавления подходящей пары значение-атрибут. Загруженные пулы отмечены как динамичные в выходных данных command show ip local pool.

Конфигурация сервера сетевого доступа RADIUS

aaa new-model 
aaa authentication login default group radius 
aaa authentication ppp default if-needed group radius 
aaa authorization network default group radius
aaa configuration config-username nas1-pools
radius-server host 172.18.124.114 auth-port 1645 acct-port 1646 
radius-server key cisco

Профиль пула NAS сервера AAA Server

./ViewProfile -p 9900 -u nas1-pools
User Profile Information 
user = nas1-pools
profile_id=63
profile_cycle = 7
member = nas_profiles
password = pap "********"
radius=Cisco {
reply_attributes= {
6=5
9,1="ip:pool-def#1= pool1 172.22.83.2 172.22.83.253"
}
}

}

Данный пример показывает пользователю "nas1-пулы", созданные в CiscoSecure UNIX (CSU) сервер. Эта запись задает User-service-type исходящего пользователя {6=5}. Этот атрибут предоставлен NAS, чтобы препятствовать тому, чтобы обычные входы в систему использовали известную комбинацию имени пользователя и пароля nas1-pools/cisco.

Профиль пользователя сервера AAA Server

./ViewProfile -p 9900 -u pool_test 
user = pool_test{
profile_id = 46
profile_cycle = 14
member = dial_rad
password = pap "********"
radius=Cisco {
reply_attributes= {
7=1
6=2
9,1="ip:addr-pool=pool1"
}
}

}

Проверка

Пользователь "pool_test" набирает в и назначен IP-адрес от pool1 в AAA-сервере.

as5300#show debug
General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
PPP:
  PPP protocol negotiation debugging is on
Radius protocol debugging is on
as5300#term mon
as5300#
00:26:01: %LINK-3-UPDOWN: Interface Async5, changed state to up
00:26:01: As5 PPP: Treating connection as a dedicated line
00:26:01: As5 PPP: Phase is ESTABLISHING, Active Open
00:26:01: As5 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
00:26:01: As5 LCP: O CONFREQ [Closed] id 1 len 24
00:26:01: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:01: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:01: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:01: As5 LCP:    PFC (0x0702)
00:26:01: As5 LCP:    ACFC (0x0802)
00:26:01: As5 LCP: I CONFACK [REQsent] id 1 len 24
00:26:01: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:01: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:01: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:01: As5 LCP:    PFC (0x0702)
00:26:01: As5 LCP:    ACFC (0x0802)
00:26:02: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:26:02: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:02: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:02: As5 LCP:    PFC (0x0702)
00:26:02: As5 LCP:    ACFC (0x0802)
00:26:02: As5 LCP:    Callback 6  (0x0D0306)
00:26:02: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:26:02: As5 LCP:    Callback 6  (0x0D0306)
00:26:03: As5 LCP: TIMEout: State ACKrcvd
00:26:03: As5 LCP: O CONFREQ [ACKrcvd] id 2 len 24
00:26:03: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:03: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:03: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:03: As5 LCP:    PFC (0x0702)
00:26:03: As5 LCP:    ACFC (0x0802)
00:26:03: As5 LCP: I CONFACK [REQsent] id 2 len 24
00:26:03: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:03: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:03: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:03: As5 LCP:    PFC (0x0702)
00:26:03: As5 LCP:    ACFC (0x0802)
00:26:05: As5 LCP: TIMEout: State ACKrcvd
00:26:05: As5 LCP: O CONFREQ [ACKrcvd] id 3 len 24
00:26:05: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:05: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:05: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:05: As5 LCP:    PFC (0x0702)
00:26:05: As5 LCP:    ACFC (0x0802)
00:26:05: As5 LCP: I CONFACK [REQsent] id 3 len 24
00:26:05: As5 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:26:05: As5 LCP:    AuthProto PAP (0x0304C023)
00:26:05: As5 LCP:    MagicNumber 0xD0D1EC92 (0x0506D0D1EC92)
00:26:05: As5 LCP:    PFC (0x0702)
00:26:05: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP:    Callback 6  (0x0D0306)
00:26:06: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:26:06: As5 LCP:    Callback 6  (0x0D0306)
00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 1 len 20
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: O CONFACK [ACKrcvd] id 1 len 20
00:26:06: As5 LCP:    ACCM 0x00000000 (0x020600000000)
00:26:06: As5 LCP:    MagicNumber 0x00002BF7 (0x050600002BF7)
00:26:06: As5 LCP:    PFC (0x0702)
00:26:06: As5 LCP:    ACFC (0x0802)
00:26:06: As5 LCP: State is Open
00:26:06: As5 PPP: Phase is AUTHENTICATING, by this end
00:26:06: As5 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00002BF7 MSRASV4.00
00:26:06: As5 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00002BF7 MSRAS-1-ZEKIE
00:26:06: As5 PAP: I AUTH-REQ id 31 len 24 from "pool_test"
00:26:06: As5 PAP: Authenticating peer pool_test
00:26:06: AAA: parse name=Async5 idb type=10 tty=5
00:26:06: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=5 channel=0
00:26:06: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:26:06: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:26:06: AAA/MEMORY: create_user (0x618FFBB0) user='pool_test' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1
00:26:06: AAA/AUTHEN/START (2962877775): port='Async5' list='' action=LOGIN 
service=PPP
00:26:06: AAA/AUTHEN/START (2962877775): using "default" list
00:26:06: AAA/AUTHEN (2962877775): status = UNKNOWN
00:26:06: AAA/AUTHEN/START (2962877775): Method=radius (radius)
00:26:06: RADIUS: ustruct sharecount=1
00:26:06: RADIUS: Initial Transmit Async5 id 10 172.18.124.114:1645, 
Access-Request, len 103
00:26:06:         Attribute 4 6 01010101
00:26:06:         Attribute 5 6 00000005
00:26:06:         Attribute 61 6 00000000
00:26:06:         Attribute 1 11 706F6F6C
00:26:06:         Attribute 30 12 39313934
00:26:06:         Attribute 31 12 39313934
00:26:06:         Attribute 2 18 FC2DE489
00:26:06:         Attribute 6 6 00000002
00:26:06:         Attribute 7 6 00000001
00:26:06: RADIUS: Received from id 10 172.18.124.114:1645, Access-Accept, 
len 58
00:26:06:         Attribute 7 6 00000001
00:26:06:         Attribute 6 6 00000002
00:26:06:         Attribute 26 26 0000000901146970
00:26:06: RADIUS: saved authorization data for user 618FFBB0 at 618FEAE4
00:26:06: AAA/AUTHEN (2962877775): status = PASS
00:26:06: As5 AAA/AUTHOR/LCP: Authorize LCP
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Port='Async5' list='' service=NET
00:26:06: AAA/AUTHOR/LCP: As5 (3264835197) user='pool_test'
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV service=ppp
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV protocol=lcp
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): found list "default"
00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Method=radius (radius)
00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" not applied for lcp
00:26:06: As5 AAA/AUTHOR (3264835197): Post authorization status = PASS_REPL
00:26:06: As5 AAA/AUTHOR/LCP: Processing AV service=ppp
00:26:06: As5 PAP: O AUTH-ACK id 31 len 5
00:26:06: As5 PPP: Phase is UP
00:26:06: As5 AAA/AUTHOR/FSM: (0): Can we start IPCP?
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Port='Async5' list='' service=NET
00:26:06: AAA/AUTHOR/FSM: As5 (2404696831) user='pool_test'
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV service=ppp
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV protocol=ip
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): found list "default"
00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Method=radius (radius)
00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1"
00:26:06: As5 AAA/AUTHOR (2404696831): Post authorization status = PASS_REPL
00:26:06: As5 AAA/AUTHOR/FSM: We can start IPCP
00:26:06: As5 IPCP: O CONFREQ [Closed] id 1 len 10
00:26:06: As5 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:26:07: As5 CCP: I CONFREQ [Not negotiated] id 4 len 10
00:26:07: As5 CCP:    MS-PPC supported bits 0x00000001 (0x120600000001)
00:26:07: As5 LCP: O PROTREJ [Open] id 4 len 16 protocol CCP 
(0x80FD0104000A120600000001)
00:26:07: As5 IPCP: I CONFREQ [REQsent] id 5 len 40
00:26:07: As5 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:26:07: As5 IPCP:    Address 0.0.0.0 (0x030600000000)
00:26:07: As5 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:26:07: As5 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:26:07: As5 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:26:07: As5 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
00:26:07: As5 AAA/AUTHOR/IPCP: Says use pool pool1
00:26:07: AAA: parse name=Async5 idb type=10 tty=5
00:26:07: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=5 channel=0
00:26:07: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:26:07: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:26:07: AAA/MEMORY: create_user (0x618FFCD8) user='nas1-pools' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Port='Async5' list='' service=NET
00:26:07: AAA/AUTHOR/POOL: As5 (3562270977) user='nas1-pools'
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV service=ppp
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV protocol=ip
00:26:07: Async5 AAA/AUTHOR/POOL (3562270977): found list "default"
00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Method=radius (radius)
00:26:07: RADIUS: authenticating to get author data
00:26:07: RADIUS: ustruct sharecount=2
00:26:07: RADIUS: Initial Transmit Async5 id 11 172.18.124.114:1645, Access-Request, 
len 98
00:26:07:         Attribute 4 6 01010101
00:26:07:         Attribute 5 6 00000005
00:26:07:         Attribute 61 6 00000000
00:26:07:         Attribute 1 12 6E617331
00:26:07:         Attribute 30 12 39313934
00:26:07:         Attribute 31 12 39313934
00:26:07:         Attribute 2 18 E6DF8390
00:26:07:         Attribute 6 6 00000005
00:26:07: RADIUS: Received from id 11 172.18.124.114:1645, Access-Accept, len 69
00:26:07:         Attribute 6 6 00000005
00:26:07:         Attribute 26 43 0000000901256970
00:26:07: RADIUS: saved authorization data for user 618FFCD8 at 61450E5C
00:26:07: RADIUS: cisco AVPair "ip:pool-def#1=pool1 1.2.3.4 1.2.3.5"
00:26:07: AAA/AUTHOR (3562270977): Post authorization status = PASS_REPL
00:26:07: As5 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5
00:26:07: AAA/MEMORY: free_user (0x618FFCD8) user='nas1-pools' ruser='' 
port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE 
priv=1
00:26:07: As5 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFREJ [REQsent] id 5 len 34
00:26:07: As5 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:26:07: As5 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:26:07: As5 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:26:07: As5 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:26:07: As5 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:26:07: As5 IPCP: I CONFACK [REQsent] id 1 len 10
00:26:07: As5 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
00:26:07: As5 IPCP:    Address 0.0.0.0 (0x030600000000)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 AAA/AUTHOR/IPCP: Start.  Her address 1.2.3.4, we want 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded
00:26:07: As5 AAA/AUTHOR/IPCP: Done.  Her address 1.2.3.4, we want 1.2.3.4
00:26:07: As5 IPCP: O CONFACK [ACKrcvd] id 7 len 10
00:26:07: As5 IPCP:    Address 1.2.3.4 (0x030601020304)
00:26:07: As5 IPCP: State is Open
00:26:07: As5 IPCP: Install route to 1.2.3.4
00:26:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, 
changed state to up
as5300#show caller ip
  Line         User       IP Address      Local Number    Remote Number   <->
  As5          pool_test  1.2.3.4         9194724101      9194722001      
as5300#show ip local pool
 Pool                     Begin           End             Free  In use
 pool1                    1.2.3.4         1.2.3.5            1       1 (dynamic)

Конфигурация TACACS+ NAS

aaa new-model
aaa authentication login default group tacacs+
aaa authentication ppp default if-needed group tacacs+
aaa authorization network default group tacacs+
aaa configuration config-username nas1-pools
tacacs-server host 172.18.124.114 
tacacs-server key cisco

Профиль пула NAS сервера AAA Server

./ViewProfile -p 9900 -u nas1-pools
User Profile Information
user = nas1-pools
profile_id = 63
profile_cycle = 8
service=ppp {
protocol=ip {
set pool-def#1="pool1 1.2.3.4 1.2.3.5"
}
}

}

Профиль пользователя сервера AAA Server

./ViewProfile -p 9900 -u pool_test
User Profile Information
user = pool_test{
profile_id = 46
profile_cycle = 15
password = pap "********"
service=ppp {
protocol=lcp {
}
protocol=ip {
set addr-pool=pool1
}
}

}

Выходные данные отладки

Script started on Mon Dec 10 13:22:05 2001
ddunlap@rtp-cse-353% telnet 172.18.124.114
Trying 172.18.124.114...
Connected to 172.18.124.114.
Escape character is '^]'.


UNIX(r) System V Release 4.0 (rtp-evergreen)

login: root
Password: 
Last login: Mon Dec 10 10:09:01 from rtp-cse-353.cisc
Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
Sun Microsystems Inc.   SunOS 5.5.1     Generic May 1996
# telnet 14.36.1.53
Trying 14.36.1.53...
Connected to 14.36.1.53.
Escape character is '^]'.


User Access Verification

Username: testuser
Password: 

as5300>en
Password: 
as5300#show debug
General OS:
  TACACS access control debugging is on
  AAA Authentication debugging is on
  AAA Authorization debugging is on
PPP:
  PPP protocol negotiation debugging is on
as5300#terminal monitor
as5300#
00:06:29: As1 LCP: I CONFREQ [Closed] id 0 len 23
00:06:29: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:29: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:29: As1 LCP:    PFC (0x0702)
00:06:29: As1 LCP:    ACFC (0x0802)
00:06:29: As1 LCP:    Callback 6  (0x0D0306)
00:06:29: As1 LCP: Lower layer not up, Fast Starting
00:06:29: As1 PPP: Treating connection as a dedicated line
00:06:29: As1 PPP: Phase is ESTABLISHING, Active Open
00:06:29: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
00:06:29: As1 LCP: O CONFREQ [Closed] id 1 len 24
00:06:29: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:29: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:29: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:29: As1 LCP:    PFC (0x0702)
00:06:29: As1 LCP:    ACFC (0x0802)
00:06:29: As1 LCP: O CONFREJ [REQsent] id 0 len 7
00:06:29: As1 LCP:    Callback 6  (0x0D0306)
00:06:29: %LINK-3-UPDOWN: Interface Async1, changed state to up
00:06:31: As1 LCP: TIMEout: State REQsent
00:06:31: As1 LCP: O CONFREQ [REQsent] id 2 len 24
00:06:31: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:31: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:31: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:31: As1 LCP:    PFC (0x0702)
00:06:31: As1 LCP:    ACFC (0x0802)
00:06:31: As1 LCP: I CONFACK [REQsent] id 2 len 24
00:06:31: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
00:06:31: As1 LCP:    AuthProto PAP (0x0304C023)
00:06:31: As1 LCP:    MagicNumber 0xD0C0094C (0x0506D0C0094C)
00:06:31: As1 LCP:    PFC (0x0702)
00:06:31: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP:    Callback 6  (0x0D0306)
00:06:32: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7
00:06:32: As1 LCP:    Callback 6  (0x0D0306)
00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20
00:06:32: As1 LCP:    ACCM 0x00000000 (0x020600000000)
00:06:32: As1 LCP:    MagicNumber 0x00006D9C (0x050600006D9C)
00:06:32: As1 LCP:    PFC (0x0702)
00:06:32: As1 LCP:    ACFC (0x0802)
00:06:32: As1 LCP: State is Open
00:06:32: As1 PPP: Phase is AUTHENTICATING, by this end
00:06:32: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00006D9C MSRASV4.00
00:06:32: As1 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00006D9C MSRAS-1-ZEKIE
00:06:32: As1 PAP: I AUTH-REQ id 24 len 24 from "pool_test"
00:06:32: As1 PAP: Authenticating peer pool_test
00:06:32: AAA: parse name=Async1 idb type=10 tty=1
00:06:32: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 
adapter=0 port=1 channel=0
00:06:32: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:06:32: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 
adapter=0 port=0 channel=18
00:06:32: AAA/MEMORY: create_user (0x61B26890) user='pool_test' 
ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=PAP 
service=PPP priv=1
00:06:32: AAA/AUTHEN/START (4053426223): port='Async1' list='' 
action=LOGIN service=PPP
00:06:32: AAA/AUTHEN/START (4053426223): using "default" list
00:06:32: AAA/AUTHEN (4053426223): status = UNKNOWN
00:06:32: AAA/AUTHEN/START (4053426223): Method=tacacs+ (tacacs+)
00:06:32: TAC+: send AUTHEN/START packet ver=193 id=4053426223
00:06:32: TAC+: Using default tacacs server-group "tacacs+" list.
00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:32: TAC+: Opened TCP/IP handle 0x618FDF3C to 172.18.124.114/49 
using source 14.36.1.53
00:06:32: TAC+: 172.18.124.114 (4053426223) AUTHEN/START/LOGIN/PAP queued
00:06:32: TAC+: (4053426223) AUTHEN/START/LOGIN/PAP processed
00:06:32: TAC+: ver=193 id=4053426223 received AUTHEN status = PASS
00:06:32: AAA/AUTHEN (4053426223): status = PASS
00:06:32: TAC+: Closing TCP/IP 0x618FDF3C connection to 172.18.124.114/49
00:06:32: As1 AAA/AUTHOR/LCP: Authorize LCP
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Port='Async1' list='' service=NET
00:06:32: AAA/AUTHOR/LCP: As1 (2507907283) user='pool_test'
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV service=ppp
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV protocol=lcp
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): found list "default"
00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Method=tacacs+ (tacacs+)
00:06:32: AAA/AUTHOR/TAC+: (2507907283): user=pool_test
00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV service=ppp
00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV protocol=lcp
00:06:32: TAC+: using previously set server 172.18.124.114 from group tacacs+
00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:32: TAC+: Opened TCP/IP handle 0x61B3B1A4 to 172.18.124.114/49 
using source 14.36.1.53
00:06:32: TAC+: Opened 172.18.124.114 index=1
00:06:32: TAC+: 172.18.124.114 (2507907283) AUTHOR/START queued
00:06:33: TAC+: (2507907283) AUTHOR/START processed
00:06:33: TAC+: (2507907283): received author response status = PASS_ADD
00:06:33: TAC+: Closing TCP/IP 0x61B3B1A4 connection to 172.18.124.114/49
00:06:33: As1 AAA/AUTHOR (2507907283): Post authorization status = PASS_ADD
00:06:33: As1 PAP: O AUTH-ACK id 24 len 5
00:06:33: As1 PPP: Phase is UP
00:06:33: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
00:06:33: As1 AAA/AUTHOR/FSM (924563050): Port='Async1' list='' service=NET
00:06:33: AAA/AUTHOR/FSM: As1 (924563050) user='pool_test'
00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV service=ppp
00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV protocol=ip
00:06:33: As1 AAA/AUTHOR/FSM (924563050): found list "default"
00:06:33: As1 AAA/AUTHOR/FSM (924563050): Method=tacacs+ (tacacs+)
00:06:33: AAA/AUTHOR/TAC+: (924563050): user=pool_test
00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV service=ppp
00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV protocol=ip
00:06:33: TAC+: using previously set server 172.18.124.114 from group tacacs+
00:06:33: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:33: TAC+: Opened TCP/IP handle 0x61B3B620 to 172.18.124.114/49 
using source 14.36.1.53
00:06:33: TAC+: Opened 172.18.124.114 index=1
00:06:33: TAC+: 172.18.124.114 (924563050) AUTHOR/START queued
00:06:33: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10
00:06:33: As1 CCP:    MS-PPC supported bits 0x00000001 (0x120600000001)
00:06:33: As1 LCP: O PROTREJ [Open] id 3 len 16 protocol CCP 
(0x80FD0104000A120600000001)
00:06:33: As1 IPCP: I CONFREQ [Closed] id 5 len 40
00:06:33: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:33: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:33: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:33: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:33: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:33: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:33: TAC+: (924563050) AUTHOR/START processed
00:06:33: TAC+: (924563050): received author response status = PASS_ADD
00:06:33: TAC+: Closing TCP/IP 0x61B3B620 connection to 172.18.124.114/49
00:06:33: As1 AAA/AUTHOR (924563050): Post authorization status = PASS_ADD
00:06:33: As1 AAA/AUTHOR/FSM: We can start IPCP
00:06:33: As1 IPCP: O CONFREQ [Closed] id 1 len 10
00:06:33: As1 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:06:33: As1 IPCP: I CONFACK [REQsent] id 1 len 10
00:06:33: As1 IPCP:    Address 14.36.1.53 (0x03060E240135)
00:06:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
changed state to up
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 40
00:06:34: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:34: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:34: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:34: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:34: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:34: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
00:06:34: As1 AAA/AUTHOR/IPCP: Says use pool pool1
00:06:34: AAA: parse name=Async1 idb type=10 tty=1
00:06:34: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=1 channel=0
00:06:34: AAA: parse name=Serial0:18 idb type=12 tty=-1
00:06:34: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 
port=0 channel=18
00:06:34: AAA/MEMORY: create_user (0x61451E1C) user='nas1-pools' ruser='' 
port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Port='Async1' list='' 
service=NET
00:06:34: AAA/AUTHOR/POOL: As1 (2293413778) user='nas1-pools'
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV service=ppp
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV protocol=ip
00:06:34: Async1 AAA/AUTHOR/POOL (2293413778): found list "default"
00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Method=tacacs+ (tacacs+)
00:06:34: AAA/AUTHOR/TAC+: (2293413778): user=nas1-pools
00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV service=ppp
00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV protocol=ip
00:06:34: TAC+: Using default tacacs server-group "tacacs+" list.
00:06:34: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10
00:06:34: TAC+: Opened TCP/IP handle 0x61B3BA9C to 172.18.124.114/49 
using source 14.36.1.53
00:06:34: TAC+: 172.18.124.114 (2293413778) AUTHOR/START queued
00:06:34: TAC+: (2293413778) AUTHOR/START processed
00:06:34: TAC+: (2293413778): received author response status = PASS_ADD
00:06:34: TAC+: Closing TCP/IP 0x61B3BA9C connection to 172.18.124.114/49
00:06:34: AAA/AUTHOR (2293413778): Post authorization status = PASS_ADD
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5
00:06:34: AAA/MEMORY: free_user (0x61451E1C) user='nas1-pools' ruser='' 
port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1
00:06:34: As1 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFREJ [ACKrcvd] id 5 len 34
00:06:34: As1 IPCP:    CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
00:06:34: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
00:06:34: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
00:06:34: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
00:06:34: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
00:06:34: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 AAA/AUTHOR/IPCP: Start.  Her address 1.2.3.4, we want 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1
00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4
00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded
00:06:34: As1 AAA/AUTHOR/IPCP: Done.  Her address 1.2.3.4, we want 1.2.3.4
00:06:34: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10
00:06:34: As1 IPCP:    Address 1.2.3.4 (0x030601020304)
00:06:34: As1 IPCP: State is Open
00:06:34: As1 IPCP: Install route to 1.2.3.4

as5300#show caller ip
  Line         User       IP Address      Local Number    Remote Number   <->
  As1          pool_test  1.2.3.4         9194724101      9194722001      
as5300#show ip local pool
 Pool                     Begin           End             Free  In use
 pool1                    1.2.3.4         1.2.3.5            1       1 (dynamic)

Связанные обсуждения сообщества поддержки Cisco

В рамках сообщества поддержки Cisco можно задавать и отвечать на вопросы, обмениваться рекомендациями и совместно работать со своими коллегами.


Дополнительные сведения