Uso del Servidor AAA para Administrar Grupos IP en un Servidor de Acceso de Red
Contenido
Introducción
Este documento proporciona las configuraciones de muestra para usar a un servidor de AAA para manejar a las agrupaciones IP en un servidor de acceso a la red (NAS).
Antes de comenzar
Convenciones
Para obtener más información sobre las convenciones del documento, consulte Convenciones de Consejos Técnicos de Cisco.
prerrequisitos
No hay requisitos previos específicos para este documento.
Componentes Utilizados
La información que contiene este documento se basa en las versiones de software y hardware indicadas a continuación.
-
Versión de software del IOS® de Cisco 12.0.7.T
La información que se presenta en este documento se originó a partir de dispositivos dentro de un ambiente de laboratorio específico. Todos los dispositivos que se utilizan en este documento se pusieron en funcionamiento con una configuración verificada (predeterminada). Si la red está funcionando, asegúrese de haber comprendido el impacto que puede tener un comando antes de ejecutarlo.
Agrupaciones IP
La negociación de dirección del protocolo during ip control (IPCP), si un nombre de la agrupación IP se especifica para un usuario, el NAS marca si definen al agrupamiento mencionado localmente. Si es, no se requiere ninguna acción especial y consultan a la agrupación local para una dirección IP. Si el agrupamiento requerido no está presente, después una llamada de la autorización para obtenerla se hace, usando el nombre de usuario especial “Pools-nas-name” donde está el nombre del host configurado el “NAS-nombre” del NAS. En la respuesta, el servidor de AAA descarga la configuración del agrupamiento requerido. Usted puede configurar un diverso nombre de usuario del pool con el comando aaa configuration config-username name of your choosing.
Este comando tiene el efecto de cambiar el nombre de usuario que se utiliza para descargar las definiciones del pool del nombre predeterminado “Pools-nas-name” a “nombre-de-su-elegir.”
No conservan en memoria no volátil y desaparecen automáticamente a los pools descargados a Cisco NAS siempre que los reinicios del servidor de acceso o del router. Los Agrupamientos descargados pueden también ser hechos al time-out automáticamente agregando un par AV conveniente. Marcan a los Agrupamientos descargados como dinámico en la salida del comando show ip local pools.
Configuración RADIUS NAS
aaa new-model aaa authentication login default group radius aaa authentication ppp default if-needed group radius aaa authorization network default group radius aaa configuration config-username nas1-pools radius-server host 172.18.124.114 auth-port 1645 acct-port 1646 radius-server key cisco
Perfil de conjunto NAS (Servidor de acceso a la red) del servidor AAA
./ViewProfile -p 9900 -u nas1-pools
User Profile Information
user = nas1-pools
profile_id=63
profile_cycle = 7
member = nas_profiles
password = pap "********"
radius=Cisco {
reply_attributes= {
6=5
9,1="ip:pool-def#1= pool1 172.22.83.2 172.22.83.253"
}
}
}
Este ejemplo muestra el usuario el "nas1-pools" creado en un servidor del CiscoSecure UNIX (CSU). Esta entrada especifica un User-service-type del usuario de salida {6=5}. Este atributo es suministrado por el NAS para evitar que los logines ordinarios usen la combinación bien conocida del nombre de usuario y contraseña de nas1-pools/cisco.
Perfill del usuario del servidor de AAA
./ViewProfile -p 9900 -u pool_test
user = pool_test{
profile_id = 46
profile_cycle = 14
member = dial_rad
password = pap "********"
radius=Cisco {
reply_attributes= {
7=1
6=2
9,1="ip:addr-pool=pool1"
}
}
}
Verificación
Los diales “más pool_test” del usuario adentro y se asignan una dirección IP de pool1 en el servidor de AAA.
as5300#show debug General OS: AAA Authentication debugging is on AAA Authorization debugging is on PPP: PPP protocol negotiation debugging is on Radius protocol debugging is on as5300#term mon as5300# 00:26:01: %LINK-3-UPDOWN: Interface Async5, changed state to up 00:26:01: As5 PPP: Treating connection as a dedicated line 00:26:01: As5 PPP: Phase is ESTABLISHING, Active Open 00:26:01: As5 AAA/AUTHOR/FSM: (0): LCP succeeds trivially 00:26:01: As5 LCP: O CONFREQ [Closed] id 1 len 24 00:26:01: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:01: As5 LCP: AuthProto PAP (0x0304C023) 00:26:01: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:01: As5 LCP: PFC (0x0702) 00:26:01: As5 LCP: ACFC (0x0802) 00:26:01: As5 LCP: I CONFACK [REQsent] id 1 len 24 00:26:01: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:01: As5 LCP: AuthProto PAP (0x0304C023) 00:26:01: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:01: As5 LCP: PFC (0x0702) 00:26:01: As5 LCP: ACFC (0x0802) 00:26:02: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23 00:26:02: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:02: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:02: As5 LCP: PFC (0x0702) 00:26:02: As5 LCP: ACFC (0x0802) 00:26:02: As5 LCP: Callback 6 (0x0D0306) 00:26:02: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7 00:26:02: As5 LCP: Callback 6 (0x0D0306) 00:26:03: As5 LCP: TIMEout: State ACKrcvd 00:26:03: As5 LCP: O CONFREQ [ACKrcvd] id 2 len 24 00:26:03: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:03: As5 LCP: AuthProto PAP (0x0304C023) 00:26:03: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:03: As5 LCP: PFC (0x0702) 00:26:03: As5 LCP: ACFC (0x0802) 00:26:03: As5 LCP: I CONFACK [REQsent] id 2 len 24 00:26:03: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:03: As5 LCP: AuthProto PAP (0x0304C023) 00:26:03: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:03: As5 LCP: PFC (0x0702) 00:26:03: As5 LCP: ACFC (0x0802) 00:26:05: As5 LCP: TIMEout: State ACKrcvd 00:26:05: As5 LCP: O CONFREQ [ACKrcvd] id 3 len 24 00:26:05: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:05: As5 LCP: AuthProto PAP (0x0304C023) 00:26:05: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:05: As5 LCP: PFC (0x0702) 00:26:05: As5 LCP: ACFC (0x0802) 00:26:05: As5 LCP: I CONFACK [REQsent] id 3 len 24 00:26:05: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:05: As5 LCP: AuthProto PAP (0x0304C023) 00:26:05: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:05: As5 LCP: PFC (0x0702) 00:26:05: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23 00:26:06: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:06: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:06: As5 LCP: PFC (0x0702) 00:26:06: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: Callback 6 (0x0D0306) 00:26:06: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7 00:26:06: As5 LCP: Callback 6 (0x0D0306) 00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 1 len 20 00:26:06: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:06: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:06: As5 LCP: PFC (0x0702) 00:26:06: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: O CONFACK [ACKrcvd] id 1 len 20 00:26:06: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:06: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:06: As5 LCP: PFC (0x0702) 00:26:06: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: State is Open 00:26:06: As5 PPP: Phase is AUTHENTICATING, by this end 00:26:06: As5 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00002BF7 MSRASV4.00 00:26:06: As5 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00002BF7 MSRAS-1-ZEKIE 00:26:06: As5 PAP: I AUTH-REQ id 31 len 24 from "pool_test" 00:26:06: As5 PAP: Authenticating peer pool_test 00:26:06: AAA: parse name=Async5 idb type=10 tty=5 00:26:06: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0 00:26:06: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:26:06: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:26:06: AAA/MEMORY: create_user (0x618FFBB0) user='pool_test' ruser='' port='Async5' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1 00:26:06: AAA/AUTHEN/START (2962877775): port='Async5' list='' action=LOGIN service=PPP 00:26:06: AAA/AUTHEN/START (2962877775): using "default" list 00:26:06: AAA/AUTHEN (2962877775): status = UNKNOWN 00:26:06: AAA/AUTHEN/START (2962877775): Method=radius (radius) 00:26:06: RADIUS: ustruct sharecount=1 00:26:06: RADIUS: Initial Transmit Async5 id 10 172.18.124.114:1645, Access-Request, len 103 00:26:06: Attribute 4 6 01010101 00:26:06: Attribute 5 6 00000005 00:26:06: Attribute 61 6 00000000 00:26:06: Attribute 1 11 706F6F6C 00:26:06: Attribute 30 12 39313934 00:26:06: Attribute 31 12 39313934 00:26:06: Attribute 2 18 FC2DE489 00:26:06: Attribute 6 6 00000002 00:26:06: Attribute 7 6 00000001 00:26:06: RADIUS: Received from id 10 172.18.124.114:1645, Access-Accept, len 58 00:26:06: Attribute 7 6 00000001 00:26:06: Attribute 6 6 00000002 00:26:06: Attribute 26 26 0000000901146970 00:26:06: RADIUS: saved authorization data for user 618FFBB0 at 618FEAE4 00:26:06: AAA/AUTHEN (2962877775): status = PASS 00:26:06: As5 AAA/AUTHOR/LCP: Authorize LCP 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Port='Async5' list='' service=NET 00:26:06: AAA/AUTHOR/LCP: As5 (3264835197) user='pool_test' 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV service=ppp 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV protocol=lcp 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): found list "default" 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Method=radius (radius) 00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" not applied for lcp 00:26:06: As5 AAA/AUTHOR (3264835197): Post authorization status = PASS_REPL 00:26:06: As5 AAA/AUTHOR/LCP: Processing AV service=ppp 00:26:06: As5 PAP: O AUTH-ACK id 31 len 5 00:26:06: As5 PPP: Phase is UP 00:26:06: As5 AAA/AUTHOR/FSM: (0): Can we start IPCP? 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Port='Async5' list='' service=NET 00:26:06: AAA/AUTHOR/FSM: As5 (2404696831) user='pool_test' 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV service=ppp 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV protocol=ip 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): found list "default" 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Method=radius (radius) 00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" 00:26:06: As5 AAA/AUTHOR (2404696831): Post authorization status = PASS_REPL 00:26:06: As5 AAA/AUTHOR/FSM: We can start IPCP 00:26:06: As5 IPCP: O CONFREQ [Closed] id 1 len 10 00:26:06: As5 IPCP: Address 14.36.1.53 (0x03060E240135) 00:26:07: As5 CCP: I CONFREQ [Not negotiated] id 4 len 10 00:26:07: As5 CCP: MS-PPC supported bits 0x00000001 (0x120600000001) 00:26:07: As5 LCP: O PROTREJ [Open] id 4 len 16 protocol CCP (0x80FD0104000A120600000001) 00:26:07: As5 IPCP: I CONFREQ [REQsent] id 5 len 40 00:26:07: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:26:07: As5 IPCP: Address 0.0.0.0 (0x030600000000) 00:26:07: As5 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:26:07: As5 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:26:07: As5 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:26:07: As5 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:26:07: As5 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 00:26:07: As5 AAA/AUTHOR/IPCP: Says use pool pool1 00:26:07: AAA: parse name=Async5 idb type=10 tty=5 00:26:07: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0 00:26:07: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:26:07: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:26:07: AAA/MEMORY: create_user (0x618FFCD8) user='nas1-pools' ruser='' port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Port='Async5' list='' service=NET 00:26:07: AAA/AUTHOR/POOL: As5 (3562270977) user='nas1-pools' 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV service=ppp 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV protocol=ip 00:26:07: Async5 AAA/AUTHOR/POOL (3562270977): found list "default" 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Method=radius (radius) 00:26:07: RADIUS: authenticating to get author data 00:26:07: RADIUS: ustruct sharecount=2 00:26:07: RADIUS: Initial Transmit Async5 id 11 172.18.124.114:1645, Access-Request, len 98 00:26:07: Attribute 4 6 01010101 00:26:07: Attribute 5 6 00000005 00:26:07: Attribute 61 6 00000000 00:26:07: Attribute 1 12 6E617331 00:26:07: Attribute 30 12 39313934 00:26:07: Attribute 31 12 39313934 00:26:07: Attribute 2 18 E6DF8390 00:26:07: Attribute 6 6 00000005 00:26:07: RADIUS: Received from id 11 172.18.124.114:1645, Access-Accept, len 69 00:26:07: Attribute 6 6 00000005 00:26:07: Attribute 26 43 0000000901256970 00:26:07: RADIUS: saved authorization data for user 618FFCD8 at 61450E5C 00:26:07: RADIUS: cisco AVPair "ip:pool-def#1=pool1 1.2.3.4 1.2.3.5" 00:26:07: AAA/AUTHOR (3562270977): Post authorization status = PASS_REPL 00:26:07: As5 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5 00:26:07: AAA/MEMORY: free_user (0x618FFCD8) user='nas1-pools' ruser='' port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:26:07: As5 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded 00:26:07: As5 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:26:07: As5 IPCP: O CONFREJ [REQsent] id 5 len 34 00:26:07: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:26:07: As5 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:26:07: As5 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:26:07: As5 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:26:07: As5 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:26:07: As5 IPCP: I CONFACK [REQsent] id 1 len 10 00:26:07: As5 IPCP: Address 14.36.1.53 (0x03060E240135) 00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 6 len 10 00:26:07: As5 IPCP: Address 0.0.0.0 (0x030600000000) 00:26:07: As5 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded 00:26:07: As5 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:26:07: As5 IPCP: O CONFNAK [ACKrcvd] id 6 len 10 00:26:07: As5 IPCP: Address 1.2.3.4 (0x030601020304) 00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 7 len 10 00:26:07: As5 IPCP: Address 1.2.3.4 (0x030601020304) 00:26:07: As5 AAA/AUTHOR/IPCP: Start. Her address 1.2.3.4, we want 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded 00:26:07: As5 AAA/AUTHOR/IPCP: Done. Her address 1.2.3.4, we want 1.2.3.4 00:26:07: As5 IPCP: O CONFACK [ACKrcvd] id 7 len 10 00:26:07: As5 IPCP: Address 1.2.3.4 (0x030601020304) 00:26:07: As5 IPCP: State is Open 00:26:07: As5 IPCP: Install route to 1.2.3.4 00:26:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, changed state to up as5300#show caller ip Line User IP Address Local Number Remote Number <-> As5 pool_test 1.2.3.4 9194724101 9194722001 as5300#show ip local pool Pool Begin End Free In use pool1 1.2.3.4 1.2.3.5 1 1 (dynamic)
Configuración de TACACS+NAS
aaa new-model aaa authentication login default group tacacs+ aaa authentication ppp default if-needed group tacacs+ aaa authorization network default group tacacs+ aaa configuration config-username nas1-pools tacacs-server host 172.18.124.114 tacacs-server key cisco
Perfil de conjunto NAS (Servidor de acceso a la red) del servidor AAA
./ViewProfile -p 9900 -u nas1-pools
User Profile Information
user = nas1-pools
profile_id = 63
profile_cycle = 8
service=ppp {
protocol=ip {
set pool-def#1="pool1 1.2.3.4 1.2.3.5"
}
}
}
Perfill del usuario del servidor de AAA
./ViewProfile -p 9900 -u pool_test
User Profile Information
user = pool_test{
profile_id = 46
profile_cycle = 15
password = pap "********"
service=ppp {
protocol=lcp {
}
protocol=ip {
set addr-pool=pool1
}
}
}
‘Resultado de debug’
Script started on Mon Dec 10 13:22:05 2001 ddunlap@rtp-cse-353% telnet 172.18.124.114 Trying 172.18.124.114... Connected to 172.18.124.114. Escape character is '^]'. UNIX(r) System V Release 4.0 (rtp-evergreen) login: root Password: Last login: Mon Dec 10 10:09:01 from rtp-cse-353.cisc Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996 Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996 # telnet 14.36.1.53 Trying 14.36.1.53... Connected to 14.36.1.53. Escape character is '^]'. User Access Verification Username: testuser Password: as5300>en Password: as5300#show debug General OS: TACACS access control debugging is on AAA Authentication debugging is on AAA Authorization debugging is on PPP: PPP protocol negotiation debugging is on as5300#terminal monitor as5300# 00:06:29: As1 LCP: I CONFREQ [Closed] id 0 len 23 00:06:29: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:29: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:29: As1 LCP: PFC (0x0702) 00:06:29: As1 LCP: ACFC (0x0802) 00:06:29: As1 LCP: Callback 6 (0x0D0306) 00:06:29: As1 LCP: Lower layer not up, Fast Starting 00:06:29: As1 PPP: Treating connection as a dedicated line 00:06:29: As1 PPP: Phase is ESTABLISHING, Active Open 00:06:29: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially 00:06:29: As1 LCP: O CONFREQ [Closed] id 1 len 24 00:06:29: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:06:29: As1 LCP: AuthProto PAP (0x0304C023) 00:06:29: As1 LCP: MagicNumber 0xD0C0094C (0x0506D0C0094C) 00:06:29: As1 LCP: PFC (0x0702) 00:06:29: As1 LCP: ACFC (0x0802) 00:06:29: As1 LCP: O CONFREJ [REQsent] id 0 len 7 00:06:29: As1 LCP: Callback 6 (0x0D0306) 00:06:29: %LINK-3-UPDOWN: Interface Async1, changed state to up 00:06:31: As1 LCP: TIMEout: State REQsent 00:06:31: As1 LCP: O CONFREQ [REQsent] id 2 len 24 00:06:31: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:06:31: As1 LCP: AuthProto PAP (0x0304C023) 00:06:31: As1 LCP: MagicNumber 0xD0C0094C (0x0506D0C0094C) 00:06:31: As1 LCP: PFC (0x0702) 00:06:31: As1 LCP: ACFC (0x0802) 00:06:31: As1 LCP: I CONFACK [REQsent] id 2 len 24 00:06:31: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:06:31: As1 LCP: AuthProto PAP (0x0304C023) 00:06:31: As1 LCP: MagicNumber 0xD0C0094C (0x0506D0C0094C) 00:06:31: As1 LCP: PFC (0x0702) 00:06:31: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23 00:06:32: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:32: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:32: As1 LCP: PFC (0x0702) 00:06:32: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: Callback 6 (0x0D0306) 00:06:32: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7 00:06:32: As1 LCP: Callback 6 (0x0D0306) 00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20 00:06:32: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:32: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:32: As1 LCP: PFC (0x0702) 00:06:32: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20 00:06:32: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:32: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:32: As1 LCP: PFC (0x0702) 00:06:32: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: State is Open 00:06:32: As1 PPP: Phase is AUTHENTICATING, by this end 00:06:32: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00006D9C MSRASV4.00 00:06:32: As1 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00006D9C MSRAS-1-ZEKIE 00:06:32: As1 PAP: I AUTH-REQ id 24 len 24 from "pool_test" 00:06:32: As1 PAP: Authenticating peer pool_test 00:06:32: AAA: parse name=Async1 idb type=10 tty=1 00:06:32: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=1 channel=0 00:06:32: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:06:32: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:06:32: AAA/MEMORY: create_user (0x61B26890) user='pool_test' ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1 00:06:32: AAA/AUTHEN/START (4053426223): port='Async1' list='' action=LOGIN service=PPP 00:06:32: AAA/AUTHEN/START (4053426223): using "default" list 00:06:32: AAA/AUTHEN (4053426223): status = UNKNOWN 00:06:32: AAA/AUTHEN/START (4053426223): Method=tacacs+ (tacacs+) 00:06:32: TAC+: send AUTHEN/START packet ver=193 id=4053426223 00:06:32: TAC+: Using default tacacs server-group "tacacs+" list. 00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:32: TAC+: Opened TCP/IP handle 0x618FDF3C to 172.18.124.114/49 using source 14.36.1.53 00:06:32: TAC+: 172.18.124.114 (4053426223) AUTHEN/START/LOGIN/PAP queued 00:06:32: TAC+: (4053426223) AUTHEN/START/LOGIN/PAP processed 00:06:32: TAC+: ver=193 id=4053426223 received AUTHEN status = PASS 00:06:32: AAA/AUTHEN (4053426223): status = PASS 00:06:32: TAC+: Closing TCP/IP 0x618FDF3C connection to 172.18.124.114/49 00:06:32: As1 AAA/AUTHOR/LCP: Authorize LCP 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Port='Async1' list='' service=NET 00:06:32: AAA/AUTHOR/LCP: As1 (2507907283) user='pool_test' 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV service=ppp 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV protocol=lcp 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): found list "default" 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Method=tacacs+ (tacacs+) 00:06:32: AAA/AUTHOR/TAC+: (2507907283): user=pool_test 00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV service=ppp 00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV protocol=lcp 00:06:32: TAC+: using previously set server 172.18.124.114 from group tacacs+ 00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:32: TAC+: Opened TCP/IP handle 0x61B3B1A4 to 172.18.124.114/49 using source 14.36.1.53 00:06:32: TAC+: Opened 172.18.124.114 index=1 00:06:32: TAC+: 172.18.124.114 (2507907283) AUTHOR/START queued 00:06:33: TAC+: (2507907283) AUTHOR/START processed 00:06:33: TAC+: (2507907283): received author response status = PASS_ADD 00:06:33: TAC+: Closing TCP/IP 0x61B3B1A4 connection to 172.18.124.114/49 00:06:33: As1 AAA/AUTHOR (2507907283): Post authorization status = PASS_ADD 00:06:33: As1 PAP: O AUTH-ACK id 24 len 5 00:06:33: As1 PPP: Phase is UP 00:06:33: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP? 00:06:33: As1 AAA/AUTHOR/FSM (924563050): Port='Async1' list='' service=NET 00:06:33: AAA/AUTHOR/FSM: As1 (924563050) user='pool_test' 00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV service=ppp 00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV protocol=ip 00:06:33: As1 AAA/AUTHOR/FSM (924563050): found list "default" 00:06:33: As1 AAA/AUTHOR/FSM (924563050): Method=tacacs+ (tacacs+) 00:06:33: AAA/AUTHOR/TAC+: (924563050): user=pool_test 00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV service=ppp 00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV protocol=ip 00:06:33: TAC+: using previously set server 172.18.124.114 from group tacacs+ 00:06:33: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:33: TAC+: Opened TCP/IP handle 0x61B3B620 to 172.18.124.114/49 using source 14.36.1.53 00:06:33: TAC+: Opened 172.18.124.114 index=1 00:06:33: TAC+: 172.18.124.114 (924563050) AUTHOR/START queued 00:06:33: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10 00:06:33: As1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001) 00:06:33: As1 LCP: O PROTREJ [Open] id 3 len 16 protocol CCP (0x80FD0104000A120600000001) 00:06:33: As1 IPCP: I CONFREQ [Closed] id 5 len 40 00:06:33: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:06:33: As1 IPCP: Address 0.0.0.0 (0x030600000000) 00:06:33: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:06:33: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:06:33: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:06:33: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:06:33: TAC+: (924563050) AUTHOR/START processed 00:06:33: TAC+: (924563050): received author response status = PASS_ADD 00:06:33: TAC+: Closing TCP/IP 0x61B3B620 connection to 172.18.124.114/49 00:06:33: As1 AAA/AUTHOR (924563050): Post authorization status = PASS_ADD 00:06:33: As1 AAA/AUTHOR/FSM: We can start IPCP 00:06:33: As1 IPCP: O CONFREQ [Closed] id 1 len 10 00:06:33: As1 IPCP: Address 14.36.1.53 (0x03060E240135) 00:06:33: As1 IPCP: I CONFACK [REQsent] id 1 len 10 00:06:33: As1 IPCP: Address 14.36.1.53 (0x03060E240135) 00:06:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state to up 00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 40 00:06:34: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:06:34: As1 IPCP: Address 0.0.0.0 (0x030600000000) 00:06:34: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:06:34: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:06:34: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:06:34: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:06:34: As1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 00:06:34: As1 AAA/AUTHOR/IPCP: Says use pool pool1 00:06:34: AAA: parse name=Async1 idb type=10 tty=1 00:06:34: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=1 channel=0 00:06:34: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:06:34: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:06:34: AAA/MEMORY: create_user (0x61451E1C) user='nas1-pools' ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Port='Async1' list='' service=NET 00:06:34: AAA/AUTHOR/POOL: As1 (2293413778) user='nas1-pools' 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV service=ppp 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV protocol=ip 00:06:34: Async1 AAA/AUTHOR/POOL (2293413778): found list "default" 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Method=tacacs+ (tacacs+) 00:06:34: AAA/AUTHOR/TAC+: (2293413778): user=nas1-pools 00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV service=ppp 00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV protocol=ip 00:06:34: TAC+: Using default tacacs server-group "tacacs+" list. 00:06:34: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:34: TAC+: Opened TCP/IP handle 0x61B3BA9C to 172.18.124.114/49 using source 14.36.1.53 00:06:34: TAC+: 172.18.124.114 (2293413778) AUTHOR/START queued 00:06:34: TAC+: (2293413778) AUTHOR/START processed 00:06:34: TAC+: (2293413778): received author response status = PASS_ADD 00:06:34: TAC+: Closing TCP/IP 0x61B3BA9C connection to 172.18.124.114/49 00:06:34: AAA/AUTHOR (2293413778): Post authorization status = PASS_ADD 00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5 00:06:34: AAA/MEMORY: free_user (0x61451E1C) user='nas1-pools' ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:06:34: As1 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded 00:06:34: As1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:06:34: As1 IPCP: O CONFREJ [ACKrcvd] id 5 len 34 00:06:34: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:06:34: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:06:34: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:06:34: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:06:34: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10 00:06:34: As1 IPCP: Address 0.0.0.0 (0x030600000000) 00:06:34: As1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded 00:06:34: As1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:06:34: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10 00:06:34: As1 IPCP: Address 1.2.3.4 (0x030601020304) 00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10 00:06:34: As1 IPCP: Address 1.2.3.4 (0x030601020304) 00:06:34: As1 AAA/AUTHOR/IPCP: Start. Her address 1.2.3.4, we want 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded 00:06:34: As1 AAA/AUTHOR/IPCP: Done. Her address 1.2.3.4, we want 1.2.3.4 00:06:34: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10 00:06:34: As1 IPCP: Address 1.2.3.4 (0x030601020304) 00:06:34: As1 IPCP: State is Open 00:06:34: As1 IPCP: Install route to 1.2.3.4 as5300#show caller ip Line User IP Address Local Number Remote Number <-> As1 pool_test 1.2.3.4 9194724101 9194722001 as5300#show ip local pool Pool Begin End Free In use pool1 1.2.3.4 1.2.3.5 1 1 (dynamic)
Información Relacionada
Historial de revisiones
| Revisión | Fecha de publicación | Comentarios |
|---|---|---|
1.0 |
14-Oct-2009 |
Versión inicial |
ComentariosContacte a Cisco
- Abrir un caso de soporte
- (Requiere un Cisco Service Contract)