Cisco路由器上配置3A认证的故障调试
AAA故障与调试
在路由器的AAA配置中,是否认证,认证、授权及记账情况如何,在配置阶段少不了调试,在出现故障时,借助调试信息能很好地定位故障点。
1.Debug AAA Authentication命令
使用Debug AAA Authentication命令来调试一个EXEC登录过程,采用的Rongxin的认证方法列表,使用TACACS+认证协议,系统通过发送GETUSER和GETPASS来提示输入用户名和密码,最优通过认证(PASS)的过程。
Router# debug aaa authentication
AAA Authentication debugging is on
Router#
*Mar 1 01:34:40.819: AAA/BIND(00000015): Bind i/f
*Mar 1 01:34:40.827: AAA/AUTHEN/LOGIN (00000015): Pick method list 'rongxin'
*Mar 1 01:34:52.903: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar 1 01:34:52.903: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar 1 01:34:52.907: AAA/MEMORY: create_user (0x64DE58AC) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 1 01:34:52.911: AAA/AUTHEN/START (1579679647): port='tty130' list='rongxin' action=LOGIN service=ENABLE
*Mar 1 01:34:52.915: AAA/AUTHEN/START (1579679647): non-console enable - default to enable password
*Mar 1 01:34:52.919: AAA/AUTHEN/START (1579679647): Method=ENABLE
*Mar 1 01:34:52.919: AAA/AUTHEN(1579679647): Status=GETPASS
*Mar 1 01:34:54.627: AAA/AUTHEN/CONT (1579679647): continue_login (user='(undef)')
*Mar 1 01:34:54.631: AAA/AUTHEN(1579679647): Status=GETPASS
*Mar 1 01:34:54.631: AAA/AUTHEN/CONT (1579679647): Method=ENABLE
*Mar 1 01:34:54.703: AAA/AUTHEN(1579679647): Status=PASS
*Mar 1 01:34:54.703: AAA/MEMORY: free_user (0x64DE58AC) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
2.Debug AAA Authorization命令
使用Debug AAA Authentication命令来调试认证信息,用户名为“user1”属性值被授权,最后端口授权通过。
Router# debug aaa authentication r
AAA Authorization debugging is on
Router#
*Mar 1 01:35:18.427: AAA/BIND(00000016): Bind i/f
*Mar 1 01:35:25.463: AAA/AUTHOR (0x16): Pick method list 'rongxin'
*Mar 1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): processing AV cmd=
*Mar 1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): Authorization successful
*Mar 1 01:35:30.567: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar 1 01:35:30.571: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar 1 01:35:30.575: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 1 01:35:32.279: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
3.Debug AAA Accounting命令
使用Debug AAA Accounting命令来调试记账信息,通过CALL START和CALL STOP 来按时计费,使用Debug Tacacs 和Debug RADIUS可得到基于协议级别的更多信息,也可以使用Show accounting来查看记账的记录。
Router# debug aaa accounting
AAA Accounting debugging is on
Router#
*Mar 1 01:36:18.267: AAA/ACCT/EVENT/(00000017): CALL START
*Mar 1 01:36:18.267: Getting session id for NET(00000017) : db=64E2D51C
*Mar 1 01:36:18.271: AAA/ACCT(00000000): add node, session 20
*Mar 1 01:36:18.271: AAA/ACCT/NET(00000017): add, count 1
*Mar 1 01:36:18.275: Getting session id for NONE(00000017) : db=64E2D51C
*Mar 1 01:36:24.903: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
*Mar 1 01:36:24.907: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
*Mar 1 01:36:24.911: Getting session id for EXEC(00000017) : db=64E2D51C
*Mar 1 01:36:24.911: AAA/ACCT(00000017): add common node to avl failed
*Mar 1 01:36:24.915: AAA/ACCT/EXEC(00000017): add, count 2
*Mar 1 01:36:24.919: AAA/ACCT/EVENT/(00000017): EXEC UP
*Mar 1 01:36:24.919: AAA/ACCT/EXEC(00000017): Queueing record is START
*Mar 1 01:36:24.931: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
*Mar 1 01:36:25.299: AAA/ACCT/EXEC(00000017): START protocol reply PASS
*Mar 1 01:36:25.299: AAA/ACCT(00000017): Send START accounting notification to EM successfully
*Mar 1 01:36:31.363: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar 1 01:36:31.363: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar 1 01:36:31.367: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 1 01:36:34.211: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
*Mar 1 01:36:44.431: unknown AAA/DISC: 1/"User Request"
*Mar 1 01:36:44.431: unknown AAA/DISC/EXT: 1020/"User Request"
*Mar 1 01:36:44.435: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
*Mar 1 01:36:44.435: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
*Mar 1 01:36:44.451: AAA/ACCT/EVENT/(00000017): CALL STOP
*Mar 1 01:36:44.451: AAA/ACCT/CALL STOP(00000017): Sending stop requests
*Mar 1 01:36:44.451: AAA/ACCT(00000017): Send all stops
*Mar 1 01:36:44.455: AAA/ACCT/EXEC(00000017): STOP
*Mar 1 01:36:44.459: AAA/ACCT/EXEC(00000017): Queueing record is STOP osr 1
*Mar 1 01:36:44.459: AAA/ACCT/NET(00000017): STOP
*Mar 1 01:36:44.463: AAA/ACCT/NET(00000017): Method list not found
*Mar 1 01:36:44.463: AAA/ACCT/NET(00000017): free_rec, count 1
*Mar 1 01:36:44.467: AAA/ACCT/NET(00000017) reccnt 1, csr TRUE, osr 1
*Mar 1 01:36:44.471: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
*Mar 1 01:36:44.859: AAA/ACCT/EXEC(00000017): STOP protocol reply PASS
*Mar 1 01:36:44.863: AAA/ACCT(00000017): Send STOP accounting notification to EM successfully
*Mar 1 01:36:44.867: AAA/ACCT/EXEC(00000017): Cleaning up from Callback osr 0
*Mar 1 01:36:44.867: AAA/ACCT(00000017): del node, session 20
*Mar 1 01:36:44.871: AAA/ACCT/EXEC(00000017): free_rec, count 0
*Mar 1 01:36:44.871: AAA/ACCT/EXEC(00000017) reccnt 0, csr TRUE, osr 0
*Mar 1 01:36:44.875: AAA/ACCT/EXEC(00000017): Last rec in db, intf not enqueued
Cisco路由器上配置3A认证的故障调试相关推荐
- Packet Tracer - 在思科路由器上配置 AAA 认证
Packet Tracer - 在思科路由器上配置 AAA 认证 拓扑图 地址分配表 设备 接口 IP 地址 子网掩码 默认网关 交换机端口 R1 G0/1 192.168.1.1 255.255.2 ...
- 在CISCO路由器上配置NAT功能
在CISCO路由器上配置NAT功能 http://www.enet.com.cn/eschool/ 2011年07月13日11:59 来源:来自论坛 作者:佚名 [文章摘要]随着intern ...
- 在CISCO路由器上配置DHCP与DHCP中继
企业网络中DHCP环境的搭建 企业DHCP需求描述: 在大型企业中,一般都有很多个部门,各部门之间有时要求不能互通,这可以通过使用VLAN来解决,但是上千个人IP配置也是一件极大耗费人力的事.所以我们 ...
- 无线路由ntp服务器,CISCO路由器上配置NTP服务器
NTP(Network Time Protocol,网络时间协议)是基于RFC1305的协议,是一个跨越广域网或局域网的复杂的同步时间协议.一般情况下建议配置在路由器上,当然配置在其它设备上都是可以的 ...
- 在Cisco路由器上配置WCCP
你可以通过使用WCCP协议(网页缓存通讯协议,Web cache communications protocol),来将通讯流量(通常是对网页的访问请求)实时转发到另外一台设备上.<?xml:n ...
- 在CISCO路由器上实现CHAP认证
在配置PPP验证时有PAP和CHAP的选择,其中PAP为明文传送用户名和口令,不安全:而CHAP则采用哈希值进行验证,口令不会在网上传送,所以安全性比较高. 网络拓扑图如下所示: ...
- CISCO路由器安全配置
这是一篇关于CISCO路由器安全配置的文章,挺不错的,转过来跟大家一起分享. 一.路由器访问控制的安全配置 1.严格控制可以访问路由器的管理员.任何一次维护都需要记录备案. 2.建议不要远程访问路由器 ...
- cisco路由器基本命令配置
cisco路由器基本命令配置 A.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office&qu ...
- Cisco路由器安全配置必用10条命令
当谈到配置一台新的cisco路由器,多数配置依赖于路由器的类型以及它将服务的用途.然而,每位管理员都有其自己的"正确"配置每台路由器的命令列表.笔者将和你分享他自己配置路由器的十条 ...
最新文章
- 机器学习中的线性回归,你理解多少?
- 练习10-1 使用递归函数计算1到n之和 (10 分)
- Handler消息机制(二):一个线程有几个Handler
- Vue.js 深入响应式原理
- 【pmcaff】O2O的背后价值:数据将成为O2O真正核心
- 牛逼站是怎样炼成的?-推荐系统篇
- cf1523C. Compression and Expansion
- android gpu linux,Arm发布针对Mali GPU的Android Linux Vulkan用户空间驱动(HiKey 960,Firefly-RK3288主板)...
- 除去WebView默认存在的一定像素的边距问题
- 95-910-148-源码-FlinkSQL-Flink SQL自定义聚合函数
- opengl显示英文_OpenGL-Using Shaders(使用Shader)
- apache开源项目--nutch
- cnpm安装失败及解决方案
- 如何用php开启企业微信开发的回调模式
- 变量、变量类型与cin的基本用法详解(C++)
- cad线性标注命令_CAD线性标注快捷键是什么,怎么使用
- Camtasia2020注册机顶级屏幕录像视频编辑软件安装教程
- 分数计算机在线应用,在线连分数计算器
- mand-mobile TabPicker 多级联动选择
- app模式会被第三方平台模式取代吗_第三方APP逐渐被替代?网友:手机自带的足够用了...