设为首页 收藏本站
查看: 936|回复: 0

[经验分享] Cisco路由器上配置3A认证的故障调试

[复制链接]

尚未签到

发表于 2018-7-16 11:58:42 | 显示全部楼层 |阅读模式
  AAA故障与调试
  在路由器的AAA配置中,是否认证,认证、授权及记账情况如何,在配置阶段少不了调试,在出现故障时,借助调试信息能很好地定位故障点。
  1.Debug AAA Authentication命令
  使用Debug AAA Authentication命令来调试一个EXEC登录过程,采用的Rongxin的认证方法列表,使用TACACS+认证协议,系统通过发送GETUSER和GETPASS来提示输入用户名和密码,最优通过认证(PASS)的过程。
  Router# debug aaa authentication
  AAA Authentication debugging is on
  Router#
  *Mar  1 01:34:40.819: AAA/BIND(00000015): Bind i/f
  *Mar  1 01:34:40.827: AAA/AUTHEN/LOGIN (00000015): Pick method list 'rongxin'

  *Mar  1 01:34:52.903: AAA: parse name=tty130>  *Mar  1 01:34:52.903: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
  *Mar  1 01:34:52.907: AAA/MEMORY: create_user (0x64DE58AC) user='user1' ruser='NULL' ds0=0 port='tty130'
  rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
  *Mar  1 01:34:52.911: AAA/AUTHEN/START (1579679647): port='tty130' list='rongxin' action=LOGIN service=ENABLE
  *Mar  1 01:34:52.915: AAA/AUTHEN/START (1579679647): non-console enable - default to enable password
  *Mar  1 01:34:52.919: AAA/AUTHEN/START (1579679647): Method=ENABLE
  *Mar  1 01:34:52.919: AAA/AUTHEN(1579679647): Status=GETPASS
  *Mar  1 01:34:54.627: AAA/AUTHEN/CONT (1579679647): continue_login (user='(undef)')
  *Mar  1 01:34:54.631: AAA/AUTHEN(1579679647): Status=GETPASS
  *Mar  1 01:34:54.631: AAA/AUTHEN/CONT (1579679647): Method=ENABLE
  *Mar  1 01:34:54.703: AAA/AUTHEN(1579679647): Status=PASS
  *Mar  1 01:34:54.703: AAA/MEMORY: free_user (0x64DE58AC) user='NULL' ruser='NULL' port='tty130'
  rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
  2.Debug AAA Authorization命令
  使用Debug AAA Authentication命令来调试认证信息,用户名为“user1”属性值被授权,最后端口授权通过。
  Router# debug aaa authentication r
  AAA Authorization debugging is on
  Router#
  *Mar  1 01:35:18.427: AAA/BIND(00000016): Bind i/f
  *Mar  1 01:35:25.463: AAA/AUTHOR (0x16): Pick method list 'rongxin'
  *Mar  1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): processing AV cmd=
  *Mar  1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): Authorization successful

  *Mar  1 01:35:30.567: AAA: parse name=tty130>  *Mar  1 01:35:30.571: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
  *Mar  1 01:35:30.575: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
  rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
  *Mar  1 01:35:32.279: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
  rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
  3.Debug AAA Accounting命令
  使用Debug AAA Accounting命令来调试记账信息,通过CALL START和CALL STOP 来按时计费,使用Debug Tacacs 和Debug RADIUS可得到基于协议级别的更多信息,也可以使用Show accounting来查看记账的记录。
  Router# debug aaa accounting
  AAA Accounting debugging is on
  Router#
  *Mar  1 01:36:18.267: AAA/ACCT/EVENT/(00000017): CALL START

  *Mar  1 01:36:18.267: Getting session>  *Mar  1 01:36:18.271: AAA/ACCT(00000000): add node, session 20
  *Mar  1 01:36:18.271: AAA/ACCT/NET(00000017): add, count 1

  *Mar  1 01:36:18.275: Getting session>  *Mar  1 01:36:24.903: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
  *Mar  1 01:36:24.907: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin

  *Mar  1 01:36:24.911: Getting session>  *Mar  1 01:36:24.911: AAA/ACCT(00000017): add common node to avl failed
  *Mar  1 01:36:24.915: AAA/ACCT/EXEC(00000017): add, count 2
  *Mar  1 01:36:24.919: AAA/ACCT/EVENT/(00000017): EXEC UP
  *Mar  1 01:36:24.919: AAA/ACCT/EXEC(00000017): Queueing record is START
  *Mar  1 01:36:24.931: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
  *Mar  1 01:36:25.299: AAA/ACCT/EXEC(00000017): START protocol reply PASS
  *Mar  1 01:36:25.299: AAA/ACCT(00000017): Send START accounting notification to EM successfully

  *Mar  1 01:36:31.363: AAA: parse name=tty130>  *Mar  1 01:36:31.363: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
  *Mar  1 01:36:31.367: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
  rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
  *Mar  1 01:36:34.211: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
  rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
  *Mar  1 01:36:44.431: unknown AAA/DISC: 1/"User Request"
  *Mar  1 01:36:44.431: unknown AAA/DISC/EXT: 1020/"User Request"
  *Mar  1 01:36:44.435: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
  *Mar  1 01:36:44.435: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
  *Mar  1 01:36:44.451: AAA/ACCT/EVENT/(00000017): CALL STOP
  *Mar  1 01:36:44.451: AAA/ACCT/CALL STOP(00000017): Sending stop requests
  *Mar  1 01:36:44.451: AAA/ACCT(00000017): Send all stops
  *Mar  1 01:36:44.455: AAA/ACCT/EXEC(00000017): STOP
  *Mar  1 01:36:44.459: AAA/ACCT/EXEC(00000017): Queueing record is STOP osr 1
  *Mar  1 01:36:44.459: AAA/ACCT/NET(00000017): STOP
  *Mar  1 01:36:44.463: AAA/ACCT/NET(00000017): Method list not found
  *Mar  1 01:36:44.463: AAA/ACCT/NET(00000017): free_rec, count 1
  *Mar  1 01:36:44.467: AAA/ACCT/NET(00000017) reccnt 1, csr TRUE, osr 1
  *Mar  1 01:36:44.471: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
  *Mar  1 01:36:44.859: AAA/ACCT/EXEC(00000017): STOP protocol reply PASS
  *Mar  1 01:36:44.863: AAA/ACCT(00000017): Send STOP accounting notification to EM successfully
  *Mar  1 01:36:44.867: AAA/ACCT/EXEC(00000017): Cleaning up from Callback osr 0
  *Mar  1 01:36:44.867: AAA/ACCT(00000017): del node, session 20
  *Mar  1 01:36:44.871: AAA/ACCT/EXEC(00000017): free_rec, count 0
  *Mar  1 01:36:44.871: AAA/ACCT/EXEC(00000017) reccnt 0, csr TRUE, osr 0
  *Mar  1 01:36:44.875: AAA/ACCT/EXEC(00000017): Last rec in db, intf not enqueued

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-537697-1-1.html 上篇帖子: cisco 2811 安装HWIC-2FE卡 升级IOS 记录 下篇帖子: Cisco无线AP多ssid配置命令详解
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表