كيفية تكوين مصادقة بروتوكول النفق للطبقة 2 باستخدام TACACS+

خيارات التنزيل

PDF (368.8 KB)
عرض باستخدام Adobe Reader على مجموعة متنوعة من الأجهزة
ePub (96.1 KB)
العرض في تطبيقات مختلفة على iPhone أو iPad أو نظام تشغيل Android أو قارئ Sony أو نظام التشغيل Windows Phone
Mobi (Kindle) (124.9 KB)
عرض على جهاز Kindle أو تطبيق Kindle على أجهزة متعددة

تم التحديث:١٤ مايو ٢٠٠٩

معرّف المستند:13858

لغة خالية من التحيز

تسعى مجموعة الوثائق لهذا المنتج جاهدة لاستخدام لغة خالية من التحيز. لأغراض مجموعة الوثائق هذه، يتم تعريف "خالية من التحيز" على أنها لغة لا تعني التمييز على أساس العمر، والإعاقة، والجنس، والهوية العرقية، والهوية الإثنية، والتوجه الجنسي، والحالة الاجتماعية والاقتصادية، والتمييز متعدد الجوانب. قد تكون الاستثناءات موجودة في الوثائق بسبب اللغة التي يتم تشفيرها بشكل ثابت في واجهات المستخدم الخاصة ببرنامج المنتج، أو اللغة المستخدمة بناءً على وثائق RFP، أو اللغة التي يستخدمها منتج الجهة الخارجية المُشار إليه. تعرّف على المزيد حول كيفية استخدام Cisco للغة الشاملة.

حول هذه الترجمة

ترجمت Cisco هذا المستند باستخدام مجموعة من التقنيات الآلية والبشرية لتقديم محتوى دعم للمستخدمين في جميع أنحاء العالم بلغتهم الخاصة. يُرجى ملاحظة أن أفضل ترجمة آلية لن تكون دقيقة كما هو الحال مع الترجمة الاحترافية التي يقدمها مترجم محترف. تخلي Cisco Systems مسئوليتها عن دقة هذه الترجمات وتُوصي بالرجوع دائمًا إلى المستند الإنجليزي الأصلي (الرابط متوفر).

المحتويات

المقدمة

المتطلبات الأساسية

المتطلبات

المكونات المستخدمة

الاصطلاحات

التكوين

الرسم التخطيطي للشبكة

تكوينات خادم TACACS+

تكوينات الموجه

التحقق من الصحة

عرض إخراج الأمر من كلا الموجهين

عرض إخراج الإصدار من كلا الموجهين

ما الذي يمكن أن يحدث بشكل خاطئ - تصحيح أخطاء سيئ من LAC

ما الذي يمكن أن يحدث بشكل خاطئ - تصحيح أخطاء سيئ من LNS

سجلات محاسبة LNS

استكشاف الأخطاء وإصلاحها

أوامر استكشاف الأخطاء وإصلاحها

إخراج تصحيح الأخطاء

معلومات ذات صلة

المقدمة

يوضح هذا المستند كيفية تكوين بروتوكول نفق الطبقة 2 (L2TP) باستخدام TACACS+. وهو يتضمن نموذجا لتكوينات خوادم مركز الوصول إلى بروتوكول L2TP (LAC) TACACS+ وخادم شبكة L2TP (LNS) TACACS+ والموجهات.

المتطلبات الأساسية

المتطلبات

لا توجد متطلبات خاصة لهذا المستند.

المكونات المستخدمة

تستند المعلومات الواردة في هذا المستند إلى إصدارات البرامج والمكونات المادية التالية:

موجهات Cisco 2511
برنامج IOS® الإصدار 12.0(2).T من Cisco
Cisco Secure UNIX أو Cisco Secure Windows أو البرامج المجانية ل TACACS+

تم إنشاء المعلومات الواردة في هذا المستند من الأجهزة الموجودة في بيئة معملية خاصة. بدأت جميع الأجهزة المُستخدمة في هذا المستند بتكوين ممسوح (افتراضي). إذا كانت شبكتك مباشرة، فتأكد من فهمك للتأثير المحتمل لأي أمر.

# ./ViewProfile -p 9900 -u rtp.cisco.com user = rtp.cisco.com{ 
service=ppp { 
protocol=vpdn { 
set tunnel-type=l2tp 
set tunnel-id=rtp_tunnel 
set ip-addresses="10.31.1.56" 
} 
} 

} 

# ./ViewProfile -p 9900 -u rtp_tunnel
user = rtp_tunnel{
password = chap "FGHIJ" 
service=ppp {
protocol=lcp {
} 
protocol=ip {
} 
} 

}

تكوين LNS - Cisco Secure UNIX

# ./ViewProfile -p 9900 -u janedoe@rtp.cisco.com
user = janedoe@rtp.cisco.com{
password = chap "rtprules" 
service=ppp {
protocol=lcp {
} 
protocol=ip {
} 
} 

}
# ./ViewProfile -p 9900 -u ABCDE
user = ABCDE{
password = chap "FGHIJ" 
service=ppp {
protocol=lcp {
} 
protocol=ip {
}
}

}

تكوين LAC - Cisco Secure Windows

أكمل الخطوات التالية لتكوين LAC على Cisco Secure Windows:

قم بإعداد المستخدم rtp_tunnel كمستخدم PPP عادي (كلمة المرور و/أو كلمة مرور CHAP في إعداد المستخدم).
ضع المستخدم في group_1 وفحص خدمة PPP/IP. حدد PPP/LCP إذا كان ذلك المربع معروض.
إعداد المستخدم rtp.cisco.com. كلمة المرور هي "لا تهتم."
إذا لم يتم عرض بعض الخيارات في "إعدادات المجموعة"، انتقل إلى تكوين الواجهة وحدد المربعات لجعلها تظهر.
ضع المستخدم في group_2 وفحص خدمة PPP/VPDN. معرف النفق هو rtp_tunnel، وقائمة عناوين IP هي 10.31.1.56، وفي المربع المخصص المستطيل الموجود أدناه، اكتب tunnel-type=l2tp.

تكوين LNS - Cisco Secure Windows

أكمل الخطوات التالية لتكوين LNS ل Cisco Secure Windows:

قم بإعداد المستخدمين 'PPPe' و'janedoe@rtp.cisco.com' كمستخدمين عاديين ل PPP (كلمة المرور و/أو كلمة مرور CHAP في إعداد المستخدم).
ضع المستخدمين في group_3 وفحص PPP/IP للخدمة. حدد PPP/LCP إذا كان ذلك المربع معروض.

تكوين LAC TACACS+ FreeWare

user = rtp.cisco.com {
service = ppp protocol = vpdn {
tunnel-type = l2tp
tunnel-id = rtp_tunnel
ip-addresses = "10.31.1.56"
}
}

user = rtp_tunnel {
chap = cleartext "FGHIJ"
service = ppp protocol = ip {
default attribute = permit
}
}

تكوين البرنامج المجاني LNS TACACS+

key = "cisco"

user = janedoe@rtp.cisco.com {
chap = cleartext "rtprules"
service = ppp protocol = ip {
default attribute = permit
}
}

user = ABCDE {
chap = cleartext "FGHIJ"
service = ppp protocol = ip {
default attribute = permit
}
}

تكوينات الموجه

تكوين موجه LAC
version 12.0 service timestamps debug datetime service timestamps log uptime no service password-encryption ! hostname LAC ! aaa new-model aaa authentication ppp default if-needed tacacs+ aaa authorization network default tacacs+ aaa accounting network default start-stop tacacs+ enable secret level 7 5 $1$Dj3K$9jkyuJR6fJV2JO./Qt0lC1 enable password ww ! username john password 0 doe ip subnet-zero no ip domain-lookup ! vpdn enable ! vpdn search-order domain ! interface Loopback0 no ip address no ip directed-broadcast ! interface Ethernet0 ip address 10.31.1.144 255.255.255.0 no ip directed-broadcast ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface Async1 ip unnumbered Ethernet0 no ip directed-broadcast ip tcp header-compression passive encapsulation ppp async mode dedicated peer default ip address pool default ppp authentication chap ! ip local pool default 10.5.5.5 10.5.5.50 ip classless ip route 0.0.0.0 0.0.0.0 10.31.1.1 ! tacacs-server host 171.68.118.106 tacacs-server key cisco ! line con 0 transport input none line 1 exec-timeout 0 0 autoselect during-login autoselect ppp modem Dialin transport preferred none transport output none speed 38400 flowcontrol hardware line 2 16 modem InOut transport input all speed 38400 flowcontrol hardware line aux 0 line vty 0 4 password WW ! end

تكوين موجه LAC

version 12.0
service timestamps debug datetime
service timestamps log uptime
no service password-encryption
!
hostname LAC
!
aaa new-model
aaa authentication ppp default if-needed tacacs+
aaa authorization network default tacacs+
aaa accounting network default start-stop tacacs+
enable secret level 7 5 $1$Dj3K$9jkyuJR6fJV2JO./Qt0lC1
enable password ww
!
username john password 0 doe
ip subnet-zero
no ip domain-lookup
! 
vpdn enable
!
vpdn search-order domain 
!
interface Loopback0
no ip address
no ip directed-broadcast
!
interface Ethernet0
ip address 10.31.1.144 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface Async1
ip unnumbered Ethernet0
no ip directed-broadcast
ip tcp header-compression passive
encapsulation ppp
async mode dedicated
peer default ip address pool default
ppp authentication chap
!
ip local pool default 10.5.5.5 10.5.5.50
ip classless
ip route 0.0.0.0 0.0.0.0 10.31.1.1
!
tacacs-server host 171.68.118.106
tacacs-server key cisco
! 
line con 0
transport input none
line 1
exec-timeout 0 0
autoselect during-login
autoselect ppp
modem Dialin
transport preferred none
transport output none
speed 38400
flowcontrol hardware
line 2 16
modem InOut
transport input all
speed 38400
flowcontrol hardware
line aux 0
line vty 0 4
password WW
!
end

تكوين موجه LNS
version 12.0 service timestamps debug datetime service timestamps log uptime no service password-encryption ! hostname LNS ! aaa new-model aaa authentication ppp default if-needed tacacs+ aaa authorization network default tacacs+ aaa accounting network default start-stop tacacs+ enable secret 5 $1$wfMI$ixUG9hw7yhmsv.87.krpZ1 enable password WW ! username john password 0 doe ip subnet-zero no ip domain-lookup ! vpdn enable ! vpdn-group 1 accept dialin l2tp virtual-template 1 remote rtp_tunnel local name ABCDE ! interface Ethernet0 ip address 10.31.1.56 255.255.255.0 no ip directed-broadcast ! interface Virtual-Template1 ip unnumbered Ethernet0 no ip directed-broadcast peer default ip address pool default ppp authentication chap ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface Async1 ip unnumbered Ethernet0 no ip directed-broadcast ip tcp header-compression passive encapsulation ppp async mode dedicated peer default ip address pool setup_pool ppp authentication chap pap ! ! ! ! ip local pool default 10.6.1.1 10.6.1.2 ip classless ip route 0.0.0.0 0.0.0.0 10.31.1.1 ! tacacs-server host 171.68.118.101 tacacs-server key cisco ! line con 0 transport input none line 1 8 autoselect during-login autoselect ppp modem Dialin speed 115200 flowcontrol hardware line aux 0 line vty 0 4 password WW ! end

تكوين موجه LNS

version 12.0
service timestamps debug datetime
service timestamps log uptime
no service password-encryption
!
hostname LNS
!
aaa new-model
aaa authentication ppp default if-needed tacacs+
aaa authorization network default tacacs+
aaa accounting network default start-stop tacacs+
enable secret 5 $1$wfMI$ixUG9hw7yhmsv.87.krpZ1
enable password WW
!
username john password 0 doe
ip subnet-zero
no ip domain-lookup

! 
vpdn enable
!
vpdn-group 1
accept dialin l2tp virtual-template 1 remote rtp_tunnel
local name ABCDE
!
interface Ethernet0
ip address 10.31.1.56 255.255.255.0
no ip directed-broadcast
!
interface Virtual-Template1
ip unnumbered Ethernet0
no ip directed-broadcast
peer default ip address pool default
ppp authentication chap
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface Async1
ip unnumbered Ethernet0
no ip directed-broadcast
ip tcp header-compression passive
encapsulation ppp
async mode dedicated
peer default ip address pool setup_pool
ppp authentication chap pap
!
!
!
!
ip local pool default 10.6.1.1 10.6.1.2
ip classless
ip route 0.0.0.0 0.0.0.0 10.31.1.1
!
tacacs-server host 171.68.118.101
tacacs-server key cisco
!
line con 0
transport input none
line 1 8 
autoselect during-login
autoselect ppp
modem Dialin
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password WW
!
end

LAC#show vpdn session
L2TP Session Information (Total tunnels=1 sessions=1)

LocID RemID TunID Intf Username State Last Chg
1 1 76 As1 janedoe@rtp.c est 00:00:32

% No active L2F tunnels

LAC#show vpdn tunnel

L2TP Tunnel Information (Total tunnels=1 sessions=1)

LocID RemID Remote Name State Remote Address Port Sessions
76 58 ABCDE est 10.31.1.56 1701 1 

% No active L2F tunnels

موجه LNS

LNS#show vpdn session

L2TP Session Information (Total tunnels=1 sessions=1)

LocID RemID TunID Intf Username State Last Chg
1 1 58 Vi1 janedoe@rtp.c est 00:01:55

% No active L2F tunnels

LNS#show vpdn tunnel 

L2TP Tunnel Information (Total tunnels=1 sessions=1)

LocID RemID Remote Name State Remote Address Port Sessions
58 76 rtp_tunnel est 10.31.1.144 1701 1 

% No active L2F tunnels

عرض إخراج الإصدار من كلا الموجهين

LAC#show version
Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-IS-L), Version 12.0(2)T, RELEASE SOFTWARE (fc1) 
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Wed 09-Dec-98 02:31 by dschwart
Image text-base: 0x030403B0, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)

LAC uptime is 20 hours, 22 minutes
System restarted by reload at 16:13:55 UTC Fri Jan 29 1999
System image file is "flash:c2500-is-l.120-2.T"

cisco 2511 (68030) processor (revision M) with 14336K/2048K bytes of memory.
Processor board ID 07041186, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
16 terminal line(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102

ما الذي يمكن أن يحدث بشكل خاطئ - تصحيح أخطاء سيئ من LAC

يتضمن إخراج تصحيح الأخطاء هذا تعليقات على مكان توقف التسلسل عند تكوين الموجه بشكل غير صحيح.

LAC#show debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Accounting debugging is on
VPN:
L2X protocol events debugging is on
L2X protocol errors debugging is on
VPDN events debugging is on
VPDN errors debugging is on
VTEMPLATE:
Virtual Template debugging is on
LAC#
Jan 30 12:17:09: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
20:03:18: %LINK-3-UPDOWN: Interface Async1, changed state to up
Jan 30 12:17:09: As1 VPDN: Looking for tunnel -- rtp.cisco.com --
Jan 30 12:17:09: AAA: parse name=Async1 idb type=10 tty=1
Jan 30 12:17:09: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
                port=1 channel=0
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x278B90) user='rtp.cisco.com' 
                 ruser='' port='Async1' 
rem_addr='' authen_type=NONE service=LOGIN priv=0
Jan 30 12:17:09: AAA/AUTHOR/VPDN (898425447): Port='Async1' 
                 list='default' service=NET
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) user='rtp.cisco.com'
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) send AV service=ppp
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) send AV protocol=vpdn
Jan 30 12:17:09: AAA/AUTHOR/VPDN (898425447) found list "default"
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) Method=TACACS+
Jan 30 12:17:09: AAA/AUTHOR/TAC+: (898425447): user=rtp.cisco.com
Jan 30 12:17:09: AAA/AUTHOR/TAC+: (898425447): send AV service=ppp
Jan 30 12:17:09: AAA/AUTHOR/TAC+: (898425447): send AV protocol=vpdn
Jan 30 12:17:09: TAC+: (898425447): received author response status = PASS_ADD
Jan 30 12:17:09: AAA/AUTHOR (898425447): Post authorization status = PASS_ADD
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV service=ppp
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV protocol=vpdn
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV tunnel-type=l2tp
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV tunnel-id=rtp_tunnel

!--- If the wrong tunnel termination IP address !--- is in the profile:

Jan 30 12:56:30: AAA/AUTHOR/VPDN: Processing AV ip-addresses=1.1.1.1
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV ip-addresses=10.31.1.56
Jan 30 12:17:09: As1 VPDN: Get tunnel info for rtp.cisco.com with LAC 
                 rtp_tunnel, IP 10.31.1.56
Jan 30 12:17:09: AAA/AUTHEN: free_user (0x278B90) user='rtp.cisco.com' 
                 ruser='' port='Async1' 
rem_addr='' authen_type=NONE service=LOGIN priv=0

!--- If the wrong tunnel termination IP !--- address is in the profile:

Jan 30 12:56:30: As1 VPDN: Forward to address 1.1.1.1

!--- The connection eventually drops on this end and no !--- debug is seen on the other end.

Jan 30 12:17:09: As1 VPDN: Forward to address 10.31.1.56
Jan 30 12:17:09: As1 VPDN: Forwarding...
Jan 30 12:17:09: AAA: parse name=Async1 idb type=10 tty=1
Jan 30 12:17:09: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 
                  adapter=0 port=1 channel=0
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x22CDEC) 
                 user='janedoe@rtp.cisco.com' ruser='' 
port='Async1' rem_addr='async' authen_type=CHAP  service=PPP priv=1
Jan 30 12:17:09: As1 VPDN: Bind interface direction=1
Jan 30 12:17:09: Tnl/Cl 74/1 L2TP: Session FS enabled
Jan 30 12:17:09: Tnl/Cl 74/1 L2TP: Session state change from idle to 
                  wait-for-tunnel
Jan 30 12:17:09: As1 74/1 L2TP: Create session
Jan 30 12:17:09: Tnl 74 L2TP: SM State idle
Jan 30 12:17:09: Tnl 74 L2TP: O SCCRQ 
Jan 30 12:17:09: Tnl 74 L2TP: Tunnel state change from idle to wait-ctl-reply
Jan 30 12:17:09: Tnl 74 L2TP: SM State wait-ctl-reply
Jan 30 12:17:09: As1 VPDN: janedoe@rtp.cisco.com is forwarded
Jan 30 12:17:10: Tnl 74 L2TP: I SCCRP from ABCDE
Jan 30 12:17:10: Tnl 74 L2TP: Got a challenge from remote peer, ABCDE
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x23232C) user='rtp_tunnel' 
                 ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN/START (1598999635): port='' list='default' 
                  action=SENDAUTH service=PPP
Jan 30 12:17:10: AAA/AUTHEN/START (1598999635): found list default
Jan 30 12:17:10: AAA/AUTHEN (1598999635): status = UNKNOWN
Jan 30 12:17:10: AAA/AUTHEN/START (1598999635): Method=TACACS+
Jan 30 12:17:10: TAC+: send AUTHEN/START packet ver=193 id=1598999635
Jan 30 12:17:10: TAC+: ver=192 id=1598999635 received AUTHEN status = ERROR
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x232470) user='rtp_tunnel' 
                 ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: TAC+: ver=192 id=3400389836 received AUTHEN status = PASS
Jan 30 12:17:10: AAA/AUTHEN: free_user (0x232470) user='rtp_tunnel' ruser='' 
                 port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN (1598999635): status = PASS
Jan 30 12:17:10: AAA/AUTHEN: free_user (0x23232C) user='rtp_tunnel' 
                 ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1


!--- Change the CHAP passwords. The password rtp_tunnel !--- in the LAC TACACS+ users' file does not match the !--- password for "local name ABCDE" from the router !--- in the LNS TACACS+ users' file:

Jan 30 13:24:23: Tnl 88 L2TP: Tunnel Authentication fails for ABCDE
Jan 30 13:24:23: Tnl 88 L2TP: Expected 7C959CA96C1E4AAA68BB3D481249488B
Jan 30 13:24:23: Tnl 88 L2TP: Got E4118FB4C8C4467EA4BF8872276C20B2

Jan 30 12:17:10: Tnl 74 L2TP: Got a response from remote peer, ABCDE
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x22FBA4) user='rtp_tunnel' 
                 ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN/START (2964849625): port='' list='default' 
                 action=SENDAUTH service=PPP
Jan 30 12:17:10: AAA/AUTHEN/START (2964849625): found list default
Jan 30 12:17:10: AAA/AUTHEN (2964849625): status = UNKNOWN
Jan 30 12:17:10: AAA/AUTHEN/START (2964849625): Method=TACACS+
Jan 30 12:17:10: TAC+: send AUTHEN/START packet ver=193 id=2964849625
20:03:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
           changed state to up
Jan 30 12:17:11: TAC+: ver=192 id=2964849625 received AUTHEN status = ERROR
Jan 30 12:17:11: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:11: AAA/AUTHEN: create_user (0x22FC8C) user='rtp_tunnel' 
                  ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: As1 74/1 L2TP: Discarding data packet because tunnel is not open
Jan 30 12:17:11: As1 74/1 L2TP: Discarding data packet because tunnel is not open
Jan 30 12:17:11: TAC+: ver=192 id=1474818051 received AUTHEN status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x22FC8C) user='rtp_tunnel' ruser=''
                 port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: AAA/AUTHEN (2964849625): status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x22FBA4) user='rtp_tunnel' ruser='' 
                  port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: Tnl 74 L2TP: Tunnel Authentication success
Jan 30 12:17:11: Tnl 74 L2TP: Tunnel state change from wait-ctl-reply to 
                 established
Jan 30 12:17:11: Tnl 74 L2TP: O SCCCN to ABCDE tnlid 56
Jan 30 12:17:11: Tnl 74 L2TP: SM State established
Jan 30 12:17:11: As1 74/1 L2TP: O ICRQ to ABCDE 56/0
Jan 30 12:17:11: As1 74/1 L2TP: Session state change from wait-for-tunnel 
                 to wait-reply
Jan 30 12:17:11: Tnl 74 L2TP: Dropping old CM, Ns 0, expected 1
Jan 30 12:17:11: As1 74/1 L2TP: O ICCN to ABCDE 56/1
Jan 30 12:17:11: As1 74/1 L2TP: Session state change from wait-reply to 
                 established
LAC#

ما الذي يمكن أن يحدث بشكل خاطئ - تصحيح أخطاء سيئ من LNS

يتضمن إخراج تصحيح الأخطاء هذا تعليقات على مكان توقف التسلسل عند تكوين الموجه بشكل غير صحيح.

LNS#show debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Accounting debugging is on
VPN:
L2X protocol events debugging is on
L2X protocol errors debugging is on
VPDN events debugging is on
VPDN errors debugging is on
VTEMPLATE:
Virtual Template debugging is on
LNS#
Jan 30 12:17:09: L2TP: I SCCRQ from rtp_tunnel tnl 74
Jan 30 12:17:09: Tnl 56 L2TP: New tunnel created for remote rtp_tunnel, 
address 10.31.1.144


!--- Instead of the LAC sending the "rtp_tunnel" !--- (see the user profile on the TACACS+ server), it sends "junk". !--- We are expecting "rtp_tunnel" as in "accept dialin l2tp !--- virtual-template 1 remote rtp_tunnel" in this configuration:

Jan 30 13:05:16: L2TP: I SCCRQ from junk tnl 81
Jan 30 13:05:16: L2X: Never heard of junk
Jan 30 13:05:16: L2TP: Could not find info block for junk
Jan 30 12:17:09: Tnl 56 L2TP: Got a challenge in SCCRQ, rtp_tunnel
Jan 30 12:17:09: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x21F6D0) user='ABCDE' 
                 ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: AAA/AUTHEN/START (3194595626): port='' list='default' 
                 action=SENDAUTH service=PPP
Jan 30 12:17:09: AAA/AUTHEN/START (3194595626): found list default
Jan 30 12:17:09: AAA/AUTHEN (3194595626): status = UNKNOWN
Jan 30 12:17:09: AAA/AUTHEN/START (3194595626): Method=TACACS+
Jan 30 12:17:09: TAC+: send AUTHEN/START packet ver=193 id=3194595626
Jan 30 12:17:09: TAC+: ver=192 id=3194595626 received AUTHEN status = ERROR
Jan 30 12:17:09: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x2281AC) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: TAC+: ver=192 id=3639011179 received AUTHEN status = PASS
Jan 30 12:17:09: AAA/AUTHEN: free_user (0x2281AC) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: AAA/AUTHEN (3194595626): status = PASS
Jan 30 12:17:09: AAA/AUTHEN: free_user (0x21F6D0) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: Tnl 56 L2TP: O SCCRP to rtp_tunnel tnlid 74
Jan 30 12:17:09: Tnl 56 L2TP: Tunnel state change from idle to wait-ctl-reply
Jan 30 12:17:10: Tnl 56 L2TP: O Resend SCCRP, flg TLF, ver 2, len 152, 
                 tnl 74, cl 0, ns 0, nr 1
Jan 30 12:17:10: Tnl 56 L2TP: I SCCCN from rtp_tunnel tnl 74
Jan 30 12:17:10: Tnl 56 L2TP: Got a Challenge Response in SCCCN from rtp_tunnel
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x227F3C) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN/STARTTranslating "rtp.cisco.com"
(4117701992): port='' list='default' action=SENDAUTH service=PPP
Jan 30 12:17:10: AAA/AUTHEN/START (4117701992): found list default
Jan 30 12:17:10: AAA/AUTHEN (4117701992): status = UNKNOWN
Jan 30 12:17:10: AAA/AUTHEN/START (4117701992): Method=TACACS+
Jan 30 12:17:10: TAC+: send AUTHEN/START packet ver=193 id=4117701992
Jan 30 12:17:11: TAC+: ver=192 id=4117701992 received AUTHEN status = ERROR
Jan 30 12:17:11: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:11: AAA/AUTHEN: create_user (0x228E68) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: TAC+: ver=192 id=2827432721 received AUTHEN status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x228E68) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: AAA/AUTHEN (4117701992): status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x227F3C) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: Tnl 56 L2TP: Tunnel Authentication success
Jan 30 12:17:11: Tnl 56 L2TP: Tunnel state change from wait-ctl-reply 
                 to established
Jan 30 12:17:11: Tnl 56 L2TP: SM State established
Jan 30 12:17:11: Tnl 56 L2TP: I ICRQ from rtp_tunnel tnl 74
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session FS enabled
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session state change from idle to 
                 wait-for-tunnel
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: New session created
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: O ICRP to rtp_tunnel 74/1
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session state change from wait-for-tunnel 
                 to wait-connect
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: I ICCN from rtp_tunnel tnl 74, cl 1
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session state change from wait-connect 
                  to established
Jan 30 12:17:11: Vi1 VTEMPLATE: Reuse Vi1, recycle queue size 0
Jan 30 12:17:11: Vi1 VTEMPLATE: Hardware address 00e0.1e68.942c
Jan 30 12:17:11: Vi1 VPDN: Virtual interface created for janedoe@rtp.cisco.com
Jan 30 12:17:11: Vi1 VPDN: Set to Async interface
Jan 30 12:17:11: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking
Jan 30 12:17:11: Vi1 VTEMPLATE: Has a new cloneblk vtemplate, now it has 
                 vtemplate
Jan 30 12:17:11: Vi1 VTEMPLATE: ************* CLONE VACCESS1 *****************
Jan 30 12:17:11: Vi1 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access1
default ip address
no ip address
encap ppp
ip unnumbered Ethernet0
peer default ip address pool default
ppp authentication chap
ip unnum ethernet0
peer def ip address pool default
ppp authen chap
end

Jan 30 12:17:12: janedoe@rtp.cisco.com 56/1 L2TP: Session with no hwidb
20:12:14: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Jan 30 12:17:13: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
Jan 30 12:17:13: Vi1 VPDN: Bind interface direction=2
Jan 30 12:17:13: Vi1 VPDN: PPP LCP accepted rcv CONFACK
Jan 30 12:17:13: Vi1 VPDN: PPP LCP accepted sent CONFACK
Jan 30 12:17:13: Vi1 L2X: Discarding packet because of no mid/session
Jan 30 12:17:13: AAA: parse name=Virtual-Access1 idb type=21 tty=-1
Jan 30 12:17:13: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 
adapter=0 port=1 channel=0
Jan 30 12:17:13: AAA/AUTHEN: create_user (0x1F5100) user='janedoe@rtp.cisco.com' 
ruser='' port='Virtual-Access1' rem_addr='' authen_type=CHAP
service=PPP priv=1
Jan 30 12:17:13: AAA/AUTHEN/START (562517969): port='Virtual-Access1' list='' 
action=LOGIN service=PPP
Jan 30 12:17:13: AAA/AUTHEN/START (562517969): using "default" list
Jan 30 12:17:13: AAA/AUTHEN (562517969): status = UNKNOWN
Jan 30 12:17:13: AAA/AUTHEN/START (562517969): Method=TACACS+
Jan 30 12:17:13: TAC+: send AUTHEN/START packet ver=193 id=562517969
Jan 30 12:17:14: TAC+: ver=192 id=562517969 received AUTHEN status = GETPASS
Jan 30 12:17:14: AAA: parse name=Virtual-Access1 idb type=-1 tty=-1
Jan 30 12:17:14: AAA: name=Virtual-Access1 flags=0x11 type=6 shelf=0 slot=0 
adapter=0 port=1 channel=0
Jan 30 12:17:14: AAA/AUTHEN: create_user (0x1F5270) user='janedoe@rtp.cisco.com' 
ruser='' port='Virtual-Access1' rem_addr='' authen_type=CHAP
service=PPP priv=1
Jan 30 12:17:14: TAC+: ver=192 id=2384902384 received AUTHEN status = PASS
Jan 30 12:17:14: AAA/AUTHEN: free_user (0x1F5270) user='janedoe@rtp.cisco.com' 
ruser='' port='Virtual-Access1' rem_addr='' authen_type=CHAP
service=PPP priv=1


!--- Here, the tunnel is ok, but the user !--- enters a bad password in dialing:

Jan 30 13:39:44: AAA/AUTHEN (1958732267): status = FAIL
21:34:45: %VPDN-6-AUTHENFAIL: L2F HGW 10.31.1.144, AAA authentication
            failure for Vi1 user 
janedoe@rtp.cisco.com; Authentication failure
Jan 30 12:17:14: AAA/AUTHEN (562517969): status = PASS
Jan 30 12:17:14: Vi1 AAA/AUTHOR/LCP: Authorize LCP
Jan 30 12:17:14: AAA/AUTHOR/LCP Vi1 (413543389): Port='Virtual-Access1' 
                list='' service=NET
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) user='janedoe@rtp.cisco.com'
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) send AV protocol=lcp
Jan 30 12:17:14: AAA/AUTHOR/LCP (413543389) found list "default"
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) Method=TACACS+
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (413543389): user=janedoe@rtp.cisco.com
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (413543389): send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (413543389): send AV protocol=lcp
Jan 30 12:17:14: TAC+: (413543389): received author response status = PASS_ADD
Jan 30 12:17:14: AAA/AUTHOR (413543389): Post authorization status = PASS_ADD
Jan 30 12:17:14: AAA/ACCT/NET/START User janedoe@rtp.cisco.com, Port 
                 Virtual-Access1, List ""
Jan 30 12:17:14: AAA/ACCT/NET: Found list "default"
Jan 30 12:17:14: Vi1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
Jan 30 12:17:14: AAA/AUTHOR/FSM Vi1 (1358526470): Port='Virtual-Access1' 
                 list='' service=NET
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) user='janedoe@rtp.cisco.com'
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) send AV protocol=ip
Jan 30 12:17:14: AAA/AUTHOR/FSM (1358526470) found list "default"
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) Method=TACACS+
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (1358526470): user=janedoe@rtp.cisco.com
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (1358526470): send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (1358526470): send AV protocol=ip
Jan 30 12:17:14: TAC+: (1358526470): received author response status = PASS_ADD
Jan 30 12:17:14: AAA/AUTHOR (1358526470): Post authorization status = PASS_ADD
Jan 30 12:17:14: Vi1 AAA/AUTHOR/FSM: We can start IPCP
Jan 30 12:17:14: TAC+: (1442592025): received acct response status = UNKNOWN
20:12:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, 
            changed state to up
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, 
                 we want 0.0.0.0
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, 
                 we want 10.6.1.1
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, 
                 we want 10.6.1.1
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Start. Her address 10.6.1.1, 
                  we want 10.6.1.1
Jan 30 12:17:16: AAA/AUTHOR/IPCP Vi1 (3572380713): Port='Virtual-Access1' 
                 list='' service=NET
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) user='janedoe@rtp.cisco.com'
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) send AV service=ppp
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) send AV protocol=ip
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) send AV addr*10.6.1.1
Jan 30 12:17:16: AAA/AUTHOR/IPCP (3572380713) found list "default"
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) Method=TACACS+
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): user=janedoe@rtp.cisco.com
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): send AV service=ppp
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): send AV protocol=ip
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): send AV addr*10.6.1.1
Jan 30 12:17:17: TAC+: (3572380713): received author response status = PASS_ADD
Jan 30 12:17:17: AAA/AUTHOR (3572380713): Post authorization status = PASS_ADD
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Processing AV addr*10.6.1.1
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Done. Her address 10.6.1.1, 
                 we want 10.6.1.1
LNS#

سجلات محاسبة LNS

هذا على خادم LNS TACACS+.

Sat Jan 30 05:27:01 1999 10.31.1.56 janedoe@rtp.cisco.com 
Virtual-Access1 unknown 
start task_id=4 start_time=917700054 timezone=UTC service=ppp

Sat Jan 30 05:27:27 1999 10.31.1.56 janedoe@rtp.cisco.com 
Virtual-Access1 unknown 
stop task_id=4 start_time=917700054 timezone=UTC service=ppp
protocol=ip addr=10.6.1.1 disc-cause=2 disc-cause-ext=1011 
pre-bytes-in=0 pre-bytes-out=8 
pre-paks-in=0 pre-paks-out=2 bytes_in=862 bytes_out=142
paks_in=19 paks_out=8 pre-session-time=1

استكشاف الأخطاء وإصلاحها

يوفر هذا القسم معلومات يمكنك استخدامها لاستكشاف أخطاء التكوين وإصلاحها.

أوامر استكشاف الأخطاء وإصلاحها

ملاحظة: قبل إصدار أوامر تصحيح الأخطاء، يرجى الاطلاع على المعلومات المهمة في أوامر تصحيح الأخطاء.

debug aaa authentication— يعرض معلومات حول مصادقة AAA/TACACS+.
تصحيح أخطاء تفويض المصادقة والتفويض والمحاسبة (AAA)—يعرض معلومات حول تفويض AAA/TACACS+.
debug aaa accounting— يعرض معلومات عن الأحداث المسؤولة عند حدوثها. المعلومات المعروضة بواسطة هذا الأمر مستقلة عن بروتوكول المحاسبة المستخدم لنقل معلومات المحاسبة إلى خادم.
debug tacacs+—يعرض معلومات تصحيح الأخطاء التفصيلية المرتبطة ب TACACS+.
debug vtemplate— يعرض معلومات النسخ لواجهة الوصول الظاهري من الوقت الذي يتم إستنساخها فيه من قالب ظاهري إلى الوقت الذي يتم فيه إيقاف واجهة الوصول الظاهري عند انتهاء المكالمة.
debug vpdn خطأ—يعرض الأخطاء التي تمنع إنشاء نفق PPP أو الأخطاء التي تتسبب في إغلاق نفق تم إنشاؤه.
debug vpdn events— يعرض رسائل حول الأحداث التي تعد جزءا من إنشاء نفق PPP العادي أو إيقاف تشغيله.
debug vpdn l2x-errors—يعرض أخطاء بروتوكول الطبقة 2 التي تمنع إنشاء الطبقة 2 أو تمنع تشغيلها الطبيعي.
debug vpdn l2x-events—يعرض رسائل حول الأحداث التي هي جزء من إنشاء نفق PPP العادي أو إيقاف تشغيله للطبقة 2.

إخراج تصحيح الأخطاء

تصحيح الأخطاء الجيد من موجه LAC

LAC#show debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Accounting debugging is on
VPN:
L2X protocol events debugging is on
L2X protocol errors debugging is on
VPDN events debugging is on
VPDN errors debugging is on
VTEMPLATE:
Virtual Template debugging is on
LAC#
Jan 30 12:17:09: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
20:03:18: %LINK-3-UPDOWN: Interface Async1, changed state to up
Jan 30 12:17:09: As1 VPDN: Looking for tunnel -- rtp.cisco.com --
Jan 30 12:17:09: AAA: parse name=Async1 idb type=10 tty=1
Jan 30 12:17:09: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=1 channel=0
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x278B90) user='rtp.cisco.com' 
ruser='' 
port='Async1' rem_addr='' authen_type=NONE service=LOGIN priv=0
Jan 30 12:17:09: AAA/AUTHOR/VPDN (898425447): Port='Async1' list='default' 
service=NET
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) user='rtp.cisco.com'
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) send AV service=ppp
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) send AV protocol=vpdn
Jan 30 12:17:09: AAA/AUTHOR/VPDN (898425447) found list "default"
Jan 30 12:17:09: AAA/AUTHOR/VPDN: (898425447) Method=TACACS+
Jan 30 12:17:09: AAA/AUTHOR/TAC+: (898425447): user=rtp.cisco.com
Jan 30 12:17:09: AAA/AUTHOR/TAC+: (898425447): send AV service=ppp
Jan 30 12:17:09: AAA/AUTHOR/TAC+: (898425447): send AV protocol=vpdn
Jan 30 12:17:09: TAC+: (898425447): received author response status = PASS_ADD
Jan 30 12:17:09: AAA/AUTHOR (898425447): Post authorization status = PASS_ADD
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV service=ppp
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV protocol=vpdn
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV tunnel-type=l2tp
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV tunnel-id=rtp_tunnel
Jan 30 12:17:09: AAA/AUTHOR/VPDN: Processing AV ip-addresses=10.31.1.56
Jan 30 12:17:09: As1 VPDN: Get tunnel info for rtp.cisco.com with LAC 
rtp_tunnel, IP 10.31.1.56
Jan 30 12:17:09: AAA/AUTHEN: free_user (0x278B90) user='rtp.cisco.com' ruser='' 
port='Async1' rem_addr='' authen_type=NONE service=LOGIN priv=0
Jan 30 12:17:09: As1 VPDN: Forward to address 10.31.1.56
Jan 30 12:17:09: As1 VPDN: Forwarding...
Jan 30 12:17:09: AAA: parse name=Async1 idb type=10 tty=1
Jan 30 12:17:09: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 
port=1 channel=0
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x22CDEC) user='janedoe@rtp.cisco.com' 
ruser='' port='Async1' rem_addr='async' authen_type=CHAP
service=PPP priv=1
Jan 30 12:17:09: As1 VPDN: Bind interface direction=1
Jan 30 12:17:09: Tnl/Cl 74/1 L2TP: Session FS enabled
Jan 30 12:17:09: Tnl/Cl 74/1 L2TP: Session state change from idle to 
wait-for-tunnel
Jan 30 12:17:09: As1 74/1 L2TP: Create session
Jan 30 12:17:09: Tnl 74 L2TP: SM State idle
Jan 30 12:17:09: Tnl 74 L2TP: O SCCRQ 
Jan 30 12:17:09: Tnl 74 L2TP: Tunnel state change from idle to wait-ctl-reply
Jan 30 12:17:09: Tnl 74 L2TP: SM State wait-ctl-reply
Jan 30 12:17:09: As1 VPDN: janedoe@rtp.cisco.com is forwarded
Jan 30 12:17:10: Tnl 74 L2TP: I SCCRP from ABCDE
Jan 30 12:17:10: Tnl 74 L2TP: Got a challenge from remote peer, ABCDE
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x23232C) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN/START (1598999635): port='' list='default' 
action=SENDAUTH service=PPP
Jan 30 12:17:10: AAA/AUTHEN/START (1598999635): found list default
Jan 30 12:17:10: AAA/AUTHEN (1598999635): status = UNKNOWN
Jan 30 12:17:10: AAA/AUTHEN/START (1598999635): Method=TACACS+
Jan 30 12:17:10: TAC+: send AUTHEN/START packet ver=193 id=1598999635
Jan 30 12:17:10: TAC+: ver=192 id=1598999635 received AUTHEN status = ERROR
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x232470) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: TAC+: ver=192 id=3400389836 received AUTHEN status = PASS
Jan 30 12:17:10: AAA/AUTHEN: free_user (0x232470) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN (1598999635): status = PASS
Jan 30 12:17:10: AAA/AUTHEN: free_user (0x23232C) user='rtp_tunnel'
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: Tnl 74 L2TP: Got a response from remote peer, ABCDE
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x22FBA4) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN/START (2964849625): port='' list='default' 
action=SENDAUTH service=PPP
Jan 30 12:17:10: AAA/AUTHEN/START (2964849625): found list default
Jan 30 12:17:10: AAA/AUTHEN (2964849625): status = UNKNOWN
Jan 30 12:17:10: AAA/AUTHEN/START (2964849625): Method=TACACS+
Jan 30 12:17:10: TAC+: send AUTHEN/START packet ver=193 id=2964849625
20:03:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
changed state to up
Jan 30 12:17:11: TAC+: ver=192 id=2964849625 received AUTHEN status = ERROR
Jan 30 12:17:11: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:11: AAA/AUTHEN: create_user (0x22FC8C) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: As1 74/1 L2TP: Discarding data packet because tunnel 
is not open
Jan 30 12:17:11: As1 74/1 L2TP: Discarding data packet because tunnel 
is not open
Jan 30 12:17:11: TAC+: ver=192 id=1474818051 received AUTHEN status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x22FC8C) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: AAA/AUTHEN (2964849625): status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x22FBA4) user='rtp_tunnel' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: Tnl 74 L2TP: Tunnel Authentication success
Jan 30 12:17:11: Tnl 74 L2TP: Tunnel state change from wait-ctl-reply to 
established
Jan 30 12:17:11: Tnl 74 L2TP: O SCCCN to ABCDE tnlid 56
Jan 30 12:17:11: Tnl 74 L2TP: SM State established
Jan 30 12:17:11: As1 74/1 L2TP: O ICRQ to ABCDE 56/0
Jan 30 12:17:11: As1 74/1 L2TP: Session state change from wait-for-tunnel 
to wait-reply
Jan 30 12:17:11: Tnl 74 L2TP: Dropping old CM, Ns 0, expected 1
Jan 30 12:17:11: As1 74/1 L2TP: O ICCN to ABCDE 56/1
Jan 30 12:17:11: As1 74/1 L2TP: Session state change from wait-reply to 
established
LAC#

تصحيح أخطاء جيد من موجه LNS

LNS#show debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Accounting debugging is on
VPN:
L2X protocol events debugging is on
L2X protocol errors debugging is on
VPDN events debugging is on
VPDN errors debugging is on
VTEMPLATE:
Virtual Template debugging is on
LNS#
Jan 30 12:17:09: L2TP: I SCCRQ from rtp_tunnel tnl 74
Jan 30 12:17:09: Tnl 56 L2TP: New tunnel created for remote 
rtp_tunnel, address 10.31.1.144
Jan 30 12:17:09: Tnl 56 L2TP: Got a challenge in SCCRQ, rtp_tunnel
Jan 30 12:17:09: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x21F6D0) user='ABCDE' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: AAA/AUTHEN/START (3194595626): port='' list='default' 
action=SENDAUTH service=PPP
Jan 30 12:17:09: AAA/AUTHEN/START (3194595626): found list default
Jan 30 12:17:09: AAA/AUTHEN (3194595626): status = UNKNOWN
Jan 30 12:17:09: AAA/AUTHEN/START (3194595626): Method=TACACS+
Jan 30 12:17:09: TAC+: send AUTHEN/START packet ver=193 id=3194595626
Jan 30 12:17:09: TAC+: ver=192 id=3194595626 received AUTHEN status = ERROR
Jan 30 12:17:09: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:09: AAA/AUTHEN: create_user (0x2281AC) user='ABCDE' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: TAC+: ver=192 id=3639011179 received AUTHEN status = PASS
Jan 30 12:17:09: AAA/AUTHEN: free_user (0x2281AC) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: AAA/AUTHEN (3194595626): status = PASS
Jan 30 12:17:09: AAA/AUTHEN: free_user (0x21F6D0) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:09: Tnl 56 L2TP: O SCCRP to rtp_tunnel tnlid 74
Jan 30 12:17:09: Tnl 56 L2TP: Tunnel state change from idle to 
wait-ctl-reply
Jan 30 12:17:10: Tnl 56 L2TP: O Resend SCCRP, flg TLF, ver 2, len 152, 
tnl 74, cl 0, ns 0, nr 1
Jan 30 12:17:10: Tnl 56 L2TP: I SCCCN from rtp_tunnel tnl 74
Jan 30 12:17:10: Tnl 56 L2TP: Got a Challenge Response in SCCCN from rtp_tunnel
Jan 30 12:17:10: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:10: AAA/AUTHEN: create_user (0x227F3C) user='ABCDE' 
ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:10: AAA/AUTHEN/STARTTranslating "rtp.cisco.com"
(4117701992): port='' list='default' action=SENDAUTH service=PPP
Jan 30 12:17:10: AAA/AUTHEN/START (4117701992): found list default
Jan 30 12:17:10: AAA/AUTHEN (4117701992): status = UNKNOWN
Jan 30 12:17:10: AAA/AUTHEN/START (4117701992): Method=TACACS+
Jan 30 12:17:10: TAC+: send AUTHEN/START packet ver=193 id=4117701992
Jan 30 12:17:11: TAC+: ver=192 id=4117701992 received AUTHEN status = ERROR
Jan 30 12:17:11: AAA: parse name= idb type=-1 tty=-1
Jan 30 12:17:11: AAA/AUTHEN: create_user (0x228E68) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: TAC+: ver=192 id=2827432721 received AUTHEN status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x228E68) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: AAA/AUTHEN (4117701992): status = PASS
Jan 30 12:17:11: AAA/AUTHEN: free_user (0x227F3C) user='ABCDE' ruser='' port='' 
rem_addr='' authen_type=CHAP service=PPP priv=1
Jan 30 12:17:11: Tnl 56 L2TP: Tunnel Authentication success
Jan 30 12:17:11: Tnl 56 L2TP: Tunnel state change from wait-ctl-reply 
to established
Jan 30 12:17:11: Tnl 56 L2TP: SM State established
Jan 30 12:17:11: Tnl 56 L2TP: I ICRQ from rtp_tunnel tnl 74
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session FS enabled
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session state change from idle to 
wait-for-tunnel
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: New session created
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: O ICRP to rtp_tunnel 74/1
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session state change from wait-for-tunnel 
to wait-connect
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: I ICCN from rtp_tunnel tnl 74, cl 1
Jan 30 12:17:11: Tnl/Cl 56/1 L2TP: Session state change from wait-connect 
to established
Jan 30 12:17:11: Vi1 VTEMPLATE: Reuse Vi1, recycle queue size 0
Jan 30 12:17:11: Vi1 VTEMPLATE: Hardware address 00e0.1e68.942c
Jan 30 12:17:11: Vi1 VPDN: Virtual interface created for janedoe@rtp.cisco.com
Jan 30 12:17:11: Vi1 VPDN: Set to Async interface
Jan 30 12:17:11: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking
Jan 30 12:17:11: Vi1 VTEMPLATE: Has a new cloneblk vtemplate, now it has vtemplate
Jan 30 12:17:11: Vi1 VTEMPLATE: ************* CLONE VACCESS1 *****************
Jan 30 12:17:11: Vi1 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access1
default ip address
no ip address
encap ppp
ip unnumbered Ethernet0
peer default ip address pool default
ppp authentication chap
ip unnum ethernet0
peer def ip address pool default
ppp authen chap
end

Jan 30 12:17:12: janedoe@rtp.cisco.com 56/1 L2TP: Session with no hwidb
20:12:14: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Jan 30 12:17:13: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
Jan 30 12:17:13: Vi1 VPDN: Bind interface direction=2
Jan 30 12:17:13: Vi1 VPDN: PPP LCP accepted rcv CONFACK
Jan 30 12:17:13: Vi1 VPDN: PPP LCP accepted sent CONFACK
Jan 30 12:17:13: Vi1 L2X: Discarding packet because of no mid/session
Jan 30 12:17:13: AAA: parse name=Virtual-Access1 idb type=21 tty=-1
Jan 30 12:17:13: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 
adapter=0 port=1 channel=0
Jan 30 12:17:13: AAA/AUTHEN: create_user (0x1F5100) user='janedoe@rtp.cisco.com' 
ruser='' port='Virtual-Access1' rem_addr='' authen_type=CHAP
service=PPP priv=1
Jan 30 12:17:13: AAA/AUTHEN/START (562517969): port='Virtual-Access1' list='' 
action=LOGIN service=PPP
Jan 30 12:17:13: AAA/AUTHEN/START (562517969): using "default" list
Jan 30 12:17:13: AAA/AUTHEN (562517969): status = UNKNOWN
Jan 30 12:17:13: AAA/AUTHEN/START (562517969): Method=TACACS+
Jan 30 12:17:13: TAC+: send AUTHEN/START packet ver=193 id=562517969
Jan 30 12:17:14: TAC+: ver=192 id=562517969 received AUTHEN status = GETPASS
Jan 30 12:17:14: AAA: parse name=Virtual-Access1 idb type=-1 tty=-1
Jan 30 12:17:14: AAA: name=Virtual-Access1 flags=0x11 type=6 shelf=0 slot=0 
adapter=0 port=1 channel=0
Jan 30 12:17:14: AAA/AUTHEN: create_user (0x1F5270) user='janedoe@rtp.cisco.com' 
ruser='' port='Virtual-Access1' rem_addr='' authen_type=CHAP
service=PPP priv=1
Jan 30 12:17:14: TAC+: ver=192 id=2384902384 received AUTHEN status = PASS
Jan 30 12:17:14: AAA/AUTHEN: free_user (0x1F5270) user='janedoe@rtp.cisco.com' 
ruser='' port='Virtual-Access1' rem_addr='' authen_type=CHAP
service=PPP priv=1
Jan 30 12:17:14: AAA/AUTHEN (562517969): status = PASS
Jan 30 12:17:14: Vi1 AAA/AUTHOR/LCP: Authorize LCP
Jan 30 12:17:14: AAA/AUTHOR/LCP Vi1 (413543389): Port='Virtual-Access1' 
list='' service=NET
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) user='janedoe@rtp.cisco.com'
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) send AV protocol=lcp
Jan 30 12:17:14: AAA/AUTHOR/LCP (413543389) found list "default"
Jan 30 12:17:14: AAA/AUTHOR/LCP: Vi1 (413543389) Method=TACACS+
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (413543389): user=janedoe@rtp.cisco.com
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (413543389): send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (413543389): send AV protocol=lcp
Jan 30 12:17:14: TAC+: (413543389): received author response status = PASS_ADD
Jan 30 12:17:14: AAA/AUTHOR (413543389): Post authorization status = PASS_ADD
Jan 30 12:17:14: AAA/ACCT/NET/START User janedoe@rtp.cisco.com, 
Port Virtual-Access1, List ""
Jan 30 12:17:14: AAA/ACCT/NET: Found list "default"
Jan 30 12:17:14: Vi1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
Jan 30 12:17:14: AAA/AUTHOR/FSM Vi1 (1358526470): Port='Virtual-Access1' 
list='' service=NET
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) user='janedoe@rtp.cisco.com'
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) send AV protocol=ip
Jan 30 12:17:14: AAA/AUTHOR/FSM (1358526470) found list "default"
Jan 30 12:17:14: AAA/AUTHOR/FSM: Vi1 (1358526470) Method=TACACS+
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (1358526470): user=janedoe@rtp.cisco.com
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (1358526470): send AV service=ppp
Jan 30 12:17:14: AAA/AUTHOR/TAC+: (1358526470): send AV protocol=ip
Jan 30 12:17:14: TAC+: (1358526470): received author response status = PASS_ADD
Jan 30 12:17:14: AAA/AUTHOR (1358526470): Post authorization status = PASS_ADD
Jan 30 12:17:14: Vi1 AAA/AUTHOR/FSM: We can start IPCP
Jan 30 12:17:14: TAC+: (1442592025): received acct response status = UNKNOWN
20:12:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, 
changed state to up
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 10.6.1.1
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 10.6.1.1
Jan 30 12:17:16: Vi1 AAA/AUTHOR/IPCP: Start. Her address 10.6.1.1, we want 10.6.1.1
Jan 30 12:17:16: AAA/AUTHOR/IPCP Vi1 (3572380713): Port='Virtual-Access1' 
list='' service=NET
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) user='janedoe@rtp.cisco.com'
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) send AV service=ppp
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) send AV protocol=ip
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) send AV addr*10.6.1.1
Jan 30 12:17:16: AAA/AUTHOR/IPCP (3572380713) found list "default"
Jan 30 12:17:16: AAA/AUTHOR/IPCP: Vi1 (3572380713) Method=TACACS+
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): user=janedoe@rtp.cisco.com
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): send AV service=ppp
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): send AV protocol=ip
Jan 30 12:17:16: AAA/AUTHOR/TAC+: (3572380713): send AV addr*10.6.1.1
Jan 30 12:17:17: TAC+: (3572380713): received author response status = PASS_ADD
Jan 30 12:17:17: AAA/AUTHOR (3572380713): Post authorization status = PASS_ADD
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Processing AV addr*10.6.1.1
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 30 12:17:17: Vi1 AAA/AUTHOR/IPCP: Done. Her address 10.6.1.1, we want 10.6.1.1
LNS#

معلومات ذات صلة

محفوظات المراجعة

المراجعة	تاريخ النشر	التعليقات
1.0	14-May-2009	الإصدار الأولي

هل كان هذا المستند مفيدًا؟

التعليقات

اتصل بنا

فتح حالة دعم
(تتطلب عقد خدمة Cisco)