Assegnazione di timeout di inattività e sessioni PPP tramite RADIUS

Introduzione

Questa configurazione incorpora un client Windows 95/98/NT dotato di un modem che effettua la composizione su una linea analogica in un server di accesso. Il login dell'utente viene autenticato e autorizzato dal server RADIUS sul segmento Ethernet del router. I profili Cisco Secure UNIX e Windows illustrati in questo documento utilizzano gli attributi standard IETF (Internet Engineering Task Force) per il timeout di sessione e inattività. I valori sono espressi in secondi.

Questo documento non fornisce istruzioni dettagliate per la configurazione del server NAS per l'accesso remoto o AAA. Per ulteriori informazioni, consultare il documento sulla configurazione della tecnologia AAA RADIUS di base per i client chiamate in ingresso.

Prerequisiti

Requisiti

Nessun requisito specifico previsto per questo documento.

Componenti usati

Le informazioni fornite in questo documento si basano sulle seguenti versioni software e hardware:

• Software Cisco IOS® versione 12.0(5.5)T

• Cisco Secure UNIX versione 2.2.3

• Cisco Access Server 2511

Le informazioni discusse in questo documento fanno riferimento a dispositivi usati in uno specifico ambiente di emulazione. Su tutti i dispositivi menzionati nel documento la configurazione è stata ripristinata ai valori predefiniti. Se la rete è operativa, valutare attentamente eventuali conseguenze derivanti dall'uso dei comandi.

Convenzioni

Per ulteriori informazioni sulle convenzioni usate, consultare il documento Cisco sulle convenzioni nei suggerimenti tecnici.

Configurazione

Esempio di rete

Nel documento viene usata l'impostazione di rete mostrata nel diagramma.

Configurazioni

Nel documento vengono usate le configurazioni mostrate di seguito.

• Cisco Secure UNIX: Profilo RADIUS

• Cisco Secure ACS per Windows

• Router A

# ./ViewProfile -p 9900 -u radtime

User Profile Information

user = radtime{
profile_id = 99
profile_cycle = 2
member = raj
radius=IETF {
check_items= {
2=cisco
}
reply_attributes= {
6=2
7=1
27=180
28=60
}
}
}

Cisco Secure ACS per Windows

Completare la procedura descritta di seguito per configurare Cisco Secure for Windows in modo che i timeout di inattività vengano passati al server NAS.

1. Fare clic sul pulsante User Setup nella barra sinistra.

2. Passare all'utente in questione.

3. Nella sezione Attributi RADIUS IETF, selezionare Service-type (attributo 6) = Framed and Framed-Protocol (attributo 7)=PPP dal menu a discesa.

   Nota:  È inoltre necessario fare clic sulla casella di controllo posta accanto agli attributi selezionati: Service-Type e Framed-Protocol.

4. Fare clic sul pulsante Imposta gruppo nella barra sinistra. Selezionare il gruppo a cui appartiene l'utente e fare clic su Modifica impostazioni.

5. Nella sezione relativa agli attributi RADIUS IETF (Internet Engineering Task Force), fare clic sulla casella di controllo accanto ad Attributo 27 Session-Timeout e Attributo 28 Idle-Timeout. Specificare il valore desiderato per ogni timeout (in secondi) nella casella accanto a ogni attributo.

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname router_a
!
no logging console

!--- AAA configuration. The authorization statement is needed !--- to pass timeout values from ACS to the NAS.

aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius
username john password doe
enable password cisco
!
ip subnet-zero
no ip domain-lookup
!
cns event-service server
!
!
interface Ethernet0
ip address 171.68.201.53 255.255.255.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
async mode dedicated
peer default ip address pool default
no cdp enable
ppp authentication pap
group-range 1 16
!
ip local pool default 10.1.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 171.68.201.1
ip route 171.68.0.0 255.255.0.0 171.68.201.1
!

!--- Specify the RADIUS server host and key.


radius-server host 171.68.171.9 auth-port 1645 acct-port 1646
radius-server key ontop
!
line con 0
exec-timeout 0 0
timeout login response 60
transport input pad v120 telnet rlogin udptn
line 1 16
autoselect during-login
autoselect ppp
modem InOut
transport input all
speed 115200
line aux 0
timeout login response 60
line vty 0 4
exec-timeout 0 0
timeout login response 5
password cisco
!
end

Verifica

Le informazioni contenute in questa sezione permettono di verificare che la configurazione funzioni correttamente.

Alcuni comandi show sono supportati dallo strumento Output Interpreter (solo utenti registrati); lo strumento permette di visualizzare un'analisi dell'output del comando show.

• show dialer interface async 1: visualizza le informazioni sulle interfacce configurate per i profili dialer DDR (dial-on-demand routing).

• show interfaces async 1: visualizza le informazioni sull'interfaccia seriale.

Questo output del comando show mostra come verificare che la sessione e i timeout di inattività siano stati scaricati correttamente. Cisco consiglia di eseguire il comando più volte. Questo consente di osservare la diminuzione dei contatori.

router#show dialer interface async 1     
Async1 - dialer type = IN-BAND ASYNC NO-PARITY

!--- Check to see that the idletime is 60 seconds for this interface. !--- This was configured in the RADIUS server.

Idle timer (60 sec), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Time until disconnect 40 secs (radtime)

Dial String      Successes   Failures    Last DNIS   Last status

router#show interface async 1
Async1 is up, line protocol is up 
  Hardware is Async Serial
  Interface is unnumbered. Using address of Ethernet0 (171.68.201.53)
  MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec, 
     reliability 253/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive not set
  DTR is pulsed for 5 seconds on reset

!--- The session (absolute) and idletime decreases.

Time to interface disconnect:  absolute 00:02:41, idle 00:00:36
  LCP Open
  Open: IPCP
  Last input 00:00:18, output 00:00:18, output hang never
  Last clearing of "show interface" counters 3w0d
  Input queue: 1/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
     Conversations  0/1/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3543 packets input, 155629 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     46 input errors, 46 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1903 packets output, 44205 bytes, 0 underruns
     0 output errors, 0 collisions, 44 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions


router#show interface async 1
Async1 is up, line protocol is up 
  Hardware is Async Serial
  Interface is unnumbered. Using address of Ethernet0 (171.68.201.53)
  MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive not set
  DTR is pulsed for 5 seconds on reset

!--- The user is disconnected because the session !--- timeout (absolute) is reached.

Time to interface disconnect:  absolute 00:00:00, idle 00:00:56
  LCP Open
  Open: IPCP
  Last input 00:00:02, output 00:00:03, output hang never
  Last clearing of "show interface" counters 3w0d
  Input queue: 1/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
     Conversations  0/1/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     3674 packets input, 163005 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     46 input errors, 46 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1984 packets output, 49146 bytes, 0 underruns
     0 output errors, 0 collisions, 44 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

Risoluzione dei problemi

Le informazioni contenute in questa sezione permettono di risolvere i problemi relativi alla configurazione.

Comandi per la risoluzione dei problemi

Nota: prima di usare i comandi di debug, consultare le informazioni importanti sui comandi di debug.

• debug ppp authentication: visualizza i messaggi del protocollo di autenticazione. Questi messaggi includono gli scambi di pacchetti Challenge Authentication Protocol (CHAP) e Password Authentication Protocol (PAP).

• debug ppp negotiation: visualizza i pacchetti PPP (Point-to-Point Protocol) trasmessi durante l'avvio del protocollo PPP, dove le opzioni PPP vengono negoziate.

• debug aaa authorization: visualizza le informazioni sull'autorizzazione AAA/RADIUS.

• debug radius: visualizza informazioni di debug dettagliate associate a RADIUS.

Debug del router

Questo output di debug visualizza la connessione riuscita.

*Mar 22 21:11:02.797: AAA: parse name=tty1 idb type=10 tty=1
*Mar 22 21:11:02.801: AAA: name=tty1 flags=0x11 type=4 shelf=0 
   slot=0 adapter=0 port=1 channel=0
*Mar 22 21:11:02.801: AAA/MEMORY: create_user (0x57F3A8) user='' ruser='' 
   port='tty1' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar 22 21:11:02.833: AAA/MEMORY: free_user (0x57F3A8) user='' ruser='' 
   port='tty1' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar 22 21:11:02.909: As1 IPCP: Install route to 10.1.1.1
*Mar 22 21:11:04.869: As1 LCP: I CONFREQ [Closed] id 0 len 23
*Mar 22 21:11:04.873: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:04.877: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:04.877: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:04.881: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:04.881: As1 LCP:    Callback 6  (0x0D0306)
*Mar 22 21:11:04.885: As1 LCP: Lower layer not up, Fast Starting
*Mar 22 21:11:04.889: As1 PPP: Treating connection as a callin
*Mar 22 21:11:04.889: As1 PPP: Phase is ESTABLISHING, Passive Open
*Mar 22 21:11:04.893: As1 LCP: State is Listen
*Mar 22 21:11:04.897: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
*Mar 22 21:11:04.901: As1 LCP: O CONFREQ [Listen] id 104 len 24
*Mar 22 21:11:04.901: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar 22 21:11:04.905: As1 LCP:    AuthProto PAP (0x0304C023)
*Mar 22 21:11:04.909: As1 LCP:    MagicNumber 0x812C7E0C (0x0506812C7E0C)
*Mar 22 21:11:04.913: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:04.913: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:04.917: As1 LCP: O CONFREJ [Listen] id 0 len 7
*Mar 22 21:11:04.921: As1 LCP:    Callback 6  (0x0D0306)
3w0d: %LINK-3-UPDOWN: Interface Async1, changed state to up
*Mar 22 21:11:06.897: As1 LCP: TIMEout: State REQsent
*Mar 22 21:11:06.901: As1 LCP: O CONFREQ [REQsent] id 105 len 24
*Mar 22 21:11:06.901: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar 22 21:11:06.905: As1 LCP:    AuthProto PAP (0x0304C023)
*Mar 22 21:11:06.909: As1 LCP:    MagicNumber 0x812C7E0C (0x0506812C7E0C)
*Mar 22 21:11:06.909: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:06.913: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.045: As1 LCP: I CONFACK [REQsent] id 105 len 24
*Mar 22 21:11:07.049: As1 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar 22 21:11:07.053: As1 LCP:    AuthProto PAP (0x0304C023)
*Mar 22 21:11:07.057: As1 LCP:    MagicNumber 0x812C7E0C (0x0506812C7E0C)
*Mar 22 21:11:07.057: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.061: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.821: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23
*Mar 22 21:11:07.825: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:07.829: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:07.829: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.833: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.833: As1 LCP:    Callback 6  (0x0D0306)
*Mar 22 21:11:07.837: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7
*Mar 22 21:11:07.841: As1 LCP:    Callback 6  (0x0D0306)
*Mar 22 21:11:07.957: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20
*Mar 22 21:11:07.961: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:07.961: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:07.965: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.969: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.969: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20
*Mar 22 21:11:07.973: As1 LCP:    ACCM 0x00000000 (0x020600000000)
*Mar 22 21:11:07.977: As1 LCP:    MagicNumber 0x00005F22 (0x050600005F22)
*Mar 22 21:11:07.977: As1 LCP:    PFC (0x0702)
*Mar 22 21:11:07.981: As1 LCP:    ACFC (0x0802)
*Mar 22 21:11:07.985: As1 LCP: State is Open
*Mar 22 21:11:07.985: As1 PPP: Phase is AUTHENTICATING, by this end
*Mar 22 21:11:08.245: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 
   0x00005F22 MSRASV4.00
*Mar 22 21:11:08.249: As1 LCP: I IDENTIFY [Open] id 3 len 31 magic 
   0x00005F22 MSRAS-1-RAJESH-SECURITY
*Mar 22 21:11:08.253: As1 PAP: I AUTH-REQ id 30 len 18 from "radtime"
*Mar 22 21:11:08.265: As1 PAP: Authenticating peer radtime
*Mar 22 21:11:08.269: AAA: parse name=Async1 idb type=10 tty=1
*Mar 22 21:11:08.273: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 
   adapter=0 port=1 channel=0
*Mar 22 21:11:08.273: AAA/MEMORY: create_user (0x57F3A8) user='radtime' ruser='' 
   port='Async1' rem_addr='async' authen_type=PAP service=PPP priv=1
*Mar 22 21:11:08.281: RADIUS: ustruct sharecount=1
*Mar 22 21:11:08.285: RADIUS: Initial Transmit Async1 id 109 172.16.171.9:1645, 
   Access-Request, len 77
*Mar 22 21:11:08.289:         Attribute 4 6 AB44C935
*Mar 22 21:11:08.293:         Attribute 5 6 00000001
*Mar 22 21:11:08.293:         Attribute 61 6 00000000
*Mar 22 21:11:08.297:         Attribute 1 9 72616474
*Mar 22 21:11:08.297:         Attribute 2 18 486188E4
*Mar 22 21:11:08.301:         Attribute 6 6 00000002
*Mar 22 21:11:08.301:         Attribute 7 6 00000001
*Mar 22 21:11:08.329: RADIUS: Received from id 109 172.16.171.9:1645, 
   Access-Accept, len 44
*Mar 22 21:11:08.333:         Attribute 6 6 00000002
*Mar 22 21:11:08.333:         Attribute 7 6 00000001
*Mar 22 21:11:08.337:         Attribute 27 6 000000B4
*Mar 22 21:11:08.337:         Attribute 28 6 0000003C

È necessario decodificare le coppie di valori attributo (AVP) del comando debug radius. In questo modo è possibile comprendere meglio la transazione tra il server NAS e il server RADIUS.

Nota: a partire dal software Cisco IOS versione 12.2(11)T, l'output del comando debug radius è già decodificato. NON è necessario utilizzare lo strumento Output Interpreter (solo utenti registrati) per decodificare l'output. per ulteriori informazioni, fare riferimento a Miglioramenti del debug RADIUS.

Lo strumento Output Interpreter (solo utenti registrati) consente di ricevere un'analisi dell'output del comando debug radius.

L'output in corsivo è il risultato ottenuto dallo strumento Output Interpreter (solo utenti registrati):

Access-Request 172.16.171.9:1645 id 109
Attribute Type 4:  NAS-IP-Address is 171.68.201.53
Attribute Type 5:  NAS-Port is 1
Attribute Type 61: NAS-Port-Type is Asynchronous
Attribute Type 1:  User-Name is radt
Attribute Type 2:  User-Password is (encoded)
Attribute Type 6:  Service-Type is Framed
Attribute Type 7:  Framed-Protocol is PPP
	Access-Accept 172.16.171.9:1645 id 109
Attribute Type 6:  Service-Type is Framed
Attribute Type 7:  Framed-Protocol is PPP
Attribute Type 27: Session-Timeout is 180 seconds
Attribute Type 28: Idle-Timeout is 60 seconds

Notare che il timeout della sessione è di 180 secondi e il timeout di inattività è di 60 secondi.

*Mar 22 21:11:08.345: RADIUS: saved authorization data for user 57F3A8 at 5AB9A4
*Mar 22 21:11:08.349: As1 AAA/AUTHOR/LCP: Authorize LCP
*Mar 22 21:11:08.353: As1 AAA/AUTHOR/LCP (2107569326): Port='Async1' 
   list='' service=NET
*Mar 22 21:11:08.353: AAA/AUTHOR/LCP: As1 (2107569326) user='radtime'
*Mar 22 21:11:08.357: As1 AAA/AUTHOR/LCP (2107569326): send AV service=ppp
*Mar 22 21:11:08.357: As1 AAA/AUTHOR/LCP (2107569326): send AV protocol=lcp
*Mar 22 21:11:08.361: As1 AAA/AUTHOR/LCP (2107569326): found list "default"
*Mar 22 21:11:08.365: As1 AAA/AUTHOR/LCP (2107569326): Method=radius (radius)
*Mar 22 21:11:08.369: As1 AAA/AUTHOR (2107569326): Post authorization 
   status = PASS_REPL
*Mar 22 21:11:08.369: As1 AAA/AUTHOR/LCP: Processing AV service=ppp

!--- The session timeout and idle timeouts are applied to the interface.

*Mar 22 21:11:08.373: As1 AAA/AUTHOR/LCP: Processing AV timeout=180
*Mar 22 21:11:08.633: As1 AAA/AUTHOR/LCP: Processing AV idletime=60
*Mar 22 21:11:09.049: As1 PAP: O AUTH-ACK id 30 len 5
*Mar 22 21:11:09.053: As1 PPP: Phase is UP
*Mar 22 21:11:09.057: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
*Mar 22 21:11:09.061: As1 AAA/AUTHOR/FSM (1853995855): Port='Async1' 
   list='' service=NET
*Mar 22 21:11:09.061: AAA/AUTHOR/FSM: As1 (1853995855) user='radtime'
*Mar 22 21:11:09.065: As1 AAA/AUTHOR/FSM (1853995855): send AV service=ppp
*Mar 22 21:11:09.065: As1 AAA/AUTHOR/FSM (1853995855): send AV protocol=ip
*Mar 22 21:11:09.069: As1 AAA/AUTHOR/FSM (1853995855): found list "default"
*Mar 22 21:11:09.073: As1 AAA/AUTHOR/FSM (1853995855): Method=radius (radius)
*Mar 22 21:11:09.077: As1 AAA/AUTHOR (1853995855): Post authorization 
   status = PASS_REPL
*Mar 22 21:11:09.077: As1 AAA/AUTHOR/FSM: We can start IPCP
*Mar 22 21:11:09.085: As1 IPCP: O CONFREQ [Closed] id 19 len 10
*Mar 22 21:11:09.089: As1 IPCP:    Address 171.68.201.53 (0x0306AB44C935)
*Mar 22 21:11:09.177: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10
*Mar 22 21:11:09.181: As1 CCP:    MS-PPC supported bits 0x00000001 
   (0x120600000001)
*Mar 22 21:11:09.185: As1 LCP: O PROTREJ [Open] id 106 len 16 
   protocol CCP (0x80FD0104000A120600000001)
*Mar 22 21:11:09.189: As1 IPCP: I CONFREQ [REQsent] id 5 len 40
*Mar 22 21:11:09.193: As1 IPCP:    CompressType VJ 15 slots 
   CompressSlotID (0x0206002D0F01)
*Mar 22 21:11:09.197: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar 22 21:11:09.201: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar 22 21:11:09.205: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
*Mar 22 21:11:09.209: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar 22 21:11:09.213: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
*Mar 22 21:11:09.213: As1 AAA/AUTHOR/IPCP: Start.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.217: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Mar 22 21:11:09.221: As1 AAA/AUTHOR/IPCP: Authorization succeeded
*Mar 22 21:11:09.221: As1 AAA/AUTHOR/IPCP: Done.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.229: As1 IPCP: O CONFREJ [REQsent] id 5 len 34
*Mar 22 21:11:09.229: As1 IPCP:    CompressType VJ 15 slots 
   CompressSlotID (0x0206002D0F01)
*Mar 22 21:11:09.233: As1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar 22 21:11:09.237: As1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
*Mar 22 21:11:09.241: As1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar 22 21:11:09.245: As1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
*Mar 22 21:11:09.249: As1 IPCP: I CONFACK [REQsent] id 19 len 10
*Mar 22 21:11:09.253: As1 IPCP:    Address 171.68.201.53 (0x0306AB44C935)
*Mar 22 21:11:09.673: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
*Mar 22 21:11:09.677: As1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar 22 21:11:09.681: As1 AAA/AUTHOR/IPCP: Start.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.685: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Mar 22 21:11:09.685: As1 AAA/AUTHOR/IPCP: Authorization succeeded
*Mar 22 21:11:09.689: As1 AAA/AUTHOR/IPCP: Done.  
   Her address 0.0.0.0, we want 10.1.1.1
*Mar 22 21:11:09.693: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10
*Mar 22 21:11:09.697: As1 IPCP:    Address 10.1.1.1 (0x03060A010101)
*Mar 22 21:11:09.813: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10
*Mar 22 21:11:09.817: As1 IPCP:    Address 10.1.1.1 (0x03060A010101)
*Mar 22 21:11:09.821: As1 AAA/AUTHOR/IPCP: Start.  
   Her address 10.1.1.1, we want 10.1.1.1
*Mar 22 21:11:09.825: As1 AAA/AUTHOR/IPCP (1344088998): Port='Async1' 
   list='' service=NET
*Mar 22 21:11:09.829: AAA/AUTHOR/IPCP: As1 (1344088998) user='radtime'
*Mar 22 21:11:09.833: As1 AAA/AUTHOR/IPCP (1344088998): send AV service=ppp
*Mar 22 21:11:09.833: As1 AAA/AUTHOR/IPCP (1344088998): send AV protocol=ip
*Mar 22 21:11:09.837: As1 AAA/AUTHOR/IPCP (1344088998): send AV addr*10.1.1.1
*Mar 22 21:11:09.837: As1 AAA/AUTHOR/IPCP (1344088998): found list "default"
*Mar 22 21:11:09.841: As1 AAA/AUTHOR/IPCP (1344088998): Method=radius (radius)
*Mar 22 21:11:09.845: As1 AAA/AUTHOR (1344088998): Post authorization 
   status = PASS_REPL
*Mar 22 21:11:09.849: As1 AAA/AUTHOR/IPCP: Reject 10.1.1.1, using 10.1.1.1
*Mar 22 21:11:09.853: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Mar 22 21:11:09.857: As1 AAA/AUTHOR/IPCP: Processing AV addr*10.1.1.1
*Mar 22 21:11:09.857: As1 AAA/AUTHOR/IPCP: Authorization succeeded
*Mar 22 21:11:09.861: As1 AAA/AUTHOR/IPCP: Done.  
   Her address 10.1.1.1, we want 10.1.1.1
*Mar 22 21:11:09.865: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10
*Mar 22 21:11:09.869: As1 IPCP:    Address 10.1.1.1 (0x03060A010101)
*Mar 22 21:11:09.873: As1 IPCP: State is Open
*Mar 22 21:11:09.885: As1 IPCP: Install route to 10.1.1.1
3w0d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, 
   changed state to up

Informazioni correlate

• Configurazione della tecnologia AAA RADIUS di base per client di chiamata in ingresso
• Pagine di supporto RADIUS
• Pagine di supporto Cisco Secure UNIX
• Configurazione di RADIUS con Livingston Server
• RFC (Requests for Comments)
• Supporto tecnico – Cisco Systems