使用Microsoft IAS為PPTP配置Cisco IOS軟體和Windows 2000
目錄
簡介
在Cisco 7100和7200路由器平台上的Cisco IOS®軟體版本12.0.5.XE5中新增了點對點隧道協定(PPTP)支援。Cisco IOS軟體版本12.1.5.T新增了對更多平台的支援。
要求建議(RFC)2637描述了PPTP。根據此RFC,PPTP訪問集中器(PAC)是客戶端(即PC或呼叫者),PPTP網路伺服器(PNS)是伺服器(即被呼叫的路由器或裝置)。
必要條件
需求
本文檔假定您已使用這些文檔設定與路由器的PPTP連線,並且它們已在運行。該路由器具有本地Microsoft質詢握手身份驗證協定(MS-CHAP)V1身份驗證(以及可選的Microsoft點對點加密[MPPE],需要MS-CHAP V1)。MPPE加密支援需要遠端身份驗證撥入使用者服務(RADIUS);TACACS+適用於驗證,但不適用於MPPE金鑰。
採用元件
本檔案中的資訊是根據以下軟體和硬體版本。
-
Microsoft IAS可選元件安裝在帶有Active Directory的Microsoft 2000高級伺服器上。
-
Cisco 3600路由器。
-
Cisco IOS軟體版本c3640-io3s56i-mz.121-5.T。
此配置使用安裝在Windows 2000高級伺服器上的Microsoft IAS作為RADIUS伺服器。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您在即時網路中工作,請確保在使用任何命令之前瞭解其潛在影響。
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
背景理論
此示例配置演示如何設定PC以連線到路由器(地址為10.200.20.2),然後路由器在允許使用者進入網路之前向Microsoft的Internet身份驗證伺服器(IAS)(地址為10.200.20.245)驗證使用者的身份。適用於Windows的Cisco安全存取控制伺服器(ACS)版本2.5提供PPTP支援。但是,由於Cisco錯誤ID CSCds92266,它可能對路由器無效。如果您使用的是Cisco Secure,我們建議使用Cisco Secure 2.6版或更高版本。Cisco Secure UNIX不支援MPPE。另外兩個支援MPPE的RADIUS應用程式是Microsoft RADIUS和Funk RADIUS。
設定
本節提供用於設定本文件中所述功能的資訊。
注意:要查詢有關本文檔中使用的命令的其他資訊,請使用IOS命令查詢工具
網路圖表
本文檔使用下圖所示的網路設定。
用於撥號客戶端的IP池:
-
網關路由器:192.168.1.2 ~ 192.168.1.254
-
LNS:172.16.10.1 ~ 172.16.10.10
雖然上述設定使用撥號客戶端通過撥號連線到網際網路服務提供商(ISP)路由器,但您可以通過任何介質(例如LAN)連線PC和網關路由器。
為Microsoft IAS配置Windows 2000高級伺服器
本節介紹如何為Microsoft IAS配置Windows 2000高級伺服器:
-
確保已安裝Microsoft IAS。要安裝Microsoft IAS,請以管理員身份登入。在Network Services下,驗證是否已清除所有覈取方塊。選中Internet Authentication Server覈取方塊,然後按一下OK。
-
在「Windows Components(Windows元件)」嚮導中,按一下「Next(下一步)」。如果出現提示,請插入Windows 2000 CD。
-
複製所需檔案後,按一下Finish,然後關閉所有視窗。您無需重新啟動。
設定Radius使用者端
本節介紹設定radius使用者端的步驟:
-
在管理工具中,開啟Internet Authentication Server控制檯,然後按一下Clients。
-
在「Friendly Name」框中,鍵入網路訪問伺服器(NAS)的IP地址。
-
按一下Use this IP選項。
-
在「Client-Vendor」下拉選單框中,確保選中「RADIUS Standard」選項。
-
在Shared Secret和Confirm Shared Secret框中,鍵入密碼,然後按一下Finish。
-
在控制檯樹中,按一下右鍵Internet Authentication Service,然後按一下Start。
-
關閉控制檯。
在IAS上配置使用者
與Cisco Secure不同,Windows 2000 RADIUS使用者資料庫與Windows使用者資料庫緊密繫結。如果Active Directory安裝在Windows 2000伺服器上,請從Active Directory使用者和電腦建立新撥號使用者。如果未安裝Active Directory,請使用Local Users and Groups from Administrative tools來建立新使用者。
在Active Directory中配置使用者
本節介紹在Active Directory中配置使用者的步驟:
-
在「Active Directory Users and Computers」控制檯中,展開域。按一下右鍵Users。滾動選擇New User。建立一個名為tac的新使用者。
-
在Password和Confirm Password對話方塊中鍵入密碼。
-
清除User Must Change Password at Next Logon欄位,然後按一下Next。
-
開啟使用者tac屬性框。切換到Dial-In頁籤。在Remote Access Permission(Dial-in or VPN)下,按一下Allow Access,然後按一下OK。
配置使用者(如果未安裝Active Directory)
本節介紹在沒有安裝Active Directory的情況下配置使用者的步驟:
-
在Administrative Tools部分,按一下Computer Management。展開Computer Management控制檯,然後按一下Local Users and Groups。按一下右鍵Users捲軸以選擇New User。建立一個名為tac的新使用者。
-
在Password和Confirm Password對話方塊中鍵入密碼。
-
清除User Must Change Password at Next Logon選項,然後按一下Next。
-
開啟名為tac的屬性的新用戶框。切換到Dial-in頁籤。在Remote Access Permission(Dial-in or VPN)下,按一下Allow Access,然後按一下OK。
將遠端訪問策略應用於Windows使用者
本節介紹將遠端訪問策略應用於Windows使用者的步驟:
-
在Administrative Tools中,開啟Internet Authentication Server Console,然後按一下Remote Access Policies。
-
按一下Specify the Conditions to Match上的Add按鈕,然後新增Service-Type。選擇可用型別Framed,並將其新增到Selected Types清單。按OK。
-
按一下Specify the Conditions to Match上的Add按鈕並新增Framed Protocol。選擇可用型別作為ppp,並將其新增到Selected Types清單。按OK。
-
按一下Specify the Conditions to Match上的Add按鈕並新增Windows-Groups,以新增使用者所屬的Windows組。選擇該組並將其新增到Selected Types中,然後按OK。
-
在Allow Access if Dial-in Permission is Enabled屬性中,選擇Grant remote Access permission。
-
關閉控制檯。
為PPTP配置Windows 2000客戶端
以下部分顯示為PPTP配置Windows 2000客戶端的步驟:
-
在「Start」選單中選擇「Settings」 ,然後選擇:
-
控制面板和網路和撥號連線,或
-
然後建立網路和撥號連線。
使用嚮導建立名為PPTP的連線。此連線通過Internet連線到專用網路。您還需要指定PPTP網路伺服器(PNS)IP地址或名稱。
-
-
新連線出現在「Control Panel(控制面板)」下的「Network and Dial-up Connections(網路和撥號連線)」視窗中。
在此處,按一下右鍵可編輯其屬性。在Networking頁籤下,確保Type of Server I Am Calling欄位設定為PPTP。如果計畫通過本地池或動態主機配置協定(DHCP)從網關為此客戶端分配動態內部地址,請選擇TCP/IP協定,並確保客戶端配置為自動獲取IP地址。您也可以自動發出DNS資訊。
Advanced按鈕允許您定義靜態Windows Internet命名服務(WINS)和DNS資訊。
Options頁籤允許您關閉IPSec或為連線分配不同的策略。
-
在Security頁籤下,可以定義使用者身份驗證引數。例如,PAP、CHAP或MS-CHAP或Windows域登入。配置連線後,您可以按兩下它以顯示登入螢幕,然後進行連線。
組態
使用下列路由器配置,即使RADIUS伺服器不可用(在尚未配置Microsoft IAS時,這是可能的),使用者也能夠使用使用者名稱tac和密碼admin進行連線。 以下示例配置概述了不帶IPSec的L2tp所需的命令。
| 安琪拉 |
|---|
angela#show running-config Building configuration... Current configuration : 1606 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname angela ! logging rate-limit console 10 except errors !---Enable AAA services here aaa new-model aaa authentication login default group radius local aaa authentication login console none aaa authentication ppp default group radius local aaa authorization network default group radius local enable password ! username tac password 0 admin memory-size iomem 30 ip subnet-zero ! ! no ip finger no ip domain-lookup ip host rund 172.17.247.195 ! ip audit notify log ip audit po max-events 100 ip address-pool local !---Enable VPN/Virtual Private Dialup Network (VPDN) services !---and define groups and their respective parameters. vpdn enable no vpdn logging ! ! vpdn-group PPTP_WIN2KClient !---Default PPTP VPDN group !---Allow the router to accept incoming Requests accept-dialin protocol pptp virtual-template 1 ! ! ! call rsvp-sync ! ! ! ! ! ! ! controller E1 2/0 ! ! interface Loopback0 ip address 172.16.10.100 255.255.255.0 ! interface Ethernet0/0 ip address 10.200.20.2 255.255.255.0 half-duplex ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool default !--- The following encryption command is optional !--- and could be added later. ppp encrypt mppe 40 ppp authentication ms-chap ! ip local pool default 172.16.10.1 172.16.10.10 ip classless ip route 0.0.0.0 0.0.0.0 10.200.20.1 ip route 192.168.1.0 255.255.255.0 10.200.20.250 no ip http server ! radius-server host 10.200.20.245 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server key cisco ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 login authentication console transport input none line 33 50 modem InOut line aux 0 line vty 0 4 exec-timeout 0 0 password ! end angela#show debug General OS: AAA Authentication debugging is on AAA Authorization debugging is on PPP: MPPE Events debugging is on PPP protocol negotiation debugging is on VPN: L2X protocol events debugging is on L2X protocol errors debugging is on VPDN events debugging is on VPDN errors debugging is on Radius protocol debugging is on angela# *Mar 7 04:21:07.719: L2X: TCP connect reqd from 0.0.0.0:2000 *Mar 7 04:21:07.991: Tnl 29 PPTP: Tunnel created; peer initiated *Mar 7 04:21:08.207: Tnl 29 PPTP: SCCRQ-ok -> state change wt-sccrq to estabd *Mar 7 04:21:09.267: VPDN: Session vaccess task running *Mar 7 04:21:09.267: Vi1 VPDN: Virtual interface created *Mar 7 04:21:09.267: Vi1 VPDN: Clone from Vtemplate 1 *Mar 7 04:21:09.343: Tnl/Cl 29/29 PPTP: VAccess created *Mar 7 04:21:09.343: Vi1 Tnl/Cl 29/29 PPTP: vacc-ok -> #state change wt-vacc to estabd *Mar 7 04:21:09.343: Vi1 VPDN: Bind interface direction=2 *Mar 7 04:21:09.347: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up *Mar 7 04:21:09.347: Vi1 PPP: Using set call direction *Mar 7 04:21:09.347: Vi1 PPP: Treating connection as a callin *Mar 7 04:21:09.347: Vi1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load] *Mar 7 04:21:09.347: Vi1 LCP: State is Listen *Mar 7 04:21:10.347: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up *Mar 7 04:21:11.347: Vi1 LCP: TIMEout: State Listen *Mar 7 04:21:11.347: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially *Mar 7 04:21:11.347: Vi1 LCP: O CONFREQ [Listen] id 7 len 15 *Mar 7 04:21:11.347: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380) *Mar 7 04:21:11.347: Vi1 LCP: MagicNumber 0x3050EB1F (0x05063050EB1F) *Mar 7 04:21:11.635: Vi1 LCP: I CONFACK [REQsent] id 7 len 15 *Mar 7 04:21:11.635: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380) *Mar 7 04:21:11.635: Vi1 LCP: MagicNumber 0x3050EB1F (0x05063050EB1F) *Mar 7 04:21:13.327: Vi1 LCP: I CONFREQ [ACKrcvd] id 1 len 44 *Mar 7 04:21:13.327: Vi1 LCP: MagicNumber 0x35BE1CB0 (0x050635BE1CB0) *Mar 7 04:21:13.327: Vi1 LCP: PFC (0x0702) *Mar 7 04:21:13.327: Vi1 LCP: ACFC (0x0802) *Mar 7 04:21:13.327: Vi1 LCP: Callback 6 (0x0D0306) *Mar 7 04:21:13.327: Vi1 LCP: MRRU 1614 (0x1104064E) *Mar 7 04:21:13.327: Vi1 LCP: EndpointDisc 1 Local *Mar 7 04:21:13.327: Vi1 LCP: (0x1317016AC616B006CC4281A1CA941E39) *Mar 7 04:21:13.331: Vi1 LCP: (0xB9182600000008) *Mar 7 04:21:13.331: Vi1 LCP: O CONFREJ [ACKrcvd] id 1 len 34 *Mar 7 04:21:13.331: Vi1 LCP: Callback 6 (0x0D0306) *Mar 7 04:21:13.331: Vi1 LCP: MRRU 1614 (0x1104064E) *Mar 7 04:21:13.331: Vi1 LCP: EndpointDisc 1 Local *Mar 7 04:21:13.331: Vi1 LCP: (0x1317016AC616B006CC4281A1CA941E39) *Mar 7 04:21:13.331: Vi1 LCP: (0xB9182600000008) *Mar 7 04:21:13.347: Vi1 LCP: TIMEout: State ACKrcvd *Mar 7 04:21:13.347: Vi1 LCP: O CONFREQ [ACKrcvd] id 8 len 15 *Mar 7 04:21:13.347: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380) *Mar 7 04:21:13.347: Vi1 LCP: MagicNumber 0x3050EB1F (0x05063050EB1F) *Mar 7 04:21:13.647: Vi1 LCP: I CONFREQ [REQsent] id 2 len 14 *Mar 7 04:21:13.651: Vi1 LCP: MagicNumber 0x35BE1CB0 (0x050635BE1CB0) *Mar 7 04:21:13.651: Vi1 LCP: PFC (0x0702) *Mar 7 04:21:13.651: Vi1 LCP: ACFC (0x0802) *Mar 7 04:21:13.651: Vi1 LCP: O CONFACK [REQsent] id 2 len 14 *Mar 7 04:21:13.651: Vi1 LCP: MagicNumber 0x35BE1CB0 (0x050635BE1CB0) *Mar 7 04:21:13.651: Vi1 LCP: PFC (0x0702) *Mar 7 04:21:13.651: Vi1 LCP: ACFC (0x0802) *Mar 7 04:21:13.723: Vi1 LCP: I CONFACK [ACKsent] id 8 len 15 *Mar 7 04:21:13.723: Vi1 LCP: AuthProto MS-CHAP (0x0305C22380) *Mar 7 04:21:13.723: Vi1 LCP: MagicNumber 0x3050EB1F (0x05063050EB1F) *Mar 7 04:21:13.723: Vi1 LCP: State is Open *Mar 7 04:21:13.723: Vi1 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load] *Mar 7 04:21:13.723: Vi1 MS-CHAP: O CHALLENGE id 20 len 21 from "angela " *Mar 7 04:21:14.035: Vi1 LCP: I IDENTIFY [Open] id 3 len 18 magic 0x35BE1CB0 MSRASV5.00 *Mar 7 04:21:14.099: Vi1 LCP: I IDENTIFY [Open] id 4 len 24 magic 0x35BE1CB0 MSRAS-1-RSHANMUG *Mar 7 04:21:14.223: Vi1 MS-CHAP: I RESPONSE id 20 len 57 from "tac" *Mar 7 04:21:14.223: AAA: parse name=Virtual-Access1 idb type=21 tty=-1 *Mar 7 04:21:14.223: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0 *Mar 7 04:21:14.223: AAA/MEMORY: create_user (0x62740E7C) user='tac' ruser='' port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 *Mar 7 04:21:14.223: AAA/AUTHEN/START (2474402925): port='Virtual-Access1' list='' action=LOGIN service=PPP *Mar 7 04:21:14.223: AAA/AUTHEN/START (2474402925): using "default" list *Mar 7 04:21:14.223: AAA/AUTHEN/START (2474402925): Method=radius (radius) *Mar 7 04:21:14.223: RADIUS: ustruct sharecount=0 *Mar 7 04:21:14.223: RADIUS: Initial Transmit Virtual-Access1 id 116 10.200.20.245:1645, Access-Request, len 129 *Mar 7 04:21:14.227: Attribute 4 6 0AC81402 *Mar 7 04:21:14.227: Attribute 5 6 00000001 *Mar 7 04:21:14.227: Attribute 61 6 00000005 *Mar 7 04:21:14.227: Attribute 1 5 7461631A *Mar 7 04:21:14.227: Attribute 26 16 000001370B0AFD11 *Mar 7 04:21:14.227: Attribute 26 58 0000013701341401 *Mar 7 04:21:14.227: Attribute 6 6 00000002 *Mar 7 04:21:14.227: Attribute 7 6 00000001 *Mar 7 04:21:14.239: RADIUS: Received from id 116 10.200.20.245:1645, Access-Accept, len 116 *Mar 7 04:21:14.239: Attribute 7 6 00000001 *Mar 7 04:21:14.239: Attribute 6 6 00000002 *Mar 7 04:21:14.239: Attribute 25 32 64080750 *Mar 7 04:21:14.239: Attribute 26 40 000001370C223440 *Mar 7 04:21:14.239: Attribute 26 12 000001370A06144E *Mar 7 04:21:14.239: AAA/AUTHEN (2474402925): status = PASS *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP: Authorize LCP *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP (2434357606): Port='Virtual-Access1' list='' service=NET *Mar 7 04:21:14.243: AAA/AUTHOR/LCP: Vi1 (2434357606) user='tac' *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP (2434357606): send AV service=ppp *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP (2434357606): send AV protocol=lcp *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP (2434357606): found list "default" *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP (2434357606): Method=radius (radius) *Mar 7 04:21:14.243: RADIUS: unrecognized Microsoft VSA type 10 *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR (2434357606): Post authorization status = PASS_REPL *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP: Processing AV service=ppp *Mar 7 04:21:14.243: Vi1 AAA/AUTHOR/LCP: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#11Z1`1k1}111 *Mar 7 04:21:14.243: Vi1 MS-CHAP: O SUCCESS id 20 len 4 *Mar 7 04:21:14.243: Vi1 PPP: Phase is UP [0 sess, 0 load] *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM: (0): Can we start IPCP? *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM (1553311212): Port='Virtual-Access1' list='' service=NET *Mar 7 04:21:14.247: AAA/AUTHOR/FSM: Vi1 (1553311212) user='tac' *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM (1553311212): send AV service=ppp *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM (1553311212): send AV protocol=ip *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM (1553311212): found list "default" *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM (1553311212): Method=radius (radius) *Mar 7 04:21:14.247: RADIUS: unrecognized Microsoft VSA type 10 *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR (1553311212): Post authorization status = PASS_REPL *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM: We can start IPCP *Mar 7 04:21:14.247: Vi1 IPCP: O CONFREQ [Not negotiated] id 4 len 10 *Mar 7 04:21:14.247: Vi1 IPCP: Address 172.16.10.100 (0x0306AC100A64) *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM: (0): Can we start CCP? *Mar 7 04:21:14.247: Vi1 AAA/AUTHOR/FSM (3663845178): Port='Virtual-Access1' list='' service=NET *Mar 7 04:21:14.251: AAA/AUTHOR/FSM: Vi1 (3663845178) user='tac' *Mar 7 04:21:14.251: Vi1 AAA/AUTHOR/FSM (3663845178): send AV service=ppp *Mar 7 04:21:14.251: Vi1 AAA/AUTHOR/FSM (3663845178): send AV protocol=ccp *Mar 7 04:21:14.251: Vi1 AAA/AUTHOR/FSM (3663845178): found list "default" *Mar 7 04:21:14.251: Vi1 AAA/AUTHOR/FSM (3663845178): Method=radius (radius) *Mar 7 04:21:14.251: RADIUS: unrecognized Microsoft VSA type 10 *Mar 7 04:21:14.251: Vi1 AAA/AUTHOR (3663845178): Post authorization status = PASS_REPL *Mar 7 04:21:14.251: Vi1 AAA/AUTHOR/FSM: We can start CCP *Mar 7 04:21:14.251: Vi1 CCP: O CONFREQ [Closed] id 3 len 10 *Mar 7 04:21:14.251: Vi1 CCP: MS-PPC supported bits 0x01000020 (0x120601000020) *Mar 7 04:21:14.523: Vi1 CCP: I CONFREQ [REQsent] id 5 len 10 *Mar 7 04:21:14.523: Vi1 CCP: MS-PPC supported bits 0x010000F1 (0x1206010000F1) *Mar 7 04:21:14.523: Vi1 MPPE: don't understand all options, NAK *Mar 7 04:21:14.523: Vi1 AAA/AUTHOR/FSM: Check for unauthorized mandatory AV's *Mar 7 04:21:14.523: Vi1 AAA/AUTHOR/FSM: Processing AV service=ppp *Mar 7 04:21:14.523: Vi1 AAA/AUTHOR/FSM: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#11Z1`1k1}111 *Mar 7 04:21:14.523: Vi1 AAA/AUTHOR/FSM: Succeeded *Mar 7 04:21:14.523: Vi1 CCP: O CONFNAK [REQsent] id 5 len 10 *Mar 7 04:21:14.523: Vi1 CCP: MS-PPC supported bits 0x01000020 (0x120601000020) *Mar 7 04:21:14.607: Vi1 IPCP: I CONFREQ [REQsent] id 6 len 34 *Mar 7 04:21:14.607: Vi1 IPCP: Address 0.0.0.0 (0x030600000000) *Mar 7 04:21:14.607: Vi1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Mar 7 04:21:14.607: Vi1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Mar 7 04:21:14.607: Vi1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Mar 7 04:21:14.607: Vi1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Mar 7 04:21:14.607: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 *Mar 7 04:21:14.607: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp *Mar 7 04:21:14.607: Vi1 AAA/AUTHOR/IPCP: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#11Z1`1k1}111 *Mar 7 04:21:14.607: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded *Mar 7 04:21:14.607: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0 *Mar 7 04:21:14.607: Vi1 IPCP: Pool returned 172.16.10.1 *Mar 7 04:21:14.607: Vi1 IPCP: O CONFREJ [REQsent] id 6 len 28 *Mar 7 04:21:14.607: Vi1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Mar 7 04:21:14.611: Vi1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Mar 7 04:21:14.611: Vi1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Mar 7 04:21:14.611: Vi1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Mar 7 04:21:14.675: Vi1 IPCP: I CONFACK [REQsent] id 4 len 10 *Mar 7 04:21:14.675: Vi1 IPCP: Address 172.16.10.100 (0x0306AC100A64) *Mar 7 04:21:14.731: Vi1 CCP: I CONFACK [REQsent] id 3 len 10 *Mar 7 04:21:14.731: Vi1 CCP: MS-PPC supported bits 0x01000020 (0x120601000020) *Mar 7 04:21:14.939: Vi1 CCP: I CONFREQ [ACKrcvd] id 7 len 10 *Mar 7 04:21:14.939: Vi1 CCP: MS-PPC supported bits 0x01000020 (0x120601000020) *Mar 7 04:21:14.939: Vi1 AAA/AUTHOR/FSM: Check for unauthorized mandatory AV's *Mar 7 04:21:14.939: Vi1 AAA/AUTHOR/FSM: Processing AV service=ppp *Mar 7 04:21:14.939: Vi1 AAA/AUTHOR/FSM: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#11Z1`1k1}111 *Mar 7 04:21:14.939: Vi1 AAA/AUTHOR/FSM: Succeeded *Mar 7 04:21:14.939: Vi1 CCP: O CONFACK [ACKrcvd] id 7 len 10 *Mar 7 04:21:14.939: Vi1 CCP: MS-PPC supported bits 0x01000020 (0x120601000020) *Mar 7 04:21:14.943: Vi1 CCP: State is Open *Mar 7 04:21:14.943: Vi1 MPPE: Generate keys using RADIUS data *Mar 7 04:21:14.943: Vi1 MPPE: Initialize keys *Mar 7 04:21:14.943: Vi1 MPPE: [40 bit encryption] [stateless mode] *Mar 7 04:21:14.991: Vi1 IPCP: I CONFREQ [ACKrcvd] id 8 len 10 *Mar 7 04:21:14.991: Vi1 IPCP: Address 0.0.0.0 (0x030600000000) *Mar 7 04:21:14.991: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 172.16.10.1 *Mar 7 04:21:14.991: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp *Mar 7 04:21:14.995: Vi1 AAA/AUTHOR/IPCP: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#11Z1`1k1}111 *Mar 7 04:21:14.995: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded *Mar 7 04:21:14.995: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 172.16.10.1 *Mar 7 04:21:14.995: Vi1 IPCP: O CONFNAK [ACKrcvd] id 8 len 10 *Mar 7 04:21:14.995: Vi1 IPCP: Address 172.16.10.1 (0x0306AC100A01) *Mar 7 04:21:15.263: Vi1 IPCP: I CONFREQ [ACKrcvd] id 9 len 10 *Mar 7 04:21:15.263: Vi1 IPCP: Address 172.16.10.1 (0x0306AC100A01) *Mar 7 04:21:15.263: Vi1 AAA/AUTHOR/IPCP: Start. Her address 172.16.10.1, we want 172.16.10.1 *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP (2052567766): Port='Virtual-Access1' list='' service=NET *Mar 7 04:21:15.267: AAA/AUTHOR/IPCP: Vi1 (2052567766) user='tac' *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP (2052567766): send AV service=ppp *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP (2052567766): send AV protocol=ip *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP (2052567766): send AV addr*172.16.10.1 *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP (2052567766): found list "default" *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP (2052567766): Method=radius (radius) *Mar 7 04:21:15.267: RADIUS: unrecognized Microsoft VSA type 10 *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR (2052567766): Post authorization status = PASS_REPL *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP: Reject 172.16.10.1, using 172.16.10.1 *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#11Z1`1k1}111 *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP: Processing AV addr*172.16.10.1 *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded *Mar 7 04:21:15.267: Vi1 AAA/AUTHOR/IPCP: Done. Her address 172.16.10.1, we want 172.16.10.1 *Mar 7 04:21:15.271: Vi1 IPCP: O CONFACK [ACKrcvd] id 9 len 10 *Mar 7 04:21:15.271: Vi1 IPCP: Address 172.16.10.1 (0x0306AC100A01) *Mar 7 04:21:15.271: Vi1 IPCP: State is Open *Mar 7 04:21:15.271: Vi1 IPCP: Install route to 172.16.10.1 *Mar 7 04:21:22.571: Vi1 LCP: I ECHOREP [Open] id 1 len 12 magic 0x35BE1CB0 *Mar 7 04:21:22.571: Vi1 LCP: Received id 1, sent id 1, line up *Mar 7 04:21:30.387: Vi1 LCP: I ECHOREP [Open] id 2 len 12 magic 0x35BE1CB0 *Mar 7 04:21:30.387: Vi1 LCP: Received id 2, sent id 2, line up angela#show vpdn %No active L2TP tunnels %No active L2F tunnels PPTP Tunnel and Session Information Total tunnels 1 sessions 1 LocID Remote Name State Remote Address Port Sessions 29 estabd 192.168.1.47 2000 1 LocID RemID TunID Intf Username State Last Chg 29 32768 29 Vi1 tac estabd 00:00:31 %No active PPPoE tunnels angela# *Mar 7 04:21:40.471: Vi1 LCP: I ECHOREP [Open] id 3 len 12 magic 0x35BE1CB0 *Mar 7 04:21:40.471: Vi1 LCP: Received id 3, sent id 3, line up *Mar 7 04:21:49.887: Vi1 LCP: I ECHOREP [Open] id 4 len 12 magic 0x35BE1CB0 *Mar 7 04:21:49.887: Vi1 LCP: Received id 4, sent id 4, line up angela#ping 192.168.1.47 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.47, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 484/584/732 ms *Mar 7 04:21:59.855: Vi1 LCP: I ECHOREP [Open] id 5 len 12 magic 0x35BE1CB0 *Mar 7 04:21:59.859: Vi1 LCP: Received id 5, sent id 5, line up *Mar 7 04:22:06.323: Tnl 29 PPTP: timeout -> state change estabd to estabd *Mar 7 04:22:08.111: Tnl 29 PPTP: EchoRQ -> state change estabd to estabd *Mar 7 04:22:08.111: Tnl 29 PPTP: EchoRQ -> echo state change Idle to Idle *Mar 7 04:22:09.879: Vi1 LCP: I ECHOREP [Open] id 6 len 12 magic 0x35BE1CB0 *Mar 7 04:22:09.879: Vi1 LCP: Received id 6, sent id 6, line up angela#ping 172.16.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 584/707/1084 ms *Mar 7 04:22:39.863: Vi1 LCP: I ECHOREP [Open] id 7 len 12 magic 0x35BE1CB0 *Mar 7 04:22:39.863: Vi1 LCP: Received id 7, sent id 7, line up angela#clear vpdn tunnel pptp tac Could not find specified tunnel angela#show vpdn tunnel %No active L2TP tunnels %No active L2F tunnels PPTP Tunnel Information Total tunnels 1 sessions 1 LocID Remote Name State Remote Address Port Sessions 29 estabd 192.168.1.47 2000 1 %No active PPPoE tunnels angela# *Mar 7 04:23:05.347: Tnl 29 PPTP: timeout -> state change estabd to estabd angela# *Mar 7 04:23:08.019: Tnl 29 PPTP: EchoRQ -> state change estabd to estabd *Mar 7 04:23:08.019: Tnl 29 PPTP: EchoRQ -> echo state change Idle to Idle angela# *Mar 7 04:23:09.887: Vi1 LCP: I ECHOREP [Open] id 10 len 12 magic 0x35BE1CB0 *Mar 7 04:23:09.887: Vi1 LCP: Received id 10, sent id 10, line up |
驗證
本節提供的資訊可用於確認您的組態是否正常運作。
輸出直譯器工具支援某些show命令,該工具允許您檢視show命令輸出的分析。
-
show vpdn — 顯示VPDN中有關作用中第2層轉送(L2F)通訊協定通道和訊息識別符號的資訊。
您還可以使用show vpdn ?檢視其他VPDN特定的show命令。
疑難排解
本節提供的資訊可用於對組態進行疑難排解。
疑難排解指令
輸出直譯器工具支援某些show命令,該工具允許您檢視show命令輸出的分析。
注意:發出debug指令之前,請先參閱有關Debug指令的重要資訊。
-
debug aaa authentication — 顯示有關AAA/TACACS+身份驗證的資訊。
-
debug aaa authorization — 顯示有關AAA/TACACS+授權的資訊。
-
debug ppp negotiation — 顯示在PPP啟動期間傳輸的PPP資料包,其中會協商PPP選項。
-
debug ppp authentication — 顯示身份驗證協定消息,包括質詢身份驗證協定(CHAP)資料包交換和密碼身份驗證協定(PAP)交換。
-
debug radius — 顯示與RADIUS關聯的詳細調試資訊。如果身份驗證有效,但MPPE加密出現問題,請使用以下其中一個debug命令。
-
debug ppp mppe packet — 顯示所有傳入傳出MPPE流量。
-
debug ppp mppe event — 顯示關鍵MPPE事件。
-
debug ppp mppe detailed — 顯示詳細的MPPE資訊。
-
debug vpdn l2x-packets — 顯示有關L2F協定標頭和狀態的消息。
-
debug vpdn events — 顯示有關屬於正常隧道建立或關閉一部分的事件的消息。
-
debug vpdn errors — 顯示阻止建立通道的錯誤或導致關閉已建立通道的錯誤。
-
debug vpdn packets — 顯示交換的每個協定資料包。此選項可能導致大量調試消息,通常只能在具有單個活動會話的調試機箱上使用。
分割通道
假設網關路由器是ISP路由器。當PC上出現PPTP隧道時,PPTP路由的度量高於以前的預設值,因此會丟失Internet連線。要解決此問題,請修改Microsoft路由以刪除預設路由並重新安裝預設路由(這需要知道已分配PPTP客戶端的IP地址;當前範例為172.16.10.1):
route delete 0.0.0.0 route add 0.0.0.0 mask 0.0.0.0 192.168.1.47 metric 1 route add 172.16.10.1 mask 255.255.255.0 192.168.1.47 metric 1
如果客戶端未配置加密
在用於PPTP會話的撥號連線的Security頁籤下,可以定義使用者身份驗證引數。例如,可以是PAP、CHAP、MS-CHAP或Windows域登入。如果您在VPN連線的屬性部分中選擇了No Encryption Allowed(如果伺服器要求加密,則斷開連線)選項,則可能會在客戶端上看到PPTP錯誤消息:
Registering your computer on the network.. Error 734: The PPP link control protocol was terminated. Debugs on the router: *Mar 8 22:38:52.496: Vi1 AAA/AUTHOR/FSM: Check for unauthorized mandatory AV's *Mar 8 22:38:52.496: Vi1 AAA/AUTHOR/FSM: Processing AV service=ppp *Mar 8 22:38:52.496: Vi1 AAA/AUTHOR/FSM: Processing AV protocol=ccp *Mar 8 22:38:52.496: Vi1 AAA/AUTHOR/FSM: Succeeded *Mar 8 22:38:52.500: Vi1 CCP: O CONFACK [ACKrcvd] id 7 len 10 *Mar 8 22:38:52.500: Vi1 CCP: MS-PPC supported bits 0x01000020 (0x120601000020) *Mar 8 22:38:52.500: Vi1 CCP: State is Open *Mar 8 22:38:52.500: Vi1 MPPE: RADIUS keying material missing *Mar 8 22:38:52.500: Vi1 CCP: O TERMREQ [Open] id 5 len 4 *Mar 8 22:38:52.524: Vi1 IPCP: I CONFREQ [ACKrcvd] id 8 len 10 *Mar 8 22:38:52.524: Vi1 IPCP: Address 0.0.0.0 (0x030600000000) *Mar 8 22:38:52.524: Vi1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 172.16.10.1 *Mar 8 22:38:52.524: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp *Mar 8 22:38:52.524: Vi1 AAA/AUTHOR/IPCP: Processing AV protocol=ip *Mar 8 22:38:52.524: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded *Mar 8 22:38:52.524: Vi1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 172.16.10.1 *Mar 8 22:38:52.524: Vi1 IPCP: O CONFNAK [ACKrcvd] id 8 len 10 *Mar 8 22:38:52.524: Vi1 IPCP: Address 172.16.10.1 (0x0306AC100A01) *Mar 8 22:38:52.640: Vi1 CCP: I TERMACK [TERMsent] id 5 len 4 *Mar 8 22:38:52.640: Vi1 CCP: State is Closed *Mar 8 22:38:52.640: Vi1 MPPE: Required encryption not negotiated *Mar 8 22:38:52.640: Vi1 IPCP: State is Closed *Mar 8 22:38:52.640: Vi1 PPP: Phase is TERMINATING [0 sess, 0 load] *Mar 8 22:38:52.640: Vi1 LCP: O TERMREQ [Open] id 13 len 4 *Mar 8 22:38:52.660: Vi1 IPCP: LCP not open, discarding packet *Mar 8 22:38:52.776: Vi1 LCP: I TERMACK [TERMsent] id 13 len 4 *Mar 8 22:38:52.776: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially *Mar 8 22:38:52.780: Vi1 LCP: State is Closed *Mar 8 22:38:52.780: Vi1 PPP: Phase is DOWN [0 sess, 0 load] *Mar 8 22:38:52.780: Vi1 VPDN: Cleanup *Mar 8 22:38:52.780: Vi1 VPDN: Reset *Mar 8 22:38:52.780: Vi1 Tnl/Cl 33/33 PPTP: close -> state change estabd to terminal *Mar 8 22:38:52.780: Vi1 Tnl/Cl 33/33 PPTP: Destroying session, trace follows: *Mar 8 22:38:52.780: -Traceback= 60C4A150 60C4AE48 60C49F68 60C4B5AC 60C30450 60C18B10 60C19238 60602CC4 605FC380 605FB730 605FD614 605F72A8 6040DE0C 6040DDF8 *Mar 8 22:38:52.784: Vi1 Tnl/Cl 33/33 PPTP: Releasing idb for tunnel 33 session 33 *Mar 8 22:38:52.784: Vi1 VPDN: Reset *Mar 8 22:38:52.784: Tnl 33 PPTP: no-sess -> state change estabd to wt-stprp *Mar 8 22:38:52.784: Vi1 VPDN: Unbind interface *Mar 8 22:38:52.784: Vi1 VPDN: Unbind interface *Mar 8 22:38:52.784: Vi1 VPDN: Reset *Mar 8 22:38:52.784: Vi1 VPDN: Unbind interface
如果客戶端已配置為加密,而路由器沒有
在PC上可以看到以下消息:
Registering your computer on the network.. Errror 742: The remote computer doesnot support the required data encryption type. On the Router: *Mar 9 01:06:00.868: Vi2 CCP: I CONFREQ [Not negotiated] id 5 len 10 *Mar 9 01:06:00.868: Vi2 CCP: MS-PPC supported bits 0x010000B1 (0x1206010000B1) *Mar 9 01:06:00.868: Vi2 LCP: O PROTREJ [Open] id 18 len 16 protocol CCP (0x80FD0105000A1206010000B1) *Mar 9 01:06:00.876: Vi2 IPCP: I CONFREQ [REQsent] id 6 len 34 *Mar 9 01:06:00.876: Vi2 IPCP: Address 0.0.0.0 (0x030600000000) *Mar 9 01:06:00.876: Vi2 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Mar 9 01:06:00.876: Vi2 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Mar 9 01:06:00.876: Vi2 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Mar 9 01:06:00.876: Vi2 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Mar 9 01:06:00.880: Vi2 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 *Mar 9 01:06:00.880: Vi2 AAA/AUTHOR/IPCP: Processing AV service=ppp *Mar 9 01:06:00.880: Vi2 AAA/AUTHOR/IPCP: Processing AV mschap_mppe_keys*1p1T11=1v1O1~11a1W11151\1V1M1#1 1Z1`1k1}111 *Mar 9 01:06:00.880: Vi2 AAA/AUTHOR/IPCP: Authorization succeeded *Mar 9 01:06:00.880: Vi2 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0 *Mar 9 01:06:00.880: Vi2 IPCP: Pool returned 172.16.10.1 *Mar 9 01:06:00.880: Vi2 IPCP: O CONFREJ [REQsent] id 6 len 28 *Mar 9 01:06:00.880: Vi2 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Mar 9 01:06:00.880: Vi2 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Mar 9 01:06:00.880: Vi2 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Mar 9 01:06:00.880: Vi2 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Mar 9 01:06:00.884: Vi2 IPCP: I CONFACK [REQsent] id 8 len 10 *Mar 9 01:06:00.884: Vi2 IPCP: Address 172.16.10.100 (0x0306AC100A64) *Mar 9 01:06:01.024: Vi2 LCP: I TERMREQ [Open] id 7 len 16 (0x79127FBE003CCD74000002E6) *Mar 9 01:06:01.024: Vi2 LCP: O TERMACK [Open] id 7 len 4 *Mar 9 01:06:01.152: Vi2 Tnl/Cl 38/38 PPTP: ClearReq -> state change estabd to terminal *Mar 9 01:06:01.152: Vi2 Tnl/Cl 38/38 PPTP: Destroying session, trace follows: *Mar 9 01:06:01.152: -Traceback= 60C4A150 60C4AE48 60C49F68 60C4B2CC 60C4B558 60C485E0 60C486E0 60C48AB8 6040DE0C 6040DDF8 *Mar 9 01:06:01.156: Vi2 Tnl/Cl 38/38 PPTP: Releasing idb for tunnel 38 session 38 *Mar 9 01:06:01.156: Vi2 VPDN: Reset *Mar 9 01:06:01.156: Tnl 38 PPTP: no-sess -> state change estabd to wt-stprp *Mar 9 01:06:01.160: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down *Mar 9 01:06:01.160: Vi2 LCP: State is Closed *Mar 9 01:06:01.160: Vi2 IPCP: State is Closed *Mar 9 01:06:01.160: Vi2 PPP: Phase is DOWN [0 sess, 0 load] *Mar 9 01:06:01.160: Vi2 VPDN: Cleanup *Mar 9 01:06:01.160: Vi2 VPDN: Reset *Mar 9 01:06:01.160: Vi2 VPDN: Unbind interface *Mar 9 01:06:01.160: Vi2 VPDN: Unbind interface *Mar 9 01:06:01.160: Vi2 VPDN: Reset *Mar 9 01:06:01.160: Vi2 VPDN: Unbind interface *Mar 9 01:06:01.160: AAA/MEMORY: free_user (0x6273D528) user='tac' ruser='' port='Virtual-Access2' rem_addr='' authen_type=MSCHAP service=PPP priv=1 *Mar 9 01:06:01.324: Tnl 38 PPTP: StopCCRQ -> state change wt-stprp to wt-stprp *Mar 9 01:06:01.324: Tnl 38 PPTP: Destroy tunnel *Mar 9 01:06:02.160: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
當PC配置為加密時禁用MS-CHAP
在PC上可以看到以下消息:
The current encryption selection requires EAP or some version of MS-CHAP logon security methods.
如果使用者指定的使用者名稱或密碼不正確,我們可以看到以下輸出。
在PC上:
Verifying Username and Password.. Error 691: Access was denied because the username and/or password was invalid on the domain.
在路由器上:
*Mar 9 01:13:43.192: RADIUS: Received from id 139 10.200.20.245:1645, Access-Reject, len 42 *Mar 9 01:13:43.192: Attribute 26 22 0000013702101545 *Mar 9 01:13:43.192: AAA/AUTHEN (608505327): status = FAIL *Mar 9 01:13:43.192: Vi2 CHAP: Unable to validate Response. Username tac: Authentication failure *Mar 9 01:13:43.192: Vi2 MS-CHAP: O FAILURE id 21 len 13 msg is "E=691 R=0" *Mar 9 01:13:43.192: Vi2 PPP: Phase is TERMINATING [0 sess, 0 load] *Mar 9 01:13:43.192: Vi2 LCP: O TERMREQ [Open] id 20 len 4 *Mar 9 01:13:43.196: AAA/MEMORY: free_user (0x62740E7C) user='tac' ruser='' port='Virtual-Access2' rem_addr='' authen_type=MSCHAP service=PPP priv=1
當Radius伺服器無法通訊時
在路由器上可以看到以下輸出:
*Mar 9 01:18:32.944: RADIUS: Retransmit id 141 *Mar 9 01:18:42.944: RADIUS: Tried all servers. *Mar 9 01:18:42.944: RADIUS: No valid server found. Trying any viable server *Mar 9 01:18:42.944: RADIUS: Tried all servers. *Mar 9 01:18:42.944: RADIUS: No response for id 141 *Mar 9 01:18:42.944: Radius: No response from server *Mar 9 01:18:42.944: AAA/AUTHEN (374484072): status = ERROR
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
06-Sep-2004 |
初始版本 |
意見