本文檔提供了使用AAA伺服器管理網路接入伺服器(NAS)中的IP池的配置示例。
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
本文件沒有特定先決條件。
本檔案中的資訊是根據以下軟體和硬體版本而定。
Cisco IOS®軟體版本12.0.7.T
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您在即時網路中工作,請確保在使用任何命令之前瞭解其潛在影響。
在IP控制協定(IPCP)地址協商期間,如果為使用者指定了IP池名稱,NAS將檢查命名池是否已在本地定義。如果是,則不需要特殊操作,並且會為IP地址查詢本地池。如果所需的池不存在,則使用特殊使用者名稱「pools-nas-name」進行獲取池的授權呼叫,其中「nas-name」是NAS的配置主機名。作為響應,AAA伺服器下載所需池的配置。可以使用命令的aaa configuration config-username 名稱配置其他池使用者名稱。
此命令的作用是將用於下載池定義的使用者名稱從預設名稱「pools-NAS-name」更改為「name-of-your-choosing」。
下載到Cisco NAS的池不會保留在非易失性記憶體中,並且在訪問伺服器或路由器重新啟動時自動消失。還可以透過增加合適的AV對使下載池自動超時。下載的池在show ip local pools命令輸出中標籤為動態。
aaa new-model aaa authentication login default group radius aaa authentication ppp default if-needed group radius aaa authorization network default group radius aaa configuration config-username nas1-pools radius-server host 172.18.124.114 auth-port 1645 acct-port 1646 radius-server key cisco
./ViewProfile -p 9900 -u nas1-pools User Profile Information user = nas1-pools profile_id=63 profile_cycle = 7 member = nas_profiles password = pap "********" radius=Cisco { reply_attributes= { 6=5 9,1="ip:pool-def#1= pool1 172.22.83.2 172.22.83.253" } } }
此範例顯示在CiscoSecure UNIX (CSU)伺服器中建立的使用者「nas1-pools」。此專案指定出站使用者{6=5}的使用者服務型別。此屬性由NAS提供,以防止普通登入使用nas1-pools/cisco的公認使用者名稱和密碼組合。
./ViewProfile -p 9900 -u pool_test user = pool_test{ profile_id = 46 profile_cycle = 14 member = dial_rad password = pap "********" radius=Cisco { reply_attributes= { 7=1 6=2 9,1="ip:addr-pool=pool1" } } }
使用者「pool_test」撥入,並從AAA伺服器中的pool1分配IP地址。
as5300#show debug General OS: AAA Authentication debugging is on AAA Authorization debugging is on PPP: PPP protocol negotiation debugging is on Radius protocol debugging is on as5300#term mon as5300# 00:26:01: %LINK-3-UPDOWN: Interface Async5, changed state to up 00:26:01: As5 PPP: Treating connection as a dedicated line 00:26:01: As5 PPP: Phase is ESTABLISHING, Active Open 00:26:01: As5 AAA/AUTHOR/FSM: (0): LCP succeeds trivially 00:26:01: As5 LCP: O CONFREQ [Closed] id 1 len 24 00:26:01: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:01: As5 LCP: AuthProto PAP (0x0304C023) 00:26:01: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:01: As5 LCP: PFC (0x0702) 00:26:01: As5 LCP: ACFC (0x0802) 00:26:01: As5 LCP: I CONFACK [REQsent] id 1 len 24 00:26:01: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:01: As5 LCP: AuthProto PAP (0x0304C023) 00:26:01: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:01: As5 LCP: PFC (0x0702) 00:26:01: As5 LCP: ACFC (0x0802) 00:26:02: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23 00:26:02: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:02: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:02: As5 LCP: PFC (0x0702) 00:26:02: As5 LCP: ACFC (0x0802) 00:26:02: As5 LCP: Callback 6 (0x0D0306) 00:26:02: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7 00:26:02: As5 LCP: Callback 6 (0x0D0306) 00:26:03: As5 LCP: TIMEout: State ACKrcvd 00:26:03: As5 LCP: O CONFREQ [ACKrcvd] id 2 len 24 00:26:03: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:03: As5 LCP: AuthProto PAP (0x0304C023) 00:26:03: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:03: As5 LCP: PFC (0x0702) 00:26:03: As5 LCP: ACFC (0x0802) 00:26:03: As5 LCP: I CONFACK [REQsent] id 2 len 24 00:26:03: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:03: As5 LCP: AuthProto PAP (0x0304C023) 00:26:03: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:03: As5 LCP: PFC (0x0702) 00:26:03: As5 LCP: ACFC (0x0802) 00:26:05: As5 LCP: TIMEout: State ACKrcvd 00:26:05: As5 LCP: O CONFREQ [ACKrcvd] id 3 len 24 00:26:05: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:05: As5 LCP: AuthProto PAP (0x0304C023) 00:26:05: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:05: As5 LCP: PFC (0x0702) 00:26:05: As5 LCP: ACFC (0x0802) 00:26:05: As5 LCP: I CONFACK [REQsent] id 3 len 24 00:26:05: As5 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:26:05: As5 LCP: AuthProto PAP (0x0304C023) 00:26:05: As5 LCP: MagicNumber 0xD0D1EC92 (0x0506D0D1EC92) 00:26:05: As5 LCP: PFC (0x0702) 00:26:05: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 0 len 23 00:26:06: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:06: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:06: As5 LCP: PFC (0x0702) 00:26:06: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: Callback 6 (0x0D0306) 00:26:06: As5 LCP: O CONFREJ [ACKrcvd] id 0 len 7 00:26:06: As5 LCP: Callback 6 (0x0D0306) 00:26:06: As5 LCP: I CONFREQ [ACKrcvd] id 1 len 20 00:26:06: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:06: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:06: As5 LCP: PFC (0x0702) 00:26:06: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: O CONFACK [ACKrcvd] id 1 len 20 00:26:06: As5 LCP: ACCM 0x00000000 (0x020600000000) 00:26:06: As5 LCP: MagicNumber 0x00002BF7 (0x050600002BF7) 00:26:06: As5 LCP: PFC (0x0702) 00:26:06: As5 LCP: ACFC (0x0802) 00:26:06: As5 LCP: State is Open 00:26:06: As5 PPP: Phase is AUTHENTICATING, by this end 00:26:06: As5 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00002BF7 MSRASV4.00 00:26:06: As5 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00002BF7 MSRAS-1-ZEKIE 00:26:06: As5 PAP: I AUTH-REQ id 31 len 24 from "pool_test" 00:26:06: As5 PAP: Authenticating peer pool_test 00:26:06: AAA: parse name=Async5 idb type=10 tty=5 00:26:06: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0 00:26:06: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:26:06: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:26:06: AAA/MEMORY: create_user (0x618FFBB0) user='pool_test' ruser='' port='Async5' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1 00:26:06: AAA/AUTHEN/START (2962877775): port='Async5' list='' action=LOGIN service=PPP 00:26:06: AAA/AUTHEN/START (2962877775): using "default" list 00:26:06: AAA/AUTHEN (2962877775): status = UNKNOWN 00:26:06: AAA/AUTHEN/START (2962877775): Method=radius (radius) 00:26:06: RADIUS: ustruct sharecount=1 00:26:06: RADIUS: Initial Transmit Async5 id 10 172.18.124.114:1645, Access-Request, len 103 00:26:06: Attribute 4 6 01010101 00:26:06: Attribute 5 6 00000005 00:26:06: Attribute 61 6 00000000 00:26:06: Attribute 1 11 706F6F6C 00:26:06: Attribute 30 12 39313934 00:26:06: Attribute 31 12 39313934 00:26:06: Attribute 2 18 FC2DE489 00:26:06: Attribute 6 6 00000002 00:26:06: Attribute 7 6 00000001 00:26:06: RADIUS: Received from id 10 172.18.124.114:1645, Access-Accept, len 58 00:26:06: Attribute 7 6 00000001 00:26:06: Attribute 6 6 00000002 00:26:06: Attribute 26 26 0000000901146970 00:26:06: RADIUS: saved authorization data for user 618FFBB0 at 618FEAE4 00:26:06: AAA/AUTHEN (2962877775): status = PASS 00:26:06: As5 AAA/AUTHOR/LCP: Authorize LCP 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Port='Async5' list='' service=NET 00:26:06: AAA/AUTHOR/LCP: As5 (3264835197) user='pool_test' 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV service=ppp 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): send AV protocol=lcp 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): found list "default" 00:26:06: As5 AAA/AUTHOR/LCP (3264835197): Method=radius (radius) 00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" not applied for lcp 00:26:06: As5 AAA/AUTHOR (3264835197): Post authorization status = PASS_REPL 00:26:06: As5 AAA/AUTHOR/LCP: Processing AV service=ppp 00:26:06: As5 PAP: O AUTH-ACK id 31 len 5 00:26:06: As5 PPP: Phase is UP 00:26:06: As5 AAA/AUTHOR/FSM: (0): Can we start IPCP? 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Port='Async5' list='' service=NET 00:26:06: AAA/AUTHOR/FSM: As5 (2404696831) user='pool_test' 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV service=ppp 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): send AV protocol=ip 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): found list "default" 00:26:06: As5 AAA/AUTHOR/FSM (2404696831): Method=radius (radius) 00:26:06: RADIUS: cisco AVPair "ip:addr-pool=pool1" 00:26:06: As5 AAA/AUTHOR (2404696831): Post authorization status = PASS_REPL 00:26:06: As5 AAA/AUTHOR/FSM: We can start IPCP 00:26:06: As5 IPCP: O CONFREQ [Closed] id 1 len 10 00:26:06: As5 IPCP: Address 14.36.1.53 (0x03060E240135) 00:26:07: As5 CCP: I CONFREQ [Not negotiated] id 4 len 10 00:26:07: As5 CCP: MS-PPC supported bits 0x00000001 (0x120600000001) 00:26:07: As5 LCP: O PROTREJ [Open] id 4 len 16 protocol CCP (0x80FD0104000A120600000001) 00:26:07: As5 IPCP: I CONFREQ [REQsent] id 5 len 40 00:26:07: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:26:07: As5 IPCP: Address 0.0.0.0 (0x030600000000) 00:26:07: As5 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:26:07: As5 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:26:07: As5 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:26:07: As5 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:26:07: As5 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 00:26:07: As5 AAA/AUTHOR/IPCP: Says use pool pool1 00:26:07: AAA: parse name=Async5 idb type=10 tty=5 00:26:07: AAA: name=Async5 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=5 channel=0 00:26:07: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:26:07: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:26:07: AAA/MEMORY: create_user (0x618FFCD8) user='nas1-pools' ruser='' port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Port='Async5' list='' service=NET 00:26:07: AAA/AUTHOR/POOL: As5 (3562270977) user='nas1-pools' 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV service=ppp 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): send AV protocol=ip 00:26:07: Async5 AAA/AUTHOR/POOL (3562270977): found list "default" 00:26:07: As5 AAA/AUTHOR/POOL (3562270977): Method=radius (radius) 00:26:07: RADIUS: authenticating to get author data 00:26:07: RADIUS: ustruct sharecount=2 00:26:07: RADIUS: Initial Transmit Async5 id 11 172.18.124.114:1645, Access-Request, len 98 00:26:07: Attribute 4 6 01010101 00:26:07: Attribute 5 6 00000005 00:26:07: Attribute 61 6 00000000 00:26:07: Attribute 1 12 6E617331 00:26:07: Attribute 30 12 39313934 00:26:07: Attribute 31 12 39313934 00:26:07: Attribute 2 18 E6DF8390 00:26:07: Attribute 6 6 00000005 00:26:07: RADIUS: Received from id 11 172.18.124.114:1645, Access-Accept, len 69 00:26:07: Attribute 6 6 00000005 00:26:07: Attribute 26 43 0000000901256970 00:26:07: RADIUS: saved authorization data for user 618FFCD8 at 61450E5C 00:26:07: RADIUS: cisco AVPair "ip:pool-def#1=pool1 1.2.3.4 1.2.3.5" 00:26:07: AAA/AUTHOR (3562270977): Post authorization status = PASS_REPL 00:26:07: As5 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5 00:26:07: AAA/MEMORY: free_user (0x618FFCD8) user='nas1-pools' ruser='' port='Async5' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:26:07: As5 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded 00:26:07: As5 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:26:07: As5 IPCP: O CONFREJ [REQsent] id 5 len 34 00:26:07: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:26:07: As5 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:26:07: As5 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:26:07: As5 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:26:07: As5 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:26:07: As5 IPCP: I CONFACK [REQsent] id 1 len 10 00:26:07: As5 IPCP: Address 14.36.1.53 (0x03060E240135) 00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 6 len 10 00:26:07: As5 IPCP: Address 0.0.0.0 (0x030600000000) 00:26:07: As5 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded 00:26:07: As5 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:26:07: As5 IPCP: O CONFNAK [ACKrcvd] id 6 len 10 00:26:07: As5 IPCP: Address 1.2.3.4 (0x030601020304) 00:26:07: As5 IPCP: I CONFREQ [ACKrcvd] id 7 len 10 00:26:07: As5 IPCP: Address 1.2.3.4 (0x030601020304) 00:26:07: As5 AAA/AUTHOR/IPCP: Start. Her address 1.2.3.4, we want 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:26:07: As5 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:26:07: As5 AAA/AUTHOR/IPCP: Authorization succeeded 00:26:07: As5 AAA/AUTHOR/IPCP: Done. Her address 1.2.3.4, we want 1.2.3.4 00:26:07: As5 IPCP: O CONFACK [ACKrcvd] id 7 len 10 00:26:07: As5 IPCP: Address 1.2.3.4 (0x030601020304) 00:26:07: As5 IPCP: State is Open 00:26:07: As5 IPCP: Install route to 1.2.3.4 00:26:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, changed state to up as5300#show caller ip Line User IP Address Local Number Remote Number <-> As5 pool_test 1.2.3.4 9194724101 9194722001 as5300#show ip local pool Pool Begin End Free In use pool1 1.2.3.4 1.2.3.5 1 1 (dynamic)
aaa new-model aaa authentication login default group tacacs+ aaa authentication ppp default if-needed group tacacs+ aaa authorization network default group tacacs+ aaa configuration config-username nas1-pools tacacs-server host 172.18.124.114 tacacs-server key cisco
./ViewProfile -p 9900 -u nas1-pools User Profile Information user = nas1-pools profile_id = 63 profile_cycle = 8 service=ppp { protocol=ip { set pool-def#1="pool1 1.2.3.4 1.2.3.5" } } }
./ViewProfile -p 9900 -u pool_test User Profile Information user = pool_test{ profile_id = 46 profile_cycle = 15 password = pap "********" service=ppp { protocol=lcp { } protocol=ip { set addr-pool=pool1 } } }
Script started on Mon Dec 10 13:22:05 2001 ddunlap@rtp-cse-353% telnet 172.18.124.114 Trying 172.18.124.114... Connected to 172.18.124.114. Escape character is '^]'. UNIX(r) System V Release 4.0 (rtp-evergreen) login: root Password: Last login: Mon Dec 10 10:09:01 from rtp-cse-353.cisc Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996 Sun Microsystems Inc. SunOS 5.5.1 Generic May 1996 # telnet 14.36.1.53 Trying 14.36.1.53... Connected to 14.36.1.53. Escape character is '^]'. User Access Verification Username: testuser Password: as5300>en Password: as5300#show debug General OS: TACACS access control debugging is on AAA Authentication debugging is on AAA Authorization debugging is on PPP: PPP protocol negotiation debugging is on as5300#terminal monitor as5300# 00:06:29: As1 LCP: I CONFREQ [Closed] id 0 len 23 00:06:29: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:29: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:29: As1 LCP: PFC (0x0702) 00:06:29: As1 LCP: ACFC (0x0802) 00:06:29: As1 LCP: Callback 6 (0x0D0306) 00:06:29: As1 LCP: Lower layer not up, Fast Starting 00:06:29: As1 PPP: Treating connection as a dedicated line 00:06:29: As1 PPP: Phase is ESTABLISHING, Active Open 00:06:29: As1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially 00:06:29: As1 LCP: O CONFREQ [Closed] id 1 len 24 00:06:29: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:06:29: As1 LCP: AuthProto PAP (0x0304C023) 00:06:29: As1 LCP: MagicNumber 0xD0C0094C (0x0506D0C0094C) 00:06:29: As1 LCP: PFC (0x0702) 00:06:29: As1 LCP: ACFC (0x0802) 00:06:29: As1 LCP: O CONFREJ [REQsent] id 0 len 7 00:06:29: As1 LCP: Callback 6 (0x0D0306) 00:06:29: %LINK-3-UPDOWN: Interface Async1, changed state to up 00:06:31: As1 LCP: TIMEout: State REQsent 00:06:31: As1 LCP: O CONFREQ [REQsent] id 2 len 24 00:06:31: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:06:31: As1 LCP: AuthProto PAP (0x0304C023) 00:06:31: As1 LCP: MagicNumber 0xD0C0094C (0x0506D0C0094C) 00:06:31: As1 LCP: PFC (0x0702) 00:06:31: As1 LCP: ACFC (0x0802) 00:06:31: As1 LCP: I CONFACK [REQsent] id 2 len 24 00:06:31: As1 LCP: ACCM 0x000A0000 (0x0206000A0000) 00:06:31: As1 LCP: AuthProto PAP (0x0304C023) 00:06:31: As1 LCP: MagicNumber 0xD0C0094C (0x0506D0C0094C) 00:06:31: As1 LCP: PFC (0x0702) 00:06:31: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 0 len 23 00:06:32: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:32: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:32: As1 LCP: PFC (0x0702) 00:06:32: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: Callback 6 (0x0D0306) 00:06:32: As1 LCP: O CONFREJ [ACKrcvd] id 0 len 7 00:06:32: As1 LCP: Callback 6 (0x0D0306) 00:06:32: As1 LCP: I CONFREQ [ACKrcvd] id 1 len 20 00:06:32: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:32: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:32: As1 LCP: PFC (0x0702) 00:06:32: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: O CONFACK [ACKrcvd] id 1 len 20 00:06:32: As1 LCP: ACCM 0x00000000 (0x020600000000) 00:06:32: As1 LCP: MagicNumber 0x00006D9C (0x050600006D9C) 00:06:32: As1 LCP: PFC (0x0702) 00:06:32: As1 LCP: ACFC (0x0802) 00:06:32: As1 LCP: State is Open 00:06:32: As1 PPP: Phase is AUTHENTICATING, by this end 00:06:32: As1 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00006D9C MSRASV4.00 00:06:32: As1 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x00006D9C MSRAS-1-ZEKIE 00:06:32: As1 PAP: I AUTH-REQ id 24 len 24 from "pool_test" 00:06:32: As1 PAP: Authenticating peer pool_test 00:06:32: AAA: parse name=Async1 idb type=10 tty=1 00:06:32: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=1 channel=0 00:06:32: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:06:32: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:06:32: AAA/MEMORY: create_user (0x61B26890) user='pool_test' ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=PAP service=PPP priv=1 00:06:32: AAA/AUTHEN/START (4053426223): port='Async1' list='' action=LOGIN service=PPP 00:06:32: AAA/AUTHEN/START (4053426223): using "default" list 00:06:32: AAA/AUTHEN (4053426223): status = UNKNOWN 00:06:32: AAA/AUTHEN/START (4053426223): Method=tacacs+ (tacacs+) 00:06:32: TAC+: send AUTHEN/START packet ver=193 id=4053426223 00:06:32: TAC+: Using default tacacs server-group "tacacs+" list. 00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:32: TAC+: Opened TCP/IP handle 0x618FDF3C to 172.18.124.114/49 using source 14.36.1.53 00:06:32: TAC+: 172.18.124.114 (4053426223) AUTHEN/START/LOGIN/PAP queued 00:06:32: TAC+: (4053426223) AUTHEN/START/LOGIN/PAP processed 00:06:32: TAC+: ver=193 id=4053426223 received AUTHEN status = PASS 00:06:32: AAA/AUTHEN (4053426223): status = PASS 00:06:32: TAC+: Closing TCP/IP 0x618FDF3C connection to 172.18.124.114/49 00:06:32: As1 AAA/AUTHOR/LCP: Authorize LCP 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Port='Async1' list='' service=NET 00:06:32: AAA/AUTHOR/LCP: As1 (2507907283) user='pool_test' 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV service=ppp 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): send AV protocol=lcp 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): found list "default" 00:06:32: As1 AAA/AUTHOR/LCP (2507907283): Method=tacacs+ (tacacs+) 00:06:32: AAA/AUTHOR/TAC+: (2507907283): user=pool_test 00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV service=ppp 00:06:32: AAA/AUTHOR/TAC+: (2507907283): send AV protocol=lcp 00:06:32: TAC+: using previously set server 172.18.124.114 from group tacacs+ 00:06:32: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:32: TAC+: Opened TCP/IP handle 0x61B3B1A4 to 172.18.124.114/49 using source 14.36.1.53 00:06:32: TAC+: Opened 172.18.124.114 index=1 00:06:32: TAC+: 172.18.124.114 (2507907283) AUTHOR/START queued 00:06:33: TAC+: (2507907283) AUTHOR/START processed 00:06:33: TAC+: (2507907283): received author response status = PASS_ADD 00:06:33: TAC+: Closing TCP/IP 0x61B3B1A4 connection to 172.18.124.114/49 00:06:33: As1 AAA/AUTHOR (2507907283): Post authorization status = PASS_ADD 00:06:33: As1 PAP: O AUTH-ACK id 24 len 5 00:06:33: As1 PPP: Phase is UP 00:06:33: As1 AAA/AUTHOR/FSM: (0): Can we start IPCP? 00:06:33: As1 AAA/AUTHOR/FSM (924563050): Port='Async1' list='' service=NET 00:06:33: AAA/AUTHOR/FSM: As1 (924563050) user='pool_test' 00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV service=ppp 00:06:33: As1 AAA/AUTHOR/FSM (924563050): send AV protocol=ip 00:06:33: As1 AAA/AUTHOR/FSM (924563050): found list "default" 00:06:33: As1 AAA/AUTHOR/FSM (924563050): Method=tacacs+ (tacacs+) 00:06:33: AAA/AUTHOR/TAC+: (924563050): user=pool_test 00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV service=ppp 00:06:33: AAA/AUTHOR/TAC+: (924563050): send AV protocol=ip 00:06:33: TAC+: using previously set server 172.18.124.114 from group tacacs+ 00:06:33: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:33: TAC+: Opened TCP/IP handle 0x61B3B620 to 172.18.124.114/49 using source 14.36.1.53 00:06:33: TAC+: Opened 172.18.124.114 index=1 00:06:33: TAC+: 172.18.124.114 (924563050) AUTHOR/START queued 00:06:33: As1 CCP: I CONFREQ [Not negotiated] id 4 len 10 00:06:33: As1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001) 00:06:33: As1 LCP: O PROTREJ [Open] id 3 len 16 protocol CCP (0x80FD0104000A120600000001) 00:06:33: As1 IPCP: I CONFREQ [Closed] id 5 len 40 00:06:33: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:06:33: As1 IPCP: Address 0.0.0.0 (0x030600000000) 00:06:33: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:06:33: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:06:33: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:06:33: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:06:33: TAC+: (924563050) AUTHOR/START processed 00:06:33: TAC+: (924563050): received author response status = PASS_ADD 00:06:33: TAC+: Closing TCP/IP 0x61B3B620 connection to 172.18.124.114/49 00:06:33: As1 AAA/AUTHOR (924563050): Post authorization status = PASS_ADD 00:06:33: As1 AAA/AUTHOR/FSM: We can start IPCP 00:06:33: As1 IPCP: O CONFREQ [Closed] id 1 len 10 00:06:33: As1 IPCP: Address 14.36.1.53 (0x03060E240135) 00:06:33: As1 IPCP: I CONFACK [REQsent] id 1 len 10 00:06:33: As1 IPCP: Address 14.36.1.53 (0x03060E240135) 00:06:34: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1, changed state to up 00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 5 len 40 00:06:34: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:06:34: As1 IPCP: Address 0.0.0.0 (0x030600000000) 00:06:34: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:06:34: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:06:34: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:06:34: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:06:34: As1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 00:06:34: As1 AAA/AUTHOR/IPCP: Says use pool pool1 00:06:34: AAA: parse name=Async1 idb type=10 tty=1 00:06:34: AAA: name=Async1 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=1 channel=0 00:06:34: AAA: parse name=Serial0:18 idb type=12 tty=-1 00:06:34: AAA: name=Serial0:18 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=18 00:06:34: AAA/MEMORY: create_user (0x61451E1C) user='nas1-pools' ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Port='Async1' list='' service=NET 00:06:34: AAA/AUTHOR/POOL: As1 (2293413778) user='nas1-pools' 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV service=ppp 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): send AV protocol=ip 00:06:34: Async1 AAA/AUTHOR/POOL (2293413778): found list "default" 00:06:34: As1 AAA/AUTHOR/POOL (2293413778): Method=tacacs+ (tacacs+) 00:06:34: AAA/AUTHOR/TAC+: (2293413778): user=nas1-pools 00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV service=ppp 00:06:34: AAA/AUTHOR/TAC+: (2293413778): send AV protocol=ip 00:06:34: TAC+: Using default tacacs server-group "tacacs+" list. 00:06:34: TAC+: Opening TCP/IP to 172.18.124.114/49 timeout=10 00:06:34: TAC+: Opened TCP/IP handle 0x61B3BA9C to 172.18.124.114/49 using source 14.36.1.53 00:06:34: TAC+: 172.18.124.114 (2293413778) AUTHOR/START queued 00:06:34: TAC+: (2293413778) AUTHOR/START processed 00:06:34: TAC+: (2293413778): received author response status = PASS_ADD 00:06:34: TAC+: Closing TCP/IP 0x61B3BA9C connection to 172.18.124.114/49 00:06:34: AAA/AUTHOR (2293413778): Post authorization status = PASS_ADD 00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/CONFIG: Processing AV pool-def#1=pool1 1.2.3.4 1.2.3.5 00:06:34: AAA/MEMORY: free_user (0x61451E1C) user='nas1-pools' ruser='' port='Async1' rem_addr='9194722001/9194724101' authen_type=NONE service=NONE priv=1 00:06:34: As1 AAA/AUTHOR/IPCP: Pool returned 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded 00:06:34: As1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:06:34: As1 IPCP: O CONFREJ [ACKrcvd] id 5 len 34 00:06:34: As1 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01) 00:06:34: As1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) 00:06:34: As1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) 00:06:34: As1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) 00:06:34: As1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) 00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 6 len 10 00:06:34: As1 IPCP: Address 0.0.0.0 (0x030600000000) 00:06:34: As1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded 00:06:34: As1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 1.2.3.4 00:06:34: As1 IPCP: O CONFNAK [ACKrcvd] id 6 len 10 00:06:34: As1 IPCP: Address 1.2.3.4 (0x030601020304) 00:06:34: As1 IPCP: I CONFREQ [ACKrcvd] id 7 len 10 00:06:34: As1 IPCP: Address 1.2.3.4 (0x030601020304) 00:06:34: As1 AAA/AUTHOR/IPCP: Start. Her address 1.2.3.4, we want 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Request 1.2.3.4 from pool pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Pool grants 1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV service=ppp 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV protocol=ip 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr-pool=pool1 00:06:34: As1 AAA/AUTHOR/IPCP: Processing AV addr*1.2.3.4 00:06:34: As1 AAA/AUTHOR/IPCP: Authorization succeeded 00:06:34: As1 AAA/AUTHOR/IPCP: Done. Her address 1.2.3.4, we want 1.2.3.4 00:06:34: As1 IPCP: O CONFACK [ACKrcvd] id 7 len 10 00:06:34: As1 IPCP: Address 1.2.3.4 (0x030601020304) 00:06:34: As1 IPCP: State is Open 00:06:34: As1 IPCP: Install route to 1.2.3.4 as5300#show caller ip Line User IP Address Local Number Remote Number <-> As1 pool_test 1.2.3.4 9194724101 9194722001 as5300#show ip local pool Pool Begin End Free In use pool1 1.2.3.4 1.2.3.5 1 1 (dynamic)
修訂 | 發佈日期 | 意見 |
---|---|---|
1.0 |
10-Dec-2001 |
初始版本 |