Cisco路由器上配置3A認證的故障除錯

weixin_34377065發表於2010-11-18

AAA故障與除錯
在路由器的AAA配置中,是否認證,認證、授權及記賬情況如何,在配置階段少不了除錯,在出現故障時,藉助除錯資訊能很好地定位故障點。
1.Debug AAA Authentication命令
使用Debug AAA Authentication命令來除錯一個EXEC登入過程,採用的Rongxin的認證方法列表,使用TACACS+認證協議,系統通過傳送GETUSER和GETPASS來提示輸入使用者名稱和密碼,最優通過認證(PASS)的過程。

Router# debug aaa authentication
AAA Authentication debugging is on
Router#
*Mar  1 01:34:40.819: AAA/BIND(00000015): Bind i/f 
*Mar  1 01:34:40.827: AAA/AUTHEN/LOGIN (00000015): Pick method list 'rongxin'
*Mar  1 01:34:52.903: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar  1 01:34:52.903: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar  1 01:34:52.907: AAA/MEMORY: create_user (0x64DE58AC) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar  1 01:34:52.911: AAA/AUTHEN/START (1579679647): port='tty130' list='rongxin' action=LOGIN service=ENABLE
*Mar  1 01:34:52.915: AAA/AUTHEN/START (1579679647): non-console enable - default to enable password
*Mar  1 01:34:52.919: AAA/AUTHEN/START (1579679647): Method=ENABLE
*Mar  1 01:34:52.919: AAA/AUTHEN(1579679647): Status=GETPASS
*Mar  1 01:34:54.627: AAA/AUTHEN/CONT (1579679647): continue_login (user='(undef)')
*Mar  1 01:34:54.631: AAA/AUTHEN(1579679647): Status=GETPASS
*Mar  1 01:34:54.631: AAA/AUTHEN/CONT (1579679647): Method=ENABLE
*Mar  1 01:34:54.703: AAA/AUTHEN(1579679647): Status=PASS
*Mar  1 01:34:54.703: AAA/MEMORY: free_user (0x64DE58AC) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
2.Debug AAA Authorization命令
使用Debug AAA Authentication命令來除錯認證資訊,使用者名稱為“user1”屬性值被授權,最後埠授權通過。
Router# debug aaa authentication r
AAA Authorization debugging is on
Router#
*Mar  1 01:35:18.427: AAA/BIND(00000016): Bind i/f 
*Mar  1 01:35:25.463: AAA/AUTHOR (0x16): Pick method list 'rongxin'
*Mar  1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): processing AV cmd=
*Mar  1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): Authorization successful
*Mar  1 01:35:30.567: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar  1 01:35:30.571: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar  1 01:35:30.575: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar  1 01:35:32.279: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
3.Debug AAA Accounting命令
使用Debug AAA Accounting命令來除錯記賬資訊,通過CALL START和CALL STOP 來按時計費,使用Debug Tacacs 和Debug RADIUS可得到基於協議級別的更多資訊,也可以使用Show accounting來檢視記賬的記錄。
Router# debug aaa accounting
AAA Accounting debugging is on
Router#
*Mar  1 01:36:18.267: AAA/ACCT/EVENT/(00000017): CALL START
*Mar  1 01:36:18.267: Getting session id for NET(00000017) : db=64E2D51C
*Mar  1 01:36:18.271: AAA/ACCT(00000000): add node, session 20
*Mar  1 01:36:18.271: AAA/ACCT/NET(00000017): add, count 1
*Mar  1 01:36:18.275: Getting session id for NONE(00000017) : db=64E2D51C
*Mar  1 01:36:24.903: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
*Mar  1 01:36:24.907: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
*Mar  1 01:36:24.911: Getting session id for EXEC(00000017) : db=64E2D51C
*Mar  1 01:36:24.911: AAA/ACCT(00000017): add common node to avl failed
*Mar  1 01:36:24.915: AAA/ACCT/EXEC(00000017): add, count 2
*Mar  1 01:36:24.919: AAA/ACCT/EVENT/(00000017): EXEC UP
*Mar  1 01:36:24.919: AAA/ACCT/EXEC(00000017): Queueing record is START
*Mar  1 01:36:24.931: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
*Mar  1 01:36:25.299: AAA/ACCT/EXEC(00000017): START protocol reply PASS
*Mar  1 01:36:25.299: AAA/ACCT(00000017): Send START accounting notification to EM successfully
*Mar  1 01:36:31.363: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar  1 01:36:31.363: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar  1 01:36:31.367: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar  1 01:36:34.211: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
*Mar  1 01:36:44.431: unknown AAA/DISC: 1/"User Request"
*Mar  1 01:36:44.431: unknown AAA/DISC/EXT: 1020/"User Request"
*Mar  1 01:36:44.435: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
*Mar  1 01:36:44.435: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
*Mar  1 01:36:44.451: AAA/ACCT/EVENT/(00000017): CALL STOP
*Mar  1 01:36:44.451: AAA/ACCT/CALL STOP(00000017): Sending stop requests
*Mar  1 01:36:44.451: AAA/ACCT(00000017): Send all stops
*Mar  1 01:36:44.455: AAA/ACCT/EXEC(00000017): STOP
*Mar  1 01:36:44.459: AAA/ACCT/EXEC(00000017): Queueing record is STOP osr 1
*Mar  1 01:36:44.459: AAA/ACCT/NET(00000017): STOP
*Mar  1 01:36:44.463: AAA/ACCT/NET(00000017): Method list not found
*Mar  1 01:36:44.463: AAA/ACCT/NET(00000017): free_rec, count 1
*Mar  1 01:36:44.467: AAA/ACCT/NET(00000017) reccnt 1, csr TRUE, osr 1
*Mar  1 01:36:44.471: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
*Mar  1 01:36:44.859: AAA/ACCT/EXEC(00000017): STOP protocol reply PASS
*Mar  1 01:36:44.863: AAA/ACCT(00000017): Send STOP accounting notification to EM successfully
*Mar  1 01:36:44.867: AAA/ACCT/EXEC(00000017): Cleaning up from Callback osr 0
*Mar  1 01:36:44.867: AAA/ACCT(00000017): del node, session 20
*Mar  1 01:36:44.871: AAA/ACCT/EXEC(00000017): free_rec, count 0
*Mar  1 01:36:44.871: AAA/ACCT/EXEC(00000017) reccnt 0, csr TRUE, osr 0
*Mar  1 01:36:44.875: AAA/ACCT/EXEC(00000017): Last rec in db, intf not enqueued
 

相關文章