Cisco路由器上配置3A認證的故障除錯
AAA故障與除錯
在路由器的AAA配置中,是否認證,認證、授權及記賬情況如何,在配置階段少不了除錯,在出現故障時,藉助除錯資訊能很好地定位故障點。
1.Debug AAA Authentication命令
使用Debug AAA Authentication命令來除錯一個EXEC登入過程,採用的Rongxin的認證方法列表,使用TACACS+認證協議,系統通過傳送GETUSER和GETPASS來提示輸入使用者名稱和密碼,最優通過認證(PASS)的過程。
Router# debug aaa authentication
AAA Authentication debugging is on
Router#
*Mar 1 01:34:40.819: AAA/BIND(00000015): Bind i/f
*Mar 1 01:34:40.827: AAA/AUTHEN/LOGIN (00000015): Pick method list 'rongxin'
*Mar 1 01:34:52.903: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar 1 01:34:52.903: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar 1 01:34:52.907: AAA/MEMORY: create_user (0x64DE58AC) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 1 01:34:52.911: AAA/AUTHEN/START (1579679647): port='tty130' list='rongxin' action=LOGIN service=ENABLE
*Mar 1 01:34:52.915: AAA/AUTHEN/START (1579679647): non-console enable - default to enable password
*Mar 1 01:34:52.919: AAA/AUTHEN/START (1579679647): Method=ENABLE
*Mar 1 01:34:52.919: AAA/AUTHEN(1579679647): Status=GETPASS
*Mar 1 01:34:54.627: AAA/AUTHEN/CONT (1579679647): continue_login (user='(undef)')
*Mar 1 01:34:54.631: AAA/AUTHEN(1579679647): Status=GETPASS
*Mar 1 01:34:54.631: AAA/AUTHEN/CONT (1579679647): Method=ENABLE
*Mar 1 01:34:54.703: AAA/AUTHEN(1579679647): Status=PASS
*Mar 1 01:34:54.703: AAA/MEMORY: free_user (0x64DE58AC) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
2.Debug AAA Authorization命令
使用Debug AAA Authentication命令來除錯認證資訊,使用者名稱為“user1”屬性值被授權,最後埠授權通過。
Router# debug aaa authentication r
AAA Authorization debugging is on
Router#
*Mar 1 01:35:18.427: AAA/BIND(00000016): Bind i/f
*Mar 1 01:35:25.463: AAA/AUTHOR (0x16): Pick method list 'rongxin'
*Mar 1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): processing AV cmd=
*Mar 1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): Authorization successful
*Mar 1 01:35:30.567: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar 1 01:35:30.571: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar 1 01:35:30.575: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 1 01:35:32.279: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
3.Debug AAA Accounting命令
使用Debug AAA Accounting命令來除錯記賬資訊,通過CALL START和CALL STOP 來按時計費,使用Debug Tacacs 和Debug RADIUS可得到基於協議級別的更多資訊,也可以使用Show accounting來檢視記賬的記錄。
Router# debug aaa accounting
AAA Accounting debugging is on
Router#
*Mar 1 01:36:18.267: AAA/ACCT/EVENT/(00000017): CALL START
*Mar 1 01:36:18.267: Getting session id for NET(00000017) : db=64E2D51C
*Mar 1 01:36:18.271: AAA/ACCT(00000000): add node, session 20
*Mar 1 01:36:18.271: AAA/ACCT/NET(00000017): add, count 1
*Mar 1 01:36:18.275: Getting session id for NONE(00000017) : db=64E2D51C
*Mar 1 01:36:24.903: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
*Mar 1 01:36:24.907: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
*Mar 1 01:36:24.911: Getting session id for EXEC(00000017) : db=64E2D51C
*Mar 1 01:36:24.911: AAA/ACCT(00000017): add common node to avl failed
*Mar 1 01:36:24.915: AAA/ACCT/EXEC(00000017): add, count 2
*Mar 1 01:36:24.919: AAA/ACCT/EVENT/(00000017): EXEC UP
*Mar 1 01:36:24.919: AAA/ACCT/EXEC(00000017): Queueing record is START
*Mar 1 01:36:24.931: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
*Mar 1 01:36:25.299: AAA/ACCT/EXEC(00000017): START protocol reply PASS
*Mar 1 01:36:25.299: AAA/ACCT(00000017): Send START accounting notification to EM successfully
*Mar 1 01:36:31.363: AAA: parse name=tty130 idb type=-1 tty=-1
*Mar 1 01:36:31.363: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
*Mar 1 01:36:31.367: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
*Mar 1 01:36:34.211: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130'
rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
*Mar 1 01:36:44.431: unknown AAA/DISC: 1/"User Request"
*Mar 1 01:36:44.431: unknown AAA/DISC/EXT: 1020/"User Request"
*Mar 1 01:36:44.435: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'
*Mar 1 01:36:44.435: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin
*Mar 1 01:36:44.451: AAA/ACCT/EVENT/(00000017): CALL STOP
*Mar 1 01:36:44.451: AAA/ACCT/CALL STOP(00000017): Sending stop requests
*Mar 1 01:36:44.451: AAA/ACCT(00000017): Send all stops
*Mar 1 01:36:44.455: AAA/ACCT/EXEC(00000017): STOP
*Mar 1 01:36:44.459: AAA/ACCT/EXEC(00000017): Queueing record is STOP osr 1
*Mar 1 01:36:44.459: AAA/ACCT/NET(00000017): STOP
*Mar 1 01:36:44.463: AAA/ACCT/NET(00000017): Method list not found
*Mar 1 01:36:44.463: AAA/ACCT/NET(00000017): free_rec, count 1
*Mar 1 01:36:44.467: AAA/ACCT/NET(00000017) reccnt 1, csr TRUE, osr 1
*Mar 1 01:36:44.471: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)
*Mar 1 01:36:44.859: AAA/ACCT/EXEC(00000017): STOP protocol reply PASS
*Mar 1 01:36:44.863: AAA/ACCT(00000017): Send STOP accounting notification to EM successfully
*Mar 1 01:36:44.867: AAA/ACCT/EXEC(00000017): Cleaning up from Callback osr 0
*Mar 1 01:36:44.867: AAA/ACCT(00000017): del node, session 20
*Mar 1 01:36:44.871: AAA/ACCT/EXEC(00000017): free_rec, count 0
*Mar 1 01:36:44.871: AAA/ACCT/EXEC(00000017) reccnt 0, csr TRUE, osr 0
*Mar 1 01:36:44.875: AAA/ACCT/EXEC(00000017): Last rec in db, intf not enqueued
相關文章
- cisco路由器上配置TCP攔截路由器TCP
- 在CISCO路由器上配置NAT功能路由器
- Cisco路由器的安全配置簡易例項(上)路由器
- Cisco路由器VPN配置路由器
- Cisco高檔路由器故障排除(轉)路由器
- Cisco路由器配置的常識路由器
- Cisco路由器基本配置命令路由器
- Cisco路由器故障診斷技術(轉)路由器
- Cisco路由器埠故障的解決辦法(轉)路由器
- CISCO 2811 路由器配置命令全集路由器
- Cisco的路由器上進行埠對映路由器
- Cisco 路由器暫存器配置[轉貼]路由器
- Cisco路由器的安全配置簡易例項(中)路由器
- Cisco路由器的安全配置簡易例項(三)路由器
- Cisco認證網路工程師(CCNP)工程師
- Cisco ASA Software遠端認證繞過漏洞
- Cisco接入點Web介面認證繞過漏洞Web
- wolf最近cisco認證視訊教程經典
- 路由器引數錯誤造成的故障路由器
- 在Azure上通過Powershell建立多Interface的Cisco CSR路由器路由器
- 用Json Template在Azure上建立Cisco CSR路由器JSON路由器
- Cisco認證網路專家語音(CCNP語音)
- 網路身份認證——Kerberos配置及認證ROS
- CISCO 9124光纖交換機除錯經歷除錯
- cisco裝置遠端telnet登入radius認證
- 用python管理Cisco路由器Python路由器
- redis配置認證密碼Redis密碼
- Freeradius證書認證模式配置模式
- Ceph配置與認證授權
- 故障分析 | 從一則錯誤日誌到 MySQL 認證機制與 bug 的深入分析MySql
- Cisco VPN套件中過期的SSL證書將破壞網路配置套件
- 在windows上配置vs code編譯除錯c/c++Windows編譯除錯C++
- ssh配置除錯的必殺技除錯
- 酒店如何實現上網認證的呢
- CISCO路由器初始化必備安全命令。路由器
- Cisco路由器限速詳細設定語句路由器
- Cisco路由器與交換機口令回覆步驟路由器
- squid 配置詳解+認證(轉)UI