天天看点
返回

Cisco路由器上配置3A认证的故障调试

AAA故障与调试

在路由器的AAA配置中,是否认证,认证、授权及记账情况如何,在配置阶段少不了调试,在出现故障时,借助调试信息能很好地定位故障点。

1.Debug AAA Authentication命令

使用Debug AAA Authentication命令来调试一个EXEC登录过程,采用的Rongxin的认证方法列表,使用TACACS+认证协议,系统通过发送GETUSER和GETPASS来提示输入用户名和密码,最优通过认证(PASS)的过程。

Router# debug aaa authentication

AAA Authentication debugging is on

Router#

*Mar  1 01:34:40.819: AAA/BIND(00000015): Bind i/f  

*Mar  1 01:34:40.827: AAA/AUTHEN/LOGIN (00000015): Pick method list 'rongxin' 

*Mar  1 01:34:52.903: AAA: parse name=tty130 idb type=-1 tty=-1

*Mar  1 01:34:52.903: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0

*Mar  1 01:34:52.907: AAA/MEMORY: create_user (0x64DE58AC) user='user1' ruser='NULL' ds0=0 port='tty130' 

rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)

*Mar  1 01:34:52.911: AAA/AUTHEN/START (1579679647): port='tty130' list='rongxin' action=LOGIN service=ENABLE

*Mar  1 01:34:52.915: AAA/AUTHEN/START (1579679647): non-console enable - default to enable password

*Mar  1 01:34:52.919: AAA/AUTHEN/START (1579679647): Method=ENABLE

*Mar  1 01:34:52.919: AAA/AUTHEN(1579679647): Status=GETPASS

*Mar  1 01:34:54.627: AAA/AUTHEN/CONT (1579679647): continue_login (user='(undef)')

*Mar  1 01:34:54.631: AAA/AUTHEN(1579679647): Status=GETPASS

*Mar  1 01:34:54.631: AAA/AUTHEN/CONT (1579679647): Method=ENABLE

*Mar  1 01:34:54.703: AAA/AUTHEN(1579679647): Status=PASS

*Mar  1 01:34:54.703: AAA/MEMORY: free_user (0x64DE58AC) user='NULL' ruser='NULL' port='tty130' 

rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0) 

2.Debug AAA Authorization命令

使用Debug AAA Authentication命令来调试认证信息,用户名为“user1”属性值被授权,最后端口授权通过。

Router# debug aaa authentication r

AAA Authorization debugging is on

*Mar  1 01:35:18.427: AAA/BIND(00000016): Bind i/f  

*Mar  1 01:35:25.463: AAA/AUTHOR (0x16): Pick method list 'rongxin' 

*Mar  1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): processing AV cmd=

*Mar  1 01:35:25.939: AAA/AUTHOR/EXEC(00000016): Authorization successful

*Mar  1 01:35:30.567: AAA: parse name=tty130 idb type=-1 tty=-1

*Mar  1 01:35:30.571: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0

*Mar  1 01:35:30.575: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130' 

*Mar  1 01:35:32.279: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130' 

rem_addr='192.168.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

3.Debug AAA Accounting命令

使用Debug AAA Accounting命令来调试记账信息,通过CALL START和CALL STOP 来按时计费,使用Debug Tacacs 和Debug RADIUS可得到基于协议级别的更多信息,也可以使用Show accounting来查看记账的记录。

Router# debug aaa accounting

AAA Accounting debugging is on

*Mar  1 01:36:18.267: AAA/ACCT/EVENT/(00000017): CALL START

*Mar  1 01:36:18.267: Getting session id for NET(00000017) : db=64E2D51C

*Mar  1 01:36:18.271: AAA/ACCT(00000000): add node, session 20

*Mar  1 01:36:18.271: AAA/ACCT/NET(00000017): add, count 1

*Mar  1 01:36:18.275: Getting session id for NONE(00000017) : db=64E2D51C

*Mar  1 01:36:24.903: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'

*Mar  1 01:36:24.907: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin

*Mar  1 01:36:24.911: Getting session id for EXEC(00000017) : db=64E2D51C

*Mar  1 01:36:24.911: AAA/ACCT(00000017): add common node to avl failed

*Mar  1 01:36:24.915: AAA/ACCT/EXEC(00000017): add, count 2

*Mar  1 01:36:24.919: AAA/ACCT/EVENT/(00000017): EXEC UP

*Mar  1 01:36:24.919: AAA/ACCT/EXEC(00000017): Queueing record is START

*Mar  1 01:36:24.931: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)

*Mar  1 01:36:25.299: AAA/ACCT/EXEC(00000017): START protocol reply PASS

*Mar  1 01:36:25.299: AAA/ACCT(00000017): Send START accounting notification to EM successfully

*Mar  1 01:36:31.363: AAA: parse name=tty130 idb type=-1 tty=-1

*Mar  1 01:36:31.363: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0

*Mar  1 01:36:31.367: AAA/MEMORY: create_user (0x644CD260) user='user1' ruser='NULL' ds0=0 port='tty130' 

*Mar  1 01:36:34.211: AAA/MEMORY: free_user (0x644CD260) user='NULL' ruser='NULL' port='tty130' 

*Mar  1 01:36:44.431: unknown AAA/DISC: 1/"User Request"

*Mar  1 01:36:44.431: unknown AAA/DISC/EXT: 1020/"User Request"

*Mar  1 01:36:44.435: AAA/ACCT/EXEC(00000017): Pick method list 'rongxin'

*Mar  1 01:36:44.435: AAA/ACCT/SETMLIST(00000017): Handle 29000006, mlist 642D96E0, Name rongxin

*Mar  1 01:36:44.451: AAA/ACCT/EVENT/(00000017): CALL STOP

*Mar  1 01:36:44.451: AAA/ACCT/CALL STOP(00000017): Sending stop requests

*Mar  1 01:36:44.451: AAA/ACCT(00000017): Send all stops

*Mar  1 01:36:44.455: AAA/ACCT/EXEC(00000017): STOP

*Mar  1 01:36:44.459: AAA/ACCT/EXEC(00000017): Queueing record is STOP osr 1

*Mar  1 01:36:44.459: AAA/ACCT/NET(00000017): STOP

*Mar  1 01:36:44.463: AAA/ACCT/NET(00000017): Method list not found

*Mar  1 01:36:44.463: AAA/ACCT/NET(00000017): free_rec, count 1

*Mar  1 01:36:44.467: AAA/ACCT/NET(00000017) reccnt 1, csr TRUE, osr 1

*Mar  1 01:36:44.471: AAA/ACCT(00000017): Accouting method=tacacs+ (TACACS+)

*Mar  1 01:36:44.859: AAA/ACCT/EXEC(00000017): STOP protocol reply PASS

*Mar  1 01:36:44.863: AAA/ACCT(00000017): Send STOP accounting notification to EM successfully

*Mar  1 01:36:44.867: AAA/ACCT/EXEC(00000017): Cleaning up from Callback osr 0

*Mar  1 01:36:44.867: AAA/ACCT(00000017): del node, session 20

*Mar  1 01:36:44.871: AAA/ACCT/EXEC(00000017): free_rec, count 0

*Mar  1 01:36:44.871: AAA/ACCT/EXEC(00000017) reccnt 0, csr TRUE, osr 0

*Mar  1 01:36:44.875: AAA/ACCT/EXEC(00000017): Last rec in db, intf not enqueued

本文转自张琦51CTO博客,原文链接: http://blog.51cto.com/zhangqi/426290,如需转载请自行联系原作者

网络架构 数据安全/隐私保护 cisco单臂路由配置 cisco单臂路由 boson cisco动态路由配置 netsim cisco动态路由配置 数据隐私保护
上一篇: 网管囧事系列一:IT预算少了,如何花小钱办大事
下一篇: ADSL Modem防火墙完全攻略

继续阅读