CCNP(ISCW)实验:配置AAA支持Radius

CCNP(ISCW)实验:配置AAA支持Radius
预配置
R1(config)#int e1/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit

实验过程:
第一步:配置R1使用 radius登录
R1(config)#aaa new-model
//启动aaa 服务
R1(config)#aaa authentication login AUTH group radius
//配置AAA 登陆时采用radius认证
R1(config)#radius-server host 192.168.1.11 key server123
//配置radius server 的ip地址和密钥
R1(config)#en pass cisco

line con 0
exec-timeout 0 0
logging synchronous
login authentication AUTH
line aux 0
line vty 0 4
login authentication AUTH

第二步:打开acs界面
CCNP(ISCW)实验:配置AAA支持Radius
第三步:点击CCNP(ISCW)实验:配置AAA支持Radius,在aaa client点击CCNP(ISCW)实验:配置AAA支持Radius
CCNP(ISCW)实验:配置AAA支持Radius
第四步:CCNP(ISCW)实验:配置AAA支持Radius
第五步:确认添加成功
CCNP(ISCW)实验:配置AAA支持Radius
第六步:点击“CCNP(ISCW)实验:配置AAA支持Radius”在出现的界面中输入用户名:ccie,点击:CCNP(ISCW)实验:配置AAA支持Radius
CCNP(ISCW)实验:配置AAA支持Radius
第七步:配置好ccie用户名的密码等信息,点击:
CCNP(ISCW)实验:配置AAA支持Radius
CCNP(ISCW)实验:配置AAA支持Radius
第八步:在R1上登录进行测试
R1#test aaa group radius admin admin new-code
Trying to authenticate with Servergroup radius
User successfully authenticated

R1#debug radius verbose
Radius protocol debugging is on
Radius protocol brief debugging is off
Radius protocol verbose debugging is on
Radius packet hex dump debugging is off
Radius packet protocol debugging is off
Radius packet retransmission debugging is off
Radius server fail-over debugging is off

Username:
Mar 1 00:23:18.891: RADIUS/ENCODE(00000003): ask "Username: "
Mar 1 00:23:18.891: RADIUS/ENCODE(00000003): send packet; GET_USER
//要求我们输入用户名
Username: admin
Password:
Mar 1 00:23:23.379: RADIUS/ENCODE(00000003): ask "Password: "
Mar 1 00:23:23.379: RADIUS/ENCODE(00000003): send packet; GET_PASSWORD
//要求我们输入密码
R1>
Mar 1 00:23:27.171: RADIUS/ENCODE(00000003):Orig. component type = EXEC
Mar 1 00:23:27.171: RADIUS(00000003): Storing nasport 0 in rad_db
Mar 1 00:23:27.171: RADIUS(00000003): Config NAS IP: 0.0.0.0
Mar 1 00:23:27.175: RADIUS/ENCODE: Best Local IP-Address 192.168.1.1 for Radius-Server 192.168.1.11

R1#debug radius authentication
//调试radius认证数据包
Radius protocol debugging is on
Radius protocol brief debugging is off
Radius protocol verbose debugging is off
Radius packet hex dump debugging is off
Radius packet protocol (authentication) debugging is on
Radius packet protocol (accounting) debugging is off
Radius packet retransmission debugging is off
Radius server fail-over debugging is off

Mar 1 00:27:44.811: RADIUS/ENCODE(00000004):Orig. component type = EXEC
Mar 1 00:27:44.811: RADIUS: AAA Unsupported Attr: interface [153] 4
Mar 1 00:27:44.811: RADIUS: 74 74 [tt]
Mar 1 00:27:44.815: RADIUS(00000004): Storing nasport 0 in rad_db
Mar 1 00:27:44.815: RADIUS/ENCODE(00000004): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
Mar 1 00:27:44.815: RADIUS(00000004): Config NAS IP: 0.0.0.0
Mar 1 00:27:44.815: RADIUS/ENCODE(00000004): acct_session_id: 3
Mar 1 00:27:44.815: RADIUS(00000004): sending
Mar 1 00:27:44.819: RADIUS/ENCODE: Best Local IP-Address 192.168.1.1 for Radius-Server 192.168.1.11
Mar 1 00:27:44.819: RADIUS(00000004): Send Access-Request to 192.168.1.11:1645 id 1645/6, len 70
Mar 1 00:27:44.819: RADIUS: authenticator 9B 81 52 C7 8A DC 8A D2 - 69 E2 35 6F F6 86 34 C5
Mar 1 00:27:44.819: RADIUS: User-Name [1] 7 "admin"
R1>r 1 00:27:44.823: RADIUS: User-Password [2] 18
Mar 1 00:27:44.823: RADIUS: NAS-Port [5] 6 0
Mar 1 00:27:44.823: RADIUS: NAS-Port-Type [61] 6 Async [0]
Mar 1 00:27:44.823: RADIUS: Calling-Station-Id [31] 7 "async"
Mar 1 00:27:44.823: RADIUS: NAS-IP-Address [4] 6 192.168.1.1
Mar 1 00:27:44.895: RADIUS: Received from id 1645/6 192.168.1.11:1645, Access-Accept, len 48
Mar 1 00:27:44.895: RADIUS: authenticator 12 1F 0D 4F 33 90 BA 24 - AE 2D 0C 02 1B 96 6F 23
Mar 1 00:27:44.895: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
Mar 1 00:27:44.895: RADIUS: Class [25] 22
Mar 1 00:27:44.899: RADIUS: 43 41 43 53 3A 30 2F 66 35 2F 63 30 61 38 30 31 [CACS:0/f5/c0a801]
Mar 1 00:27:44.899: RADIUS: 30 31 2F 30 [01/0]
Mar 1 00:27:44.903: RADIUS(00000004): Received from id 1645/6

R1#debug aaa authentication
//调试AAA的认证信息
AAA Authentication debugging is on
R1#exit
R1>en
Password:
Mar 1 00:30:07.063: AAA: parse name=tty0 idb type=-1 tty=-1
Mar 1 00:30:07.063: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
Mar 1 00:30:07.063: AAA/MEMORY: create_user (0x63A8C500) user='admin' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Mar 1 00:30:07.067: AAA/AUTHEN/START (831857078): port='tty0' list='' action=LOGIN service=ENABLE
Mar 1 00:30:07.067: AAA/AUTHEN/START (831857078): console enable - default to enable password (if any)
Mar 1 00:30:07.067: AAA/AUTHEN/START (831857078): Method=ENABLE
Mar 1 00:30:07.067: AAA/AUTHEN(831857078): Status=GETPASS
R1#
Mar 1 00:30:12.047: AAA/AUTHEN/CONT (831857078): continue_login (user='(undef)')
Mar 1 00:30:12.047: AAA/AUTHEN(831857078): Status=GETPASS
Mar 1 00:30:12.047: AAA/AUTHEN/CONT (831857078): Method=ENABLE
Mar 1 00:30:12.047: AAA/AUTHEN(831857078): Status=PASS
Mar 1 00:30:12.047: AAA/MEMORY: free_user (0x63A8C500) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

实验结果
PC机telnet如图所示:
CCNP(ISCW)实验:配置AAA支持Radius
CCNP(ISCW)实验:配置AAA支持Radius
telnet需要密码,进入全局模式需要密码

本地路由器console口登录,如图:
CCNP(ISCW)实验:配置AAA支持Radius

上一篇:ip后面带端口号如何做域名解析


下一篇:docker学习:5.容器数据卷管理