CCNP(ISCW)实验：配置AAA支持Tacacs+

2023-11-14 17:38:22

预配置
R1(config)#int e1/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no sh

实验过程：
第一步：配置R1使用tacacs+,并调用
R1(config)#aaa new-model
R1(config)#aaa authentication login AUTHOR group tacacs+ enable
R1(config)#tacacs-server host 192.168.1.11 key server123

R1(config)#line vty 0 4
R1(config-line)#login authentication AUTHOR
R1(config-line)#line co 0
R1(config-line)#login authentication AUTHOR

第二步：配置AAA服务器

第三步：调试
R1#test aaa group tacacs+ admin admin new-code
Trying to authenticate with Servergroup tacacs+
Sending password
User successfully authenticated

R1#debug tacacs authentication
TACACS+ authentication debugging is on
R1#exit

R1 con0 is now available
Press RETURN to get started.

Username:
Mar 1 00:10:55.611: TPLUS: Queuing AAA Authentication request 2 for processing
Mar 1 00:10:55.611: TPLUS: processing authentication start request id 2
Mar 1 00:10:55.615: TPLUS: Authentication start packet created for 2()
Mar 1 00:10:55.615: TPLUS: Using server 192.168.1.11
Mar 1 00:10:55.619: TPLUS(00000002)/0/NB_WAIT/63768D88: Started 5 sec timeout
Mar 1 00:10:55.623: TPLUS(00000002)/0/NB_WAIT: socket event 2
Mar 1 00:10:55.627: TPLUS(00000002)/0/NB_WAIT: wrote entire 29 bytes request
Mar 1 00:10:55.627: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:10:55.627: TPLUS(00000002)/0/READ: Would block while reading
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: read entire 28 bytes response
Mar 1 00:10:55.655: TPLUS(00000002)/0/63768D88: Processing the reply packet
Mar 1 00:10:55.655: TPLUS: Received authen response status GET_USER (7)
Username: admin
Password:
Mar 1 00:11:02.247: TPLUS: Queuing AAA Authentication request 2 for processing
Mar 1 00:11:02.247: TPLUS: processing authentication continue request id 2
Mar 1 00:11:02.247: TPLUS: Authentication continue packet generated for 2
Mar 1 00:11:02.247: TPLUS(00000002)/0/WRITE/63768D88: Started 5 sec timeout
Mar 1 00:11:02.251: TPLUS(00000002)/0/WRITE: wrote entire 22 bytes request
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: read entire 28 bytes response
Mar 1 00:11:02.255: TPLUS(00000002)/0/63768D88: Processing the reply packet
Mar 1 00:11:02.255: TPLUS: Received authen response status GET_PASSWORD (8)

Mar 1 00:11:06.987: TPLUS: Queuing AAA Authentication request 2 for processing
Mar 1 00:11:06.987: TPLUS: processing authentication continue request id 2
Mar 1 00:11:06.987: TPLUS: Authentication continue packet generated for 2
Mar 1 00:11:06.987: TPLUS(00000002)/0/WRITE/63768D88: Started 5 sec timeout
Mar 1 00:11:06.991: TPLUS(00000002)/0/WRITE: wrote entire 22 bytes request
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: read entire 12 header bytes (expect 6 bytes data)
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: read entire 18 bytes response
Mar 1 00:11:07.055: TPLUS(00000002)/0/63768D88: Processing the reply packet
*Mar 1 00:11:07.055: TPLUS: Received authen response status PASS (2)
R1>en
Password:
R1#

第四步：实验结果：
当AAA服务器正常工作时

当AAA服务器挂掉之后

直接输入enable密码

码农公寓

相关文章