이 문서에서는 Cisco IOS®에서 인증 프록시(Auth-Proxy) 관련 문제를 해결하기 위해 사용 가능한 트러블슈팅 메커니즘을 정의하고 보여 줍니다.이 문서에서는 debug 및 show 명령을 정의한 다음 이러한 디버그 및 명령의 예를 보여 줍니다.
이 문서에 대한 특정 요건이 없습니다.
이 문서는 특정 소프트웨어 및 하드웨어 버전으로 한정되지 않습니다.
문서 규칙에 대한 자세한 내용은 Cisco 기술 팁 표기 규칙을 참조하십시오.
debug 명령을 시도하기 전에 디버그 명령에 대한 중요 정보를 참조하십시오.
디버그 tacacs | radius - TACACS 또는 RADIUS와 관련된 정보를 표시합니다.
debug aaa authentication - AAA/TACACS+ 인증에 대한 정보를 표시합니다.사용 중인 인증 방법과 이러한 방법의 결과를 확인하는 데 사용됩니다.
debug aaa authorization - AAA/TACACS+ 권한 부여에 대한 정보를 표시합니다.사용 중인 인증 방법 및 이러한 방법의 결과를 확인하는 데 사용됩니다.
필요한 경우 다음 명령을 사용합니다.
debug ip auth-proxy {function - trace} - 인증 프록시 기능을 표시합니다.
debug ip auth-proxy {http} - 인증 프록시와 관련된 HTTP 이벤트를 표시합니다.
세션 간에 지우려면 다음 명령을 사용합니다.
clear ip auth-proxy cache {* | host ip address} - 사용자 프로필 및 ACL(Dynamic Access Control List)을 비롯한 모든 인증 프록시 항목을 지웁니다. IP 주소를 지정하면 지정된 호스트에 대한 인증 프록시 항목이 지워집니다.
access-list 명령이 전달되기 전:
sec-3640#show ip access-lists Extended IP access list 116 permit tcp host 10.31.1.47 host 10.31.1.150 eq www deny tcp host 10.31.1.47 any (16 matches) deny udp host 10.31.1.47 any (26 matches) deny icmp host 10.31.1.47 any permit tcp 10.31.1.0 0.0.0.255 any (53 matches) permit udp 10.31.1.0 0.0.0.255 any (74 matches) permit icmp 10.31.1.0 0.0.0.255 any permit icmp 171.68.118.0 0.0.0.255 any permit tcp 171.68.118.0 0.0.0.255 any (242 matches) permit udp 171.68.118.0 0.0.0.255 any
access-list 명령이 전달된 후:
Extended IP access list 116 permit udp host 10.31.1.47 any (3 matches) < added by authproxy permit tcp host 10.31.1.47 any < added by authproxy permit icmp host 10.31.1.47 any < added by authproxy permit tcp host 10.31.1.47 host 10.31.1.150 eq www deny tcp host 10.31.1.47 any (18 matches) deny udp host 10.31.1.47 any (26 matches) deny icmp host 10.31.1.47 any permit tcp 10.31.1.0 0.0.0.255 any (53 matches) permit udp 10.31.1.0 0.0.0.255 any (74 matches) permit icmp 10.31.1.0 0.0.0.255 any permit icmp 171.68.118.0 0.0.0.255 any permit tcp 171.68.118.0 0.0.0.255 any (264 matches) permit udp 171.68.118.0 0.0.0.255 any
00:32:30: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:30: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:30: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:30: F ack 1260991237 seq 410073(0) 00:32:30: dst_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521 00:32:30: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:30: AUTH_PROXY: not a SYN packet 00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:32: F ack 1260991237 seq 410073(0) 00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH_PROXY: not a SYN packet 00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy 00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb 00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol 00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:32: S seq 410077(0) 00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy 00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb 00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol 00:32:32: AUTH-PROXY FUNC: auth_proxy_new_connection 00:32:32: AUTH-PROXY FUNC: auth_proxy_add_conn_info 00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:32: ack 2957488078 seq 410078(0) 00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: clientport 4535 state 0 00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:32: P ack 2957488078 seq 410078(290) 00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: clientport 4535 state 0 00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache 00:32:32: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd 00:32:32: AUTH-PROXY FUNC: auth_proxy_received_get 00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache 00:32:32: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_save_timestamp 00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:32: ack 2957489275 seq 410368(0) 00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: clientport 4535 state 0 00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:32: F ack 2957489275 seq 410368(0) 00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535 00:32:32: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:32: clientport 4535 state 0 00:32:36: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:36: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:36: F ack 1260991237 seq 410073(0) 00:32:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521 00:32:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:36: clientport 4535 state 0 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:45: S seq 410193(0) 00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542 00:32:45: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: clientport 4521 state 0 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:45: ack 2970312961 seq 410194(0) 00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542 00:32:45: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: clientport 4542 state 0 00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:45: P ack 2970312961 seq 410194(449) 00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542 00:32:45: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: clientport 4542 state 0 00:32:45: AUTH-PROXY FUNC: auth_proxy_find_cache 00:32:45: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:45: AUTH-PROXY FUNC: auth_proxy_required_reauth 00:32:45: AUTH-PROXY FUNC: auth_proxy_same_timestamp 00:32:45: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd 00:32:45: AAA: parse name=a} idb type=-1 tty=-1 00:32:45: AAA/MEMORY: create_user (0x61C23FE4) user='' ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0 00:32:45: AAA/AUTHEN/START (3351494599): port='a}' list='default' action=LOGIN service=LOGIN 00:32:45: AAA/AUTHEN/START (3351494599): found list default 00:32:45: AAA/AUTHEN/START (3351494599): Method=RTP (tacacs+) 00:32:45: TAC+: send AUTHEN/START packet ver=192 id=3351494599 00:32:45: TAC+: Using default tacacs server-group "RTP" list. 00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: TAC+: Opened TCP/IP handle 0x61CA39A0 to 171.68.118.84/49 00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/START/LOGIN/ASCII queued 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: TAC+: (3351494599) AUTHEN/START/LOGIN/ASCII processed 00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETUSER 00:32:45: AAA/AUTHEN (3351494599): status = GETUSER 00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='(undef)') 00:32:45: AAA/AUTHEN (3351494599): status = GETUSER 00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+) 00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599 00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: TAC+: (3351494599) AUTHEN/CONT processed 00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETPASS 00:32:45: AAA/AUTHEN (3351494599): status = GETPASS 00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='proxyonly') 00:32:45: AAA/AUTHEN (3351494599): status = GETPASS 00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+) 00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599 00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: TAC+: (3351494599) AUTHEN/CONT processed 00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = PASS 00:32:45: AAA/AUTHEN (3351494599): status = PASS 00:32:45: TAC+: Closing TCP/IP 0x61CA39A0 connection to 171.68.118.84/49 00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Port='a}' list='default' service=AUTH-PROXY 00:32:45: AAA/AUTHOR/HTTP: a} (4113551585) user='proxyonly' 00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV service=auth-proxy 00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV cmd* 00:32:45: a} AAA/AUTHOR/HTTP (4113551585): found list "default" 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Method=RTP (tacacs+) 00:32:45: AAA/AUTHOR/TAC+: (4113551585): user=proxyonly 00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV service=auth-proxy 00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV cmd* 00:32:45: TAC+: using previously set server 171.68.118.84 from group RTP 00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5 00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:45: TAC+: Opened TCP/IP handle 0x61CA3E1C to 171.68.118.84/49 00:32:45: TAC+: Opened 171.68.118.84 index=1 00:32:45: TAC+: 171.68.118.84 (4113551585) AUTHOR/START queued 00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:46: TAC+: (4113551585) AUTHOR/START processed 00:32:46: TAC+: (4113551585): received author response status = PASS_ADD 00:32:46: TAC+: Closing TCP/IP 0x61CA3E1C connection to 171.68.118.84/49 00:32:46: AAA/AUTHOR (4113551585): Post authorization status = PASS_ADD 00:32:46: AUTH-PROXY FUNC: auth_proxy_copy_attrs 00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache 00:32:46: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache 00:32:46: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:46: AUTH-PROXY FUNC: auth_proxy_http_accept 00:32:46: AUTH-PROXY FUNC: auth_proxy_proc_profile 00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item 00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item 00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item 00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item 00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item 00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item 00:32:46: AAA/MEMORY: free_user (0x61C23FE4) user='proxyonly' ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0 00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:46: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:46: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:46: ack 2970313958 seq 410643(0) 00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542 00:32:46: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:46: clientport 4542 state 2 00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path 00:32:46: F ack 2970313958 seq 410643(0) 00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542 00:32:46: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:46: clientport 4542 state 2 00:32:49: AUTH-PROXY FUNC: auth_proxy_timers 00:32:49: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout 00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:51: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit 00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:51: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit 00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:51: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit 00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path 00:32:51: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit 00:32:54: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:18: AUTH-PROXY FUNC: auth_proxy_destroy_all_conn_info 01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_conn_info 01:23:18: AUTH-PROXY FUNC: auth_proxy_delete_conn_info 01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_all_acl 01:23:21: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:21: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:21: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:21: F ack 3679167246 seq 413771(0) 01:23:21: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851 01:23:21: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:21: AUTH_PROXY: not a SYN packet 01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy 01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb 01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol 01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:23: S seq 414827(0) 01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy 01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb 01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol 01:23:23: AUTH-PROXY FUNC: auth_proxy_new_connection 01:23:23: AUTH-PROXY FUNC: auth_proxy_add_conn_info 01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:23: ack 1713887638 seq 414828(0) 01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: clientport 4943 state 0 01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:23: P ack 1713887638 seq 414828(290) 01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: clientport 4943 state 0 01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache 01:23:23: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd 01:23:23: AUTH-PROXY FUNC: auth_proxy_received_get 01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache 01:23:23: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_save_timestamp 01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:23: ack 1713888835 seq 415118(0) 01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: clientport 4943 state 0 01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:23: F ack 1713888835 seq 415118(0) 01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943 01:23:23: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:23: clientport 4943 state 0 01:23:24: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:24: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:24: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:24: F ack 3679167246 seq 413771(0) 01:23:24: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851 01:23:24: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:24: clientport 4943 state 0 01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:36: S seq 414841(0) 01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: clientport 4851 state 0 01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:36: ack 1726143121 seq 414842(0) 01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: clientport 4944 state 0 01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:36: P ack 1726143121 seq 414842(449) 01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: clientport 4944 state 0 01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache 01:23:36: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_required_reauth 01:23:36: AUTH-PROXY FUNC: auth_proxy_same_timestamp 01:23:36: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd 01:23:36: AAA: parse name=a} idb type=-1 TTY=-1 01:23:36: AAA/MEMORY: create_user (0x61C52DD8) user='' ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0 01:23:36: AAA/AUTHEN/START (1504053479): port='a}' list='default' action=LOGIN service=LOGIN 01:23:36: AAA/AUTHEN/START (1504053479): found list default 01:23:36: AAA/AUTHEN/START (1504053479): Method=LOCAL 01:23:36: AAA/AUTHEN (1504053479): status = GETUSER 01:23:36: AAA/AUTHEN/CONT (1504053479): continue_login (user='(undef)') 01:23:36: AAA/AUTHEN (1504053479): status = GETUSER 01:23:36: AAA/AUTHEN/CONT (1504053479): Method=LOCAL 01:23:36: AAA/AUTHEN (1504053479): User not found, emulating local-override 01:23:36: AAA/AUTHEN (1504053479): status = ERROR 01:23:36: AAA/AUTHEN/START (58099628): port='a}' list='' action=LOGIN service=LOGIN 01:23:36: AAA/AUTHEN/START (58099628): Restart 01:23:36: AAA/AUTHEN/START (58099628): Method=RTP (radius) 01:23:36: AAA/AUTHEN (58099628): status = GETPASS 01:23:36: AAA/AUTHEN/CONT (58099628): continue_login (user='proxyonly') 01:23:36: AAA/AUTHEN (58099628): status = GETPASS 01:23:36: AAA/AUTHEN (58099628): Method=RTP (radius) 01:23:36: RADIUS: ustruct sharecount=1 01:23:36: RADIUS: Initial Transmit a} id 2 171.68.118.84:1645, Access-Request, len 67 01:23:36: Attribute 4 6 0A1F0196 01:23:36: Attribute 61 6 00000000 01:23:36: Attribute 1 11 70726F78 01:23:36: Attribute 2 18 7CC79416 01:23:36: Attribute 6 6 00000005 01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:36: RADIUS: Received from id 2 171.68.118.84:1645, Access-Accept, Len 207 01:23:36: Attribute 6 6 00000005 01:23:36: Attribute 26 30 0000000901186175 01:23:36: Attribute 26 49 00000009012B6175 01:23:36: Attribute 26 48 00000009012A6175 01:23:36: Attribute 26 48 00000009012A6175 01:23:36: Attribute 8 6 FFFFFFFF 01:23:36: RADIUS: saved authorization data for user 61C52DD8 at 619E0D8C 01:23:36: AAA/AUTHEN (58099628): status = PASS 01:23:36: a} AAA/AUTHOR/HTTP (147390869): Port='a}' list='default' service=AUTH-PROXY 01:23:36: AAA/AUTHOR/HTTP: a} (147390869) user='proxyonly' 01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV service=auth-proxy 01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV cmd* 01:23:36: a} AAA/AUTHOR/HTTP (147390869): found list "default" 01:23:36: a} AAA/AUTHOR/HTTP (147390869): Method=RTP (radius) 01:23:36: RADIUS: cisco AVPair "auth-proxy:priv-lvl=15" 01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#1=permit icmp any any" 01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#2=permit tcp any any" 01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#3=permit udp any any" 01:23:36: AAA/AUTHOR (147390869): Post authorization status = PASS_ADD 01:23:36: AUTH-PROXY FUNC: auth_proxy_copy_attrs 01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache 01:23:36: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache 01:23:36: AUTH-PROXY : auth_proxy_find_cache find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_http_accept 01:23:36: AUTH-PROXY FUNC: auth_proxy_proc_profile 01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item 01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item 01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item 01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item 01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item 01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item 01:23:36: AAA/MEMORY: free_user (0x61C52DD8) user='proxyonly' ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0 01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:36: ack 1726144118 seq 415291(0) 01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: clientport 4944 state 2 01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path 01:23:36: F ack 1726144118 seq 415291(0) 01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944 01:23:36: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:36: clientport 4944 state 2 01:23:39: AUTH-PROXY FUNC: auth_proxy_timers 01:23:39: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout 01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:41: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit 01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:41: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit 01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:41: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit 01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path 01:23:41: AUTH-PROXY auth_proxy_find_conn_info : find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12 ip-srcaddr 10.31.1.47 pak-srcaddr 0.0.0.0 01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
디버그 표시:
01:30:39: RADIUS: Initial Transmit id 6 171.68.118.115:1645, Access-Request, Len 67 01:30:39: Attribute 4 6 0A1F0196 01:30:39: Attribute 61 6 00000000 01:30:39: Attribute 1 11 70726F78 01:30:39: Attribute 2 18 E552A3E5 01:30:39: Attribute 6 6 00000005 01:30:44: RADIUS: Retransmit id 6 01:30:49: RADIUS: Retransmit id 6 01:30:59: RADIUS: Marking server 171.68.118.115 dead 01:30:59: RADIUS: Tried all servers. 01:30:59: RADIUS: No valid server found. Trying any viable server 01:30:59: RADIUS: Tried all servers. 01:30:59: RADIUS: No response for id 6 01:30:59: RADIUS: No response from server 01:30:59: AAA/AUTHEN (1597176845): status = ERROR
사용자는 "500 내부 서버 오류"를 보게 됩니다.
디버그 표시:
02:13:41: AAA/AUTHEN/START (3727404152): Method=RTP (tacacs+) 02:13:41: TAC+: send AUTHEN/START packet ver=192 id=3727404152 02:13:41: TAC+: Using default tacacs server-group "RTP" list. 02:13:41: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5 02:13:41: TAC+: TCP/IP open to 171.68.118.115/49 failed -- Connection refused by remote host 02:13:41: AAA/AUTHEN (3727404152): status = ERROR
사용자는 "500 내부 서버 오류"를 보게 됩니다.
디버그 표시:
01:37:42: RADIUS: Received from id 10 171.68.118.115:1645, Access-Reject, Len 20 01:37:42: AAA/AUTHEN (3558550985): status = FAIL 01:37:42: AAA/MEMORY: free_user (0x61C549F0) user='junk' ruser='' port='' rem_addr='' authen_type=ASCII service=LOGIN priv=0
사용자에게 "Authentication Failed!"가 표시됩니다.
디버그 표시:
02:15:03: AAA/AUTHEN/START (1400571814): Method=RTP (tacacs+) 02:15:03: TAC+: send AUTHEN/START packet ver=192 id=1400571814 02:15:03: TAC+: Using default tacacs server-group "RTP" list. 02:15:03: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5 02:15:03: TAC+: Opened TCP/IP handle 0x61CAFEA8 to 171.68.118.115/49 02:15:03: TAC+: 171.68.118.115 (1400571814) AUTHEN/START/LOGIN/ASCII queued 02:15:04: TAC+: (1400571814) AUTHEN/START/LOGIN/ASCII processed 02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = GETPASS 02:15:04: AAA/AUTHEN (1400571814): status = GETPASS 02:15:04: AAA/AUTHEN/CONT (1400571814): continue_login (user='junkuser') 02:15:04: AAA/AUTHEN (1400571814): status = GETPASS 02:15:04: AAA/AUTHEN (1400571814): Method=RTP (tacacs+) 02:15:04: TAC+: send AUTHEN/CONT packet id=1400571814 02:15:04: TAC+: 171.68.118.115 (1400571814) AUTHEN/CONT queued 02:15:04: TAC+: (1400571814) AUTHEN/CONT processed 02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = FAIL 02:15:04: AAA/AUTHEN (1400571814): status = FAIL
사용자에게 "Authentication Failed!"가 표시됩니다.
디버그 표시:
02:17:01: TAC+: ver=192 id=945629484 received AUTHEN status = PASS 02:17:02: TAC+: (1368282367): received author response status = FAIL 02:17:02: TAC+: Closing TCP/IP 0x61CAFFC8 connection to 171.68.118.115/49 02:17:02: AAA/AUTHOR (1368282367): Post authorization status = FAIL
사용자에게 "Authentication Failed!"가 표시됩니다.
디버그는 ACL이 다운되었지만 적용되지 않았으며 사용자가 방화벽을 통과할 수 없음을 표시합니다.
사용자에게 "Authentication Successful!"이 표시됩니다.
디버그가 성공적인 인증과 다른 것처럼 보이지 않지만 ACL이 적용되지 않으며 사용자가 방화벽을 통과할 수 없습니다.
사용자에게 "Authentication Successful!"이 표시됩니다.
디버그 표시:
02:00:54: RADIUS: saved authorization data for user 61CA670C at 61C5585C 02:00:54: AAA/AUTHEN (706562375): status = PASS 02:00:54: AAA/AUTHOR/HTTP (4224202114): Port='' list='default' service=AUTH-PROXY 02:00:54: AAA/AUTHOR/HTTP: (4224202114) user='baduser' 02:00:54: AAA/AUTHOR/HTTP (4224202114): send AV service=auth-proxy 02:00:54: AAA/AUTHOR/HTTP (4224202114): send AV cmd* 02:00:54: AAA/AUTHOR/HTTP (4224202114): found list "default" 02:00:54: AAA/AUTHOR/HTTP (4224202114): Method=RTP (radius) 02:00:54: RADIUS: cisco AVPair "auth-proxy:priv-lvl=1"
라우터 디버그가 잘못된 권한 수준을 제외하고 특이한 아무 것도 나타내지 않더라도 사용자는 "Authentication Failed"를 보게 됩니다.ACL은 적용되지 않습니다.
성공한 인증과 디버그가 다를 것 같지 않습니다.
사용자에게 "Authentication Failed!"가 표시됩니다.