인증 프록시 문제 해결
목차
소개
이 문서에서는 Cisco IOS®에서 인증 프록시(Auth-Proxy) 관련 문제를 해결하기 위해 사용 가능한 트러블슈팅 메커니즘을 정의하고 보여 줍니다.이 문서에서는 debug 및 show 명령을 정의한 다음 이러한 디버그 및 명령의 예를 보여 줍니다.
사전 요구 사항
요구 사항
이 문서에 대한 특정 요건이 없습니다.
사용되는 구성 요소
이 문서는 특정 소프트웨어 및 하드웨어 버전으로 한정되지 않습니다.
표기 규칙
문서 규칙에 대한 자세한 내용은 Cisco 기술 팁 표기 규칙을 참조하십시오.
debug 및 clear 명령
debug 명령을 시도하기 전에 디버그 명령에 대한 중요 정보를 참조하십시오.
-
디버그 tacacs | radius - TACACS 또는 RADIUS와 관련된 정보를 표시합니다.
-
debug aaa authentication - AAA/TACACS+ 인증에 대한 정보를 표시합니다.사용 중인 인증 방법과 이러한 방법의 결과를 확인하는 데 사용됩니다.
-
debug aaa authorization - AAA/TACACS+ 권한 부여에 대한 정보를 표시합니다.사용 중인 인증 방법 및 이러한 방법의 결과를 확인하는 데 사용됩니다.
필요한 경우 다음 명령을 사용합니다.
-
debug ip auth-proxy {function - trace} - 인증 프록시 기능을 표시합니다.
-
debug ip auth-proxy {http} - 인증 프록시와 관련된 HTTP 이벤트를 표시합니다.
세션 간에 지우려면 다음 명령을 사용합니다.
-
clear ip auth-proxy cache {* | host ip address} - 사용자 프로필 및 ACL(Dynamic Access Control List)을 비롯한 모든 인증 프록시 항목을 지웁니다. IP 주소를 지정하면 지정된 호스트에 대한 인증 프록시 항목이 지워집니다.
show ip access-lists 명령 - 아웃바운드
access-list 명령이 전달되기 전:
sec-3640#show ip access-lists
Extended IP access list 116
permit tcp host 10.31.1.47 host 10.31.1.150 eq www
deny tcp host 10.31.1.47 any (16 matches)
deny udp host 10.31.1.47 any (26 matches)
deny icmp host 10.31.1.47 any
permit tcp 10.31.1.0 0.0.0.255 any (53 matches)
permit udp 10.31.1.0 0.0.0.255 any (74 matches)
permit icmp 10.31.1.0 0.0.0.255 any
permit icmp 171.68.118.0 0.0.0.255 any
permit tcp 171.68.118.0 0.0.0.255 any (242 matches)
permit udp 171.68.118.0 0.0.0.255 any
access-list 명령이 전달된 후:
Extended IP access list 116
permit udp host 10.31.1.47 any (3 matches) < added by authproxy
permit tcp host 10.31.1.47 any < added by authproxy
permit icmp host 10.31.1.47 any < added by authproxy
permit tcp host 10.31.1.47 host 10.31.1.150 eq www
deny tcp host 10.31.1.47 any (18 matches)
deny udp host 10.31.1.47 any (26 matches)
deny icmp host 10.31.1.47 any
permit tcp 10.31.1.0 0.0.0.255 any (53 matches)
permit udp 10.31.1.0 0.0.0.255 any (74 matches)
permit icmp 10.31.1.0 0.0.0.255 any
permit icmp 171.68.118.0 0.0.0.255 any
permit tcp 171.68.118.0 0.0.0.255 any (264 matches)
permit udp 171.68.118.0 0.0.0.255 any
디버깅
양호한 라우터 디버그 - TACACS - 아웃바운드
00:32:30: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:30: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:30: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:30: F ack 1260991237 seq 410073(0)
00:32:30: dst_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521
00:32:30: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:30: AUTH_PROXY: not a SYN packet
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32: F ack 1260991237 seq 410073(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH_PROXY: not a SYN packet
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32: S seq 410077(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
00:32:32: AUTH-PROXY FUNC: auth_proxy_get_idbsb
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
00:32:32: AUTH-PROXY FUNC: auth_proxy_new_connection
00:32:32: AUTH-PROXY FUNC: auth_proxy_add_conn_info
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32: ack 2957488078 seq 410078(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: clientport 4535 state 0
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32: P ack 2957488078 seq 410078(290)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: clientport 4535 state 0
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:32: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
00:32:32: AUTH-PROXY FUNC: auth_proxy_received_get
00:32:32: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:32: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_save_timestamp
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32: ack 2957489275 seq 410368(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: clientport 4535 state 0
00:32:32: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:32: F ack 2957489275 seq 410368(0)
00:32:32: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4535
00:32:32: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:32: clientport 4535 state 0
00:32:36: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:36: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:36: F ack 1260991237 seq 410073(0)
00:32:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4521
00:32:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:36: clientport 4535 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:45: S seq 410193(0)
00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:45: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: clientport 4521 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:45: ack 2970312961 seq 410194(0)
00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:45: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: clientport 4542 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:45: P ack 2970312961 seq 410194(449)
00:32:45: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:45: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: clientport 4542 state 0
00:32:45: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:45: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:45: AUTH-PROXY FUNC: auth_proxy_required_reauth
00:32:45: AUTH-PROXY FUNC: auth_proxy_same_timestamp
00:32:45: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
00:32:45: AAA: parse name=a} idb type=-1 tty=-1
00:32:45: AAA/MEMORY: create_user (0x61C23FE4) user='' ruser=''
port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0
00:32:45: AAA/AUTHEN/START (3351494599): port='a}' list='default'
action=LOGIN service=LOGIN
00:32:45: AAA/AUTHEN/START (3351494599): found list default
00:32:45: AAA/AUTHEN/START (3351494599): Method=RTP (tacacs+)
00:32:45: TAC+: send AUTHEN/START packet ver=192 id=3351494599
00:32:45: TAC+: Using default tacacs server-group "RTP" list.
00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: Opened TCP/IP handle 0x61CA39A0 to 171.68.118.84/49
00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/START/LOGIN/ASCII queued
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: (3351494599) AUTHEN/START/LOGIN/ASCII processed
00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETUSER
00:32:45: AAA/AUTHEN (3351494599): status = GETUSER
00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='(undef)')
00:32:45: AAA/AUTHEN (3351494599): status = GETUSER
00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+)
00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599
00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: (3351494599) AUTHEN/CONT processed
00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = GETPASS
00:32:45: AAA/AUTHEN (3351494599): status = GETPASS
00:32:45: AAA/AUTHEN/CONT (3351494599): continue_login (user='proxyonly')
00:32:45: AAA/AUTHEN (3351494599): status = GETPASS
00:32:45: AAA/AUTHEN (3351494599): Method=RTP (tacacs+)
00:32:45: TAC+: send AUTHEN/CONT packet id=3351494599
00:32:45: TAC+: 171.68.118.84 (3351494599) AUTHEN/CONT queued
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: (3351494599) AUTHEN/CONT processed
00:32:45: TAC+: ver=192 id=3351494599 received AUTHEN status = PASS
00:32:45: AAA/AUTHEN (3351494599): status = PASS
00:32:45: TAC+: Closing TCP/IP 0x61CA39A0 connection to 171.68.118.84/49
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Port='a}' list='default'
service=AUTH-PROXY
00:32:45: AAA/AUTHOR/HTTP: a} (4113551585) user='proxyonly'
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV service=auth-proxy
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): send AV cmd*
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): found list "default"
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: a} AAA/AUTHOR/HTTP (4113551585): Method=RTP (tacacs+)
00:32:45: AAA/AUTHOR/TAC+: (4113551585): user=proxyonly
00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV service=auth-proxy
00:32:45: AAA/AUTHOR/TAC+: (4113551585): send AV cmd*
00:32:45: TAC+: using previously set server 171.68.118.84 from group RTP
00:32:45: TAC+: Opening TCP/IP to 171.68.118.84/49 timeout=5
00:32:45: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:45: TAC+: Opened TCP/IP handle 0x61CA3E1C to 171.68.118.84/49
00:32:45: TAC+: Opened 171.68.118.84 index=1
00:32:45: TAC+: 171.68.118.84 (4113551585) AUTHOR/START queued
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: TAC+: (4113551585) AUTHOR/START processed
00:32:46: TAC+: (4113551585): received author response status = PASS_ADD
00:32:46: TAC+: Closing TCP/IP 0x61CA3E1C connection to 171.68.118.84/49
00:32:46: AAA/AUTHOR (4113551585): Post authorization status = PASS_ADD
00:32:46: AUTH-PROXY FUNC: auth_proxy_copy_attrs
00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:46: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY FUNC: auth_proxy_find_cache
00:32:46: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:46: AUTH-PROXY FUNC: auth_proxy_http_accept
00:32:46: AUTH-PROXY FUNC: auth_proxy_proc_profile
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AUTH-PROXY FUNC: auth_proxy_add_acl_item
00:32:46: AAA/MEMORY: free_user (0x61C23FE4) user='proxyonly'
ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:46: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:46: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:46: ack 2970313958 seq 410643(0)
00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:46: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:46: clientport 4542 state 2
00:32:46: AUTH-PROXY FUNC: auth_proxy_process_path
00:32:46: F ack 2970313958 seq 410643(0)
00:32:46: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4542
00:32:46: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:46: clientport 4542 state 2
00:32:49: AUTH-PROXY FUNC: auth_proxy_timers
00:32:49: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:51: AUTH-PROXY FUNC: auth_proxy_fast_path
00:32:51: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
00:32:51: AUTH-PROXY FUNC: auth_proxy_set_hit
00:32:54: AUTH-PROXY FUNC: auth_proxy_fast_path
양호한 라우터 디버그 - RADIUS - 아웃바운드
01:23:18: AUTH-PROXY FUNC: auth_proxy_destroy_all_conn_info
01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_conn_info
01:23:18: AUTH-PROXY FUNC: auth_proxy_delete_conn_info
01:23:18: AUTH-PROXY FUNC: auth_proxy_remove_all_acl
01:23:21: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:21: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:21: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:21: F ack 3679167246 seq 413771(0)
01:23:21: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851
01:23:21: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:21: AUTH_PROXY: not a SYN packet
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23: S seq 414827(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_if_marked_for_proxy
01:23:23: AUTH-PROXY FUNC: auth_proxy_get_idbsb
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_aprt_of_aprc_by_protocol
01:23:23: AUTH-PROXY FUNC: auth_proxy_new_connection
01:23:23: AUTH-PROXY FUNC: auth_proxy_add_conn_info
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23: ack 1713887638 seq 414828(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: clientport 4943 state 0
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23: P ack 1713887638 seq 414828(290)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: clientport 4943 state 0
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:23: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
01:23:23: AUTH-PROXY FUNC: auth_proxy_received_get
01:23:23: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:23: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_save_timestamp
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23: ack 1713888835 seq 415118(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: clientport 4943 state 0
01:23:23: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:23: F ack 1713888835 seq 415118(0)
01:23:23: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4943
01:23:23: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:23: clientport 4943 state 0
01:23:24: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:24: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:24: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:24: F ack 3679167246 seq 413771(0)
01:23:24: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4851
01:23:24: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:24: clientport 4943 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36: S seq 414841(0)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: clientport 4851 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36: ack 1726143121 seq 414842(0)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: clientport 4944 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36: P ack 1726143121 seq 414842(449)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: clientport 4944 state 0
01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:36: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_required_reauth
01:23:36: AUTH-PROXY FUNC: auth_proxy_same_timestamp
01:23:36: AUTH-PROXY FUNC: auth_proxy_wait_for_next_pwd
01:23:36: AAA: parse name=a} idb type=-1 TTY=-1
01:23:36: AAA/MEMORY: create_user (0x61C52DD8) user='' ruser='' port='a}'
rem_addr='' authen_type=ASCII service=LOGIN priv=0
01:23:36: AAA/AUTHEN/START (1504053479): port='a}' list='default'
action=LOGIN service=LOGIN
01:23:36: AAA/AUTHEN/START (1504053479): found list default
01:23:36: AAA/AUTHEN/START (1504053479): Method=LOCAL
01:23:36: AAA/AUTHEN (1504053479): status = GETUSER
01:23:36: AAA/AUTHEN/CONT (1504053479): continue_login (user='(undef)')
01:23:36: AAA/AUTHEN (1504053479): status = GETUSER
01:23:36: AAA/AUTHEN/CONT (1504053479): Method=LOCAL
01:23:36: AAA/AUTHEN (1504053479): User not found, emulating local-override
01:23:36: AAA/AUTHEN (1504053479): status = ERROR
01:23:36: AAA/AUTHEN/START (58099628): port='a}' list='' action=LOGIN service=LOGIN
01:23:36: AAA/AUTHEN/START (58099628): Restart
01:23:36: AAA/AUTHEN/START (58099628): Method=RTP (radius)
01:23:36: AAA/AUTHEN (58099628): status = GETPASS
01:23:36: AAA/AUTHEN/CONT (58099628): continue_login (user='proxyonly')
01:23:36: AAA/AUTHEN (58099628): status = GETPASS
01:23:36: AAA/AUTHEN (58099628): Method=RTP (radius)
01:23:36: RADIUS: ustruct sharecount=1
01:23:36: RADIUS: Initial Transmit a} id 2 171.68.118.84:1645,
Access-Request, len 67
01:23:36: Attribute 4 6 0A1F0196
01:23:36: Attribute 61 6 00000000
01:23:36: Attribute 1 11 70726F78
01:23:36: Attribute 2 18 7CC79416
01:23:36: Attribute 6 6 00000005
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: RADIUS: Received from id 2 171.68.118.84:1645, Access-Accept, Len 207
01:23:36: Attribute 6 6 00000005
01:23:36: Attribute 26 30 0000000901186175
01:23:36: Attribute 26 49 00000009012B6175
01:23:36: Attribute 26 48 00000009012A6175
01:23:36: Attribute 26 48 00000009012A6175
01:23:36: Attribute 8 6 FFFFFFFF
01:23:36: RADIUS: saved authorization data for user 61C52DD8 at 619E0D8C
01:23:36: AAA/AUTHEN (58099628): status = PASS
01:23:36: a} AAA/AUTHOR/HTTP (147390869): Port='a}' list='default'
service=AUTH-PROXY
01:23:36: AAA/AUTHOR/HTTP: a} (147390869) user='proxyonly'
01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV service=auth-proxy
01:23:36: a} AAA/AUTHOR/HTTP (147390869): send AV cmd*
01:23:36: a} AAA/AUTHOR/HTTP (147390869): found list "default"
01:23:36: a} AAA/AUTHOR/HTTP (147390869): Method=RTP (radius)
01:23:36: RADIUS: cisco AVPair "auth-proxy:priv-lvl=15"
01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#1=permit icmp any any"
01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#2=permit tcp any any"
01:23:36: RADIUS: cisco AVPair "auth-proxy:proxyacl#3=permit udp any any"
01:23:36: AAA/AUTHOR (147390869): Post authorization status = PASS_ADD
01:23:36: AUTH-PROXY FUNC: auth_proxy_copy_attrs
01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:36: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_find_cache
01:23:36: AUTH-PROXY : auth_proxy_find_cache
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_http_accept
01:23:36: AUTH-PROXY FUNC: auth_proxy_proc_profile
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AUTH-PROXY FUNC: auth_proxy_add_acl_item
01:23:36: AAA/MEMORY: free_user (0x61C52DD8) user='proxyonly'
ruser='' port='a}' rem_addr='' authen_type=ASCII service=LOGIN priv=0
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36: ack 1726144118 seq 415291(0)
01:23:36: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: clientport 4944 state 2
01:23:36: AUTH-PROXY FUNC: auth_proxy_process_path
01:23:36: F ack 1726144118 seq 415291(0)
01:23:36: DST_addr 185273100 src_addr 169804079 DST_port 80 src_port 4944
01:23:36: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:36: clientport 4944 state 2
01:23:39: AUTH-PROXY FUNC: auth_proxy_timers
01:23:39: AUTH-PROXY FUNC: auth_proxy_handle_finwait_timeout
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
01:23:41: AUTH-PROXY FUNC: auth_proxy_fast_path
01:23:41: AUTH-PROXY auth_proxy_find_conn_info :
find srcaddr - 10.31.1.47, dstaddr - 11.11.11.12
ip-srcaddr 10.31.1.47
pak-srcaddr 0.0.0.0
01:23:41: AUTH-PROXY FUNC: auth_proxy_set_hit
잠재적 문제
RADIUS 서버에 연결할 수 없음
디버그 표시:
01:30:39: RADIUS: Initial Transmit id 6 171.68.118.115:1645, Access-Request, Len 67 01:30:39: Attribute 4 6 0A1F0196 01:30:39: Attribute 61 6 00000000 01:30:39: Attribute 1 11 70726F78 01:30:39: Attribute 2 18 E552A3E5 01:30:39: Attribute 6 6 00000005 01:30:44: RADIUS: Retransmit id 6 01:30:49: RADIUS: Retransmit id 6 01:30:59: RADIUS: Marking server 171.68.118.115 dead 01:30:59: RADIUS: Tried all servers. 01:30:59: RADIUS: No valid server found. Trying any viable server 01:30:59: RADIUS: Tried all servers. 01:30:59: RADIUS: No response for id 6 01:30:59: RADIUS: No response from server 01:30:59: AAA/AUTHEN (1597176845): status = ERROR
사용자는 "500 내부 서버 오류"를 보게 됩니다.
TACACS 서버에 연결할 수 없음
디버그 표시:
02:13:41: AAA/AUTHEN/START (3727404152): Method=RTP (tacacs+) 02:13:41: TAC+: send AUTHEN/START packet ver=192 id=3727404152 02:13:41: TAC+: Using default tacacs server-group "RTP" list. 02:13:41: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5 02:13:41: TAC+: TCP/IP open to 171.68.118.115/49 failed -- Connection refused by remote host 02:13:41: AAA/AUTHEN (3727404152): status = ERROR
사용자는 "500 내부 서버 오류"를 보게 됩니다.
RADIUS 사용자가 잘못된 사용자 이름 또는 비밀번호를 입력합니다.
디버그 표시:
01:37:42: RADIUS: Received from id 10 171.68.118.115:1645, Access-Reject, Len 20
01:37:42: AAA/AUTHEN (3558550985): status = FAIL
01:37:42: AAA/MEMORY: free_user (0x61C549F0) user='junk' ruser=''
port='' rem_addr='' authen_type=ASCII service=LOGIN priv=0
사용자에게 "Authentication Failed!"가 표시됩니다.
TACACS 사용자가 잘못된 사용자 이름 또는 비밀번호를 입력합니다.
디버그 표시:
02:15:03: AAA/AUTHEN/START (1400571814): Method=RTP (tacacs+) 02:15:03: TAC+: send AUTHEN/START packet ver=192 id=1400571814 02:15:03: TAC+: Using default tacacs server-group "RTP" list. 02:15:03: TAC+: Opening TCP/IP to 171.68.118.115/49 timeout=5 02:15:03: TAC+: Opened TCP/IP handle 0x61CAFEA8 to 171.68.118.115/49 02:15:03: TAC+: 171.68.118.115 (1400571814) AUTHEN/START/LOGIN/ASCII queued 02:15:04: TAC+: (1400571814) AUTHEN/START/LOGIN/ASCII processed 02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = GETPASS 02:15:04: AAA/AUTHEN (1400571814): status = GETPASS 02:15:04: AAA/AUTHEN/CONT (1400571814): continue_login (user='junkuser') 02:15:04: AAA/AUTHEN (1400571814): status = GETPASS 02:15:04: AAA/AUTHEN (1400571814): Method=RTP (tacacs+) 02:15:04: TAC+: send AUTHEN/CONT packet id=1400571814 02:15:04: TAC+: 171.68.118.115 (1400571814) AUTHEN/CONT queued 02:15:04: TAC+: (1400571814) AUTHEN/CONT processed 02:15:04: TAC+: ver=192 id=1400571814 received AUTHEN status = FAIL 02:15:04: AAA/AUTHEN (1400571814): status = FAIL
사용자에게 "Authentication Failed!"가 표시됩니다.
TACACS 사용자가 올바른 사용자 이름과 비밀번호를 입력하지만 권한 부여에 실패함
디버그 표시:
02:17:01: TAC+: ver=192 id=945629484 received AUTHEN status = PASS 02:17:02: TAC+: (1368282367): received author response status = FAIL 02:17:02: TAC+: Closing TCP/IP 0x61CAFFC8 connection to 171.68.118.115/49 02:17:02: AAA/AUTHOR (1368282367): Post authorization status = FAIL
사용자에게 "Authentication Failed!"가 표시됩니다.
RADIUS 사용자가 올바른 사용자 이름 및 비밀번호를 입력하지만 ACL은 잘못된 형식으로 반환
디버그는 ACL이 다운되었지만 적용되지 않았으며 사용자가 방화벽을 통과할 수 없음을 표시합니다.
사용자에게 "Authentication Successful!"이 표시됩니다.
TACACS 사용자가 올바른 사용자 이름과 비밀번호를 입력하지만 ACL이 잘못된 형식으로 반환됩니다.
디버그가 성공적인 인증과 다른 것처럼 보이지 않지만 ACL이 적용되지 않으며 사용자가 방화벽을 통과할 수 없습니다.
사용자에게 "Authentication Successful!"이 표시됩니다.
RADIUS 사용자가 올바른 사용자 이름과 암호를 입력하지만 Priv-lvl 15가 반환되지 않음
디버그 표시:
02:00:54: RADIUS: saved authorization data for user 61CA670C at 61C5585C 02:00:54: AAA/AUTHEN (706562375): status = PASS 02:00:54: AAA/AUTHOR/HTTP (4224202114): Port='' list='default' service=AUTH-PROXY 02:00:54: AAA/AUTHOR/HTTP: (4224202114) user='baduser' 02:00:54: AAA/AUTHOR/HTTP (4224202114): send AV service=auth-proxy 02:00:54: AAA/AUTHOR/HTTP (4224202114): send AV cmd* 02:00:54: AAA/AUTHOR/HTTP (4224202114): found list "default" 02:00:54: AAA/AUTHOR/HTTP (4224202114): Method=RTP (radius) 02:00:54: RADIUS: cisco AVPair "auth-proxy:priv-lvl=1"
라우터 디버그가 잘못된 권한 수준을 제외하고 특이한 아무 것도 나타내지 않더라도 사용자는 "Authentication Failed"를 보게 됩니다.ACL은 적용되지 않습니다.
TACACS 사용자가 올바른 사용자 이름과 비밀번호를 입력하지만 Priv-lvl 15가 반환되지 않음
성공한 인증과 디버그가 다를 것 같지 않습니다.
사용자에게 "Authentication Failed!"가 표시됩니다.
피드백