PPP-terugbellen via ISDN configureren met een AAA-terugbellen

Downloadopties

PDF (225.7 KB)
Met Adobe Reader op diverse apparaten bekijken
ePub (98.0 KB)
Bekijken in diverse apps op iPhone, iPad, Android, Sony Reader of Windows Phone
Mobi (Kindle) (123.9 KB)
Op Kindle-apparaat of via Kindle-app op meerdere apparaten bekijken

Bijgewerkt:4 februari 2010

Document-id:10321

Inclusief taalgebruik

De documentatie van dit product is waar mogelijk geschreven met inclusief taalgebruik. Inclusief taalgebruik wordt in deze documentatie gedefinieerd als taal die geen discriminatie op basis van leeftijd, handicap, gender, etniciteit, seksuele oriëntatie, sociaaleconomische status of combinaties hiervan weerspiegelt. In deze documentatie kunnen uitzonderingen voorkomen vanwege bewoordingen die in de gebruikersinterfaces van de productsoftware zijn gecodeerd, die op het taalgebruik in de RFP-documentatie zijn gebaseerd of die worden gebruikt in een product van een externe partij waarnaar wordt verwezen. Lees meer over hoe Cisco gebruikmaakt van inclusief taalgebruik.

Over deze vertaling

Cisco heeft dit document vertaald via een combinatie van machine- en menselijke technologie om onze gebruikers wereldwijd ondersteuningscontent te bieden in hun eigen taal. Houd er rekening mee dat zelfs de beste machinevertaling niet net zo nauwkeurig is als die van een professionele vertaler. Cisco Systems, Inc. is niet aansprakelijk voor de nauwkeurigheid van deze vertalingen en raadt aan altijd het oorspronkelijke Engelstalige document (link) te raadplegen.

Inhoud

Inleiding

Voorwaarden

Vereisten

Gebruikte componenten

Conventies

Achtergrondinformatie

Configureren

Netwerkdiagram

Configuraties

Verifiëren

Problemen oplossen

Opdrachten voor probleemoplossing (optioneel)

Voorbeeld van output van foutopsporing

Gerelateerde informatie

Inleiding

Dit document biedt een voorbeeldconfiguratie voor PPP-terugbellen tussen twee Cisco-routers.

Voorwaarden

Vereisten

Er zijn geen specifieke vereisten van toepassing op dit document.

Gebruikte componenten

De informatie in dit document is gebaseerd op de volgende software- en hardware-versies:

Cisco IOS®-softwarerelease 12.0(3)T of hoger

Opmerking: Om PPP callback te configureren met de hulp van een AAA server toegewezen callback string, moet u de dialer Aa-opdracht gebruiken, die beschikbaar is in Cisco IOS-softwarerelease 12.0(3)T of hoger. In Cisco IOS-versies 12.1(4)T, 12.2(1)T en later is deze opdracht niet vereist voor PPP-callback met een AAA-server waaraan callback string is toegewezen.

Opmerking: de dialer aaa opdracht wordt alleen ondersteund door Verouderde DDR (zoals getoond in figuur 1).

De informatie in dit document is gebaseerd op de apparaten in een specifieke laboratoriumomgeving. Alle apparaten die in dit document worden beschreven, hadden een opgeschoonde (standaard)configuratie. Als uw netwerk live is, moet u de potentiële impact van elke opdracht begrijpen.

Conventies

Raadpleeg voor meer informatie over documentconventies de technische Tips van Cisco.

Achtergrondinformatie

De TACACS+ (AAA server) wordt gebruikt om de callback dialstring aan de callback server te leveren. U kunt echter ook RADIUS gebruiken om de callback string te leveren. Om PPP callback te configureren met lokale verificatie, autorisatie en accounting (AAA), zie PPP-terugbellen via ISDN configureren.

In deze steekproefconfiguratie gebruikt callback PPP en de faciliteiten die in RFC 1570 zijn gespecificeerd. Het PPP-terugbellen via het ISDN-circuit is in deze volgorde voltooid:

De callback client start en voert een ISDN-verbinding naar de callback server router in.
De callback client en de callback server onderhandelen over PPP Link Control Protocol (LCP). In LCP-onderhandeling wordt opgeroepen, onderhandeld en overeengekomen.
De callback client en de callback server authenticeren elkaar met PPP Wachtwoord Verificatieprotocol (PAP) of Challenge Handshake Authentication Protocol (CHAP). U kunt echter wel de callback client configureren om de callback server niet te authenticeren door de Pp-verificatieschakelaar aan te roepen.
De callback server verkrijgt de benodigde callback eigenschappen, zoals het callback dialstring (het telefoonnummer van de client) van de AAA-server.
Beide routers laten de ISDN-verbinding vallen.
De callback server start de callback naar de client. Wanneer de verbinding tot stand is gebracht, authentiseren de routers elkaar en wordt de link gevestigd.

Configureren

Deze sectie bevat informatie over het configureren van de functies die in dit document worden beschreven.

N.B.: Als u aanvullende informatie wilt vinden over de opdrachten in dit document, gebruikt u het Opdrachtplanningprogramma (alleen geregistreerd klanten).

Netwerkdiagram

Het netwerk in dit document is als volgt opgebouwd:

Afbeelding 1 - Netwerkdiagram

Configuraties

Dit document gebruikt deze configuraties:

Freeware TACACS+ configuratie
RADIUS-configuratie
Configuratie van alternatieve RADIUS
Configuratie van TNT-buster (Terugbellen Server)
Configuratie van Tremens (terugbellen)

Freeware TACACS+ configuratie
user = tremens { default service = permit login = cleartext "cisco" chap = cleartext "cisco" !--- CHAP password. service = ppp protocol = lcp { callback-dialstring = "6083" !--- Number to callback. send-secret = "cisco" } }

Freeware TACACS+ configuratie

user = tremens {
  default service = permit
  login = cleartext "cisco"
  chap = cleartext "cisco"
  
!--- CHAP password.

  service = ppp protocol = lcp {
  callback-dialstring = "6083"

 !--- Number to callback.

  send-secret = "cisco"
  }
  }

U kunt RADIUS ook gebruiken als uw AAA-server om de callback-eigenschappen te leveren in plaats van TACACS+. Hier wordt een voorbeeld van de RADIUS-configuratie gegeven:

RADIUS-configuratie
tremens Auth-Type = Local, Password = "cisco" Service-Type = Framed-User, !--- Service-Type(6) is Framed User(4). Cisco-AVPair = "lcp:callback-dialstring=6083", Cisco-AVPair = "lcp:send-secret=cisco"

RADIUS-configuratie

tremens         Auth-Type = Local, Password = "cisco"
                Service-Type = Framed-User,

 !--- Service-Type(6) is Framed User(4).

                Cisco-AVPair = "lcp:callback-dialstring=6083", 
                Cisco-AVPair = "lcp:send-secret=cisco"

Opmerking: In de RADIUS-configuratie hierboven, is Cisco AVPair lcp:send-geheven=cisco nodig op het moment van verificatie van de callback. Als u deze AVPair niet omvat, moet u de gebruikersnaam en het wachtwoord voor CHAP van de afstandsrouter lokaal op de callback server configureren.

Opmerking: dit document heeft voornamelijk betrekking op TACACS+. De details in dit document tonen geen RADIUS-geïnitieerde callback.

Opmerking: Van Cisco IOS versie 12.1(7) is het mogelijk om de RADIUS-eigenschap 19 van de Internet Engineering Task Force (IETF) voor ISDN en analoge Microsoft callback te gebruiken. In dat geval is het niet nodig om de Cisco AVPstoelen te gebruiken, die in de vorige configuratie zijn weergegeven. Raadpleeg het hier getoonde alternatieve RADIUS-configuratievoorbeeld:

Configuratie van alternatieve RADIUS
tremens Auth-Type = Local, Password = "cisco" Service-Type = callback framed !--- Service-Type (6) is callback framed (4). !--- Callback framed is also known as !--- Dialback-Framed-User. Callback =6083 !--- IETF RADIUS Callback attribute (19) with the phone !--- number for the callback.

Configuratie van alternatieve RADIUS

tremens         Auth-Type = Local, Password = "cisco"
                Service-Type = callback framed
                
!--- Service-Type (6) is callback framed (4).

                
!--- Callback framed is also known as !--- Dialback-Framed-User.

                Callback =6083
                
!--- IETF RADIUS Callback attribute (19) with the phone !--- number for the callback.

Opmerking: De RADIUS-uiteinden tonen de RADIUS-kenmerk 19 van IETF dat wordt teruggegeven aan de callback server.

De configuraties voor de twee routers die in dit voorbeeld worden gebruikt worden hier getoond:

Tnt-buster (Terugbellen Server)
version 12.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Tnt-buster ! boot system flash flash:c5300-i-mz.121-4 logging buffered 1000000 debugging aaa new-model aaa authentication login none none aaa authentication ppp default group tacacs+ local !--- AAA methods for PPP authentication. aaa authorization network default group tacacs+ !--- AAA authorization methods for RADIUS implementation. !--- Replace TACACS+ with RADIUS in the statements above. ! spe 1/0 1/23 firmware location system:/ucode/microcom_firmware ! resource-pool disable ! ip subnet-zero no ip domain-lookup ! isdn switch-type primary-net5 ! controller E1 0 !--- E1 interface that accepts the initial call and performs the callback. clock source line primary pri-group timeslots 1-31 ! ! !--- irrelevant output has been omitted. ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Ethernet0 ip address 10.200.20.42 255.255.255.0 ! interface Serial0:15 !--- D-channel for controller E1 0. no ip address encapsulation ppp dialer rotary-group 1 !--- Assign E1 0 to rotary-group 1 (which is necessary for dialout). !--- Rotary-group properties are defined in interface Dialer 1. isdn switch-type primary-net5 no cdp enable ! ! !--- irrelevant output has been omitted. ! ! interface Dialer1 !--- This is the interface for the dialer rotary-group 1 configuration. ip unnumbered Loopback0 encapsulation ppp dialer in-band dialer aaa !--- This allows AAA to retrieve the callback dial string via AAA servers. !--- This command is required for callback attributes to be obtained !--- from the AAA server. dialer idle-timeout 60 dialer enable-timeout 5 !--- The time (in seconds) between initial call disconnect and callback !--- initiation. dialer hold-queue 20 !--- This holds 20 packets destined for the remote destination until the !--- connection is made. dialer-group 1 no peer default ip address !--- The peer is not given an IP address from a pool. !--- IP pool can be defined if necessary. ppp callback accept !--- Allows the interface to accept a callback request from a remote host. ppp authentication chap callin ! ip route 0.0.0.0 0.0.0.0 10.200.20.1 no ip http server ! dialer-list 1 protocol ip permit tacacs-server host 10.200.20.134 key cisco !--- The IP address and key of the TACACS+ server. ! line con 0 exec-timeout 0 0 length 30 transport input none line 1 24 line aux 0 line vty 0 4 no exec-banner exec-timeout 0 0 login authentication none ! end

Tnt-buster (Terugbellen Server)

version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Tnt-buster
!
boot system flash flash:c5300-i-mz.121-4
logging buffered 1000000 debugging
aaa new-model
aaa authentication login none none
aaa authentication ppp default group tacacs+ local

!--- AAA methods for PPP authentication.

aaa authorization network default group tacacs+

!--- AAA authorization methods for RADIUS implementation. !--- Replace TACACS+ with RADIUS in the statements above.

!
spe 1/0 1/23
firmware location system:/ucode/microcom_firmware
!
resource-pool disable
!
ip subnet-zero
no ip domain-lookup
!
isdn switch-type primary-net5
!
controller E1 0

!--- E1 interface that accepts the initial call and performs the callback.

clock source line primary
pri-group timeslots 1-31
!
!
!--- irrelevant output has been omitted.

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0
ip address 10.200.20.42 255.255.255.0
!
interface Serial0:15

!--- D-channel for controller E1 0.

no ip address
encapsulation ppp
dialer rotary-group 1

!--- Assign E1 0 to rotary-group 1 (which is necessary for dialout). !--- Rotary-group properties are defined in interface Dialer 1.

isdn switch-type primary-net5
no cdp enable
!
!

!--- irrelevant output has been omitted.

!
!
interface Dialer1

!--- This is the interface for the dialer rotary-group 1 configuration.

ip unnumbered Loopback0
encapsulation ppp
dialer in-band
dialer aaa

!--- This allows AAA to retrieve the callback dial string via AAA servers.

!--- This command is required for callback attributes to be obtained !--- from the AAA server.

dialer idle-timeout 60
dialer enable-timeout 5

!--- The time (in seconds) between initial call disconnect and callback !--- initiation.

dialer hold-queue 20

!--- This holds 20 packets destined for the remote destination until the !--- connection is made.

dialer-group 1
no peer default ip address

!--- The peer is not given an IP address from a pool. !--- IP pool can be defined if necessary.

ppp callback accept

!--- Allows the interface to accept a callback request from a remote host.

ppp authentication chap callin
!
ip route 0.0.0.0 0.0.0.0 10.200.20.1
no ip http server
!
dialer-list 1 protocol ip permit
tacacs-server host 10.200.20.134 key cisco

!--- The IP address and key of the TACACS+ server.

!
line con 0
exec-timeout 0 0
length 30
transport input none
line 1 24
line aux 0
line vty 0 4
no exec-banner
exec-timeout 0 0
login authentication none
!
end

Tremens (callback-client)
version 12.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname tremens ! username tnt-buster password 0 cisco !--- Username and shared secret password used for CHAP authentication. !--- The AAA server must have this router hostname (tnt-buster) and !--- shared secret (cisco) configured. ! ip subnet-zero no ip finger no ip domain-lookup ! isdn switch-type basic-net3 ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface Ethernet0 ip address 10.200.16.54 255.255.255.0 ! interface BRI0 !--- The interface used for dialin and dialout. no ip address encapsulation ppp dialer pool-member 1 !--- Assign BRI0 as member of dialer pool 1. !--- Dialer pool 1 is specified in interface Dialer 1. isdn switch-type basic-net3 ppp authentication chap ! interface Dialer1 ip unnumbered Loopback0 encapsulation ppp dialer pool 1 !--- Defines dialer pool 1. !--- BRI 0 is a member of this pool. dialer idle-timeout 60 dialer string 8211 !--- The number to dial when dialing out for the initial call. dialer hold-queue 20 !--- This holds 20 packets destined for the remote destination until the !--- connection is made. dialer-group 1 no peer default ip address no fair-queue no cdp enable ppp callback request !--- Request PPP callback from the server. ppp authentication chap ! ip route 2.2.2.2 255.255.255.255 Dialer1 !--- IP route for the dialer interface. no ip http server ! dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 exec-timeout 0 0 login ! end

Tremens (callback-client)

version 12.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname tremens
!
username tnt-buster password 0 cisco

!--- Username and shared secret password used for CHAP authentication. !--- The AAA server must have this router hostname (tnt-buster) and !--- shared secret (cisco) configured.

!
ip subnet-zero
no ip finger
no ip domain-lookup
!
isdn switch-type basic-net3
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0
ip address 10.200.16.54 255.255.255.0
!
interface BRI0

!--- The interface used for dialin and dialout.

no ip address
encapsulation ppp
dialer pool-member 1

!--- Assign BRI0 as member of dialer pool 1. !--- Dialer pool 1 is specified in interface Dialer 1.

isdn switch-type basic-net3
ppp authentication chap
!
interface Dialer1
ip unnumbered Loopback0
encapsulation ppp
dialer pool 1

!--- Defines dialer pool 1. !--- BRI 0 is a member of this pool.

dialer idle-timeout 60
dialer string 8211

!--- The number to dial when dialing out for the initial call.

dialer hold-queue 20

!--- This holds 20 packets destined for the remote destination until the !--- connection is made.

dialer-group 1
no peer default ip address
no fair-queue
no cdp enable
ppp callback request

!--- Request PPP callback from the server.

ppp authentication chap
!
ip route 2.2.2.2 255.255.255.255 Dialer1

!--- IP route for the dialer interface.

no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
exec-timeout 0 0
login
!
end

Verifiëren

Deze sectie verschaft informatie die u kunt gebruiken om te bevestigen dat uw configuratie correct werkt.

Bepaalde opdrachten met show worden ondersteund door de tool Output Interpreter (alleen voor geregistreerde klanten). Hiermee kunt u een analyse van de output van opdrachten met show genereren.

toon dialer interface type nummer- toont algemene diagnostische informatie voor interfaces ingesteld voor dial-on-demand routing (DDR). De bron- en doeladressen van het pakket dat het draaien in werking heeft gesteld, worden in de regel met de kiesreden weergegeven. Deze opdracht geeft ook de verbindingsptimers weer.
toon ISDN status-kunt u verzekeren dat de router goed met de ISDN switch communiceert. In de uitvoer, controleer of Layer 1 Status actief is, en of de Layer 2 Status = MULTIPLE_FRAME_ESTABLISHED verschijnt. Deze opdracht geeft ook het aantal actieve oproepen weer.

Problemen oplossen

Deze sectie bevat informatie waarmee u problemen met de configuratie kunt oplossen.

Raadpleeg de verwijzing naar de Debug Opdrachten van Cisco IOS release 12.0 voor meer informatie over debug opdrachten.

Opdrachten voor probleemoplossing (optioneel)

Opmerking: Voordat u debug-opdrachten afgeeft, raadpleegt u Belangrijke informatie over Debug Commands.

debug ISDN Q931: toont aanroepen, instelling en traag omlaag van de ISDN-netwerkverbinding (Layer 3).
debug dialer [ gebeurtenissen | Packet—toont DDR-zuiverende informatie over de pakketten die op een dialerinterface worden ontvangen.
debug van verificatie door middel van detectie - geeft informatie weer over AAA-verificatie.
debug a autorisatie—geeft informatie weer over AAA autorisatie.
debug tacacs-toont gedetailleerde het zuiveren informatie geassocieerd met TACACS+.
debug PPP onderhandeling-toont informatie over PPP verkeer en uitwisselingen terwijl de onderhandeling van de componenten PPP, waaronder Link Control Protocol (LCP), Verificatie, en NCP in gang is. Een succesvolle PPP-onderhandeling zal eerst de LCP-staat openen, dan Verifiëren en uiteindelijk NCP onderhandelen.
debug van PPP-verificatie—geeft de PPP-verificatieprotocolberichten weer, inclusief Challenge Authentication Protocol (CHAP)-pakketuitwisselingen en Wachtwoord-verificatieprotocol (PAP)-uitwisselingen. Als u een fout waarneemt, controleert u of de gebruikersnaam en het wachtwoord voor CHAP correct zijn ingesteld.
debug callback - displays wanneer de router een modem en een chatscript gebruikt om terug te bellen op een eindlijn. Omdat deze opdracht voor modems en chatscripts is, wordt deze niet gebruikt in deze configuratie.

Voorbeeld van output van foutopsporing

tnt-buster#show debug
General OS:
  TACACS access control debugging is on
  AAA Authentication debugging is on
  AAA Authorization debugging is on
Dial on demand:
  Dial on demand events debugging is on
PPP:
  PPP protocol negotiation debugging is on
ISDN:
  ISDN Q931 packets debugging is on
  ISDN Q931 packets debug DSLs. (On/Off/No DSL:1/0/-)
  DSL  0 --> 7
  1 - - - - - - -  
tnt-buster#
*Oct 16 08:59:26.403: ISDN Se0:15: RX <-  SETUP pd = 8  callref = 0x4880

!--- incoming ISDN call setup message.

*Oct 16 08:59:26.403:   Sending Complete
*Oct 16 08:59:26.403:   Bearer Capability i = 0x8890
*Oct 16 08:59:26.403:   Channel ID i = 0xA1839A
*Oct 16 08:59:26.403:   Calling Party Number i = 0xA1, '6083', Plan:ISDN,
 Type:National

!--- Calling Party Number is configured in the callback string on !--- the AAA server.
 
*Oct 16 08:59:26.403:   Called Party Number i = 0x81, '211', Plan:ISDN,
 Type:Unknown
*Oct 16 08:59:26.407:   Locking Shift to Codeset 6
*Oct 16 08:59:26.407:   Codeset 6 IE 0x28  i = 'ISDN-EDU-4'
*Oct 16 08:59:26.407:   ISDN Se0:15: TX ->  CALL_PROC pd = 8  callref = 0xC880
*Oct 16 08:59:26.411:   Channel ID i = 0xA9839A
*Oct 16 08:59:26.415: %LINK-3-UPDOWN: Interface Serial0:25, changed state to up
*Oct 16 08:59:26.419: Se0:25 PPP: Treating connection as a callin
*Oct 16 08:59:26.419: Se0:25 PPP: Phase is ESTABLISHING, Passive Open
*Oct 16 08:59:26.419: Se0:25 LCP: State is Listen
*Oct 16 08:59:26.419: ISDN Se0:15: TX ->  CONNECT pd = 8  callref = 0xC880
*Oct 16 08:59:26.419: Channel ID i = 0xA9839A
*Oct 16 08:59:26.459: ISDN Se0:15: RX <-  CONNECT_ACK pd = 8  callref = 0x4880
*Oct 16 08:59:26.463: ISDN Se0:15: CALL_PROGRESS: CALL_CONNECTED call id 0x28,
 bchan 25, dsl 0
*Oct 16 08:59:26.551: Se0:25 LCP: I CONFREQ [Listen] id 126 len 18

!--- PPP LCP negotiation begins.

*Oct 16 08:59:26.555: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.555: Se0:25 LCP:    MagicNumber 0x3E7BCBD2 (0x05063E7BCBD2)
*Oct 16 08:59:26.555: Se0:25 LCP:    Callback 0  (0x0D0300)
*Oct 16 08:59:26.555: Se0:25 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
*Oct 16 08:59:26.555: Se0:25 LCP: O CONFREQ [Listen] id 1 len 15
*Oct 16 08:59:26.555: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.555: Se0:25 LCP:    MagicNumber 0xE06953E4 (0x0506E06953E4)
*Oct 16 08:59:26.555: Se0:25 LCP: O CONFACK [Listen] id 126 len 18
*Oct 16 08:59:26.555: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.555: Se0:25 LCP:    MagicNumber 0x3E7BCBD2 (0x05063E7BCBD2)
*Oct 16 08:59:26.555: Se0:25 LCP:    Callback 0  (0x0D0300)

!--- Callback option is acknowledged (CONFACKed).

*Oct 16 08:59:26.587: Se0:25 LCP: I CONFACK [ACKsent] id 1 len 15
*Oct 16 08:59:26.587: Se0:25 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:26.587: Se0:25 LCP:    MagicNumber 0xE06953E4 (0x0506E06953E4)
*Oct 16 08:59:26.587: Se0:25 LCP: State is Open
*Oct 16 08:59:26.587: Se0:25 PPP: Phase is AUTHENTICATING, by both

!--- PPP Authentication begins.

*Oct 16 08:59:26.587: Se0:25 CHAP: O CHALLENGE id 1 len 31 from "tnt-buster"
*Oct 16 08:59:26.611: Se0:25 CHAP: I CHALLENGE id 93 len 28 from "tremens"
*Oct 16 08:59:26.611: Se0:25 CHAP: Waiting for peer to authenticate first
*Oct 16 08:59:26.623: Se0:25 CHAP: I RESPONSE id 1 len 28 from "tremens"
*Oct 16 08:59:26.623: AAA: parse name=Serial0:25 idb type=13 tty=-1
*Oct 16 08:59:26.623: AAA: name=Serial0:25 flags=0x51 type=1 shelf=0 slot=0
 adapter=0 port=0 channel=25
*Oct 16 08:59:26.623: AAA: parse name= idb type=-1 tty=-1
*Oct 16 08:59:26.623: AAA/MEMORY: create_user (0x6126C0AC) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:26.623: AAA/AUTHEN/START (199889519): port='Serial0:25' list=''
 action=LOGIN service=PPP
*Oct 16 08:59:26.623: AAA/AUTHEN/START (199889519): using "default" list
*Oct 16 08:59:26.623: AAA/AUTHEN/START (199889519): Method=tacacs+ (tacacs+)

!--- Use TACACS+ as AAA method for the default list.
 
*Oct 16 08:59:26.623: TAC+: send AUTHEN/START packet ver=193 id=199889519
*Oct 16 08:59:26.623: TAC+: Using default tacacs server-group "tacacs+" list.
*Oct 16 08:59:26.623: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:26.627: TAC+: Opened TCP/IP handle 0x610C4D40 to 10.200.20.134/49
*Oct 16 08:59:26.627: TAC+: 10.200.20.134 (199889519) AUTHEN/START/LOGIN/CHAP
 queued
*Oct 16 08:59:26.827: TAC+: (199889519) AUTHEN/START/LOGIN/CHAP processed
*Oct 16 08:59:26.827: TAC+: ver=193 id=199889519 received AUTHEN status = PASS
*Oct 16 08:59:26.827: AAA/AUTHEN (199889519): status = PASS

!--- AAA authentication succeeds.

*Oct 16 08:59:26.827: TAC+: Closing TCP/IP 0x610C4D40 connection to
 10.200.20.134/49
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP: Authorize LCP
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:26.827: AAA/AUTHOR/LCP: Se0:25 (4028243213) user='tremens'
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): send AV service=ppp
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): send AV protocol=lcp
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): found list "default"
*Oct 16 08:59:26.827: Se0:25 AAA/AUTHOR/LCP (4028243213): Method=tacacs+ 
(tacacs+)
*Oct 16 08:59:26.827: AAA/AUTHOR/TAC+: (4028243213): user=tremens
*Oct 16 08:59:26.827: AAA/AUTHOR/TAC+: (4028243213): send AV service=ppp
*Oct 16 08:59:26.827: AAA/AUTHOR/TAC+: (4028243213): send AV protocol=lcp
*Oct 16 08:59:26.827: TAC+: using previously set server 10.200.20.134 from
 group tacacs+
*Oct 16 08:59:26.827: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:26.831: TAC+: Opened TCP/IP handle 0x61269588 to 10.200.20.134/49
*Oct 16 08:59:26.831: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:26.831: TAC+: 10.200.20.134 (4028243213) AUTHOR/START queued
*Oct 16 08:59:27.031: TAC+: (4028243213) AUTHOR/START processed
*Oct 16 08:59:27.031: TAC+: (4028243213): received author response status =
 PASS_ADD
*Oct 16 08:59:27.031: TAC+: Closing TCP/IP 0x61269588 connection to
 10.200.20.134/49
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR (4028243213): Post authorization
 status = PASS_ADD
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV service=ppp
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV protocol=lcp
*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV callback-dialstring=
6083

!--- Callback dial string sent from the AAA server.

*Oct 16 08:59:27.031: Se0:25 AAA/AUTHOR/LCP: Processing AV send-secret=cisco
*Oct 16 08:59:27.031: Se0:25 CHAP: O SUCCESS id 1 len 4
*Oct 16 08:59:27.031: Se0:25 CHAP: Processing saved Challenge, id 93
*Oct 16 08:59:27.031: Se0:25 DDR: Authenticated host tremens with no matching
 dialer map
*Oct 16 08:59:27.031: AAA: parse name=Serial0:25 idb type=13 tty=-1
*Oct 16 08:59:27.031: AAA: name=Serial0:25 flags=0x51 type=1 shelf=0 slot=0
 adapter=0
 port=0 channel=25
*Oct 16 08:59:27.031: AAA: parse name= idb type=-1 tty=-1
*Oct 16 08:59:27.031: AAA/MEMORY: create_user (0x610DD96C) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:27.035: AAA/AUTHEN/START (4099567767): port='Serial0:25'
 list='' action=SENDAUTH service=PPP
*Oct 16 08:59:27.035: AAA/AUTHEN/START (4099567767): using "default" list
*Oct 16 08:59:27.035: AAA/AUTHEN/START (4099567767): Method=tacacs+ (tacacs+)
*Oct 16 08:59:27.035: TAC+: Look for cached secret first for sendauth
*Oct 16 08:59:27.035: AAA/AUTHEN/SENDAUTH (4099567767): found cached secret
 for tremens
*Oct 16 08:59:27.035: AAA/AUTHEN (4099567767): status = PASS
*Oct 16 08:59:27.035: AAA/MEMORY: free_user (0x610DD96C) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:27.035: Se0:25 CHAP: O RESPONSE id 93 len 31 from "tnt-buster"
*Oct 16 08:59:27.055: Se0:25 CHAP: I SUCCESS id 93 len 4

!--- CHAP is successful.

*Oct 16 08:59:27.055: FA0: Same state, 0
*Oct 16 08:59:27.055: DSES FA0: Session create
*Oct 16 08:59:27.055: AAA/MEMORY: dup_user (0x61069398) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1 source='create callback'
*Oct 16 08:59:27.055: Se0:25 DDR: PPP callback Callback server starting to
 tremens 6083

!--- DDR starts PPP calback procedures.

*Oct 16 08:59:27.055: Se0:25 DDR: disconnecting call

!--- Call is disconnected.

*Oct 16 08:59:27.059: ISDN Se0:15: TX ->  DISCONNECT pd = 8  callref = 0xC880
*Oct 16 08:59:27.059:         Cause i = 0x8090 - Normal call clearing
*Oct 16 08:59:27.071: Se0:25 IPCP: PPP phase is AUTHENTICATING,
 discarding packet
*Oct 16 08:59:27.091: ISDN Se0:15: RX <-  RELEASE pd = 8  callref = 0x4880
*Oct 16 08:59:27.091: ISDN Se0:15: TX ->  RELEASE_COMP pd = 8 
 callref = 0xC880
*Oct 16 08:59:27.103: %LINK-3-UPDOWN: Interface Serial0:25,
 changed state to down
*Oct 16 08:59:27.103: Se0:25 PPP: Phase is TERMINATING
*Oct 16 08:59:27.103: Se0:25 LCP: State is Closed
*Oct 16 08:59:27.103: Se0:25 PPP: Phase is DOWN
*Oct 16 08:59:27.103: Se0:25 DDR: disconnecting call
*Oct 16 08:59:32.055: DDR: Callback timer expired

!--- Callback timer (5 seconds) expires.


!--- This is configured through the dialer enable-timeout 5 command.

*Oct 16 08:59:32.055: Di1 DDR: beginning callback to tremens 6083
*Oct 16 08:59:32.055: Se0:15 DDR: rotor dialout [priority]
*Oct 16 08:59:32.055: Se0:15 DDR: Dialing cause dialer session 0xFA0
*Oct 16 08:59:32.055: Se0:15 DDR: Attempting to dial 6083

!--- Callback number dialed.

*Oct 16 08:59:32.055: ISDN Se0:15: TX ->  SETUP pd = 8  callref = 0x0005
*Oct 16 08:59:32.055:         Bearer Capability i = 0x8890
*Oct 16 08:59:32.055:         Channel ID i = 0xA9839F
*Oct 16 08:59:32.055:         Called Party Number i = 0x81, '6083', Plan:ISDN,
 Type:Unknown
*Oct 16 08:59:32.095: ISDN Se0:15: RX <-  CALL_PROC pd = 8  callref = 0x8005
*Oct 16 08:59:32.095:         Channel ID i = 0xA9839F
*Oct 16 08:59:32.311: ISDN Se0:15: RX <-  CONNECT pd = 8  callref = 0x8005

!--- Call is connected.

*Oct 16 08:59:32.311:         Connected Number i = 0xA136303833
*Oct 16 08:59:32.315:         Locking Shift to Codeset 6
*Oct 16 08:59:32.315:         Codeset 6 IE 0x28  i = 'ISDN-EDU-4'
*Oct 16 08:59:32.323: %LINK-3-UPDOWN: Interface Serial0:30, changed state to up
*Oct 16 08:59:32.323: AAA/MEMORY: dup_user (0x612B7F70) user='tremens' ruser=''
 port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP priv=1
 source='callback dialout'
*Oct 16 08:59:32.323: DDR: Freeing callback to tremens 6083
*Oct 16 08:59:32.323: DDR: removing callback, 0 packets unqueued and discarded
*Oct 16 08:59:32.323: AAA/MEMORY: free_user (0x61069398) user='tremens'
 ruser='' port='Serial0:25' rem_addr='6083/211' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:32.323: Se0:30 PPP: Treating connection as a callout

!--- PPP negotiation begins.

*Oct 16 08:59:32.323: Se0:30 PPP: Phase is ESTABLISHING, Active Open
*Oct 16 08:59:32.323: Se0:30 PPP: No remote authentication for callback
*Oct 16 08:59:32.327: Se0:30 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
*Oct 16 08:59:32.327: Se0:30 LCP: O CONFREQ [Closed] id 5 len 10
*Oct 16 08:59:32.327: Se0:30 LCP:    MagicNumber 0xE0696A6F (0x0506E0696A6F)
*Oct 16 08:59:32.327: ISDN Se0:15: TX ->  CONNECT_ACK pd = 8  callref = 0x0005
*Oct 16 08:59:32.351: Se0:30 LCP: I CONFREQ [REQsent] id 127 len 15
*Oct 16 08:59:32.351: Se0:30 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:32.351: Se0:30 LCP:    MagicNumber 0x3E7BE27C (0x05063E7BE27C)
*Oct 16 08:59:32.355: Se0:30 LCP: O CONFACK [REQsent] id 127 len 15
*Oct 16 08:59:32.355: Se0:30 LCP:    AuthProto CHAP (0x0305C22305)
*Oct 16 08:59:32.355: Se0:30 LCP:    MagicNumber 0x3E7BE27C (0x05063E7BE27C)
*Oct 16 08:59:32.359: Se0:30 LCP: I CONFACK [ACKsent] id 5 len 10
*Oct 16 08:59:32.359: Se0:30 LCP:    MagicNumber 0xE0696A6F (0x0506E0696A6F)
*Oct 16 08:59:32.359: Se0:30 LCP: State is Open
*Oct 16 08:59:32.359: Se0:30 PPP: Phase is AUTHENTICATING, by the peer

!--- Authentication begins.

*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP: Authorize LCP
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:32.359: AAA/AUTHOR/LCP: Se0:30 (190918816) user='tremens'
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): send AV service=ppp
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): send AV protocol=lcp
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): found list "default"
*Oct 16 08:59:32.359: Se0:30 AAA/AUTHOR/LCP (190918816): Method=tacacs+
 (tacacs+)
*Oct 16 08:59:32.363: AAA/AUTHOR/TAC+: (190918816): user=tremens
*Oct 16 08:59:32.363: AAA/AUTHOR/TAC+: (190918816): send AV service=ppp
*Oct 16 08:59:32.363: AAA/AUTHOR/TAC+: (190918816): send AV protocol=lcp
*Oct 16 08:59:32.363: TAC+: using previously set server 10.200.20.134 from
 group tacacs+
*Oct 16 08:59:32.363: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:32.363: TAC+: Opened TCP/IP handle 0x612B6A1C to 10.200.20.134/49
*Oct 16 08:59:32.363: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:32.363: TAC+: 10.200.20.134 (190918816) AUTHOR/START queued
*Oct 16 08:59:32.563: TAC+: (190918816) AUTHOR/START processed
*Oct 16 08:59:32.563: TAC+: (190918816): received author response status =
 PASS_ADD
*Oct 16 08:59:32.563: TAC+: Closing TCP/IP 0x612B6A1C connection to
 10.200.20.134/49
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR (190918816): Post authorization
 status = PASS_ADD
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV service=ppp
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV protocol=lcp
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV callback-dialstring=
6083
*Oct 16 08:59:32.563: Se0:30 AAA/AUTHOR/LCP: Processing AV send-secret=cisco
*Oct 16 08:59:32.563: Se0:30 CHAP: I CHALLENGE id 94 len 28 from "tremens"

!--- An incoming CHAP challenge is received.

*Oct 16 08:59:32.563: AAA: parse name=Serial0:30 idb type=13 tty=-1
*Oct 16 08:59:32.563: AAA: name=Serial0:30 flags=0x51 type=1 shelf=0 slot=0
 adapter=0 port=0 channel=30
*Oct 16 08:59:32.563: AAA: parse name= idb type=-1 tty=-1
*Oct 16 08:59:32.563: AAA/MEMORY: create_user (0x612B8098) user='tremens'
 ruser='' port='Serial0:30' rem_addr='6083/6083' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:32.567: AAA/AUTHEN/START (763006247): port='Serial0:30' list=''
 action=SENDAUTH service=PPP
*Oct 16 08:59:32.567: AAA/AUTHEN/START (763006247): using "default" list
*Oct 16 08:59:32.567: AAA/AUTHEN/START (763006247): Method=tacacs+ (tacacs+)
*Oct 16 08:59:32.567: TAC+: Look for cached secret first for sendauth
*Oct 16 08:59:32.567: AAA/AUTHEN/SENDAUTH (763006247): found cached secret for
 tremens
*Oct 16 08:59:32.567: AAA/AUTHEN (763006247): status = PASS
*Oct 16 08:59:32.567: AAA/MEMORY: free_user (0x612B8098) user='tremens'
 ruser='' port='Serial0:30' rem_addr='6083/6083' authen_type=CHAP service=PPP
 priv=1
*Oct 16 08:59:32.567: Se0:30 CHAP: O RESPONSE id 94 len 31 from "tnt-buster"
*Oct 16 08:59:32.587: Se0:30 CHAP: I SUCCESS id 94 len 4

!--- Authentication is successful.

*Oct 16 08:59:32.587: Se0:30 PPP: Phase is UP
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM: (0): Can we start IPCP?
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:32.587: AAA/AUTHOR/FSM: Se0:30 (3211893880) user='tremens'
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): send AV service=ppp
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): send AV protocol=ip
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): found list "default"
*Oct 16 08:59:32.587: Se0:30 AAA/AUTHOR/FSM (3211893880): Method=tacacs+
 (tacacs+)
*Oct 16 08:59:32.587: AAA/AUTHOR/TAC+: (3211893880): user=tremens
*Oct 16 08:59:32.587: AAA/AUTHOR/TAC+: (3211893880): send AV service=ppp
*Oct 16 08:59:32.587: AAA/AUTHOR/TAC+: (3211893880): send AV protocol=ip
*Oct 16 08:59:32.587: TAC+: using previously set server 10.200.20.134 from group
 tacacs+
*Oct 16 08:59:32.587: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:32.591: TAC+: Opened TCP/IP handle 0x612B6C80 to 10.200.20.134/49
*Oct 16 08:59:32.591: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:32.591: TAC+: 10.200.20.134 (3211893880) AUTHOR/START queued
*Oct 16 08:59:32.791: TAC+: (3211893880) AUTHOR/START processed
*Oct 16 08:59:32.791: TAC+: (3211893880): received author response status =
 PASS_ADD
*Oct 16 08:59:32.791: TAC+: Closing TCP/IP 0x612B6C80 connection to
 10.200.20.134/49
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR (3211893880): Post authorization
 status = PASS_ADD
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/FSM: We can start IPCP

!--- IPCP negotiation begins.

*Oct 16 08:59:32.791: Se0:30 IPCP: O CONFREQ [Closed] id 5 len 10
*Oct 16 08:59:32.791: Se0:30 IPCP:    Address 2.2.2.2 (0x030602020202)
*Oct 16 08:59:32.791: Se0:30 IPCP: I CONFREQ [REQsent] id 111 len 10
*Oct 16 08:59:32.791: Se0:30 IPCP:    Address 3.3.3.3 (0x030603030303)
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP: Start.  Her address 3.3.3.3,
 we want 0.0.0.0
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): Port='Serial0:25'
 list='' service=NET
*Oct 16 08:59:32.791: AAA/AUTHOR/IPCP: Se0:30 (3713413027) user='tremens'
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): send AV service=ppp
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): send AV protocol=ip
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): send AV addr*3.3.3.3
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): found list "default"
*Oct 16 08:59:32.791: Se0:30 AAA/AUTHOR/IPCP (3713413027): Method=tacacs+
 (tacacs+)
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): user=tremens
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): send AV service=ppp
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): send AV protocol=ip
*Oct 16 08:59:32.795: AAA/AUTHOR/TAC+: (3713413027): send AV addr*3.3.3.3

!--- AAA Attribute Value Pairs.

*Oct 16 08:59:32.795: TAC+: using previously set server 10.200.20.134 from group
 tacacs+
*Oct 16 08:59:32.795: TAC+: Opening TCP/IP to 10.200.20.134/49 timeout=5
*Oct 16 08:59:32.795: TAC+: Opened TCP/IP handle 0x61269588 to 10.200.20.134/49
*Oct 16 08:59:32.795: TAC+: Opened 10.200.20.134 index=1
*Oct 16 08:59:32.795: TAC+: 10.200.20.134 (3713413027) AUTHOR/START queued
*Oct 16 08:59:32.995: TAC+: (3713413027) AUTHOR/START processed
*Oct 16 08:59:32.995: TAC+: (3713413027): received author response status =
 PASS_ADD
*Oct 16 08:59:32.995: TAC+: Closing TCP/IP 0x61269588 connection to
 10.200.20.134/49
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR (3713413027): Post authorization
 status = PASS_ADD
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Processing AV service=ppp
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Processing AV protocol=ip
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Processing AV addr*3.3.3.3
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Authorization succeeded
*Oct 16 08:59:32.995: Se0:30 AAA/AUTHOR/IPCP: Done.  Her address 3.3.3.3,
 we want 3.3.3.3
*Oct 16 08:59:32.995: Se0:30 IPCP: O CONFACK [REQsent] id 111 len 10
*Oct 16 08:59:32.995: Se0:30 IPCP:    Address 3.3.3.3 (0x030603030303)
*Oct 16 08:59:32.995: Se0:30 IPCP: I CONFACK [ACKsent] id 5 len 10
*Oct 16 08:59:32.995: Se0:30 IPCP:    Address 2.2.2.2 (0x030602020202)
*Oct 16 08:59:32.995: Se0:30 IPCP: State is Open
*Oct 16 08:59:32.999: Se0:30 DDR: dialer protocol up
*Oct 16 08:59:32.999: Se0:30: Call connected, 0 packets unqueued, 0 transmitted,
 0 discarded
*Oct 16 08:59:32.999: Di1 IPCP: Install route to 3.3.3.3

!--- Route is installed to remote device.

*Oct 16 08:59:33.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:30,
 changed state to up
*Oct 16 08:59:38.323: %ISDN-6-CONNECT: Interface Serial0:30 is now connected
 to 6083 unknown

!--- Call is Connected.

Gerelateerde informatie

Revisiegeschiedenis

Revisie	Publicatiedatum	Opmerkingen
1.0	04-Feb-2010	Eerste vrijgave

Bijdrage van

jveyne
sloos