CCNP(ISCW)实验:配置AAA支持Tacacs+
预配置
R1(config)#int e1/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no sh
实验过程:
第一步:配置R1使用tacacs+,并调用
R1(config)#aaa new-model
R1(config)#aaa authentication login AUTHOR group tacacs+ enable
R1(config)#tacacs-server host 192.168.1.11 key server123
R1(config)#line vty 0 4
R1(config-line)#login authentication AUTHOR
R1(config-line)#line co 0
R1(config-line)#login authentication AUTHOR
第二步:配置AAA服务器
第三步:调试
R1#test aaa group tacacs+ admin admin new-code
Trying to authenticate with Servergroup tacacs+
Sending password
User successfully authenticated
R1#debug tacacs authentication
TACACS+ authentication debugging is on
R1#exit
R1 con0 is now available
Press RETURN to get started.
Username:
Mar 1 00:10:55.611: TPLUS: Queuing AAA Authentication request 2 for processing
Mar 1 00:10:55.611: TPLUS: processing authentication start request id 2
Mar 1 00:10:55.615: TPLUS: Authentication start packet created for 2()
Mar 1 00:10:55.615: TPLUS: Using server 192.168.1.11
Mar 1 00:10:55.619: TPLUS(00000002)/0/NB_WAIT/63768D88: Started 5 sec timeout
Mar 1 00:10:55.623: TPLUS(00000002)/0/NB_WAIT: socket event 2
Mar 1 00:10:55.627: TPLUS(00000002)/0/NB_WAIT: wrote entire 29 bytes request
Mar 1 00:10:55.627: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:10:55.627: TPLUS(00000002)/0/READ: Would block while reading
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:10:55.651: TPLUS(00000002)/0/READ: read entire 28 bytes response
Mar 1 00:10:55.655: TPLUS(00000002)/0/63768D88: Processing the reply packet
Mar 1 00:10:55.655: TPLUS: Received authen response status GET_USER (7)
Username: admin
Password:
Mar 1 00:11:02.247: TPLUS: Queuing AAA Authentication request 2 for processing
Mar 1 00:11:02.247: TPLUS: processing authentication continue request id 2
Mar 1 00:11:02.247: TPLUS: Authentication continue packet generated for 2
Mar 1 00:11:02.247: TPLUS(00000002)/0/WRITE/63768D88: Started 5 sec timeout
Mar 1 00:11:02.251: TPLUS(00000002)/0/WRITE: wrote entire 22 bytes request
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:02.255: TPLUS(00000002)/0/READ: read entire 28 bytes response
Mar 1 00:11:02.255: TPLUS(00000002)/0/63768D88: Processing the reply packet
Mar 1 00:11:02.255: TPLUS: Received authen response status GET_PASSWORD (8)
Mar 1 00:11:06.987: TPLUS: Queuing AAA Authentication request 2 for processing
Mar 1 00:11:06.987: TPLUS: processing authentication continue request id 2
Mar 1 00:11:06.987: TPLUS: Authentication continue packet generated for 2
Mar 1 00:11:06.987: TPLUS(00000002)/0/WRITE/63768D88: Started 5 sec timeout
Mar 1 00:11:06.991: TPLUS(00000002)/0/WRITE: wrote entire 22 bytes request
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: read entire 12 header bytes (expect 6 bytes data)
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: socket event 1
Mar 1 00:11:07.051: TPLUS(00000002)/0/READ: read entire 18 bytes response
Mar 1 00:11:07.055: TPLUS(00000002)/0/63768D88: Processing the reply packet
*Mar 1 00:11:07.055: TPLUS: Received authen response status PASS (2)
R1>en
Password:
R1#
第四步:实验结果:
当AAA服务器正常工作时
当AAA服务器挂掉之后
直接输入enable密码
更多相关文章
- CCNP(ISCW)实验:配置Router 将AAA用于管理访问授权
- 什么仇什么怨?一程序员锁死服务器致公司损失百万?
- 7:VMware Horizon View 8.0-安装Composer服务器
- 8:VMware Horizon View 8.0-安装连接服务器1
- C语言通过定义结构体UCI读写配置文件
- 3.14 为vCenter Server服务器添加外部DSN连接
- 03-K8s部署安装配置nginx-ingress和配置外网访问
- [灾备] 常见存储形态及架构
- [灾备]通过 NAS 与文件服务器结合构建数据容灾系统