CCNP(ISCW)实验：在Cisco路由器上配置AAA本地认证（cisco cca）

CCNP(ISCW)实验：在Cisco路由器上配置AAA本地认证（cisco cca）

R2(config)#int e1/0R2(config-if)#ip add 192.168.1.2 255.255.255.0R2(config-if)#no shR2(config-if)#int lo0R2(config-if)#ip add 2.2.2.2 255.255.255.0

实验过程：第一步：在R1配置AAA认证R1(config)#aaa new-model //启动AAAR1(config)#aaa authentication login default local//配置任何登录采用local本地用户数据库R1(config)#user admin pass admin//配置本地用户和密码

第二步：在R1进行console登录测试R1#debug aaa authentication AAA Authentication debugging is onR1#exitR1 con0 is now available

Press RETURN to get started.

*Mar 1 00:25:49.051: %SYS-5-CONFIG_I: Configured from console by admin on consoleUser Access Verification

Username: adminMar 1 00:25:51.603: AAA/BIND(00000004): Bind i/f Mar 1 00:25:51.607: AAA/AUTHEN/LOGIN (00000004): Pick method list 'default' Username: adminPassword:

R1>enR1#Mar 1 00:26:00.087: AAA: parse name=tty0 idb type=-1 tty=-1Mar 1 00:26:00.087: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0Mar 1 00:26:00.087: AAA/MEMORY: create_user (0x63781434) user='admin' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)Mar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): port='tty0' list='' action=LOGIN service=ENABLEMar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): console enable - default to enable password (if any)Mar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): Method=ENABLER1#Mar 1 00:26:00.091: AAA/AUTHEN(3606483107): can't find any passwordsMar 1 00:26:00.091: AAA/AUTHEN(3606483107): Status=ERRORMar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): Method=NONEMar 1 00:26:00.091: AAA/AUTHEN(3606483107): Status=PASS*Mar 1 00:26:00.095: AAA/MEMORY: free_user (0x63781434) user='admin' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

第三步：从R2上telnet R1R2#telnet 192.168.1.1Trying 192.168.1.1 ... Open

User Access Verification

Username: adminPassword: //配置R1上的本地用户名和密码R1>en% Error in authentication.//这里没有登上去是因为R1没有配置enable密码

第四步：查看R1的debug信息Mar 1 00:30:58.943: AAA: parse name=tty130 idb type=-1 tty=-1Mar 1 00:30:58.943: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0Mar 1 00:30:58.943: AAA/MEMORY: create_user (0x6377BDB0) user='admin' ruser='NULL' ds0=0 port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)Mar 1 00:30:58.943: AAA/AUTHEN/START (3517876181): port='tty130' list='' action=LOGIN service=ENABLEMar 1 00:30:58.947: AAA/AUTHEN/START (3517876181): non-console enable - default to enable passwordMar 1 00:30:58.947: AAA/AUTHEN/START (3517876181): Method=ENABLER1(config)#Mar 1 00:30:58.947: AAA/AUTHEN(3517876181): Status=GETPASSR1(config)#Mar 1 00:31:03.335: AAA/AUTHEN/CONT (3517876181): continue_login (user='(undef)')Mar 1 00:31:03.335: AAA/AUTHEN(3517876181): Status=GETPASSMar 1 00:31:03.335: AAA/AUTHEN/CONT (3517876181): Method=ENABLEMar 1 00:31:03.335: AAA/AUTHEN(3517876181): Status=PASSMar 1 00:31:03.339: AAA/MEMORY: free_user (0x6377BDB0) user='NULL' ruser='NULL' port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

第五步：重新配置R1上的认证R1(config)#no aaa authentication login default //关闭上面的aaaR1(config)#aaa authentication login libo local//配置名为libo的本地认证，我们将应用到console口R1(config)#aaa authentication login libovty enable //配置名为libovty的本地认证，我们将用到vty下R1(config)#line con 0R1(config-line)#login authentication liboR1(config)#line vty 0 4R1(config-line)#login authentication libovty

第六步：在R2上重新telnet R1R2#telnet 192.168.1.1Trying 192.168.1.1 ... Open

User Access Verification

Password:

R1>enPassword:

第七步：在R1上查看debug信息Mar 1 00:42:18.387: AAA/BIND(00000006): Bind i/f Mar 1 00:42:18.387: AAA/AUTHEN/LOGIN (00000006): Pick method list 'libovty' //我们看到了自己定义的vtp认证方式Mar 1 00:42:18.395: AAA/AUTHEN/ENABLE(00000006): Processing request action LOGINMar 1 00:42:18.395: AAA/AUTHEN/ENABLE(00000006): Done status GET_PASSWORD R1(config)#Mar 1 00:42:33.399: AAA/AUTHEN/ENABLE(00000006): Processing request action LOGINMar 1 00:42:33.403: AAA/AUTHEN/ENABLE(00000006): Done status PASS R1(config)#Mar 1 00:42:35.795: AAA: parse name=tty130 idb type=-1 tty=-1Mar 1 00:42:35.795: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0Mar 1 00:42:35.795: AAA/MEMORY: create_user (0x63AB0004) user='NULL' ruser='NULL' ds0=0 port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)Mar 1 00:42:35.795: AAA/AUTHEN/START (718214766): port='tty130' list='' action=LOGIN service=ENABLEMar 1 00:42:35.799: AAA/AUTHEN/START (718214766): non-console enable - default to enable passwordMar 1 00:42:35.799: AAA/AUTHEN/START (718214766): Method=ENABLER1(config)#Mar 1 00:42:35.799: AAA/AUTHEN(718214766): Status=GETPASSR1(config)#Mar 1 00:42:37.531: AAA/AUTHEN/CONT (718214766): continue_login (user='(undef)')Mar 1 00:42:37.531: AAA/AUTHEN(718214766): Status=GETPASSMar 1 00:42:37.531: AAA/AUTHEN/CONT (718214766): Method=ENABLEMar 1 00:42:37.531: AAA/AUTHEN(718214766): Status=PASSMar 1 00:42:37.535: AAA/MEMORY: free_user (0x63AB0004) user='NULL' ruser='NULL' port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。