CCNP(ISCW)实验:在Cisco路由器上配置AAA本地认证

企业开发 2021-01-30 22:11:35 阅读次数: 0

CCNP(ISCW)实验:在Cisco路由器上配置AAA本地认证
实验说明
R1(config)#int e1/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no sh

R2(config)#int e1/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.0

实验过程:
第一步:在R1配置AAA认证
R1(config)#aaa new-model
//启动AAA
R1(config)#aaa authentication login default local
//配置任何登录采用local本地用户数据库
R1(config)#user admin pass admin
//配置本地用户和密码

第二步:在R1进行console登录测试
R1#debug aaa authentication
AAA Authentication debugging is on
R1#exit
R1 con0 is now available

Press RETURN to get started.

*Mar 1 00:25:49.051: %SYS-5-CONFIG_I: Configured from console by admin on console
User Access Verification

Username: admin
Mar 1 00:25:51.603: AAA/BIND(00000004): Bind i/f
Mar 1 00:25:51.607: AAA/AUTHEN/LOGIN (00000004): Pick method list 'default'
Username: admin
Password:

R1>en
R1#
Mar 1 00:26:00.087: AAA: parse name=tty0 idb type=-1 tty=-1
Mar 1 00:26:00.087: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
Mar 1 00:26:00.087: AAA/MEMORY: create_user (0x63781434) user='admin' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Mar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): port='tty0' list='' action=LOGIN service=ENABLE
Mar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): console enable - default to enable password (if any)
Mar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): Method=ENABLE
R1#
Mar 1 00:26:00.091: AAA/AUTHEN(3606483107): can't find any passwords
Mar 1 00:26:00.091: AAA/AUTHEN(3606483107): Status=ERROR
Mar 1 00:26:00.091: AAA/AUTHEN/START (3606483107): Method=NONE
Mar 1 00:26:00.091: AAA/AUTHEN(3606483107): Status=PASS
*Mar 1 00:26:00.095: AAA/MEMORY: free_user (0x63781434) user='admin' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

第三步:从R2上telnet R1
R2#telnet 192.168.1.1
Trying 192.168.1.1 ... Open

User Access Verification

Username: admin
Password:
//配置R1上的本地用户名和密码
R1>en
% Error in authentication.
//这里没有登上去是因为R1没有配置enable密码

第四步:查看R1的debug信息
Mar 1 00:30:58.943: AAA: parse name=tty130 idb type=-1 tty=-1
Mar 1 00:30:58.943: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
Mar 1 00:30:58.943: AAA/MEMORY: create_user (0x6377BDB0) user='admin' ruser='NULL' ds0=0 port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Mar 1 00:30:58.943: AAA/AUTHEN/START (3517876181): port='tty130' list='' action=LOGIN service=ENABLE
Mar 1 00:30:58.947: AAA/AUTHEN/START (3517876181): non-console enable - default to enable password
Mar 1 00:30:58.947: AAA/AUTHEN/START (3517876181): Method=ENABLE
R1(config)#
Mar 1 00:30:58.947: AAA/AUTHEN(3517876181): Status=GETPASS
R1(config)#
Mar 1 00:31:03.335: AAA/AUTHEN/CONT (3517876181): continue_login (user='(undef)')
Mar 1 00:31:03.335: AAA/AUTHEN(3517876181): Status=GETPASS
Mar 1 00:31:03.335: AAA/AUTHEN/CONT (3517876181): Method=ENABLE
Mar 1 00:31:03.335: AAA/AUTHEN(3517876181): Status=PASS
Mar 1 00:31:03.339: AAA/MEMORY: free_user (0x6377BDB0) user='NULL' ruser='NULL' port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

第五步:重新配置R1上的认证
R1(config)#no aaa authentication login default
//关闭上面的aaa
R1(config)#aaa authentication login libo local
//配置名为libo的本地认证,我们将应用到console口
R1(config)#aaa authentication login libovty enable
//配置名为libovty的本地认证,我们将用到vty下
R1(config)#line con 0
R1(config-line)#login authentication libo
R1(config)#line vty 0 4
R1(config-line)#login authentication libovty

第六步:在R2上重新telnet R1
R2#telnet 192.168.1.1
Trying 192.168.1.1 ... Open

User Access Verification

Password:

R1>en
Password:

第七步:在R1上查看debug信息
Mar 1 00:42:18.387: AAA/BIND(00000006): Bind i/f
Mar 1 00:42:18.387: AAA/AUTHEN/LOGIN (00000006): Pick method list 'libovty'
//我们看到了自己定义的vtp认证方式
Mar 1 00:42:18.395: AAA/AUTHEN/ENABLE(00000006): Processing request action LOGIN
Mar 1 00:42:18.395: AAA/AUTHEN/ENABLE(00000006): Done status GET_PASSWORD
R1(config)#
Mar 1 00:42:33.399: AAA/AUTHEN/ENABLE(00000006): Processing request action LOGIN
Mar 1 00:42:33.403: AAA/AUTHEN/ENABLE(00000006): Done status PASS
R1(config)#
Mar 1 00:42:35.795: AAA: parse name=tty130 idb type=-1 tty=-1
Mar 1 00:42:35.795: AAA: name=tty130 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=130 channel=0
Mar 1 00:42:35.795: AAA/MEMORY: create_user (0x63AB0004) user='NULL' ruser='NULL' ds0=0 port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Mar 1 00:42:35.795: AAA/AUTHEN/START (718214766): port='tty130' list='' action=LOGIN service=ENABLE
Mar 1 00:42:35.799: AAA/AUTHEN/START (718214766): non-console enable - default to enable password
Mar 1 00:42:35.799: AAA/AUTHEN/START (718214766): Method=ENABLE
R1(config)#
Mar 1 00:42:35.799: AAA/AUTHEN(718214766): Status=GETPASS
R1(config)#
Mar 1 00:42:37.531: AAA/AUTHEN/CONT (718214766): continue_login (user='(undef)')
Mar 1 00:42:37.531: AAA/AUTHEN(718214766): Status=GETPASS
Mar 1 00:42:37.531: AAA/AUTHEN/CONT (718214766): Method=ENABLE
Mar 1 00:42:37.531: AAA/AUTHEN(718214766): Status=PASS
Mar 1 00:42:37.535: AAA/MEMORY: free_user (0x63AB0004) user='NULL' ruser='NULL' port='tty130' rem_addr='192.168.1.2' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

猜你喜欢

转载自blog.51cto.com/starshomes/2610313
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
让自己的头脑极度开放
CentOS 6.5(x64) 和Redhat6.5操作系误删libc
高可用注册中心
【日记】12.28/【题解】AtCoder AGC041
XML(5)_XML 约束_DTD
Java集合Map(四)
树梅派安装桌面环境教程
pipenv 的 使用和安装
小程序白屏问题和内存研究
C语言简单选择排序
每日归档
更多
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022