无
现场进行配置割接,用华三交换机替换Huawei的交换机,发现替换后进行hwtacacs认证不成功。
对设备 debug 如下:
<ALM-ATS48-CS-LSW-2>*Feb 10 18:21:29:149 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Processing TACACS authentication.
*Feb 10 18:21:29:150 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Dispatching request, Primitive: authentication.
*Feb 10 18:21:29:150 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Creating request data, data type: START
*Feb 10 18:21:29:150 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Session successfully created.
*Feb 10 18:21:29:150 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=10.147.32.21, server-port=49, VPN instance=MGMT.
*Feb 10 18:21:29:151 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Connecting to server...
*Feb 10 18:21:29:151 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLOUT event.
*Feb 10 18:21:29:152 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Connection succeeded, server-ip=10.147.32.21, port=49, VPN instance=MGMT.
*Feb 10 18:21:29:152 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Encapsulating authentication request packet.
*Feb 10 18:21:29:152 2022 ALM-ATS48-CS-LSW-2 TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0xbf6a4449
length of payload: 48
action: LOGIN priv_lvl: 0 authen_type: ASCII service: LOGIN
user_len: 8 port_len: 9 rem_len: 13 data_len: 10
user: daninuke
port: LoopBack1
rem_addr: 10.250.80.239
data: ******
*Feb 10 18:21:29:153 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Feb 10 18:21:29:153 2022 ALM-ATS48-CS-LSW-2 TACACS/7/ERROR: PAM_TACACS: Invalid reply packet.
*Feb 10 18:21:34:922 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Response timed out.
%Feb 10 18:21:34:924 2022 ALM-ATS48-CS-LSW-2 TACACS/4/TACACS_AUTH_SERVER_DOWN: TACACS authentication server was blocked: server IP=10.147.32.21, port=49, VPN instance=MGMT.
*Feb 10 18:21:34:923 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Getting available server, server-ip=10.147.32.22, server-port=49, VPN instance=MGMT.
*Feb 10 18:21:34:924 2022 ALM-ATS48-CS-LSW-2 TACACS/7/EVENT: PAM_TACACS: Set status of server to block successfully. serverIP: 10.147.32.21, serverPort: 49.
从debug看
日志*Feb 10 18:21:29:153 2022 ALM-ATS48-CS-LSW-2 TACACS/7/ERROR: PAM_TACACS: Invalid reply packet.代表收到的应答报文无效,一般是由于两边设备的共享密钥配置不一致导致。
现场重新检查并配置两边设备的共享密钥后成功认证
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作