• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

求一份debuging radius 详解

2024-11-17提问
  • 0关注
  • 0收藏,154浏览
粉丝:0人 关注:1人

问题描述:

求一份debuging radius 详解

组网及组网描述:

求一份debuging radius 详解

2 个回答
已采纳
粉丝:237人 关注:8人

AAA调试命令 -- AAA调试命令 -- debugging radius


【命令】

debugging radius { all event | error | packet acl acl-number | user username ]

undo debugging radius { all event | error | packet }

【视图】

用户视图

【缺省级别】

1:监控级

【参数】

all:所有调试信息开关。

event:表示事件调试信息开关。

error:表示错误调试信息开关。

packet:表示报文调试信息开关。

acl acl-number:指定匹配RADIUS调试信息的ACL规则。其中,acl-number表示ACL编号,取值范围为20003999。该参数可多次设置,但仅最后一次合法的配置生效。指定的ACL规则中仅源IP地址信息用于匹配用户IP,其他信息不做匹配项。

user username:指定匹配RADIUS调试信息的部分用户名。其中,username表示部分用户名,为180个字符的字符串,区分大小写。该参数用于匹配上线用户的完整用户名中的部分连续字符串。

【描述】

debugging radius命令用来打开RADIUS调试信息开关。undo debugging radius命令用来关闭RADIUS调试信息开关。

缺省情况下,RADIUS调试信息开关处于关闭状态。

表1-9 debugging radius event命令输出信息描述表

字段

描述

Processing AAA request data.

处理AAA请求数据

Got request data successfully, primitive: primitive_name.

成功获取请求数据,原语是primitive_name

Getting local server info.

获取本地服务器信息

Getting RADIUS server info.

获取远端RADIUS服务器信息

Got RADIUS server info successfully.

成功获取服务器信息

Sent request packet and create request context successfully.

成功发送请求报文并创建请求上下文

Added request context to global table successfully.

成功将请求上下文加入全局上下文信息表

Created request context successfully.

成功创建请求上下文

Composed request packet successfully.

成功构建请求报文

Created response timeout timer successfully.

成功创建应答超时定时器

Sent request packet successfully.

成功发送请求报文

Created request packet successfully, dstIP: dst-ip, dstPort: dst-port, socketFd: fd, pktID: id.

成功创建请求报文,目的IP地址是dst-ip,目的端口是dst-port,套接字是fd,报文IDid

Added packet socketfd to epoll successfully, socketFd: fd.

成功添加报文套接字到epoll控制变量中,套接字是fd

Mapped PAM item to RADIUS attribute successfully.

成功将PAM数据项映射为RADIUS属性

Filled RADIUS attributes in packet successfully.

成功填充RADIUS报文属性

Got RADIUS username format successfully.

成功获取RADIUS用户名格式

Added attribute user-name successfully, user-name: name.

成功添加用户名属性,属性值是name

Response timed out.

应答超时

Found request context, dstIP: dst-ip, dstPort: dst-port, socketFd: fd, pktID: id.

成功查找到请求上下文,目的IP地址是dst-ip,目的端口是dst-port,套接字是fd,报文IDid

Retransmitting request packet, currentTries: n, maxTries: max.

重传请求报文,当前是第n次重传,最大重传次数是max

Sent reply error message to PAM.

发送应答错误消息给PAM

Reached the maximum retries.

达到最大重传次数

Sent packet to next server successfully.

成功发送报文到下一个服务器

Failed to get next server.

获取下一个服务器失败

Got next server successfully, serverIP: svr-ip, serverPort: svr-port.

成功获取下一个服务器,服务器IP地址为svr-ip,服务器端口为svr-port

Set status of server to block successfully.

成功将服务器状态设置为阻塞

Set status of server to active successfully.

成功将服务器状态设置为激活

Reply SocketFd recieved EPOLLIN event.

应答报文套接字接收到EPOLLIN事件

Reply SocketFd recieved EPOLLERR/EPOLLHUP event.

应答报文套接字接收到EPOLLERR/EPOLLHUP事件

Sent reply message successfully.

成功发送应答消息

Received reply packet succuessfully.

成功接收应答报文

Found request context, dstIP: dst-ip, dstPort: dst-port, socketFd: fd, pktID: id.

成功查找到请求上下文,目的IP地址是dst-ip,目的端口是dst-port,套接字是fd,报文IDid

The reply packet is valid.

应答报文有效

Decoded reply packet successfully.

应答报文解码成功

PAM_RADIUS: Processing RADIUS authentication.

进行RADIUS认证

PAM_RADIUS: Processing RADIUS authorization.

进行RADIUS授权

PAM_RADIUS: RADIUS authorization successful.

RADIUS授权成功

PAM_RADIUS: RADIUS accounting started.

RADIUS计费开始

PAM_RADIUS: RADIUS accounting stopped.

RADIUS计费结束

PAM_RADIUS: RADIUS accounting updated.

RADIUS计费更新

PAM_RADIUS: Sent type request successfully.

成功发送认证/授权/计费请求

PAM_RADIUS: Received authentication reply message, resultCode: code.

接收到认证应答消息,结果码为code

PAM_RADIUS: Received authorization reply message, resultCode: code.

接收到授权应答消息,结果码为code

PAM_RADIUS: Received accounting-start reply message, resultCode: code.

接收到计费开始应答消息,结果码为code

PAM_RADIUS: Received accounting-stop reply message, resultCode: code.

接收到计费停止应答消息,结果码为code

PAM_RADIUS: Received accounting-update reply message, resultCode: code.

接收到计费更新应答消息,结果码为code

Processed session-control packet successfully.

处理session-control报文成功

Processed session-control message successfully.

处理session-control消息成功

Sent session-control reply packet successfully.

成功发送session-control应答报文

Sent DAE reply packet successfully.

成功发送DAE 应答报文

Received DAE request packet successfully.

成功接收DAE请求报文

Failed to distinguish DAE request packet.

识别DAE请求报文失败

The length of DAE request packet is invalid.

DAE请求报文长度无效

The type of DAE request packet is unknown.

DAE请求报文类型未知

The authenticator of DAE request packet is invalid.

DAE请求报文校验字无效

Created detection request packet successfully, dstIP: dst-ip, dstPort: dst-port, VPN instance: vpn-instance, socketFd: fd, pktID: id.

成功创建探测请求报文,目的IP地址是dst-ip,目的端口是dst-port,所属的MPLS L3VPN实例是vpn-instance,套接字是fd,报文IDid

Found detection request context, dstIP: dst-ip, dstPort: dst-port, pktID: id.

成功查找到探测请求上下文,目的IP地址是dst-ip,目的端口是dst-port,报文IDid

Opened RADIUS server detection successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功开启RADIUS服务器探测,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to open RADIUS server detection, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

开启RADIUS服务器探测失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Created detection request context successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功创建探测请求上下文,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to create detection request context, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

创建探测请求上下文失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Composed detection request packet successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功构建探测请求报文,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Sent detection request packet successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功发送探测请求报文,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to send detection request packet, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

发送探测请求报文失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to save  packet ID of detection request, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

保存探测请求报文ID失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Random timer of server detection timed out, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

服务器探测的随机定时器超时,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to clear flag of sending trap, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

清除发送trap标记失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to clear count of block state, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

清除block状态计数失败, RADIUS方案名是scheme-name,服务器IP地址是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to update count of block state, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

更新block状态计数失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

No detection reply packet received, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

没有接收到探测应答报文,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Server detection timer timed out, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

服务器探测定时器超时,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Sent trap successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

发送trap成功,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to set flag of sending trap, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

设置发送trap标记失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Closed RADIUS server detection successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功关闭RADIUS服务器探测,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to close RADIUS server detection, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

关闭RADIUS服务器探测失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Can’t open RADIUS server detection because the specified test profile doesn't exist, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

不能开启RADIUS服务器探测,指定的探测模版不存在,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Opened RADIUS server quiet function successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功开启RADIUS服务器静默,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to open RADIUS server quiet function,  RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

开启RADIUS服务器静默失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Closed RADIUS server quiet function successfully, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

成功关闭RADIUS服务器静默,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to close RADIUS server quiet function, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

关闭RADIUS服务器静默失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Aaad Sent the notification about the change of server status to application process successfully, server state:server-state.

Aaad发送了服务器状态转换的通知给应用进程,服务器状态是server-state

Application process received the notification about the change of server status from aaad process, server state:server-state

应用进程接收了来自aaad进程的服务器状态转换的通知,服务器状态是server-state

 

表1-10 debugging radius error命令输出信息描述表

字段

描述

Failed to get request data.

获取请求数据失败

Failed to get server info.

获取服务器信息失败

Failed to send request packet and create request context.

发送请求报文和创建请求上下文失败

Failed to create request context.

创建请求上下文失败

Failed to compose request packet.

组装请求报文失败

Failed to create response timeout timer.

创建应答超时定时器失败

Failed to send request packet, dstIP: dst-ip, dstPort: dst-port, socketFd: fd, pktID: id.

发送请求报文失败,目的IP地址是dst-ip,目的端口是dst-port,套接字是fd,报文IDid

Failed to create request packet.

创建请求报文失败

Failed to add packet socketfd to epoll, socketFd: fd.

将报文套接字加入epoll控制变量失败,套接字是fd

Failed to map PAM item to attribute.

PAM数据项映射到RADIUS属性失败

Failed to fill attribute in packet.

填充报文属性失败

Failed to get RADIUS username format.

获取RADIUS用户名格式失败

Faild to get domain item.

获取ISP域数据项失败

The username length exceeded the upper limt.

用户名长度超过最大值

Failed to retransmit request packet n times.

n次重发请求报文失败

Failed to set the status of server to active.

设置服务器到激活状态失败

Failed to fill reply data.

填充应答数据失败

Failed to send reply message.

发送应答消息失败

Failed to recieve reply packet.

发送应答报文失败

Failed to find request context, dstIP: dst-ip, dstPort: dst-port, socketFd: fd, pktID: id.

查找请求上下文失败,目的IP地址是dst-ip,目的端口是dst-port,套接字是fd,报文IDid

The reply packet is invalid.

应答报文无效

Failed to decode reply packet.

解码应答报文失败

Reply packet: Unknown type.

应答报文:未知类型

Reply packet: Invalid packet length.

应答报文:无效的报文长度

Reply packet: Invalid packet authenticator.

应答报文:无效的报文验证字

Failed to map attribute to PAM item.

RADIUS属性映射成PAM数据项失败

PAM_RADIUS: Failed to set scheme name to pam-module-data.

PAM_RADIUS:设置方案名称到PAM数据失败

PAM_RADIUS: Local authorization failed.

PAM_RADIUS:本地授权失败

PAM_RADIUS: Failed to get reply data from pam-module-data.

PAM_RADIUS:从PAM数据获取应答数据失败

PAM_RADIUS: Authorization scheme is RADIUS, but authentication is local.

PAM_RADIUS:授权方案是RADIUS,但认证方案是local

PAM_RADIUS: Authorization scheme is different from authentication scheme.

PAM_RADIUS:授权方案与认证方案不同

PAM_RADIUS: Authorization failed for setting PAM item.

PAM_RADIUS:设置PAM数据项失败导致授权失败

PAM_RADIUS: Failed to find sequence.

PAM_RADIUS:查找序列失败

PAM_RADIUS: Failed to find reply data.

PAM_RADIUS:查找应答数据失败

PAM_RADIUS: Failed to send type request.

PAM_RADIUS:发送认证/授权/计费请求失败

PAM_RADIUS: Failed to set port item.

PAM_RADIUS:设置端口数据项失败

PAM_RADIUS: Failed to accept connection for receiving type reply data.

PAM_RADIUS:接收认证/授权/计费应答数据的连接失败

PAM_RADIUS: Failed to select available socket for receiving type reply data.

PAM_RADIUS:选择可用的套接字失败

PAM_RADIUS: Failed to receive type reply data.

PAM_RADIUS:接收认证/授权/计费应答数据失败

PAM_RADIUS: Failed to process reply data.

PAM_RADIUS:处理应答数据失败

PAM_RADIUS: Failed to open socket when processing type request.

处理认证/授权/计费请求时,打开套接字失败

PAM_RADIUS: Failed to send type request.

发送认证/授权/计费请求失败

Failed to process session-control packet.

处理session-control报文失败

Failed to process session-control message.

处理session-control消息失败

Failed to receive session-control packet.

接收session-control报文失败

Session-control packet is invalid.

session-control报文无效

Checking session-control packet failed.

检查session-control报文失败

Failed to decode session-control packet.

解码session-control报文失败

Failed to find attribute hw-command.

查找hw-command属性失败

Failed to send session-control message to aaad.

aaad发送session-control消息失败

Failed to decode session-control reply message.

解码session-control应答消息失败

Failed to send session-control reply packet.

发送session-control应答报文失败

Failed to send DAE reply packet.

发送DAE应答报文失败

Failed to decode DAE reply message.

解码DAE应答报文失败

Failed to receive DAE request packet.

接收DAE请求报文失败

Failed to decode DAE request packet.

解码DAE请求报文失败

Failed to send server state notify message for multi RADIUS scheme name.

发送多个RADIUS方案名称的server state通知消息失败。

Failed to send server state notify message for single RADIUS scheme name, RADIUS scheme name: scheme-name.

发送单个RADIUS方案名称的server state通知消息失败,RADIUS方案名称: scheme-name

Failed to create detection request packet, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

创建探测请求报文失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to fill RADIUS attributes in detection request  packet, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

向探测请求报文中填充RADIUS报文属性失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

Failed to get NAS-IP, RADIUS scheme name:scheme-name, server IP:server-ip, server port:server-port, VPN instance: vpn-instance.

获取NAS-IP失败,RADIUS方案名是scheme-name,服务器IP地址是server-ip,服务器端口号是server-port,服务器所属的MPLS L3VPN实例是vpn-instance

 

表1-11 debugging radius packet命令输出信息描述表

字段

描述

RADIUS attribute name = attribute value

报文中包含的RADIUS属性及其取值。

其中RADIUS属性遵从RFC2865/2866/2869/3580描述,不再赘述;另外还支持一些厂商定制属性(Vender Specific Attribute),在下面单独描述

3Com-User-Access-Level = level

3Com用户访问级别为level,取值为03

H3c-Ftp-Directory = dir

H3c-Ftp用户工作路径为dir

H3c-Exec-Privilege = level

H3c-Exec用户访问级别为level,取值为015

Hw-Ftp-Directory = dir

H3c-Ftp用户工作路径为dir

Hw-Exec-Privilege = level

Hw-Exec用户访问级别为level,取值为 015

H3c-Local-Service-Type = type

Type取值及其涵义为:

·       1DVPN

·       2FTP

·       3:网络接入类型(802.1XMAC地址认证)

·       4PAD

·       5SSH

·       6Telnet

·       7Terminal

·       8Portal

·       9PPP

·       10L2TP

·       11:命令行

 

【举例】

在一台设备上配置Login用户的认证方案为RADIUS认证、授权,并打开RADIUS事件调试信息开关。当有一个Console用户登录本设备时,输出如下调试信息。

<Sysname> debugging radius event

*Dec 31 16:04:36:438 2009 Sysname RADIUS/7/EVENT:

PAM_RADIUS: Processing RADIUS authentication.

// 进行RADIUS认证

*Jan  3 02:17:27:660 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: Sent authentication request successfully.

// 成功发送认证请求

*Jan  3 02:17:27:667 2011 Sysname RADIUS/7/EVENT:

Processing AAA request data.

// 处理AAA请求数据

*Jan  3 02:17:27:667 2011 Sysname RADIUS/7/EVENT:

Got request data successfully, primitive: authentication.

// 成功接收到用户的认证请求,原语是认证

*Jan  3 02:17:27:668 2011 Sysname RADIUS/7/EVENT:

Getting RADIUS server info.

*Jan  3 02:17:27:669 2011 Sysname RADIUS/7/EVENT:

Got RADIUS server info successfully.

// 成功获取RADIUS服务器信息

*Jan  3 02:17:27:669 2011 Sysname RADIUS/7/EVENT:

Created request context successfully.

// 成功创建请求上下文

*Jan  3 02:17:27:670 2011 Sysname RADIUS/7/EVENT:

Created request packet successfully, dstIP: 192.168.0.244, dstPort: 1812, VPN in

stance: --(public), socketFd: 23, pktID: 61.

// 成功创建认证请求报文,目的地址是192.168.0.244,目的端口是1812VPN实例是public,套接字是23,报文ID61

*Jan  3 02:17:27:671 2011 Sysname RADIUS/7/EVENT:

Added packet socketfd to epoll successfully, socketFd: 23.

*Jan  3 02:17:27:672 2011 Sysname RADIUS/7/EVENT:

Mapped PAM item to RADIUS attribute successfully.

// 成功将PAM数据项映射为RADIUS属性

*Jan  3 02:17:27:673 2011 Sysname RADIUS/7/EVENT:

Got RADIUS username format successfully, format: 2.

*Jan  3 02:17:27:674 2011 Sysname RADIUS/7/EVENT:

Added attribute user-name successfully, user-name: test.

// 成功添加用户名属性,属性值是test

*Jan  3 02:17:27:674 2011 Sysname RADIUS/7/EVENT:

Filled RADIUS attributes in packet successfully.

// 成功填充报文属性,并构建认证请求报文

*Jan  3 02:17:27:675 2011 Sysname RADIUS/7/EVENT:

Composed request packet successfully.

*Jan  3 02:17:27:675 2011 Sysname RADIUS/7/EVENT:

Created response timeout timer successfully.

// 成功创建应答超时定时器

*Jan  3 02:17:27:679 2011 Sysname RADIUS/7/EVENT:

Sent request packet successfully.

*Jan  3 02:17:27:679 2011 Sysname RADIUS/7/EVENT:

Sent request packet and create request context successfully.

// 成功发送认证请求报文,并创建请求上下文

*Jan  3 02:17:27:680 2011 Sysname RADIUS/7/EVENT:

Added request context to global table successfully.

// 成功将请求上下文加入全局上下文信息表

*Jan  3 02:17:27:714 2011 Sysname RADIUS/7/EVENT:

Reply SocketFd recieved EPOLLIN event.

*Jan  3 02:17:27:715 2011 Sysname RADIUS/7/EVENT:

Received reply packet succuessfully.

// 接收到应答报文

*Jan  3 02:17:27:716 2011 Sysname RADIUS/7/EVENT:

Found request context, dstIP: 192.168.0.244, dstPort: 1812, VPN instance: --(pub

lic), socketFd: 23, pktID: 61.

// 查找到请求上下文

*Jan  3 02:17:27:717 2011 Sysname RADIUS/7/EVENT:

The reply packet is valid.

*Jan  3 02:17:27:718 2011 Sysname RADIUS/7/EVENT:

Decoded reply packet successfully.

// 应答报文有效,对应答报文解码成功

*Jan  3 02:17:27:719 2011 Sysname RADIUS/7/EVENT:

Sent reply message successfully.

//成功发送应答消息

*Jan  3 02:17:27:719 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 0

*Jan  3 02:17:27:720 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: Received authentication reply message, resultCode: 0

// 收到认证应答消息

*Jan  3 02:17:27:721 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: Processing RADIUS authorization.

// 开始进行RADIUS授权

*Jan  3 02:17:27:724 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: RADIUS Authorization successfully.

// RADIUS授权请求成功

*Jan  3 02:17:27:743 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: RADIUS accounting started.

// RADIUS计费开始

*Jan  3 02:17:27:744 2011 Sysname RADIUS/7/EVENT:

Processing AAA request data.

*Jan  3 02:17:27:744 2011 Sysname RADIUS/7/EVENT:

PAM_RADIUS: Sent accounting-start request successfully.

*Jan  3 02:17:27:744 2011 Sysname RADIUS/7/EVENT:

Got request data successfully, primitive: accounting-start.

// 成功获取计费请求数据,原语是开始计费

*Jan  3 02:17:27:745 2011 Sysname RADIUS/7/EVENT:

Getting RADIUS server info.

*Jan  3 02:17:27:745 2011 Sysname RADIUS/7/EVENT:

Got RADIUS server info successfully.

// 成功获取服务器信息

*Jan  3 02:17:27:746 2011 Sysname RADIUS/7/EVENT:

Created request context successfully.

*Jan  3 02:17:27:747 2011 Sysname RADIUS/7/EVENT:

Created request packet successfully, dstIP: 192.168.0.244, dstPort: 1813, VPN in

stance: --(public), socketFd: 23, pktID: 184.

// 成功创建计费开始请求报文,目的IP地址是192.168.0.244,目的端口号是1813VPN实例是public,套接字是23,报文ID184

*Jan  3 02:17:27:747 2011 Sysname RADIUS/7/EVENT:

Added packet socketfd to epoll successfully, socketFd: 23.

*Jan  3 02:17:27:749 2011 Sysname RADIUS/7/EVENT:

Mapped PAM item to RADIUS attribute successfully.

*Jan  3 02:17:27:749 2011 Sysname RADIUS/7/EVENT:

Got RADIUS username format successfully, format: 2.

*Jan  3 02:17:27:750 2011 Sysname RADIUS/7/EVENT:

Added attribute user-name successfully, user-name: test.

// 成功添加用户名属性,属性值是test

*Jan  3 02:17:27:751 2011 Sysname RADIUS/7/EVENT:

Filled RADIUS attributes in packet successfully.

*Jan  3 02:17:27:751 2011 Sysname RADIUS/7/EVENT:

Composed request packet successfully.

// 成功填充报文属性,并构建请求报文

*Jan  3 02:17:27:752 2011 Sysname RADIUS/7/EVENT:

Created response timeout timer successfully.

// 成功创建应答超时定时器

*Jan  3 02:17:27:754 2011 Sysname RADIUS/7/EVENT:

Sent request packet successfully.

*Jan  3 02:17:27:754 2011 Sysname RADIUS/7/EVENT:

Sent request packet and create request context successfully.

*Jan  3 02:17:27:755 2011 Sysname RADIUS/7/EVENT:

Added request context to global table successfully.

*Jan  3 02:17:27:755 2011 Sysname RADIUS/7/EVENT:

Reply SocketFd recieved EPOLLIN event.

*Jan  3 02:17:27:756 2011 Sysname RADIUS/7/EVENT:

Received reply packet succuessfully.

// 成功接收到计费应答报文

*Jan  3 02:17:27:757 2011 Sysname RADIUS/7/EVENT:

Found request context, dstIP: 192.168.0.244, dstPort: 1813, VPN instance: --(pub

lic), socketFd: 23, pktID: 184.

// 成功查找到计费应答报文对应的请求上下文,目的IP地址是192.168.0.244;目的端口号是1646;套接字是14;报文ID0

*Jan  3 02:17:27:758 2011 Sysname RADIUS/7/EVENT:

The reply packet is valid.

*Jan  3 02:17:27:759 2011 Sysname RADIUS/7/EVENT:

Decoded reply packet successfully.

// 计费应答报文有效,对计费应答报文解码成功

在一台设备上配置Login用户的认证方案为RADIUS认证、授权、计费,并打开RADIUS报文调试信息开关。当有一个Console用户登录本设备时,输出如下调试信息。

<Sysname> debugging radius packet

*Jan  3 02:33:18:686 2011 Sysname RADIUS/7/PACKET:

    User-Name="rbac"

    User-Password=******

    Service-Type=Login-User

    Framed-IP-Address=192.168.0.17

    NAS-IP-Address=192.168.0.16

// 认证请求报文中的属性列表

*Jan  3 02:33:18:690 2011 Sysname RADIUS/7/PACKET:

 01 ed 00 3e 44 13 50 f2 54 58 6f e8 39 e9 05 ff

 6c 7e 18 a3 01 06 72 62 61 63 02 12 71 a1 e1 46

 cc a2 77 97 a4 95 57 54 db f6 3b 0b 06 06 00 00

 00 01 08 06 c0 a8 00 11 04 06 c0 a8 00 10

// 发送的access-request报文原始信息

*Jan  3 02:33:18:707 2011 Sysname RADIUS/7/PACKET:

    Service-Type=Login-User

    Session-Timeout=86400

    Login-Service=Telnet

// access-accept应答报文的属性列表   

*Jan  3 02:33:18:708 2011 Sysname RADIUS/7/PACKET:

 02 ed 00 26 71 d9 71 09 75 7b af d9 2d fc 10 59

 4d ee 66 ae 06 06 00 00 00 01 1b 06 00 01 51 80

 0f 06 00 00 00 00

// access-accept报文的原始数据

*Jan  3 02:33:18:727 2011 Sysname RADIUS/7/PACKET:

    User-Name="rbac"

    Framed-IP-Address=192.168.0.17

    Acct-Session-

    Login-Service=Telnet

    Acct-Authentic=RADIUS

    NAS-IP-Address=192.168.0.16

    Acct-Status-Type=Start

    Acct-Delay-Time=0

    Event-Timestamp="Jan  3 2011 02:33:18 UTC"

// 计费开始请求报文中的属性列表

*Jan  3 02:33:18:729 2011 Sysname RADIUS/7/PACKET:

 04 3c 00 6c 21 aa 18 4e 38 c8 60 f1 12 76 97 26

 e2 04 d8 28 01 06 72 62 61 63 08 06 c0 a8 00 11

 2c 28 30 30 30 30 30 30 30 33 32 30 31 31 2d 30

 31 2d 30 33 3a 30 32 3a 33 33 3a 31 38 2d 30 30

 30 30 30 30 30 31 30 31 0f 06 00 00 00 00 2d 06

 00 00 00 01 04 06 c0 a8 00 10 28 06 00 00 00 01

 29 06 00 00 00 00 37 06 4d 21 35 6e

// 计费开始请求报文原始数据

*Jan  3 02:33:18:731 2011 Sysname RADIUS/7/PACKET:

 05 3c 00 14 5f 8f 2f e7 21 86 a7 db 52 b3 39 09

 86 92 80 b0

// 计费应答报文原始数据

 

在一台设备上配置Login用户的认证方案为本地认证、RADIUS授权,并打开RADIUS错误调试信息开关。当有一个Console用户登录本设备时,输出如下调试信息。

<Sysname> debugging radius error

*Dec 31 16:04:41:324 2009 Sysname RADIUS/7/ERROR:

PAM_RADIUS: Failed to get reply-data from pam-module-data..

// PAM数据获取应答数据失败

老哥这个手册可以给一份不

小L同学 发表时间:2024-11-18 更多>>

老哥这个手册可以给一份不

小L同学 发表时间:2024-11-18
粉丝:17人 关注:0人

联系400热线或当地H3C办事处获取吧

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明