Chào mọi người,

Em đang test thử cái radius server tạo trên Cisco ACS để chuẩn bị dùng cho công ty. Mô hình thử của em như sau (Em dùng GNS3)


Radius Server(10.0.0.1)----(10.0.0.2)RadiusClientRouter(10.0.1.2)----(10.0.1.1)Router

Ping OK, em đã cấu hình RadiusServer trên máy ảo Win2k3 Acc:hethong Pass:12345678

Cấu hình Router Client của em như sau:

RadiusClient(config)#aaa new-model
RadiusClient(config)#aaa authentication login default group radius
RadiusClient(config)#aaa authorization exec default group radius
RadiusClient(config)#radius-server host 10.0.0.1
RadiusClient(config)#radius-server key 12345 //trùng key với server rồi :46:

Tiếp đó em dùng Router 10.0.1.1 telnet vào Radius Client, có hỏi username ve password nhưng em nhập máy báo authentication failt.


Debug trên Client thì thấy có một số lỗi, nhờ mọi người hỗ trợ giúp:


RadiusClient#debug radius authentication
Radius protocol debugging is on
Radius protocol brief debugging is off
Radius protocol verbose debugging is off
Radius packet hex dump debugging is off
Radius packet protocol (authentication) debugging is on
Radius packet protocol (accounting) debugging is off
Radius packet retransmission debugging is off
Radius server fail-over debugging is off
RadiusClient#
*Mar 1 00:16:36.951: RADIUS/ENCODE(00000005): ask "Username: "
*Mar 1 00:16:36.955: RADIUS/ENCODE(00000005): send packet; GET_USER
*Mar 1 00:16:40.403: RADIUS/ENCODE(00000005): ask "Password: "
*Mar 1 00:16:40.407: RADIUS/ENCODE(00000005): send packet; GET_PASSWORD
*Mar 1 00:16:43.319: RADIUS/ENCODE(00000005):Orig. component type = EXEC
*Mar 1 00:16:43.323: RADIUS: AAA Unsupported Attr: interface [153] 6
*Mar 1 00:16:43.323: RADIUS: 74 74 79 32 [tty2]
*Mar 1 00:16:43.323: RADIUS(00000005): Storing nasport 226 in rad_db
*Mar 1 00:16:43.323: RADIUS/ENCODE(00000005): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
*Mar 1 00:16:43.327: RADIUS(00000005): Config NAS IP: 0.0.0.0
*Mar 1 00:16:43.327: RADIUS/ENCODE(00000005): acct_session_id: 4
*Mar 1 00:16:43.327: RADIUS(00000005): sending
*Mar 1 00:16:43.327: RADIUS/ENCODE: Best Local IP-Address 10.0.0.2 for Radius-Server 10.0.0.1
*Mar 1 00:16:43.327: RADIUS(00000005): Send Access-Request to 10.0.0.1:1645 id 1645/3, len 75
*Mar 1 00:16:43.331: RADIUS: authenticator 6B AC 87 4C 37 36 96 AA - 2D EB 59 57 8B 52 2D 87
*Mar 1 00:16:43.331: RADIUS: User-Name [1] 9 "hethong"
*Mar 1 00:16:43.331: RADIUS: User-Password [2] 18 *
*Mar 1 00:16:43.331: RADIUS: NAS-Port [5] 6 226
*Mar 1 00:16:43.331: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Mar 1 00:16:43.335: RADIUS: Calling-Station-Id [31] 10 "10.0.1.1"
*Mar 1 00:16:43.335: RADIUS: NAS-IP-Address [4] 6 10.0.0.2
*Mar 1 00:16:48.335: RADIUS: Retransmit to (10.0.0.1:1645,1646) for id 1645/3
*Mar 1 00:16:53.335: RADIUS: Retransmit to (10.0.0.1:1645,1646) for id 1645/3
*Mar 1 00:16:58.339: RADIUS: Retransmit to (10.0.0.1:1645,1646) for id 1645/3
*Mar 1 00:17:03.339: RADIUS: No response from (10.0.0.1:1645,1646) for id 1645/3
*Mar 1 00:17:03.339: RADIUS/DECODE: parse response no app start; FAIL
*Mar 1 00:17:03.339: RADIUS/DECODE: parse response; FAIL
*Mar 1 00:17:05.343: RADIUS/ENCODE(00000005): ask "Username: "
*Mar 1 00:17:05.343: RADIUS/ENCODE(00000005): send packet; GET_USER


Xin cảm ơn :46: