CSU [ Secure for Unix ]
# ./ViewProfile -p 9900 -u async_clientUser Profile Informationuser = async_client{profile_id = 110profile_cycle = 2radius= {check_items= {2=cisco
!--- Password(2) is "cisco"}reply_attributes= {6=2
!--- Service-Type(6) is Framed (2)7=1
!--- Framed-Protocol(7) is PPP (1)} }}
# ./ViewProfile -p 9900 -u isdn_user
User Profile Information
user = isdn_user{
profile_id = 24
profile_cycle = 4
radius=Cisco {
check_items= {
2=cisco
! -- Password(2) is "cisco"
}
reply_attributes= {
6=2
! -- Service-Type(6) is Framed (2)
7=1
! -- Framed-Protocol(7) is PPP (1)
}
}
}
Router
maui-nas-01#show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname maui-nas-01
!
aaa new-model
!--- Initiates the AAA access control system.
!--- This command immediately locks down login and PPP authentication.
aaa authentication login default group radius local
!--- Exec login (for the list default) is authenticated using methods
!--- radius then local. The router uses RADIUS for authentication at the
!--- login(exec) prompt. If RADIUS returns an error, the user is authenticated
!--- using the local database.
aaa authentication login NO_AUTHEN none
!--- Exec login (for the list NO_AUTHEN) has authentication method none
!--- (no authentication). Interfaces to which this list is applied will not have
!--- authentication enabled. Refer to the console port (line con 0) configuration.
aaa authentication ppp default if-needed group radius local
!--- PPP authentication (for the list default) uses methods radius then local.
!--- The if-needed keyword automatically permits ppp for users that have
!--- successfully authenticated using exec mode. If the EXEC facility has
!--- authenticated the user, RADIUS authentication for PPP is not performed.
!----This is necessary for clients that use terminal window after dial.
aaa authorization network default group radius local
!--- Authorization of network services (PPP services) for the list default uses
!--- methods radius then local. This is neccessary if you use RADIUS for the
!--- client IP address, Access List assignment and so on.
enable secret 5
!
username admin password 7
!--- This username allows for access to the router in situations where
!--- connectivity to the RADIUS server is lost. This is because the AAA
!--- configuration for exec login has the alternate method local.
spe 2/0 2/7
firmware location system:/ucode/mica_port_firmware
!
resource-pool disable
!
ip subnet-zero
no ip finger
!
isdn switch-type primary-ni
!--- Switch type is Primary NI-2.
isdn voice-call-failure 0
mta receive maximum-recipients 0
!
!
controller T1 0
!--- T1 0 controller configuration.
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
!
controller T1 1
!--- T1 1 is unused.
clock source line secondary 1
!
controller T1 2
!--- T1 1 is unused.
!
controller T1 3
!--- T1 1 is unused.
!
interface Ethernet0
ip address 172.22.53.141 255.255.255.0
no ip directed-broadcast
!
interface Serial0:23
!--- D-channel configuration for T1 0.
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 23
!--- Assign Serial0:23 as member of dialer pool 23.
!--- Dialer pool 23 is specified in interface Dialer 1.
!--- Interface Dialer 1 will terminate the ISDN calls.
isdn switch-type primary-ni
isdn incoming-voice modem
!--- Switch incoming analog calls to the internal digital modems.
no cdp enable
!
interface FastEthernet0
no ip address
no ip directed-broadcast
shutdown
duplex auto
speed auto
!
interface Group-Async0
!--- Async Group Interface for the modems.
ip unnumbered Ethernet0
!--- Unnumbered to the ethernet interface.
no ip directed-broadcast
encapsulation ppp
async mode interactive
!--- Configures interactive mode on the asynchronous interfaces.
!--- This allows users to dial in and get to a shell or PPP session on
!--- that line. If you want incoming users to only connect using PPP configure
!--- async mode dedicated instead.
peer default ip address pool ASYNC
!--- Use the ip pool named "ASYNC" to assign ip address for incoming connections.
ppp authentication chap
group-range 1 48
!--- Lines(modems) 1 through 48 are in this group async interface.
!
interface Dialer1
!--- Dialer1 will terminate ISDN calls.
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
dialer pool 23
!--- Dialer 1 uses dialer pool 23. Interface Serial0:23 is a member of this pool.
peer default ip address pool ISDN
!--- Use the ip pool named "ISDN" to assign ip address for incoming connections.
no cdp enable
ppp authentication chap
!
ip local pool ISDN 172.22.53.142 172.22.53.145
!--- IP address pool named "ISDN".
!--- This pool will be assigned to connections on interface Dialer 1.
ip local pool ASYNC 172.22.53.146 172.22.53.149
!--- IP address pool named "ASYNC".
!--- This pool will be assigned to incoming connections on Group-Async 0.
!--- Note: This address pool only has 4 addresses and is not sufficient to
!--- support all 48 modem lines. Configure your IP pool with the address range
!--- to support all connections.
ip classless
no ip http server
!
no cdp run
!
radius-server host 172.22.53.201 auth-port 1645 acct-port 1646 key cisco
!--- Radius-server host IP address and encryption key.
!--- The encryption key must match the onbe configured on the RADIUS server.
!
line con 0
exec-timeout 0 0
login authentication NO_AUTHEN
!--- Specifies that the AAA list name assigned to the console is NO_AUTHEN. From
!--- the AAA configuration above, the list NO_AUTHEN does not use authentication.
transport input none
line 1 48
autoselect during-login
!--- Displays the usernameassword prompt after modems connect.
!--- Without this the user must press enter to receive a prompt.
autoselect ppp
!--- When the NAS detects incoming PPP packets, the PPP session will be launched.
modem InOut
transport preferred none
transport input all
transport output none
line aux 0
line vty 0 4
!
end
【责编:admin】
--------------------next---------------------
