Chinaunix首页 | 论坛 | 博客
  • 博客访问: 633033
  • 博文数量: 825
  • 博客积分: 5000
  • 博客等级: 大校
  • 技术积分: 4980
  • 用 户 组: 普通用户
  • 注册时间: 2008-10-27 14:19
文章分类

全部博文(825)

文章存档

2011年(1)

2008年(824)

我的朋友

分类:

2008-10-27 14:22:25


  
  CSU [ Secure for Unix ]
  # ./ViewProfile -p 9900 -u async_clientUser Profile Informationuser = async_client{profile_id = 110profile_cycle = 2radius= {check_items= {2=cisco
  !--- Password(2) is "cisco"}reply_attributes= {6=2
  !--- Service-Type(6) is Framed (2)7=1
  !--- Framed-Protocol(7) is PPP (1)} }}
  # ./ViewProfile -p 9900 -u isdn_user
  User Profile Information
  user = isdn_user{
  profile_id = 24
  profile_cycle = 4
  radius=Cisco {
  check_items= {
  2=cisco
  ! -- Password(2) is "cisco"
  }
  reply_attributes= {
  6=2
  ! -- Service-Type(6) is Framed (2)
  7=1
  ! -- Framed-Protocol(7) is PPP (1)
  }
  }
  }
  
  Router
  maui-nas-01#show running-config
  Building configuration...
  
  Current configuration:
  !
  version 12.0
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  !
  hostname maui-nas-01
  !
  aaa new-model
  !--- Initiates the AAA access control system.
  !--- This command immediately locks down login and PPP authentication.
  aaa authentication login default group radius local
  !--- Exec login (for the list default) is authenticated using methods
  !--- radius then local. The router uses RADIUS for authentication at the
  !--- login(exec) prompt. If RADIUS returns an error, the user is authenticated
  !--- using the local database.
  aaa authentication login NO_AUTHEN none
  !--- Exec login (for the list NO_AUTHEN) has authentication method none
  !--- (no authentication). Interfaces to which this list is applied will not have
  !--- authentication enabled. Refer to the console port (line con 0) configuration.
  aaa authentication ppp default if-needed group radius local
  !--- PPP authentication (for the list default) uses methods radius then local.
  !--- The if-needed keyword automatically permits ppp for users that have
  !--- successfully authenticated using exec mode. If the EXEC facility has
  !--- authenticated the user, RADIUS authentication for PPP is not performed.
  !----This is necessary for clients that use terminal window after dial.
  aaa authorization network default group radius local
  !--- Authorization of network services (PPP services) for the list default uses
  !--- methods radius then local. This is neccessary if you use RADIUS for the
  !--- client IP address, Access List assignment and so on.
  enable secret 5
  !
  username admin password 7
  !--- This username allows for access to the router in situations where
  !--- connectivity to the RADIUS server is lost. This is because the AAA
  !--- configuration for exec login has the alternate method local.
  spe 2/0 2/7
  firmware location system:/ucode/mica_port_firmware
  !
  resource-pool disable
  !
  ip subnet-zero
  no ip finger
  !
  isdn switch-type primary-ni
  !--- Switch type is Primary NI-2.
  isdn voice-call-failure 0
  mta receive maximum-recipients 0
  !
  !
  controller T1 0
  !--- T1 0 controller configuration.
  framing esf
  clock source line primary
  linecode b8zs
  pri-group timeslots 1-24
  !
  controller T1 1
  !--- T1 1 is unused.
  clock source line secondary 1
  !
  controller T1 2
  !--- T1 1 is unused.
  !
  controller T1 3
  !--- T1 1 is unused.
  !
  interface Ethernet0
  ip address 172.22.53.141 255.255.255.0
  no ip directed-broadcast
  !
  interface Serial0:23
  !--- D-channel configuration for T1 0.
  no ip address
  no ip directed-broadcast
  encapsulation ppp
  dialer pool-member 23
  !--- Assign Serial0:23 as member of dialer pool 23.
  !--- Dialer pool 23 is specified in interface Dialer 1.
  !--- Interface Dialer 1 will terminate the ISDN calls.
  isdn switch-type primary-ni
  isdn incoming-voice modem
  !--- Switch incoming analog calls to the internal digital modems.
  no cdp enable
  !
  interface FastEthernet0
  no ip address
  no ip directed-broadcast
  shutdown
  duplex auto
  speed auto
  !
  interface Group-Async0
  !--- Async Group Interface for the modems.
  ip unnumbered Ethernet0
  !--- Unnumbered to the ethernet interface.
  no ip directed-broadcast
  encapsulation ppp
  async mode interactive
  !--- Configures interactive mode on the asynchronous interfaces.
  !--- This allows users to dial in and get to a shell or PPP session on
  !--- that line. If you want incoming users to only connect using PPP configure
  !--- async mode dedicated instead.
  peer default ip address pool ASYNC
  !--- Use the ip pool named "ASYNC" to assign ip address for incoming connections.
  ppp authentication chap
  group-range 1 48
  !--- Lines(modems) 1 through 48 are in this group async interface.
  !
  interface Dialer1
  !--- Dialer1 will terminate ISDN calls.
  ip unnumbered Ethernet0
  no ip directed-broadcast
  encapsulation ppp
  dialer pool 23
  !--- Dialer 1 uses dialer pool 23. Interface Serial0:23 is a member of this pool.
  peer default ip address pool ISDN
  !--- Use the ip pool named "ISDN" to assign ip address for incoming connections.
  no cdp enable
  ppp authentication chap
  !
  ip local pool ISDN 172.22.53.142 172.22.53.145
  !--- IP address pool named "ISDN".
  !--- This pool will be assigned to connections on interface Dialer 1.
  ip local pool ASYNC 172.22.53.146 172.22.53.149
  !--- IP address pool named "ASYNC".
  !--- This pool will be assigned to incoming connections on Group-Async 0.
  !--- Note: This address pool only has 4 addresses and is not sufficient to
  !--- support all 48 modem lines. Configure your IP pool with the address range
  !--- to support all connections.
  ip classless
  no ip http server
  !
  no cdp run
  !
  radius-server host 172.22.53.201 auth-port 1645 acct-port 1646 key cisco
  !--- Radius-server host IP address and encryption key.
  !--- The encryption key must match the onbe configured on the RADIUS server.
  !
  line con 0
  exec-timeout 0 0
  login authentication NO_AUTHEN
  !--- Specifies that the AAA list name assigned to the console is NO_AUTHEN. From
  !--- the AAA configuration above, the list NO_AUTHEN does not use authentication.
  transport input none
  line 1 48
  autoselect during-login
  !--- Displays the usernameassword prompt after modems connect.
  !--- Without this the user must press enter to receive a prompt.
  autoselect ppp
  !--- When the NAS detects incoming PPP packets, the PPP session will be launched.
  modem InOut
  transport preferred none
  transport input all
  transport output none
  line aux 0
  line vty 0 4
  !
  end
  
  
  
【责编:admin】

--------------------next---------------------

阅读(320) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~