0


TACACS+实验(设备管理)

实验拓扑结构

【准备工作】

一、基本配置概览

TACACS+服务器配置-登录用户及其密码,enable密码,分配的shell及可使用命令

用户

用户组

shell profiles(最低-最高)

command set(认证阶段不配置)

授权规则

cisco1

level1

level1-level1

show start

show runn

shell+comm->level1组

cisco2

level2

level1-level2

conf t

shell+comm->level2组

cisco14

level14

level1-level14

router

shell+comm->level14组

cisco15

level15

level1-level15

all

shell+comm->level15组

用户名

密码

enable密码

cisco1

cisco1

cisco1

cisco2

cisco2

cisco2

cisco14

cisco14

cisco14

cisco15

cisco15

cisco15

创建本地用户-当tacacs+不可用或者网络故障时,使用本地认证管理设备---后备方案。

本地用户:-----一个等级一个用户。当tacacs+不可用时,才使用本地认证。

username test0 privilege 0 password 0 test0

username test1 password 0 test1

username test2 privilege 2 password 0 test2

username test3 privilege 3 password 0 test3

username test4 privilege 4 password 0 test4

username test5 privilege 5 password 0 test5

username test6 privilege 6 password 0 test6

username test7 privilege 7 password 0 test7

username test8 privilege 8 password 0 test8

username test9 privilege 9 password 0 test9

username test10 privilege 10 password 0 test10

username test11 privilege 11 password 0 test11

username test12 privilege 12 password 0 test12

username test13 privilege 13 password 0 test13

username test14 privilege 14 password 0 test14

username test15 privilege 15 password 0 test15

本地enable密码-进入特权模式,需要输入密码。每一级都配置有enable密码。

enable密码:-----默认MD5加密----------默认使用本地enable,启用enable认证时,使用服务器用户的enable密码。

enable secret level 1 5 $1$uk48$4Upr2qfQQx6c37MBedyP70

enable secret level 2 5 $1$3BeE$oZ1ZH.rEsByQYXHQ1XuiR0

enable secret level 3 5 $1$lP7o$Pv26/beB7/l5GXKMcRyZp1

enable secret level 4 5 $1$SUML$LzeziyBBDgdB/f1S3CipK1

enable secret level 5 5 $1$6ujX$jtrZ/ASIwwhVniQ9.9fC9.

enable secret level 6 5 $1$QCI0$/4Cq99U6tcX/ecuT3btqJ1

enable secret level 7 5 $1$sZSs$kpjchYBZA5sNrUFKvpnC51

enable secret level 8 5 $1$4s16$C9s5hwgCESAymNqSUt7u60

enable secret level 9 5 $1$FeLY$bfKbYdXe9aVNznUUxb69p/

enable secret level 10 5 $1$hlyE$1AOFkQxWR8.hSNjt7qTGJ1

enable secret level 11 5 $1$R6Fp$KLwiElQL2ySLPnzGSoYrt0

enable secret level 12 5 $1$hQCb$kvrgxih8VV0UUD8LCW5Ow1

enable secret level 13 5 $1$.qP0$IpMBxPphRZsRiBPPaK2Qx0

enable secret level 14 5 $1$//WI$vKH.yxd3NkxgY.p6AB09t0

enable password enable15

注意区分:本地创建的用户为test开头,本地创建的enable密码为enable开头;

服务器创建的用户已cisco开头,enable密码也已cisco开头。

二、具体配置如下:

1、ACS服务器配置->定义4个用户组

2、ACS服务器配置->定义4个用户(配置用户名、密码和enable密码),划分到前面创建的4个用户组

3、ACS服务器配置->添加tacacs+客户端-vIOS交换机,同时设置客户端与服务器之间的共享密钥为cisco。

4、ACS服务器配置->创建4个shell profile-----先定义后使用,后面分配给4个用户组的用户

给用户cisco1 默认privilege 1-- 最大privilege 1

给用户cisco2默认privilege 1-- 最大privilege 2

给用户cisco14默认privilege 1-- 最大privilege 14

给用户cisco15默认privilege 1-- 最大privilege 15

5、NAS(交换机)配置-创建本地用户及本地enable密码

略。

一、authentication认证

Alogin****认证

1、【NAS(交换机)配置】-----指定login登录认证使用的认证顺序及认证源(包括本地、远程)

aaa authentication login test20 group tacacs+ local line enable** /*四种认证方法组成一个名叫test20的方法列表,后面可以将test20*引用到需要的地方/

#指定tacacs+服务器地址及共享密钥

tacacs server TA

address ipv4 10.1.1.1

key cisco

#将test20认证方法列表应用于vty

line vty 0 4

password 123456 /line密码/

login authentication test20

transport input telnet

注:只配置登录认证,先使用tacacs+认证;

当服务器不可用(宕机或者网络故障)的时候,使用local认证;

当local不能用(没有定义本地用户名和密码)时,使用line密码认证;

当line没有设置登录密码时,再使用enable认证;

当没有设置enable密码时,认证失败。

2、【tacacs+服务器配置】------配置授权策略

level1组的用户授予level1-shell

level2组的用户授予level2-shell

level14组的用户授予level14-shell

level15组的用户授予level15-shell

3、实验过程及结果

登录用户名

登录密码

登录后的privilege level

能否enable进入特权exec

能进入的特权exec有

cisco1

cisco1

level1

YES

level2-level15

cisco2

cisco2

leve1

YES

level2-level15

cisco14

cisco14

level1

YES

level2-level15

cisco15

cisco15

level1

YES

level2-level15

所有用户,登录成功后,权限级别均为level1;且都能进入特权exec模式,使用本地配置的enabe密码。

结论:

1、本地用户(test开头的),无法登录------非服务器端配置的;只有服务器宕机等情况下,才会使用认证列表中后续的认证方法-local;

2、登录用户为cisco开头的----服务器端配置的用户能成功登录;

3、cisco开头的用户登录成功后,授予的权限级别为默认级别level1(定义shell时指定的,策略授权是将指定用户和指定shell绑定);

4、虽然cisco开头的用户,被授予的最大权限级别不同,但是能够使用本地enable密码进入不同的权限级别,不能使用用户自定义的enable密码;

5、cisco开头成功登录的用户,能够执行的命令级受level等级限制,能执行该level等级下的所有命令。

Benable****认证

前提条件:配置了login认证。

1、【NAS(交换机)配置】-----指定enable认证使用的认证源(包括本地、远程)

aaa authentication login test20 group tacacs+ local line enable

aaa authentication enabledefault group tacacs+ enable none /enable**使用三种认证方法/

注:enable认证的认证方法列表名只能是default,不能使用其他名称。

2、【tacacs+服务器配置】------无

3、实验过程及结果

登录用户名

登录密码

登录后的privilege level

能否enable进入特权exec

能进入的特权exec有

cisco1

cisco1

level1

NO

cisco2

cisco2

leve1

YES

level2

cisco14

cisco14

level1

YES

level2-level14

cisco15

cisco15

level1

YES

level2-level15

所有用户,登录成功后,权限级别均为level1;

cisco1用户:

1、本地enable密码-enable15进入level15失败

2、本地enable密码-enable2进入level2失败

3、cisco1用户的登录密码,cisco1进入level2失败

4、cisco1用户的enable密码,cisco11进入level2失败(为了区分登录密码和enable密码,这里将最初设置的enable密码cisco1改为cisco11)

结论:

1、cisco1用户默认level和最大level都是level1,无法进入特权exec模式(level2或者level15);

cisco2用户:

1、本地enable密码-enable15进入level15失败

2、本地enable密码-enable2进入level2失败

3、cisco2用户的登录密码,cisco2进入level2失败

4、cisco2用户的enable密码,cisco22进入level2成功(为了区分登录密码和enable密码,这里将最初设置的enable密码cisco2改为cisco22)

结论:

1、cisco2用户默认level为1和最大level是2,可以进入特权exec模式level2也只能进入level2。

2、输入的任何enable密码都需要送到服务器端进行认证,本地的enable密码无效;

3、登录密码只能用于登录,不能当作enable密码使用。

cisco14用户:

1、本地enable密码-enable14进入level14失败

2、本地enable密码-enable2进入level2失败

3、cisco14用户的登录密码,cisco14进入level2失败

4、cisco14用户的enable密码,cisco144进入level2成功(为了区分登录密码和enable密码,这里将最初设置的enable密码cisco14改为cisco144)

5、cisco14用户的enable密码,cisco144进入level14成功

6、cisco14用户的enable密码,cisco144进入level15失败

结论:

1、cisco14用户默认level为1和最大level是14,可以进入level2-level14之间的所有特权exec模式,但是不能进入level15;

2、输入的任何enable密码都需要送到服务器端进行认证,本地的enable密码无效;

3、登录密码只能用于登录,不能当作enable密码使用;

4、一个enable密码可以进入授权范围内的所有特权模式。

cisco15用户:

1、使用任何本地enable密码,无法进入任何特权exec模式

2、使用cisco15用户的登录密码,无法进入任何特权exec模式

3、cisco15用户的enable密码,cisco155能进入任何特权exec模式(为了区分登录密码和enable密码,这里将最初设置的enable密码cisco15改为cisco155)

结论:

1、登录成功后使用一个enable密码能进入所有特权模式。

2、本地enable密码无效。

level2用户cisco2、level14用户cisco14能够执行的命令和level1用户cisco1能够使用的命令是一样的。level15用户cisco15能够使用所有命令。

*C*TACACS+**认证总结:

1、aaa authentication login test20 group tacacs+ local line enable----login认证

authentication:AAA认证

login****:登录

test20****:认证方法列表的名称

group tacacs+ local line enable****:认证方法列表及认证的顺序

先使用tacacs+认证(使用tacacs+服务器上定义的用户名和密码登录)-----本地配置的用户无效;

当服务器不可用的时候(服务器宕机或者网络故障),使用local认证(使用NAS上定义的用户名和密码登录);

当local不能用时(登录账户非NAS上定义的用户),使用line密码认证;

当NAS没有设置line密码时,使用本地enable认证;

当NAS没有设置本地enable密码时,登录失败。

登录成功的用户,虽然服务器授予相应的特权等级-通过属性值,但是成功登录的用户,不受属性值的限制,可以使用本地enable密码,进入所有特权等级。

用户本身定义的enable密码无效。

比如:服务器定义用户cisco1,登录密码cisco1,默认特权等级为1,最大特权等级为11,enable密码为cisco11。NAS设置的level1的enable密码为enable1, levelX的enable密码为enableX(X的取值为数字2-15)。

cisco1/cisco1成功登录NAS后,默认level为1。使用服务器定义的enable密码cisco11不能进入任何特权模式;使用本地定义的enable密码enableX能进入levelX特权模式;

aaa authentication login test20 group tacacs+ local line enable

*上面命令约定login**使用tacacs+认证,enable默认使用本地认证。*

2、aaa authentication enable default group tacacs+ enable none ------enable认证

在前面的基础上,将enable默认使用本地认证改为tacacs+认证----即本地enable密码无效。

比如:服务器定义用户cisco14,登录密码cisco14,默认等级为1,最大特权等级为14,enable密码为cisco144。NAS设置的level14的enable密码为enable14, level15的enable密码为enable15:

cisco14/cisco14成功登录NAS后,默认level为1。使用enable密码cisco144能进入level2-level14之间的任何特权模式,无法进入level15;

本地enable密码enable14和enable15无效;

没有配置aaa authentication** enable** default group tacacs+时:

进入特权模式需要本地enable密码。不同等级的特权模式,需要不同的enable密码。

配置aaa authentication** enable** default group tacacs+后:

进入特权模式不需要需要本地enable密码。

不同等级的特权模式,使用同一个enable密码-----服务器上定义用户时设置的初始enable密码。

能够进入的特权等级由定义的shell进行限制。

二、authorization授权

沿用前面的配置:因为授权发生在认证之后。

1、【NAS】配置

aaa authentication login test20 group tacacs+ local line enable

aaa authentication enable default group tacacs+ enable none

2、【Tacacs+】配置不变

3、在配置任何授权之前,先观察不同用户登录成功后能够使用的命令

登录用户名

登录密码

登录后的privilege level

能否enable进入特权exec

能进入的特权exec有

cisco1

cisco1

level1

NO

能够使用的命令

router>? 部分命令

cisco2

cisco2

leve1

YES

level2

能够使用的命令

router**>**? 用户模式-部分命令

router**#**? 特权模式-部分命令

cisco14

cisco14

level1

YES

level2-level14

能够使用的命令

router**>**? 用户模式-部分命令

router**#**? 特权模式-部分命令

cisco15

cisco15

level1

YES

level2-level15

能够使用的命令

router**>**? 用户模式-所有命令

router**#**? 特权模式-所有命令

cisco1用户只能使用用户exec模式下的部分命令;

cisco2用户能使用cisco1用户能使用的命令,还能使用level2下特权exec模式的部分命令。

cisco14用户能使用cisco2用户能使用的命令,还能使用level14下特权exec模式的部分命令。

cisco15用户能使用所有命令。

默认情况下, level2和level14能使用的命令,是一样的。

四个用都能使用show命令,但是参数不一样。

4、授权要求:

用户名

授权用户能使用的命令

cisco1

show start /show runn

cisco2

conf t命令

cisco14

router 命令

5、授权配置

【NAS】配置---前面认证的基础上添加如下授权命令:

aaa authorizationexec test20 group tacacs+ //TACACS+授权用户进行exec登录

aaa authorization commands 1 test20 group tacacs+ /用户等级为1的用户可使用命令进行授权/

aaa authorization commands 2 test20 group tacacs+ /用户等级为2的用户可使用命令进行授权/

aaa authorization commands 14 test20 group tacacs+ /用户等级为14的用户可使用命令进行授权/

aaa authorization commands 15 test20 group tacacs+ /用户等级为15的用户可使用命令进行授权/

aaa authorization config-commands /*这个命令表示aaa服务器对 (config)# 全局模式下输入的命令也进行授权检查。否则,只会对“>”用户模式和“#”特权模式下的命令进行授权的检查

line vty 0 4

password 123456

authorization commands 1 test20

authorization commands 2 test20

authorization commands 14 test20

authorization commands 15 test20

authorization exec test20

login authentication test20

transport input telnet

!

【Tacacs+】配置

给cisco1 用户授权show startup和show running命令

给cisco2用户授权conf t命令

给cisco14 授权router 配置命令

给cisco15授权能使用所有命令

6、实验过程及结果

登录用户名

登录密码

登录后的privilege level

能否enable进入特权exec

能进入的特权exec有

cisco1

cisco1

level1

NO

cisco2

cisco2

leve1

YES

level2

cisco14

cisco14

level1

YES

level2-level14

cisco15

cisco15

level1

YES

level2-level15

cisco1用户:

用户exec模式下命令都无法使用,提示。

cisco2用户、cisco14用户情况和cisco1一样。

cisco15用户:

能使用所有命令。

解释:远程服务器命令授权和本地命令授权不一样:

1、本地授权是将高级别的命令授予低级别,让低级别执行超出其权限的命令,比如将level15的命令show running-config 授予level1,拥有level1权限及以上权限的用户都能使用show running-confi命令了。

2、远程命令授权依赖于定义授权策略中授予的shell即level。

上面cisco1用户,授予的shell为默认level1,最大level也为1,设置的command set为show running-config,show startup-config。

意思是,cisco1用户只能使用level1权限中约定的命令集中的show running-config,show startup-config命令。

但是默认情况下,show running-config,show startup-config属于level15,不属于level1,所以cisco1用户什么命令也执行不了。

其他用户同理。

一种方案是使用privilege修改show running-config,show startup-config的特权等级为level1,这样level1的用户就可以使用该命令了。

注意:这里的授权,属于显式约定,有且只能使用配置的命令,没有配置的命令不能使用。

7、修改tacacs+服务器中关于command的配置------shell配置不变

不再显式规定---只能使用配置的命令。

cisco1用户level1模式下的所有命令都能使用。

cisco2用户除了能使用level1下的所有命令外,还能使用level2特权模式下的命令(其实还是和level1下的一样)。

cisco14用户能使用的命令和cisco2一样。

cisco15属于超级用户,能使用所有命令。

8、远程授权命令的原则:

level1-------对应一个命令集-------user exec模式下的命令集

level2-level14--------对应两个命令集体----- user exec模式下的命令集和level2特权命令集

level15----------------包括level1和level2命令集外,level15权限的命令集。

如果需要的话,可以将user exec模式下的命令集中的部分命令授予level1用户,从而限制level1用户能使用的命令-------即level1用户不能使用level1下的所有命令,只能使用被授予的命令。

level2-level15同理。

如果某个用户需要使用level15的命令,则需要将level15 shell权限授于该用户,同时将该命令授权给该用户-------该用户只能执行该命令,其他level15命令没有授权,使用不了。

eg:cisco1用户只能使用show privilege,其他命令(除了enable命令)都无法使用。

eg:cisco2用户只能使用ping命令,其他命令(除了enable命令)都无法使用。

eg:cisco15用户只能使用show running-config命令,其他命令(除了enable命令)都无法使用

9、远程命令授权总结:

授予所有用户level15级shell,但是限制用户能使用的命令----通过授予指定的命令。

方式一、只能使用设定的命令;

方式二、除了设定的命令不能用,其他命令都可以使用。

备注:上图中,忘记打勾了。

附:本地授权

Level 1是用户EXEC模式(User mode),通常用来查看路由器的状态。在此状态下,无法对路由器进行配置,可以查看的路由器信息也是有限的。

所有登录用户可以使用enable命令,然后输入相应enable密码进入相应privilege模式,

privilege模式有level2-level15一共14个等级。

level2-level14没有具体定义所能执行的命令,最基本的命令继承于level1。

Level 15可以更改路由器的配置,当然也可以查看路由器的所有信息,可以对路由器进行全面控制。用户模式下敲入“enable”命令(同“enable 15”)即进入特权模式。

一些不允许拥有完全权限(Level 15)的用户或客户需要连接到路由器时,管理员可以把Leve1 15中的部分命令的使用权限下放给Level2~14,然后把这些有权限运行部分命令的Leve1分发给相应的客户或用户。这样,那些客户或用户就能使用这些本来自己没有权限使用的命令了。比如,14级别的命令没有sh runn,可以将Leve1 15中的sh runn命令下放到level 14 ,然后定义用户,赋予level 14权限。

username test14 privilege 14 password test14。

privilege exec level 14 show running-config

这样,test14用户除了level 1中的命令外,还可以执行sh runn命令

下放命令前:

执行下放命令:

下放后验证结果:

注:level14用户除了能使用原来的命令外,还多了一个sh running-config命令。

level15自动继承低级别的所有权限,即level15用户还是能使用sh running-config命令。

将某个命令下放或者授予某个level后,该level及高于该level等级的自动都能使用该命令。

其实除了将高级别的命令授予低级别外,还可以将低级别的命令授予高级别。

比如为了不让level1的用户使用level1下的某条命令,可以将该命令授予level2-level15级别,这样除了level1的用户不能使用该命令外,其他等级(等于或高于被授予等级)的用户都能使用该命令。

其实下放或者授权等说法都不太准确,我更愿意称为权限等级的修改:

privilege exec level 10 show running-config

show running-config默认等级权限为15,默认只有level15等级的用户才能使用该命令;但是使用上述命令将其等级权限修改为10后,level10****及以上等级的用户都能使用该命令。

privilege exec level 10 show privilege

show privilege默认等级权限为1,默认level1及以上等级的用户都能使用该命令;使用上述命令将其等级权限修改为10,那么level9及以下等级的用户就不能使用该命令了,level10****及以上等级的用户才能使用该命令了。

其他配置命令实例-供参考

privilege exec level 5 show start //定义级别****5能够在exec****模式下使用命令

privilege exec level 10 configure//定义级别****10能够在exec****模式下使用命令

privilege exec level 10 write//定义级别****10能够在exec****模式下使用命令

privilege configure level 10 interface//定义级别****10能够在configure****模式下使用命令

privilege interface level 10 shutdown//定义级别****10能够在 interface模式下使用命令

privilege interface level 10 switchport access vlan //定义级别****10能够在 interface模式下使用命令

privilege exec level 5 show start

使用此命令后,会导致show命令也被修改为level5,直接导致level1-level4不能使用show 命令。

一般后面需要在加一条命令privilege exec level 1 show 。

三、accounting计费/审计

哪些行为需要计费/审计:

aaa accounting exec default start-stop group tacacs+ //在TACACS+记录exec登录日志从登陆到结束

aaa accounting commands 1 default start-stop group tacacs+ //在TACACS+记录用户等级为1的用户操作命令的日志从登陆到结束

aaa accounting commands 2 default start-stop group tacacs+ //在TACACS+记录用户等级为2的用户操作命令的日志从登陆到结束

aaa accounting commands 14 default start-stop group tacacs+ //在TACACS+记录用户等级为14的用户操作命令的日志从登陆到结束

aaa accounting commands 15 default start-stop group tacacs+ //在TACACS+记录用户等级为15的用户操作命令的日志从登陆到结束

aaa accounting connection test20 start-stop group tacacs+//在TACACS+记录客户端试图进行连接的日志从登陆到结束

aaa accounting systemdefault start-stop group tacacs+//在TACACS+记录系统相关信息日志从登陆到结束

aaa accounting network test20 start-stop group tacacs+//在TACACS+记录network相关信息日志从登陆到结束

前提条件:配置了login认证。

1、【NAS(交换机)配置】

aaa authentication login test20 group tacacs+ local line enable

aaa authentication enable default group tacacs+ enable none

aaa authorization exec test20 group tacacs+

aaa authorization commands 1 test20 group tacacs+

aaa authorization commands 2 test20 group tacacs+

aaa authorization commands 14 test20 group tacacs+

aaa authorization commands 15 test20 group tacacs+

aaa authorization config-commands

aaa accounting exec test20 start-stop group tacacs+

aaa accounting commands 1 test20 start-stop group tacacs+

aaa accounting commands 2 test20 start-stop group tacacs+

aaa accounting commands 14 test20 start-stop group tacacs+

aaa accounting commands 15 test20 start-stop group tacacs+

line vty 0 4

password 123456

authorization commands 1 test20

authorization commands 2 test20

authorization commands 14 test20

authorization commands 15 test20

authorization exec test20

accounting commands 1 test20

accounting commands 2 test20

accounting commands 14 test20

accounting commands 15 test20

accounting exec test20

login authentication test20

transport input telnet

!

2、【tacacs+服务器配置】------无

3、实验过程及结果

A、NAS设备开启debug

B、使用cisco15用户名登录NAS设备,执行部分命令

C、查看debug信息

NAS#

*Sep 18 21:06:36.205: AAA/BIND(00000067): Bind i/f

*Sep 18 21:06:36.206: AAA/ACCT/EVENT/(00000067): CALL START

*Sep 18 21:06:36.207: Getting session id for NET(00000067) : db=100F4458

*Sep 18 21:06:36.208: AAA/ACCT(00000000): add node, session 93

*Sep 18 21:06:36.209: AAA/ACCT/NET(00000067): add, count 1

*Sep 18 21:06:36.211: Getting session id for NONE(00000067) : db=100F4458

*Sep 18 21:06:36.212: AAA/AUTHEN/LOGIN (00000067): Pick method list 'test20'

*Sep 18 21:06:36.221: TPLUS: Queuing AAA Authentication request 103 for processing

*Sep 18 21:06:36.224: TPLUS(00000067) login timer started 1020 sec timeout

*Sep 18 21:06:36.225: TPLUS: processing authentication start request id 103

Sep 18 21:06:36.226: TPLUS: Authentication start packet* created for 103()

*Sep 18 21:06:36.227: TPLUS: Using server 10.1.1.1

*Sep 18 21:06:36.235: TPLUS(00000067)/0/NB_WAIT/D711670: Started 5 sec timeout

*Sep 18 21:06:36.250: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:06:36.258: TPLUS(00000067)/0/NB_WAIT: wrote entire 34 bytes request

*Sep 18 21:06:36.259: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:36.259: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:06:36.268: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:36.270: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 16 bytes data)

*Sep 18 21:06:36.271: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:36.272: TPLUS(00000067)/0/READ: read entire 28 bytes response

*Sep 18 21:06:36.273: TPLUS(00000067)/0/D711670: Processing the reply packet

*Sep 18 21:06:36.273: TPLUS: Received authen response status GET_USER (7)

*Sep 18 21:06:41.181: TPLUS: Queuing AAA Authentication request 103 for processing

*Sep 18 21:06:41.183: TPLUS(00000067) login timer started 1020 sec timeout

*Sep 18 21:06:41.183: TPLUS: processing authentication continue request id 103

*Sep 18 21:06:41.184: TPLUS: Authentication continue packet generated for 103

*Sep 18 21:06:41.184: TPLUS(00000067)/0/WRITE/AFA5F68: Started 5 sec timeout

*Sep 18 21:06:41.188: TPLUS(00000067)/0/WRITE: wrote entire 24 bytes request

*Sep 18 21:06:41.222: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:41.223: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 16 bytes data)

*Sep 18 21:06:41.224: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:41.224: TPLUS(00000067)/0/READ: read entire 28 bytes response

*Sep 18 21:06:41.225: TPLUS(00000067)/0/AFA5F68: Processing the reply packet

*Sep 18 21:06:41.226: TPLUS: Received authen response status GET_PASSWORD (8)

*Sep 18 21:06:44.921: TPLUS: Queuing AAA Authentication request 103 for processing

*Sep 18 21:06:44.923: TPLUS(00000067) login timer started 1020 sec timeout

*Sep 18 21:06:44.923: TPLUS: processing authentication continue request id 103

*Sep 18 21:06:44.924: TPLUS: Authentication continue packet generated for 103

*Sep 18 21:06:44.924: TPLUS(00000067)/0/WRITE/E880D98: Started 5 sec timeout

*Sep 18 21:06:44.930: TPLUS(00000067)/0/WRITE: wrote entire 24 bytes request

*Sep 18 21:06:45.041: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.042: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 6 bytes data)

*Sep 18 21:06:45.043: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.044: TPLUS(00000067)/0/READ: read entire 18 bytes response

*Sep 18 21:06:45.044: TPLUS(00000067)/0/E880D98: Processing the reply packet

*Sep 18 21:06:45.045: TPLUS: Received authen response status PASS (2)

*Sep 18 21:06:45.057: AAA/AUTHOR (0x67): Pick method list 'test20'

*Sep 18 21:06:45.063: TPLUS: Queuing AAA Authorization request 103 for processing

*Sep 18 21:06:45.065: TPLUS(00000067) login timer started 1020 sec timeout

*Sep 18 21:06:45.065: TPLUS: processing authorization request id 103

*Sep 18 21:06:45.066: TPLUS: Protocol set to None .....Skipping

*Sep 18 21:06:45.066: TPLUS: Sending AV service=shell

Sep 18 21:06:45.067: TPLUS: Sending AV cmd

*Sep 18 21:06:45.067: TPLUS: Authorization request created for 103(cisco15)

*Sep 18 21:06:45.068: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:06:45.077: TPLUS(00000067)/0/NB_WAIT/CDEA288: Started 5 sec timeout

*Sep 18 21:06:45.085: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:06:45.089: TPLUS(00000067)/0/NB_WAIT: wrote entire 60 bytes request

*Sep 18 21:06:45.090: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.091: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:06:45.146: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.147: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 17 bytes data)

*Sep 18 21:06:45.148: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.148: TPLUS(00000067)/0/READ: read entire 29 bytes response

*Sep 18 21:06:45.150: TPLUS(00000067)/0/CDEA288: Processing the reply packet

*Sep 18 21:06:45.151: TPLUS: Processed AV priv-lvl=1

*Sep 18 21:06:45.151: TPLUS: received authorization response for 103: PASS

*Sep 18 21:06:45.708: AAA/AUTHOR/EXEC(00000067): processing AV cmd=

*Sep 18 21:06:45.710: AAA/AUTHOR/EXEC(00000067): processing AV priv-lvl=1

*Sep 18 21:06:45.711: AAA/AUTHOR/EXEC(00000067): Authorization successful

*Sep 18 21:06:45.712: AAA/ACCT/EXEC(00000067): Pick method list 'test20'

*Sep 18 21:06:45.712: AAA/ACCT/SETMLIST(00000067): Handle 13000019, mlist 100E7290, Name test20

*Sep 18 21:06:45.713: Getting session id for EXEC(00000067) : db=100F4458

*Sep 18 21:06:45.713: AAA/ACCT/EXEC(00000067): add, count 2

*Sep 18 21:06:45.714: AAA/ACCT/EVENT/(00000067): EXEC UP

*Sep 18 21:06:45.715: AAA/ACCT/EXEC(00000067): Queueing record is START

*Sep 18 21:06:45.721: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:06:45.722: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:06:45.724: TPLUS: processing accounting request id 103

*Sep 18 21:06:45.724: TPLUS: Sending AV task_id=93

*Sep 18 21:06:45.726: TPLUS: Sending AV timezone=UTC

*Sep 18 21:06:45.726: TPLUS: Sending AV service=shell

*Sep 18 21:06:45.727: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:06:45.727: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:06:45.736: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:06:45.746: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:06:45.754: TPLUS(00000067)/0/NB_WAIT: wrote entire 80 bytes request

*Sep 18 21:06:45.754: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.755: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:06:45.768: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.769: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:06:45.770: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:45.770: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:06:45.771: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:06:45.772: TPLUS: Received accounting response with status PASS

*Sep 18 21:06:45.775: AAA/ACCT/EXEC(00000067): START protocol reply PASS

*Sep 18 21:06:45.776: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:06:45.777: AAA/ACCT(00000067): Send START accounting notification to EM failed

*Sep 18 21:06:45.778: AAA/ACCT(00000067): mlist_periodic is not set, interval 0

*Sep 18 21:06:47.789: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:06:47.790: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:06:47.791: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:06:47.792: AAA/MEMORY: create_user (0xCDE98A0) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 18 21:06:47.794: tty2 AAA/AUTHOR/CMD (1986055938): Port='tty2' list='test20' service=CMD

*Sep 18 21:06:47.795: AAA/AUTHOR/CMD: tty2 (1986055938) user='cisco15'

*Sep 18 21:06:47.796: tty2 AAA/AUTHOR/CMD (1986055938): send AV service=shell

*Sep 18 21:06:47.797: tty2 AAA/AUTHOR/CMD (1986055938): send AV cmd=show

*Sep 18 21:06:47.797: tty2 AAA/AUTHOR/CMD (1986055938): send AV cmd-arg=privilege

*Sep 18 21:06:47.798: tty2 AAA/AUTHOR/CMD (1986055938): send AV cmd-arg=<cr>

*Sep 18 21:06:47.798: tty2 AAA/AUTHOR/CMD(1986055938): found list "test20"

*Sep 18 21:06:47.799: tty2 AAA/AUTHOR/CMD (1986055938): Method=tacacs+ (tacacs+)

*Sep 18 21:06:47.799: AAA/AUTHOR/TAC+: (1986055938): user=cisco15

*Sep 18 21:06:47.800: AAA/AUTHOR/TAC+: (1986055938): send AV service=shell

*Sep 18 21:06:47.803: AAA/AUTHOR/TAC+: (1986055938): send AV cmd=show

*Sep 18 21:06:47.804: AAA/AUTHOR/TAC+: (1986055938): send AV cmd-arg=privilege

*Sep 18 21:06:47.805: AAA/AUTHOR/TAC+: (1986055938): send AV cmd-arg=<cr>

*Sep 18 21:06:47.806: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:06:47.806: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:06:47.822: TAC+: Opened TCP/IP handle 0xF5C2F30 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:06:47.823: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:06:47.826: TAC+: 10.1.1.1 (1986055938) AUTHOR/START queued

*Sep 18 21:06:48.026: TAC+: (1986055938) AUTHOR/START processed

*Sep 18 21:06:48.029: TAC+: (1986055938): received author response status = PASS_ADD

*Sep 18 21:06:48.029: TAC+: Closing TCP/IP 0xF5C2F30 connection to 10.1.1.1/49

*Sep 18 21:06:48.034: AAA/AUTHOR (1986055938): Post authorization status = PASS_ADD

*Sep 18 21:06:48.035: AAA/MEMORY: free_user (0xCDE98A0) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 18 21:06:48.036: AAA/ACCT/260(00000067): Pick method list 'test20'

*Sep 18 21:06:48.036: AAA/ACCT/SETMLIST(00000067): Handle 8100001A, mlist 10A204D8, Name test20

*Sep 18 21:06:48.037: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:06:48.037: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:06:48.038: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:06:48.038: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:06:48.039: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:06:48.040: AAA/ACCT/CMD(00000067): Setting session id 94 : db=100F4458

*Sep 18 21:06:48.050: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:06:48.051: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:06:48.056: TPLUS: processing accounting request id 103

*Sep 18 21:06:48.056: TPLUS: Sending AV task_id=93

*Sep 18 21:06:48.057: TPLUS: Sending AV timezone=UTC

*Sep 18 21:06:48.057: TPLUS: Sending AV service=shell

*Sep 18 21:06:48.058: TPLUS: Sending AV priv-lvl=1

*Sep 18 21:06:48.059: TPLUS: Sending AV cmd=show privilege <cr>

*Sep 18 21:06:48.060: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:06:48.061: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:06:48.069: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:06:48.082: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:06:48.089: TPLUS(00000067)/0/NB_WAIT: wrote entire 115 bytes request

*Sep 18 21:06:48.089: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:48.090: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:06:48.155: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:48.156: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:06:48.156: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:06:48.157: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:06:48.158: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:06:48.158: TPLUS: Received accounting response with status PASS

*Sep 18 21:06:48.165: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:06:48.166: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:06:48.166: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:06:48.167: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:06:48.168: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:06:48.168: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:07:03.572: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:07:03.573: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:07:03.574: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:07:03.575: AAA/MEMORY: create_user (0xD7A94E8) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 18 21:07:03.576: tty2 AAA/AUTHOR/CMD (3957451582): Port='tty2' list='test20' service=CMD

*Sep 18 21:07:03.576: AAA/AUTHOR/CMD: tty2 (3957451582) user='cisco15'

*Sep 18 21:07:03.577: tty2 AAA/AUTHOR/CMD (3957451582): send AV service=shell

*Sep 18 21:07:03.578: tty2 AAA/AUTHOR/CMD (3957451582): send AV cmd=show

*Sep 18 21:07:03.578: tty2 AAA/AUTHOR/CMD (3957451582): send AV cmd-arg=users

*Sep 18 21:07:03.579: tty2 AAA/AUTHOR/CMD (3957451582): send AV cmd-arg=<cr>

*Sep 18 21:07:03.579: tty2 AAA/AUTHOR/CMD(3957451582): found list "test20"

*Sep 18 21:07:03.580: tty2 AAA/AUTHOR/CMD (3957451582): Method=tacacs+ (tacacs+)

*Sep 18 21:07:03.580: AAA/AUTHOR/TAC+: (3957451582): user=cisco15

*Sep 18 21:07:03.581: AAA/AUTHOR/TAC+: (3957451582): send AV service=shell

*Sep 18 21:07:03.582: AAA/AUTHOR/TAC+: (3957451582): send AV cmd=show

*Sep 18 21:07:03.582: AAA/AUTHOR/TAC+: (3957451582): send AV cmd-arg=users

*Sep 18 21:07:03.586: AAA/AUTHOR/TAC+: (3957451582): send AV cmd-arg=<cr>

*Sep 18 21:07:03.586: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:03.587: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:07:03.638: TAC+: Opened TCP/IP handle 0xF5C2F30 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:07:03.639: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:07:03.642: TAC+: 10.1.1.1 (3957451582) AUTHOR/START queued

*Sep 18 21:07:03.842: TAC+: (3957451582) AUTHOR/START processed

*Sep 18 21:07:03.844: TAC+: (-337515714): received author response status = PASS_ADD

*Sep 18 21:07:03.845: TAC+: Closing TCP/IP 0xF5C2F30 connection to 10.1.1.1/49

*Sep 18 21:07:03.849: AAA/AUTHOR (3957451582): Post authorization status = PASS_ADD

*Sep 18 21:07:03.850: AAA/MEMORY: free_user (0xD7A94E8) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 18 21:07:03.850: AAA/ACCT/260(00000067): Pick method list 'test20'

*Sep 18 21:07:03.851: AAA/ACCT/SETMLIST(00000067): Handle 8100001A, mlist 10A204D8, Name test20

*Sep 18 21:07:03.851: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:07:03.852: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:07:03.852: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:07:03.853: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:07:03.854: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:07:03.854: AAA/ACCT/CMD(00000067): Setting session id 95 : db=100F4458

*Sep 18 21:07:03.886: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:07:03.886: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:07:03.891: TPLUS: processing accounting request id 103

*Sep 18 21:07:03.892: TPLUS: Sending AV task_id=94

*Sep 18 21:07:03.892: TPLUS: Sending AV timezone=UTC

*Sep 18 21:07:03.893: TPLUS: Sending AV service=shell

*Sep 18 21:07:03.893: TPLUS: Sending AV priv-lvl=1

*Sep 18 21:07:03.894: TPLUS: Sending AV cmd=show users <cr>

*Sep 18 21:07:03.894: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:07:03.895: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:03.901: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:07:03.916: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:07:03.922: TPLUS(00000067)/0/NB_WAIT: wrote entire 111 bytes request

*Sep 18 21:07:03.922: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:03.923: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:07:03.933: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:03.933: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:07:03.934: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:03.935: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:07:03.936: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:07:03.936: TPLUS: Received accounting response with status PASS

*Sep 18 21:07:03.941: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:07:03.942: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:07:03.943: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:07:03.943: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:07:03.944: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:07:03.945: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:07:08.097: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 18 21:07:08.098: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:07:08.098: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:07:08.099: AAA/MEMORY: create_user (0xE880D98) user='cisco15' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:07:08.100: AAA/AUTHEN/START (510711375): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 18 21:07:08.100: AAA/AUTHEN/START (510711375): using "default" list

*Sep 18 21:07:08.101: AAA/AUTHEN/START (510711375): Method=tacacs+ (tacacs+)

*Sep 18 21:07:08.102: TAC+: send AUTHEN/START packet ver=192 id=510711375

*Sep 18 21:07:08.103: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 18 21:07:08.104: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:07:08.119: TAC+: Opened TCP/IP handle 0xF5C3658 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:07:08.122: TAC+: 10.1.1.1 (510711375) AUTHEN/START/LOGIN/ASCII queued

*Sep 18 21:07:08.321: TAC+: (510711375) AUTHEN/START/LOGIN/ASCII processed

*Sep 18 21:07:08.321: TAC+: ver=192 id=510711375 received AUTHEN status = GETPASS

*Sep 18 21:07:08.321: AAA/AUTHEN (510711375): status = GETPASS

*Sep 18 21:07:13.604: AAA/AUTHEN/CONT (510711375): continue_login (user='cisco15')

*Sep 18 21:07:13.605: AAA/AUTHEN (510711375): status = GETPASS

*Sep 18 21:07:13.606: AAA/AUTHEN (510711375): Method=tacacs+ (tacacs+)

*Sep 18 21:07:13.606: TAC+: send AUTHEN/CONT packet id=510711375

*Sep 18 21:07:13.608: TAC+: 10.1.1.1 (510711375) AUTHEN/CONT queued

*Sep 18 21:07:13.807: TAC+: (510711375) AUTHEN/CONT processed

*Sep 18 21:07:13.811: TAC+: ver=192 id=510711375 received AUTHEN status = PASS

*Sep 18 21:07:13.811: AAA/AUTHEN (510711375): status = PASS

*Sep 18 21:07:13.812: TAC+: Closing TCP/IP 0xF5C3658 connection to 10.1.1.1/49

*Sep 18 21:07:13.815: AAA/MEMORY: free_user (0xE880D98) user='cisco15' ruser='NULL' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

*Sep 18 21:07:15.936: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:07:15.937: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:07:15.938: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:07:15.938: AAA/MEMORY: create_user (0xCDE98A0) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 18 21:07:15.939: tty2 AAA/AUTHOR/CMD (3666164096): Port='tty2' list='test20' service=CMD

*Sep 18 21:07:15.939: AAA/AUTHOR/CMD: tty2 (3666164096) user='cisco15'

*Sep 18 21:07:15.940: tty2 AAA/AUTHOR/CMD (3666164096): send AV service=shell

*Sep 18 21:07:15.941: tty2 AAA/AUTHOR/CMD (3666164096): send AV cmd=show

*Sep 18 21:07:15.941: tty2 AAA/AUTHOR/CMD (3666164096): send AV cmd-arg=privilege

*Sep 18 21:07:15.941: tty2 AAA/AUTHOR/CMD (3666164096): send AV cmd-arg=<cr>

*Sep 18 21:07:15.942: tty2 AAA/AUTHOR/CMD(3666164096): found list "test20"

*Sep 18 21:07:15.942: tty2 AAA/AUTHOR/CMD (3666164096): Method=tacacs+ (tacacs+)

*Sep 18 21:07:15.943: AAA/AUTHOR/TAC+: (3666164096): user=cisco15

*Sep 18 21:07:15.943: AAA/AUTHOR/TAC+: (3666164096): send AV service=shell

*Sep 18 21:07:15.944: AAA/AUTHOR/TAC+: (3666164096): send AV cmd=show

*Sep 18 21:07:15.944: AAA/AUTHOR/TAC+: (3666164096): send AV cmd-arg=privilege

*Sep 18 21:07:15.945: AAA/AUTHOR/TAC+: (3666164096): send AV cmd-arg=<cr>

*Sep 18 21:07:15.945: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:15.946: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:07:15.962: TAC+: Opened TCP/IP handle 0xF5C3658 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:07:15.962: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:07:15.964: TAC+: 10.1.1.1 (3666164096) AUTHOR/START queued

*Sep 18 21:07:16.165: TAC+: (3666164096) AUTHOR/START processed

*Sep 18 21:07:16.167: TAC+: (-628803200): received author response status = PASS_ADD

*Sep 18 21:07:16.168: TAC+: Closing TCP/IP 0xF5C3658 connection to 10.1.1.1/49

*Sep 18 21:07:16.172: AAA/AUTHOR (3666164096): Post authorization status = PASS_ADD

*Sep 18 21:07:16.173: AAA/MEMORY: free_user (0xCDE98A0) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 18 21:07:16.174: AAA/ACCT/260(00000067): Pick method list 'test20'

*Sep 18 21:07:16.174: AAA/ACCT/SETMLIST(00000067): Handle 8100001A, mlist 10A204D8, Name test20

*Sep 18 21:07:16.175: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:07:16.175: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:07:16.175: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:07:16.176: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:07:16.177: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:07:16.178: AAA/ACCT/CMD(00000067): Setting session id 96 : db=100F4458

*Sep 18 21:07:16.186: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:07:16.186: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:07:16.188: TPLUS: processing accounting request id 103

*Sep 18 21:07:16.188: TPLUS: Sending AV task_id=95

*Sep 18 21:07:16.189: TPLUS: Sending AV timezone=UTC

*Sep 18 21:07:16.189: TPLUS: Sending AV service=shell

*Sep 18 21:07:16.190: TPLUS: Sending AV priv-lvl=1

*Sep 18 21:07:16.190: TPLUS: Sending AV cmd=show privilege <cr>

*Sep 18 21:07:16.191: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:07:16.191: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:16.199: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:07:16.210: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:07:16.214: TPLUS(00000067)/0/NB_WAIT: wrote entire 115 bytes request

*Sep 18 21:07:16.214: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:16.215: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:07:16.231: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:16.231: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:07:16.232: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:16.232: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:07:16.233: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:07:16.233: TPLUS: Received accounting response with status PASS

*Sep 18 21:07:16.237: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:07:16.237: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:07:16.238: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:07:16.238: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:07:16.239: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:07:16.240: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:07:29.865: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 15 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:07:29.866: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:07:29.866: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:07:29.867: AAA/MEMORY: create_user (0xCDE98A0) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:07:29.868: tty2 AAA/AUTHOR/CMD (3463389916): Port='tty2' list='test20' service=CMD

*Sep 18 21:07:29.869: AAA/AUTHOR/CMD: tty2 (3463389916) user='cisco15'

*Sep 18 21:07:29.870: tty2 AAA/AUTHOR/CMD (3463389916): send AV service=shell

*Sep 18 21:07:29.872: tty2 AAA/AUTHOR/CMD (3463389916): send AV cmd=configure

*Sep 18 21:07:29.873: tty2 AAA/AUTHOR/CMD (3463389916): send AV cmd-arg=terminal

*Sep 18 21:07:29.873: tty2 AAA/AUTHOR/CMD (3463389916): send AV cmd-arg=<cr>

*Sep 18 21:07:29.874: tty2 AAA/AUTHOR/CMD(3463389916): found list "test20"

*Sep 18 21:07:29.874: tty2 AAA/AUTHOR/CMD (3463389916): Method=tacacs+ (tacacs+)

*Sep 18 21:07:29.875: AAA/AUTHOR/TAC+: (3463389916): user=cisco15

*Sep 18 21:07:29.877: AAA/AUTHOR/TAC+: (3463389916): send AV service=shell

*Sep 18 21:07:29.877: AAA/AUTHOR/TAC+: (3463389916): send AV cmd=configure

*Sep 18 21:07:29.878: AAA/AUTHOR/TAC+: (3463389916): send AV cmd-arg=terminal

*Sep 18 21:07:29.879: AAA/AUTHOR/TAC+: (3463389916): send AV cmd-arg=<cr>

*Sep 18 21:07:29.880: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:29.881: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:07:29.902: TAC+: Opened TCP/IP handle 0xF5C3658 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:07:29.903: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:07:29.905: TAC+: 10.1.1.1 (3463389916) AUTHOR/START queued

*Sep 18 21:07:30.604: TAC+: (3463389916) AUTHOR/START processed

*Sep 18 21:07:30.604: TAC+: (-831577380): received author response status = PASS_ADD

*Sep 18 21:07:30.604: TAC+: Closing TCP/IP 0xF5C3658 connection to 10.1.1.1/49

*Sep 18 21:07:30.608: AAA/AUTHOR (3463389916): Post authorization status = PASS_ADD

*Sep 18 21:07:30.609: AAA/MEMORY: free_user (0xCDE98A0) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Sep 18 21:07:30.609: AAA/ACCT/3844(00000067): Pick method list 'test20'

*Sep 18 21:07:30.610: AAA/ACCT/SETMLIST(00000067): Handle 9C00001D, mlist 100F5828, Name test20

*Sep 18 21:07:30.610: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:07:30.611: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:07:30.611: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:07:30.612: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:07:30.613: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:07:30.614: AAA/ACCT/CMD(00000067): Setting session id 97 : db=100F4458

*Sep 18 21:07:30.675: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:07:30.676: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:07:30.679: TPLUS: processing accounting request id 103

*Sep 18 21:07:30.680: TPLUS: Sending AV task_id=96

*Sep 18 21:07:30.680: TPLUS: Sending AV timezone=UTC

*Sep 18 21:07:30.681: TPLUS: Sending AV service=shell

*Sep 18 21:07:30.681: TPLUS: Sending AV priv-lvl=15

*Sep 18 21:07:30.682: TPLUS: Sending AV cmd=configure terminal <cr>

*Sep 18 21:07:30.682: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:07:30.683: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:30.690: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:07:30.704: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:07:30.708: TPLUS(00000067)/0/NB_WAIT: wrote entire 120 bytes request

*Sep 18 21:07:30.709: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:30.709: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:07:30.721: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:30.721: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:07:30.722: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:30.722: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:07:30.723: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:07:30.724: TPLUS: Received accounting response with status PASS

*Sep 18 21:07:30.727: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:07:30.728: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:07:30.728: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:07:30.729: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:07:30.729: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:07:30.730: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:07:41.043: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 15 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:07:41.043: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:07:41.044: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:07:41.044: AAA/MEMORY: create_user (0xCDE98A0) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:07:41.045: tty2 AAA/AUTHOR/CMD (3195941304): Port='tty2' list='test20' service=CMD

*Sep 18 21:07:41.046: AAA/AUTHOR/CMD: tty2 (3195941304) user='cisco15'

*Sep 18 21:07:41.047: tty2 AAA/AUTHOR/CMD (3195941304): send AV service=shell

*Sep 18 21:07:41.048: tty2 AAA/AUTHOR/CMD (3195941304): send AV cmd=do-exec

*Sep 18 21:07:41.048: tty2 AAA/AUTHOR/CMD (3195941304): send AV cmd-arg=sh

*Sep 18 21:07:41.049: tty2 AAA/AUTHOR/CMD (3195941304): send AV cmd-arg=ip

*Sep 18 21:07:41.049: tty2 AAA/AUTHOR/CMD (3195941304): send AV cmd-arg=int

*Sep 18 21:07:41.050: tty2 AAA/AUTHOR/CMD (3195941304): send AV cmd-arg=bri

*Sep 18 21:07:41.050: tty2 AAA/AUTHOR/CMD (3195941304): send AV cmd-arg=<cr>

*Sep 18 21:07:41.050: tty2 AAA/AUTHOR/CMD(3195941304): found list "test20"

*Sep 18 21:07:41.051: tty2 AAA/AUTHOR/CMD (3195941304): Method=tacacs+ (tacacs+)

*Sep 18 21:07:41.051: AAA/AUTHOR/TAC+: (3195941304): user=cisco15

*Sep 18 21:07:41.052: AAA/AUTHOR/TAC+: (3195941304): send AV service=shell

*Sep 18 21:07:41.052: AAA/AUTHOR/TAC+: (3195941304): send AV cmd=do-exec

*Sep 18 21:07:41.053: AAA/AUTHOR/TAC+: (3195941304): send AV cmd-arg=sh

*Sep 18 21:07:41.053: AAA/AUTHOR/TAC+: (3195941304): send AV cmd-arg=ip

*Sep 18 21:07:41.054: AAA/AUTHOR/TAC+: (3195941304): send AV cmd-arg=int

*Sep 18 21:07:41.054: AAA/AUTHOR/TAC+: (3195941304): send AV cmd-arg=bri

*Sep 18 21:07:41.054: AAA/AUTHOR/TAC+: (3195941304): send AV cmd-arg=<cr>

*Sep 18 21:07:41.055: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:41.055: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:07:41.079: TAC+: Opened TCP/IP handle 0xF5C3658 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:07:41.080: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:07:41.081: TAC+: 10.1.1.1 (3195941304) AUTHOR/START queued

*Sep 18 21:07:41.282: TAC+: (3195941304) AUTHOR/START processed

*Sep 18 21:07:41.285: TAC+: (-1099025992): received author response status = PASS_ADD

*Sep 18 21:07:41.285: TAC+: Closing TCP/IP 0xF5C3658 connection to 10.1.1.1/49

*Sep 18 21:07:41.289: AAA/AUTHOR (3195941304): Post authorization status = PASS_ADD

*Sep 18 21:07:41.290: AAA/MEMORY: free_user (0xCDE98A0) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Sep 18 21:07:41.291: AAA/ACCT/3844(00000067): Pick method list 'test20'

*Sep 18 21:07:41.291: AAA/ACCT/SETMLIST(00000067): Handle 9C00001D, mlist 100F5828, Name test20

*Sep 18 21:07:41.292: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:07:41.292: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:07:41.293: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:07:41.294: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:07:41.296: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:07:41.296: AAA/ACCT/CMD(00000067): Setting session id 98 : db=100F4458

*Sep 18 21:07:41.399: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:07:41.400: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:07:41.400: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:07:41.401: AAA/MEMORY: create_user (0xCDE98A0) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 18 21:07:41.402: tty2 AAA/AUTHOR/CMD (1708131994): Port='tty2' list='test20' service=CMD

*Sep 18 21:07:41.402: AAA/AUTHOR/CMD: tty2 (1708131994) user='cisco15'

*Sep 18 21:07:41.403: tty2 AAA/AUTHOR/CMD (1708131994): send AV service=shell

*Sep 18 21:07:41.403: tty2 AAA/AUTHOR/CMD (1708131994): send AV cmd=show

*Sep 18 21:07:41.404: tty2 AAA/AUTHOR/CMD (1708131994): send AV cmd-arg=ip

*Sep 18 21:07:41.404: tty2 AAA/AUTHOR/CMD (1708131994): send AV cmd-arg=interface

*Sep 18 21:07:41.405: tty2 AAA/AUTHOR/CMD (1708131994): send AV cmd-arg=brief

*Sep 18 21:07:41.405: tty2 AAA/AUTHOR/CMD (1708131994): send AV cmd-arg=<cr>

*Sep 18 21:07:41.406: tty2 AAA/AUTHOR/CMD(1708131994): found list "test20"

*Sep 18 21:07:41.406: tty2 AAA/AUTHOR/CMD (1708131994): Method=tacacs+ (tacacs+)

*Sep 18 21:07:41.407: AAA/AUTHOR/TAC+: (1708131994): user=cisco15

*Sep 18 21:07:41.407: AAA/AUTHOR/TAC+: (1708131994): send AV service=shell

*Sep 18 21:07:41.408: AAA/AUTHOR/TAC+: (1708131994): send AV cmd=show

*Sep 18 21:07:41.409: AAA/AUTHOR/TAC+: (1708131994): send AV cmd-arg=ip

*Sep 18 21:07:41.409: AAA/AUTHOR/TAC+: (1708131994): send AV cmd-arg=interface

*Sep 18 21:07:41.410: AAA/AUTHOR/TAC+: (1708131994): send AV cmd-arg=brief

*Sep 18 21:07:41.410: AAA/AUTHOR/TAC+: (1708131994): send AV cmd-arg=<cr>

*Sep 18 21:07:41.411: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:41.411: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:07:41.438: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:07:41.439: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:07:41.448: TPLUS: processing accounting request id 103

*Sep 18 21:07:41.449: TPLUS: Sending AV task_id=97

*Sep 18 21:07:41.450: TPLUS: Sending AV timezone=UTC

*Sep 18 21:07:41.450: TPLUS: Sending AV service=shell

*Sep 18 21:07:41.451: TPLUS: Sending AV priv-lvl=15

*Sep 18 21:07:41.451: TPLUS: Sending AV cmd=do-exec sh ip int bri <cr>

*Sep 18 21:07:41.452: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:07:41.453: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:41.462: TPLUS(00000067)/0/NB_WAIT/D711518: Started 5 sec timeout

*Sep 18 21:07:41.467: TAC+: Opened TCP/IP handle 0xF5C3D80 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:07:41.467: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:07:41.469: TAC+: 10.1.1.1 (1708131994) AUTHOR/START queued

*Sep 18 21:07:41.472: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:07:41.474: TPLUS(00000067)/0/NB_WAIT: wrote entire 123 bytes request

*Sep 18 21:07:41.476: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:41.476: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:07:41.488: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:41.488: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:07:41.489: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:41.489: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:07:41.490: TPLUS(00000067)/0/D711518: Processing the reply packet

*Sep 18 21:07:41.491: TPLUS: Received accounting response with status PASS

*Sep 18 21:07:41.494: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:07:41.494: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:07:41.495: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:07:41.495: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:07:41.496: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:07:41.497: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:07:41.668: TAC+: (1708131994) AUTHOR/START processed

*Sep 18 21:07:41.672: TAC+: (1708131994): received author response status = PASS_ADD

*Sep 18 21:07:41.673: TAC+: Closing TCP/IP 0xF5C3D80 connection to 10.1.1.1/49

*Sep 18 21:07:41.678: AAA/AUTHOR (1708131994): Post authorization status = PASS_ADD

*Sep 18 21:07:41.679: AAA/MEMORY: free_user (0xCDE98A0) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 18 21:07:41.680: AAA/ACCT/260(00000067): Pick method list 'test20'

*Sep 18 21:07:41.681: AAA/ACCT/SETMLIST(00000067): Handle 8100001A, mlist 10A204D8, Name test20

*Sep 18 21:07:41.681: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:07:41.682: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:07:41.682: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:07:41.683: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:07:41.684: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:07:41.685: AAA/ACCT/CMD(00000067): Setting session id 99 : db=100F4458

*Sep 18 21:07:41.714: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:07:41.715: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:07:41.718: TPLUS: processing accounting request id 103

*Sep 18 21:07:41.719: TPLUS: Sending AV task_id=98

*Sep 18 21:07:41.719: TPLUS: Sending AV timezone=UTC

*Sep 18 21:07:41.720: TPLUS: Sending AV service=shell

*Sep 18 21:07:41.720: TPLUS: Sending AV priv-lvl=1

*Sep 18 21:07:41.720: TPLUS: Sending AV cmd=show ip interface brief <cr>

*Sep 18 21:07:41.721: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:07:41.722: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:07:41.728: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:07:41.735: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:07:41.740: TPLUS(00000067)/0/NB_WAIT: wrote entire 124 bytes request

*Sep 18 21:07:41.740: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:41.741: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:07:41.748: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:41.748: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:07:41.749: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:07:41.749: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:07:41.750: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:07:41.750: TPLUS: Received accounting response with status PASS

*Sep 18 21:07:41.754: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:07:41.755: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:07:41.755: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:07:41.755: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:07:41.756: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:07:41.757: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:08:16.860: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 15 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:08:16.861: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:08:16.861: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:08:16.862: AAA/MEMORY: create_user (0xE880D98) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:08:16.862: tty2 AAA/AUTHOR/CMD (3113687028): Port='tty2' list='test20' service=CMD

*Sep 18 21:08:16.863: AAA/AUTHOR/CMD: tty2 (3113687028) user='cisco15'

*Sep 18 21:08:16.863: tty2 AAA/AUTHOR/CMD (3113687028): send AV service=shell

*Sep 18 21:08:16.864: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd=interface

*Sep 18 21:08:16.864: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd-arg=Group-Async

*Sep 18 21:08:16.865: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd-arg=0

*Sep 18 21:08:16.865: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd-arg=GigabitEthernet

*Sep 18 21:08:16.866: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd-arg=0

*Sep 18 21:08:16.867: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd-arg=3

*Sep 18 21:08:16.868: tty2 AAA/AUTHOR/CMD (3113687028): send AV cmd-arg=<cr>

*Sep 18 21:08:16.868: tty2 AAA/AUTHOR/CMD(3113687028): found list "test20"

*Sep 18 21:08:16.869: tty2 AAA/AUTHOR/CMD (3113687028): Method=tacacs+ (tacacs+)

*Sep 18 21:08:16.869: AAA/AUTHOR/TAC+: (3113687028): user=cisco15

*Sep 18 21:08:16.870: AAA/AUTHOR/TAC+: (3113687028): send AV service=shell

*Sep 18 21:08:16.870: AAA/AUTHOR/TAC+: (3113687028): send AV cmd=interface

*Sep 18 21:08:16.871: AAA/AUTHOR/TAC+: (3113687028): send AV cmd-arg=Group-Async

*Sep 18 21:08:16.871: AAA/AUTHOR/TAC+: (3113687028): send AV cmd-arg=0

*Sep 18 21:08:16.871: AAA/AUTHOR/TAC+: (3113687028): send AV cmd-arg=GigabitEthernet

*Sep 18 21:08:16.872: AAA/AUTHOR/TAC+: (3113687028): send AV cmd-arg=0

*Sep 18 21:08:16.872: AAA/AUTHOR/TAC+: (3113687028): send AV cmd-arg=3

*Sep 18 21:08:16.873: AAA/AUTHOR/TAC+: (3113687028): send AV cmd-arg=<cr>

*Sep 18 21:08:16.873: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:16.874: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:08:16.894: TAC+: Opened TCP/IP handle 0xF5C2F30 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:08:16.895: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:08:16.896: TAC+: 10.1.1.1 (3113687028) AUTHOR/START queued

*Sep 18 21:08:17.796: TAC+: (3113687028) AUTHOR/START processed

*Sep 18 21:08:17.799: TAC+: (-1181280268): received author response status = PASS_ADD

*Sep 18 21:08:17.800: TAC+: Closing TCP/IP 0xF5C2F30 connection to 10.1.1.1/49

*Sep 18 21:08:17.804: AAA/AUTHOR (3113687028): Post authorization status = PASS_ADD

*Sep 18 21:08:17.804: AAA/MEMORY: free_user (0xE880D98) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Sep 18 21:08:17.805: AAA/ACCT/3844(00000067): Pick method list 'test20'

*Sep 18 21:08:17.805: AAA/ACCT/SETMLIST(00000067): Handle 9C00001D, mlist 100F5828, Name test20

*Sep 18 21:08:17.806: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:08:17.806: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:08:17.807: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:08:17.807: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:08:17.808: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:08:17.809: AAA/ACCT/CMD(00000067): Setting session id 100 : db=100F4458

*Sep 18 21:08:17.860: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:08:17.861: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:08:17.865: TPLUS: processing accounting request id 103

*Sep 18 21:08:17.865: TPLUS: Sending AV task_id=99

*Sep 18 21:08:17.866: TPLUS: Sending AV timezone=UTC

*Sep 18 21:08:17.866: TPLUS: Sending AV service=shell

*Sep 18 21:08:17.867: TPLUS: Sending AV priv-lvl=15

*Sep 18 21:08:17.867: TPLUS: Sending AV cmd=interface Group-Async 0 GigabitEthernet 0 3 <cr>

*Sep 18 21:08:17.868: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:08:17.868: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:17.875: TPLUS(00000067)/0/NB_WAIT/CDEA288: Started 5 sec timeout

*Sep 18 21:08:17.887: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:08:17.891: TPLUS(00000067)/0/NB_WAIT: wrote entire 145 bytes request

*Sep 18 21:08:17.891: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:17.891: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:08:17.899: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:17.900: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:08:17.901: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:17.901: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:08:17.901: TPLUS(00000067)/0/CDEA288: Processing the reply packet

*Sep 18 21:08:17.902: TPLUS: Received accounting response with status PASS

*Sep 18 21:08:17.906: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:08:17.907: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:08:17.907: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:08:17.908: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:08:17.908: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:08:17.909: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:08:25.743: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 15 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:08:25.744: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:08:25.745: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:08:25.745: AAA/MEMORY: create_user (0xAFA5F68) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:08:25.746: tty2 AAA/AUTHOR/CMD (2375285805): Port='tty2' list='test20' service=CMD

*Sep 18 21:08:25.747: AAA/AUTHOR/CMD: tty2 (2375285805) user='cisco15'

*Sep 18 21:08:25.747: tty2 AAA/AUTHOR/CMD (2375285805): send AV service=shell

*Sep 18 21:08:25.748: tty2 AAA/AUTHOR/CMD (2375285805): send AV cmd=no

*Sep 18 21:08:25.748: tty2 AAA/AUTHOR/CMD (2375285805): send AV cmd-arg=switchport

*Sep 18 21:08:25.749: tty2 AAA/AUTHOR/CMD (2375285805): send AV cmd-arg=<cr>

*Sep 18 21:08:25.749: tty2 AAA/AUTHOR/CMD(2375285805): found list "test20"

*Sep 18 21:08:25.750: tty2 AAA/AUTHOR/CMD (2375285805): Method=tacacs+ (tacacs+)

*Sep 18 21:08:25.751: AAA/AUTHOR/TAC+: (2375285805): user=cisco15

*Sep 18 21:08:25.751: AAA/AUTHOR/TAC+: (2375285805): send AV service=shell

*Sep 18 21:08:25.752: AAA/AUTHOR/TAC+: (2375285805): send AV cmd=no

*Sep 18 21:08:25.753: AAA/AUTHOR/TAC+: (2375285805): send AV cmd-arg=switchport

*Sep 18 21:08:25.754: AAA/AUTHOR/TAC+: (2375285805): send AV cmd-arg=<cr>

*Sep 18 21:08:25.754: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:25.755: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:08:25.775: TAC+: Opened TCP/IP handle 0xF5C2F30 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:08:25.776: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:08:25.777: TAC+: 10.1.1.1 (2375285805) AUTHOR/START queued

*Sep 18 21:08:25.977: TAC+: (2375285805) AUTHOR/START processed

*Sep 18 21:08:25.979: TAC+: (-1919681491): received author response status = PASS_ADD

*Sep 18 21:08:25.980: TAC+: Closing TCP/IP 0xF5C2F30 connection to 10.1.1.1/49

*Sep 18 21:08:25.985: AAA/AUTHOR (2375285805): Post authorization status = PASS_ADD

*Sep 18 21:08:25.986: AAA/MEMORY: free_user (0xAFA5F68) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Sep 18 21:08:25.986: AAA/ACCT/3844(00000067): Pick method list 'test20'

*Sep 18 21:08:25.987: AAA/ACCT/SETMLIST(00000067): Handle 9C00001D, mlist 100F5828, Name test20

*Sep 18 21:08:25.987: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:08:25.988: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:08:25.988: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:08:25.989: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:08:25.990: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:08:25.990: AAA/ACCT/CMD(00000067): Setting session id 101 : db=100F4458

*Sep 18 21:08:26.055: Gi0/3 AAA/DISC: 6/"Admin Reset"

*Sep 18 21:08:26.055: Gi0/3 AAA/DISC/EXT: 1026/"TCP Disabled"

*Sep 18 21:08:26.191: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:08:26.192: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:08:26.725: TPLUS: processing accounting request id 103

*Sep 18 21:08:26.725: TPLUS: Sending AV task_id=100

*Sep 18 21:08:26.726: TPLUS: Sending AV timezone=UTC

*Sep 18 21:08:26.726: TPLUS: Sending AV service=shell

*Sep 18 21:08:26.727: TPLUS: Sending AV priv-lvl=15

*Sep 18 21:08:26.727: TPLUS: Sending AV cmd=no switchport <cr>

*Sep 18 21:08:26.727: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:08:26.728: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:26.735: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:08:26.907: TAC+: Removing all tacacs source-int. pointing to GigabitEthernet0/3

*Sep 18 21:08:27.339: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:08:27.345: TPLUS(00000067)/0/NB_WAIT: wrote entire 116 bytes request

*Sep 18 21:08:27.346: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:27.346: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:08:27.420: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:27.421: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:08:27.421: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:27.422: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:08:27.422: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:08:27.423: TPLUS: Received accounting response with status PASS

*Sep 18 21:08:27.427: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:08:27.428: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:08:27.428: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:08:27.429: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:08:27.430: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:08:27.430: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:08:29.000: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to up

*Sep 18 21:08:30.233: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to up

*Sep 18 21:08:49.103: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 15 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:08:49.104: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:08:49.105: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:08:49.105: AAA/MEMORY: create_user (0xB185E10) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:08:49.106: tty2 AAA/AUTHOR/CMD (255693030): Port='tty2' list='test20' service=CMD

*Sep 18 21:08:49.106: AAA/AUTHOR/CMD: tty2 (255693030) user='cisco15'

*Sep 18 21:08:49.107: tty2 AAA/AUTHOR/CMD (255693030): send AV service=shell

*Sep 18 21:08:49.108: tty2 AAA/AUTHOR/CMD (255693030): send AV cmd=ip

*Sep 18 21:08:49.108: tty2 AAA/AUTHOR/CMD (255693030): send AV cmd-arg=address

*Sep 18 21:08:49.108: tty2 AAA/AUTHOR/CMD (255693030): send AV cmd-arg=10.10.10.10

*Sep 18 21:08:49.109: tty2 AAA/AUTHOR/CMD (255693030): send AV cmd-arg=255.255.255.0

*Sep 18 21:08:49.109: tty2 AAA/AUTHOR/CMD (255693030): send AV cmd-arg=<cr>

*Sep 18 21:08:49.110: tty2 AAA/AUTHOR/CMD(255693030): found list "test20"

*Sep 18 21:08:49.110: tty2 AAA/AUTHOR/CMD (255693030): Method=tacacs+ (tacacs+)

*Sep 18 21:08:49.111: AAA/AUTHOR/TAC+: (255693030): user=cisco15

*Sep 18 21:08:49.111: AAA/AUTHOR/TAC+: (255693030): send AV service=shell

*Sep 18 21:08:49.112: AAA/AUTHOR/TAC+: (255693030): send AV cmd=ip

*Sep 18 21:08:49.112: AAA/AUTHOR/TAC+: (255693030): send AV cmd-arg=address

*Sep 18 21:08:49.113: AAA/AUTHOR/TAC+: (255693030): send AV cmd-arg=10.10.10.10

*Sep 18 21:08:49.114: AAA/AUTHOR/TAC+: (255693030): send AV cmd-arg=255.255.255.0

*Sep 18 21:08:49.114: AAA/AUTHOR/TAC+: (255693030): send AV cmd-arg=<cr>

*Sep 18 21:08:49.115: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:49.115: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:08:49.141: TAC+: Opened TCP/IP handle 0xF5C4E80 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:08:49.142: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:08:49.143: TAC+: 10.1.1.1 (255693030) AUTHOR/START queued

*Sep 18 21:08:50.181: TAC+: (255693030) AUTHOR/START processed

*Sep 18 21:08:50.206: TAC+: (255693030): received author response status = PASS_ADD

*Sep 18 21:08:50.207: TAC+: Closing TCP/IP 0xF5C4E80 connection to 10.1.1.1/49

*Sep 18 21:08:50.211: AAA/AUTHOR (255693030): Post authorization status = PASS_ADD

*Sep 18 21:08:50.211: AAA/MEMORY: free_user (0xB185E10) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Sep 18 21:08:50.213: AAA/ACCT/3844(00000067): Pick method list 'test20'

*Sep 18 21:08:50.213: AAA/ACCT/SETMLIST(00000067): Handle 9C00001D, mlist 100F5828, Name test20

*Sep 18 21:08:50.214: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:08:50.215: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:08:50.215: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:08:50.216: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:08:50.217: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:08:50.218: AAA/ACCT/CMD(00000067): Setting session id 102 : db=100F4458

*Sep 18 21:08:50.304: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:08:50.305: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:08:50.344: TPLUS: processing accounting request id 103

*Sep 18 21:08:50.344: TPLUS: Sending AV task_id=101

*Sep 18 21:08:50.345: TPLUS: Sending AV timezone=UTC

*Sep 18 21:08:50.345: TPLUS: Sending AV service=shell

*Sep 18 21:08:50.346: TPLUS: Sending AV priv-lvl=15

*Sep 18 21:08:50.346: TPLUS: Sending AV cmd=ip address 10.10.10.10 255.255.255.0 <cr>

*Sep 18 21:08:50.346: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:08:50.347: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:50.359: TPLUS(00000067)/0/NB_WAIT/E880D98: Started 5 sec timeout

*Sep 18 21:08:50.375: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:08:50.381: TPLUS(00000067)/0/NB_WAIT: wrote entire 139 bytes request

*Sep 18 21:08:50.384: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:50.384: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:08:50.392: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:50.392: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:08:50.393: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:50.393: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:08:50.394: TPLUS(00000067)/0/E880D98: Processing the reply packet

*Sep 18 21:08:50.394: TPLUS: Received accounting response with status PASS

*Sep 18 21:08:50.400: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:08:50.400: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:08:50.401: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:08:50.401: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:08:50.403: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:08:50.403: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:08:57.622: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 15 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 18 21:08:57.622: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 18 21:08:57.623: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 18 21:08:57.623: AAA/MEMORY: create_user (0xCF45F70) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 18 21:08:57.624: tty2 AAA/AUTHOR/CMD (256980326): Port='tty2' list='test20' service=CMD

*Sep 18 21:08:57.625: AAA/AUTHOR/CMD: tty2 (256980326) user='cisco15'

*Sep 18 21:08:57.625: tty2 AAA/AUTHOR/CMD (256980326): send AV service=shell

*Sep 18 21:08:57.626: tty2 AAA/AUTHOR/CMD (256980326): send AV cmd=no

*Sep 18 21:08:57.627: tty2 AAA/AUTHOR/CMD (256980326): send AV cmd-arg=shutdown

*Sep 18 21:08:57.627: tty2 AAA/AUTHOR/CMD (256980326): send AV cmd-arg=<cr>

*Sep 18 21:08:57.628: tty2 AAA/AUTHOR/CMD(256980326): found list "test20"

*Sep 18 21:08:57.628: tty2 AAA/AUTHOR/CMD (256980326): Method=tacacs+ (tacacs+)

*Sep 18 21:08:57.629: AAA/AUTHOR/TAC+: (256980326): user=cisco15

*Sep 18 21:08:57.630: AAA/AUTHOR/TAC+: (256980326): send AV service=shell

*Sep 18 21:08:57.631: AAA/AUTHOR/TAC+: (256980326): send AV cmd=no

*Sep 18 21:08:57.632: AAA/AUTHOR/TAC+: (256980326): send AV cmd-arg=shutdown

*Sep 18 21:08:57.632: AAA/AUTHOR/TAC+: (256980326): send AV cmd-arg=<cr>

*Sep 18 21:08:57.634: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:57.635: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 18 21:08:57.655: TAC+: Opened TCP/IP handle 0xF5C4E80 to 10.1.1.1/49 using source 0.0.0.0

*Sep 18 21:08:57.656: TAC+: Opened 10.1.1.1 index=1

*Sep 18 21:08:57.658: TAC+: 10.1.1.1 (256980326) AUTHOR/START queued

*Sep 18 21:08:57.858: TAC+: (256980326) AUTHOR/START processed

*Sep 18 21:08:57.860: TAC+: (256980326): received author response status = PASS_ADD

*Sep 18 21:08:57.860: TAC+: Closing TCP/IP 0xF5C4E80 connection to 10.1.1.1/49

*Sep 18 21:08:57.867: AAA/AUTHOR (256980326): Post authorization status = PASS_ADD

*Sep 18 21:08:57.868: AAA/MEMORY: free_user (0xCF45F70) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.102' authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Sep 18 21:08:57.869: AAA/ACCT/3844(00000067): Pick method list 'test20'

*Sep 18 21:08:57.869: AAA/ACCT/SETMLIST(00000067): Handle 9C00001D, mlist 100F5828, Name test20

*Sep 18 21:08:57.869: Getting session id for CMD(00000067) : db=100F4458

*Sep 18 21:08:57.870: AAA/ACCT/CMD(00000067): add, count 3

*Sep 18 21:08:57.870: AAA/ACCT/EVENT/(00000067): COMMAND

*Sep 18 21:08:57.872: AAA/ACCT/CMD(00000067): Queueing record is COMMAND osr 1

*Sep 18 21:08:57.874: AAA/ACCT/CMD(00000067): free_rec, count 2

*Sep 18 21:08:57.874: AAA/ACCT/CMD(00000067): Setting session id 103 : db=100F4458

*Sep 18 21:08:57.892: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:08:57.892: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:08:57.895: TPLUS: processing accounting request id 103

*Sep 18 21:08:57.895: TPLUS: Sending AV task_id=102

*Sep 18 21:08:57.896: TPLUS: Sending AV timezone=UTC

*Sep 18 21:08:57.896: TPLUS: Sending AV service=shell

*Sep 18 21:08:57.897: TPLUS: Sending AV priv-lvl=15

*Sep 18 21:08:57.898: TPLUS: Sending AV cmd=no shutdown <cr>

*Sep 18 21:08:57.899: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:08:57.900: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:08:57.909: TPLUS(00000067)/0/NB_WAIT/100E4340: Started 5 sec timeout

*Sep 18 21:08:57.926: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:08:57.931: TPLUS(00000067)/0/NB_WAIT: wrote entire 114 bytes request

*Sep 18 21:08:57.932: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:57.932: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:08:57.941: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:57.942: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:08:57.943: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:08:57.943: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:08:57.944: TPLUS(00000067)/0/100E4340: Processing the reply packet

*Sep 18 21:08:57.944: TPLUS: Received accounting response with status PASS

*Sep 18 21:08:57.950: AAA/ACCT/CMD(00000067): STOP protocol reply PASS

*Sep 18 21:08:57.951: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:08:57.952: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:08:57.952: AAA/ACCT/CMD(00000067): Cleaning up from Callback osr 0

*Sep 18 21:08:57.953: AAA/ACCT/CMD(00000067) Record not present

*Sep 18 21:08:57.954: /AAA/ACCTCMD(00000067) reccnt 2, csr FALSE, osr 0

*Sep 18 21:09:23.360: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 18 21:09:23.361: %SYS-5-CONFIG_I: Configured from console by cisco15 on vty0 (10.1.1.102)

*Sep 18 21:09:26.064: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.102' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 18 21:09:26.065: unknown AAA/DISC: 1/"User Request"

*Sep 18 21:09:26.066: unknown AAA/DISC/EXT: 1020/"User Request"

*Sep 18 21:09:26.067: unknown AAA/DISC: 9/"NAS Error"

*Sep 18 21:09:26.067: unknown AAA/DISC/EXT: 1002/"Unknown"

*Sep 18 21:09:26.068: AAA/ACCT/EXEC(00000067): Pick method list 'test20'

*Sep 18 21:09:26.068: AAA/ACCT/SETMLIST(00000067): Handle 13000019, mlist 100E7290, Name test20

*Sep 18 21:09:26.071: AAA/ACCT/EVENT/(00000067): CALL STOP

*Sep 18 21:09:26.072: AAA/ACCT/CALL STOP(00000067): Sending stop requests

*Sep 18 21:09:26.072: AAA/ACCT(00000067): Send all stops

*Sep 18 21:09:26.073: AAA/ACCT/EXEC(00000067): STOP

*Sep 18 21:09:26.074: AAA/ACCT/EXEC(00000067): Queueing record is STOP osr 1

*Sep 18 21:09:26.075: AAA/ACCT/NET(00000067): STOP

*Sep 18 21:09:26.075: AAA/ACCT/NET(00000067): Method list not found

*Sep 18 21:09:26.076: AAA/ACCT/NET(00000067): free_rec, count 1

*Sep 18 21:09:26.076: /AAA/ACCTNET(00000067) reccnt 1, csr TRUE, osr 1

*Sep 18 21:09:26.080: AAA/ACCT(00000067): Accounting method=tacacs+ (TACACS+)

*Sep 18 21:09:26.080: TPLUS: Queuing AAA Accounting request 103 for processing

*Sep 18 21:09:26.082: TPLUS: processing accounting request id 103

*Sep 18 21:09:26.082: TPLUS: Sending AV task_id=93

*Sep 18 21:09:26.083: TPLUS: Sending AV timezone=UTC

*Sep 18 21:09:26.083: TPLUS: Sending AV service=shell

*Sep 18 21:09:26.084: TPLUS: Sending AV disc-cause=1

*Sep 18 21:09:26.084: TPLUS: Sending AV disc-cause-ext=9

*Sep 18 21:09:26.085: TPLUS: Sending AV pre-session-time=10

*Sep 18 21:09:26.085: TPLUS: Sending AV elapsed_time=161

*Sep 18 21:09:26.086: TPLUS: Sending AV stop_time=1663535366

*Sep 18 21:09:26.086: TPLUS: Accounting request created for 103(cisco15)

*Sep 18 21:09:26.087: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 18 21:09:26.093: TPLUS(00000067)/0/NB_WAIT/CDEA338: Started 5 sec timeout

*Sep 18 21:09:26.105: TPLUS(00000067)/0/NB_WAIT: socket event 2

*Sep 18 21:09:26.109: TPLUS(00000067)/0/NB_WAIT: wrote entire 168 bytes request

*Sep 18 21:09:26.109: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:09:26.110: TPLUS(00000067)/0/READ: Would block while reading

*Sep 18 21:09:26.125: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:09:26.126: TPLUS(00000067)/0/READ: read entire 12 header bytes (expect 5 bytes data)

*Sep 18 21:09:26.127: TPLUS(00000067)/0/READ: socket event 1

*Sep 18 21:09:26.127: TPLUS(00000067)/0/READ: read entire 17 bytes response

*Sep 18 21:09:26.128: TPLUS(00000067)/0/CDEA338: Processing the reply packet

*Sep 18 21:09:26.128: TPLUS: Received accounting response with status PASS

*Sep 18 21:09:26.133: AAA/ACCT/EXEC(00000067): STOP protocol reply PASS

*Sep 18 21:09:26.134: AAA/ACCT(00000067): Accounting response status = SUCCESS

*Sep 18 21:09:26.134: AAA/ACCT(00000067): Send STOP accounting notification to EM failed

*Sep 18 21:09:26.135: AAA/ACCT/EXEC(00000067): Cleaning up from Callback osr 0

*Sep 18 21:09:26.136: AAA/ACCT(00000067): del node, session 93

*Sep 18 21:09:26.137: AAA/ACCT/EXEC(00000067): free_rec, count 0

*Sep 18 21:09:26.137: /AAA/ACCTEXEC(00000067) reccnt 0, csr TRUE, osr 0

*Sep 18 21:09:26.138: AAA/ACCT/EXEC(00000067): Last rec in db, intf not enqueued

NAS#

NAS#

NAS#no debug all

All possible debugging has been turned off

accounting 报告

authentication报告

authorization报告

四、TACACS+认证授权计费总结

authentication(指定什么样的行为使用什么样的认证方法-本地认证/不认证/服务器认证等。)

1

aaa authentication LOGIN

Authentication Login Methods:enable/krb5/krb5-telnet/line/local/local-case/none/group radius/group tacacs+

2

aaa authentication PPP

Authentication ppp Methods:if-needed/krb5/local/local-case/none/groupradius/group tacacs+

3

aaa authentication ARAP(AppleTalk Remote Access Protocol)

Authentication arap Methods:auth-guest/guest/line/local/local-case/groupradius/grouptacacs+

4

aaa authentication NASI(NetWare Asynchronous Services Interface)

Authentication nasi Methods: enable/line/local/local-case/none/group radius/group tacacs+

5

aaa authentication enable default

Authentication enable Methods: enable/line/none/group radius/group tacacs+

authorization(常用授权类型-登录成功后,可以授予的权限有哪些)

Authorization generally takes place after authentication and relieson authentication to work properly.

1

aaa authorization auth-proxy

Applies specific security policies on a per-user basis.

2

aaa authorization commands---enable authorization for specific, individual EXEC commands

Applies to the EXEC mode commands

3

aaa authorization exec----------determine if a user is allowed to run an EXEC shell.

Applies to the attributes associated with a user EXEC terminal session.

4

aaa authorization network---enable authorization for all network-related service requests

Applies to network connections.

5

aaa authorization reverse-access---enable authorization for reverse Telnet functions

Applies to reverse Telnet sessions.

6

aaa authorization config-commands

Applies to the global configuration commands

AAA Authorization Methods

1

tacacs+

2

If-Authenticated

3

None

4

local

5

radius

accounting(指定什么样的行为方式-接入网络/登录设备/在设备上执行命令/系统事件等-使用radius或者tacacs+进行计费/审计)

1

aaa accounting Network

1、a PPP user who comes in through an EXEC session:

2、a PPP user who first started an EXEC session:

3、a PPP user who comes in through autoselect:

2

aaa accounting EXEC--- EXEC terminal sessions

1、a dial-in user:

2、a Telnet user:

3

aaa accounting Commands--- EXEC mode commands

1、privilege level 1:

2、privilege level 15:

4

aaa accounting Connection--- all outbound connections made from the network access

server, such as Telnet, local-area transport (LAT), TN3270,

1、an outbound Telnet connection:

2、an outbound rlogin connection:

3、an outbound LAT connection:

5

aaa accounting System--- system-level events.

1、AAA accounting has been turned off:

2、AAA accounting has been turned on:

6

aaa accounting Resource--- Provides “start” and “stop” records for calls that have passed user authentication

provides “stop” records for calls that fail to authenticate

1、AAA Resource Failure Stop Accounting

2、AAA Resource Accounting for Start-Stop Records

Accounting Record Types

1

NONE: No accounting.

2

start-stop: Record start and stop without waiting

3

stop-only: Record stop when service terminates.

AAA Accounting Methods---accounting必须使用服务器,不支持本地accounting

1

TACACS+

2

RADIUS

AAA Accounting Enhancements

1

AAA Broadcast Accounting:

AAA broadcast accounting allows accounting information to be sent to multiple AAA servers at the same time

accounting information can be broadcast to one or more AAA servers simultaneously

2

AAA Session MIB:

The AAA session MIB feature allows customers to monitor and terminate their authenticated client connections using Simple Network Management Protocol (SNMP).

Configuring tacacs+案例

1

aaa new-model

aaa authentication ppp test group tacacs+ local

tacacs-server host 10.1.2.3

tacacs-server key goaway

interface serial 0

ppp authentication chap pap test

2

aaa new-model

aaa authentication ppp default if-needed group tacacs+ local

tacacs-server host 10.1.2.3

tacacs-server key goaway

interface serial 0

ppp authentication chap default

/The if-needed keyword means that if the user has already authenticated by going through the ASCII login procedure, then PPP authentication is not necessary and can be skipped/

3

aaa new-model

aaa authentication login default group tacacs+ local

tacacs-server host 10.2.3.4

tacacs-server key apple

4

aaa new-model

aaa authentication ppp default if-needed group tacacs+ local

aaa authorization network default group tacacs+

tacacs-server host 10.1.2.3

tacacs-server key goaway

interface serial 0

ppp authentication chap default

5

aaa new-model

aaa authentication ppp default if-needed group tacacs+ local

aaa accounting network default stop-only group tacacs+

tacacs-server host 10.1.2.3

tacacs-server key goaway

interface serial 0

ppp authentication chap default

/In this example, accounting records describing the session that just terminated will be sent to the TACACS+ daemon whenever a network connection terminates/

6

aaa group server tacacs tacgroup1

server 172.16.1.1

server 172.16.1.21

7

aaa new-model

tacacs-server host 172.16.0.1

tacacs-server host 172.17.0.1

tacacs-server host 172.18.0.1

tacacs-server host 172.19.0.1

tacacs-server host 172.20.0.1

tacacs-server key abcdefg

aaa group server tacacs sg1

server 172.16.0.1

server 172.17.0.1

aaa group server tacacs sg2

server 172.18.0.1

aaa group server tacacs sg3

server 172.19.0.1

aaa group server tacacs default-group

server 172.20.0.1

aaa authentication ppp default group default-group

aaa accounting network default start-stop group default-group

EXEC Mode

A****、User EXEC Mode

1

For security purposes, only a limited subset of EXEC commands are available in user EXEC mode.

User EXEC mode is set by default to privilege level 1.( your session is running at privilege level 1.)

2

To list the commands available in user EXEC mode,

Router> ?

Exec commands:

B****、Privileged EXEC mode

1

Privileged EXEC mode is set by default to privilege level 15.( session is running at privilege level 15.)

Normally, you must enter a password to enter privileged EXEC mode.

You can move commands to any privilege level between 1 and 15 using the privilege command.

2

To list the commands available in privileged EXEC mode,

Router# ?

Exec commands:

User Exec Mode

A****、Remote CLI Sessions

1、line vty line-number [ending-line-number]

2、password password

B****、Local CLI Sessions

1、line console 0

2、password password

Privileged Exec Mode

1、enable passwod+ service password-encryption

2、enable secret

五、认证、授权debug及抓包过程

1、NAS设备开启debug

NAS#debug tacacs

TACACS access control debugging is on

NAS#debug aaa authen

AAA Authentication debugging is on

NAS#debug aaa author

AAA Authorization debugging is on

2、使用cisco1用户名 telnet登录NAS(交换机)-10.1.1.254

3、debug信息

NAS#

*Sep 17 06:30:52.550: AAA/BIND(0000004F): Bind i/f

*Sep 17 06:30:52.553: AAA/AUTHEN/LOGIN (0000004F): Pick method list 'test20'

*Sep 17 06:30:52.569: TPLUS: Queuing AAA Authentication request 79 for processing

*Sep 17 06:30:52.577: TPLUS(0000004F) login timer started 1020 sec timeout

*Sep 17 06:30:52.579: TPLUS: processing authentication start request id 79

*Sep 17 06:30:52.580: TPLUS: Authentication start packet created for 79()

*Sep 17 06:30:52.581: TPLUS: Using server 10.1.1.1

*Sep 17 06:30:52.594: TPLUS(0000004F)/0/NB_WAIT/10A204D8: Started 5 sec timeout

*Sep 17 06:30:52.625: TPLUS(0000004F)/0/NB_WAIT: socket event 2

*Sep 17 06:30:52.636: TPLUS(0000004F)/0/NB_WAIT: wrote entire 34 bytes request

*Sep 17 06:30:52.639: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:52.640: TPLUS(0000004F)/0/READ: Would block while reading

*Sep 17 06:30:52.651: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:52.652: TPLUS(0000004F)/0/READ: read entire 12 header bytes (expect 16 bytes data)

*Sep 17 06:30:52.653: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:52.654: TPLUS(0000004F)/0/READ: read entire 28 bytes response

*Sep 17 06:30:52.655: TPLUS(0000004F)/0/10A204D8: Processing the reply packet

*Sep 17 06:30:52.655: TPLUS: Received authen response status GET_USER (7)

*Sep 17 06:30:55.623: TPLUS: Queuing AAA Authentication request 79 for processing

*Sep 17 06:30:55.624: TPLUS(0000004F) login timer started 1020 sec timeout

*Sep 17 06:30:55.625: TPLUS: processing authentication continue request id 79

*Sep 17 06:30:55.625: TPLUS: Authentication continue packet generated for 79

*Sep 17 06:30:55.626: TPLUS(0000004F)/0/WRITE/D7AB698: Started 5 sec timeout

*Sep 17 06:30:55.628: TPLUS(0000004F)/0/WRITE: wrote entire 23 bytes request

*Sep 17 06:30:55.659: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:55.660: TPLUS(0000004F)/0/READ: read entire 12 header bytes (expect 16 bytes data)

*Sep 17 06:30:55.660: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:55.661: TPLUS(0000004F)/0/READ: read entire 28 bytes response

*Sep 17 06:30:55.662: TPLUS(0000004F)/0/D7AB698: Processing the reply packet

*Sep 17 06:30:55.662: TPLUS: Received authen response status GET_PASSWORD (8)

*Sep 17 06:30:58.842: TPLUS: Queuing AAA Authentication request 79 for processing

*Sep 17 06:30:58.844: TPLUS(0000004F) login timer started 1020 sec timeout

*Sep 17 06:30:58.845: TPLUS: processing authentication continue request id 79

*Sep 17 06:30:58.846: TPLUS: Authentication continue packet generated for 79

*Sep 17 06:30:58.848: TPLUS(0000004F)/0/WRITE/D7AB698: Started 5 sec timeout

*Sep 17 06:30:58.857: TPLUS(0000004F)/0/WRITE: wrote entire 23 bytes request

*Sep 17 06:30:58.879: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:58.880: TPLUS(0000004F)/0/READ: read entire 12 header bytes (expect 6 bytes data)

*Sep 17 06:30:58.880: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:58.881: TPLUS(0000004F)/0/READ: read entire 18 bytes response

*Sep 17 06:30:58.882: TPLUS(0000004F)/0/D7AB698: Processing the reply packet

*Sep 17 06:30:58.882: TPLUS: Received authen response status PASS (2)

///

*Sep 17 06:30:58.898: AAA/AUTHOR (0x4F): Pick method list 'test20'

*Sep 17 06:30:58.900: TPLUS: Queuing AAA Authorization request 79 for processing

*Sep 17 06:30:58.903: TPLUS(0000004F) login timer started 1020 sec timeout

*Sep 17 06:30:58.903: TPLUS: processing authorization request id 79

*Sep 17 06:30:58.904: TPLUS: Protocol set to None .....Skipping

*Sep 17 06:30:58.905: TPLUS: Sending AV service=shell

Sep 17 06:30:58.905: TPLUS: Sending AV cmd

*Sep 17 06:30:58.907: TPLUS: Authorization request created for 79(cisco1)

*Sep 17 06:30:58.908: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 17 06:30:58.915: TPLUS(0000004F)/0/NB_WAIT/10A204D8: Started 5 sec timeout

*Sep 17 06:30:58.921: TPLUS(0000004F)/0/NB_WAIT: socket event 2

*Sep 17 06:30:58.924: TPLUS(0000004F)/0/NB_WAIT: wrote entire 59 bytes request

*Sep 17 06:30:58.925: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:58.925: TPLUS(0000004F)/0/READ: Would block while reading

*Sep 17 06:30:58.955: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:58.956: TPLUS(0000004F)/0/READ: read entire 12 header bytes (expect 17 bytes data)

*Sep 17 06:30:58.957: TPLUS(0000004F)/0/READ: socket event 1

*Sep 17 06:30:58.957: TPLUS(0000004F)/0/READ: read entire 29 bytes response

*Sep 17 06:30:58.958: TPLUS(0000004F)/0/10A204D8: Processing the reply packet

*Sep 17 06:30:58.958: TPLUS: Processed AV priv-lvl=1

*Sep 17 06:30:58.959: TPLUS: received authorization response for 79: PASS

*Sep 17 06:30:58.975: AAA/AUTHOR/EXEC(0000004F): processing AV cmd=

*Sep 17 06:30:58.975: AAA/AUTHOR/EXEC(0000004F): processing AV priv-lvl=1

*Sep 17 06:30:58.975: AAA/AUTHOR/EXEC(0000004F): Authorization successful

//

*Sep 17 06:31:06.709: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 17 06:31:06.710: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 06:31:06.711: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 06:31:06.711: AAA/MEMORY: create_user (0xAF7CB18) user='cisco1' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 17 06:31:06.712: tty2 AAA/AUTHOR/CMD (3438106579): Port='tty2' list='test20' service=CMD

*Sep 17 06:31:06.713: AAA/AUTHOR/CMD: tty2 (3438106579) user='cisco1'

*Sep 17 06:31:06.713: tty2 AAA/AUTHOR/CMD (3438106579): send AV service=shell

*Sep 17 06:31:06.714: tty2 AAA/AUTHOR/CMD (3438106579): send AV cmd=show

*Sep 17 06:31:06.715: tty2 AAA/AUTHOR/CMD (3438106579): send AV cmd-arg=users

*Sep 17 06:31:06.715: tty2 AAA/AUTHOR/CMD (3438106579): send AV cmd-arg=<cr>

*Sep 17 06:31:06.716: tty2 AAA/AUTHOR/CMD(3438106579): found list "test20"

*Sep 17 06:31:06.716: tty2 AAA/AUTHOR/CMD (3438106579): Method=tacacs+ (tacacs+)

*Sep 17 06:31:06.717: AAA/AUTHOR/TAC+: (3438106579): user=cisco1

*Sep 17 06:31:06.717: AAA/AUTHOR/TAC+: (3438106579): send AV service=shell

*Sep 17 06:31:06.718: AAA/AUTHOR/TAC+: (3438106579): send AV cmd=show

*Sep 17 06:31:06.718: AAA/AUTHOR/TAC+: (3438106579): send AV cmd-arg=users

*Sep 17 06:31:06.719: AAA/AUTHOR/TAC+: (3438106579): send AV cmd-arg=<cr>

*Sep 17 06:31:06.720: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 17 06:31:06.720: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 06:31:06.745: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 06:31:06.746: TAC+: Opened 10.1.1.1 index=1

*Sep 17 06:31:06.748: TAC+: 10.1.1.1 (3438106579) AUTHOR/START queued

*Sep 17 06:31:07.473: TAC+: (3438106579) AUTHOR/START processed

*Sep 17 06:31:07.480: TAC+: (-856860717): received author response status = FAIL

*Sep 17 06:31:07.481: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 06:31:07.485: AAA/AUTHOR (3438106579): Post authorization status = FAIL

*Sep 17 06:31:07.485: AAA/MEMORY: free_user (0xAF7CB18) user='cisco1' ruser='NAS' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 17 06:31:17.742: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

//

*Sep 17 06:31:17.743: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 06:31:17.743: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 06:31:17.744: AAA/MEMORY: create_user (0xD7114D0) user='cisco1' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 17 06:31:17.745: tty2 AAA/AUTHOR/CMD (1274478376): Port='tty2' list='test20' service=CMD

*Sep 17 06:31:17.746: AAA/AUTHOR/CMD: tty2 (1274478376) user='cisco1'

*Sep 17 06:31:17.748: tty2 AAA/AUTHOR/CMD (1274478376): send AV service=shell

*Sep 17 06:31:17.749: tty2 AAA/AUTHOR/CMD (1274478376): send AV cmd=show

*Sep 17 06:31:17.751: tty2 AAA/AUTHOR/CMD (1274478376): send AV cmd-arg=privilege

*Sep 17 06:31:17.751: tty2 AAA/AUTHOR/CMD (1274478376): send AV cmd-arg=<cr>

*Sep 17 06:31:17.752: tty2 AAA/AUTHOR/CMD(1274478376): found list "test20"

*Sep 17 06:31:17.753: tty2 AAA/AUTHOR/CMD (1274478376): Method=tacacs+ (tacacs+)

*Sep 17 06:31:17.754: AAA/AUTHOR/TAC+: (1274478376): user=cisco1

*Sep 17 06:31:17.755: AAA/AUTHOR/TAC+: (1274478376): send AV service=shell

*Sep 17 06:31:17.757: AAA/AUTHOR/TAC+: (1274478376): send AV cmd=show

*Sep 17 06:31:17.757: AAA/AUTHOR/TAC+: (1274478376): send AV cmd-arg=privilege

*Sep 17 06:31:17.758: AAA/AUTHOR/TAC+: (1274478376): send AV cmd-arg=<cr>

*Sep 17 06:31:17.758: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 17 06:31:17.759: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 06:31:17.778: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 06:31:17.778: TAC+: Opened 10.1.1.1 index=1

*Sep 17 06:31:17.780: TAC+: 10.1.1.1 (1274478376) AUTHOR/START queued

*Sep 17 06:31:18.480: TAC+: (1274478376) AUTHOR/START processed

*Sep 17 06:31:18.480: TAC+: (1274478376): received author response status = FAIL

*Sep 17 06:31:18.480: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 06:31:18.487: AAA/AUTHOR (1274478376): Post authorization status = FAIL

*Sep 17 06:31:18.487: AAA/MEMORY: free_user (0xD7114D0) user='cisco1' ruser='NAS' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

///

*Sep 17 06:31:25.270: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 17 06:31:25.271: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 06:31:25.272: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 06:31:25.272: AAA/MEMORY: create_user (0xCDEA0C0) user='cisco1' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=2 initial_task_id='0', vrf= (id=0)

*Sep 17 06:31:25.273: AAA/**AUTHEN/**START (2025735344): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 17 06:31:25.274: AAA/AUTHEN/START (2025735344): using "default" list

*Sep 17 06:31:25.275: AAA/AUTHEN/START (2025735344): Method=tacacs+ (tacacs+)

*Sep 17 06:31:25.275: TAC+: send AUTHEN/START packet ver=192 id=2025735344

*Sep 17 06:31:25.276: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 17 06:31:25.276: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 06:31:25.291: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 06:31:25.293: TAC+: 10.1.1.1 (2025735344) AUTHEN/START/LOGIN/ASCII queued

*Sep 17 06:31:25.492: TAC+: (2025735344) AUTHEN/START/LOGIN/ASCII processed

*Sep 17 06:31:25.496: TAC+: ver=192 id=2025735344 received AUTHEN status = GETPASS

*Sep 17 06:31:25.497: AAA/AUTHEN (2025735344): status = GETPASS

*Sep 17 06:31:29.662: AAA/AUTHEN/CONT (2025735344): continue_login (user='cisco1')

*Sep 17 06:31:29.663: AAA/AUTHEN (2025735344): status = GETPASS

*Sep 17 06:31:29.664: AAA/AUTHEN (2025735344): Method=tacacs+ (tacacs+)

*Sep 17 06:31:29.665: TAC+: send AUTHEN/CONT packet id=2025735344

*Sep 17 06:31:29.666: TAC+: 10.1.1.1 (2025735344) AUTHEN/CONT queued

*Sep 17 06:31:29.867: TAC+: (2025735344) AUTHEN/CONT processed

*Sep 17 06:31:29.871: TAC+: ver=192 id=2025735344 received AUTHEN status = FAIL

*Sep 17 06:31:29.871: AAA/AUTHEN (2025735344): status = FAIL

*Sep 17 06:31:29.872: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 06:31:29.876: AAA/MEMORY: free_user (0xCDEA0C0) user='cisco1' ruser='NULL' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=2 vrf= (id=0)

*Sep 17 06:31:32.025: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 17 06:31:32.025: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 06:31:32.027: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 06:31:32.027: AAA/MEMORY: create_user (0xD7114D0) user='cisco1' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=2 initial_task_id='0', vrf= (id=0)

*Sep 17 06:31:32.028: AAA/AUTHEN/START (2196742411): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 17 06:31:32.029: AAA/AUTHEN/START (2196742411): using "default" list

*Sep 17 06:31:32.029: AAA/AUTHEN/START (2196742411): Method=tacacs+ (tacacs+)

*Sep 17 06:31:32.029: TAC+: send AUTHEN/START packet ver=192 id=-2098224885

*Sep 17 06:31:32.029: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 17 06:31:32.029: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 06:31:32.044: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 06:31:32.046: TAC+: 10.1.1.1 (2196742411) AUTHEN/START/LOGIN/ASCII queued

*Sep 17 06:31:32.249: TAC+: (2196742411) AUTHEN/START/LOGIN/ASCII processed

*Sep 17 06:31:32.252: TAC+: ver=192 id=-2098224885 received AUTHEN status = GETPASS

*Sep 17 06:31:32.253: AAA/AUTHEN (2196742411): status = GETPASS

*Sep 17 06:31:34.806: AAA/AUTHEN/CONT (2196742411): continue_login (user='cisco1')

*Sep 17 06:31:34.806: AAA/AUTHEN (2196742411): status = GETPASS

*Sep 17 06:31:34.807: AAA/AUTHEN (2196742411): Method=tacacs+ (tacacs+)

*Sep 17 06:31:34.808: TAC+: send AUTHEN/CONT packet id=-2098224885

*Sep 17 06:31:34.810: TAC+: 10.1.1.1 (2196742411) AUTHEN/CONT queued

*Sep 17 06:31:35.011: TAC+: (2196742411) AUTHEN/CONT processed

*Sep 17 06:31:35.014: TAC+: ver=192 id=-2098224885 received AUTHEN status = FAIL

*Sep 17 06:31:35.015: AAA/AUTHEN (2196742411): status = FAIL

*Sep 17 06:31:35.016: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 06:31:35.020: AAA/MEMORY: free_user (0xD7114D0) user='cisco1' ruser='NULL' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=2 vrf= (id=0)

//

*Sep 17 06:31:36.477: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 17 06:31:36.478: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 06:31:36.478: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 06:31:36.479: AAA/MEMORY: create_user (0xCDEA0C0) user='cisco1' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 17 06:31:36.479: AAA/AUTHEN/START (2992478055): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 17 06:31:36.480: AAA/AUTHEN/START (2992478055): using "default" list

*Sep 17 06:31:36.480: AAA/AUTHEN/START (2992478055): Method=tacacs+ (tacacs+)

*Sep 17 06:31:36.481: TAC+: send AUTHEN/START packet ver=192 id=-1302489241

*Sep 17 06:31:36.481: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 17 06:31:36.482: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 06:31:36.529: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 06:31:36.531: TAC+: 10.1.1.1 (2992478055) AUTHEN/START/LOGIN/ASCII queued

*Sep 17 06:31:37.032: TAC+: (2992478055) AUTHEN/START/LOGIN/ASCII processed

*Sep 17 06:31:37.036: TAC+: ver=192 id=-1302489241 received AUTHEN status = GETPASS

*Sep 17 06:31:37.037: AAA/AUTHEN (2992478055): status = GETPASS

*Sep 17 06:31:42.441: AAA/AUTHEN/CONT (2992478055): continue_login (user='cisco1')

*Sep 17 06:31:42.441: AAA/AUTHEN (2992478055): status = GETPASS

*Sep 17 06:31:42.442: AAA/AUTHEN (2992478055): Method=tacacs+ (tacacs+)

*Sep 17 06:31:42.443: TAC+: send AUTHEN/CONT packet id=-1302489241

*Sep 17 06:31:42.445: TAC+: 10.1.1.1 (2992478055) AUTHEN/CONT queued

*Sep 17 06:31:42.645: TAC+: (2992478055) AUTHEN/CONT processed

*Sep 17 06:31:42.652: TAC+: ver=192 id=-1302489241 received AUTHEN status = FAIL

*Sep 17 06:31:42.652: AAA/AUTHEN (2992478055): status = FAIL

*Sep 17 06:31:42.653: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 06:31:42.657: AAA/MEMORY: free_user (0xCDEA0C0) user='cisco1' ruser='NULL' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

///

*Sep 17 06:31:45.001: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 17 06:31:45.002: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 06:31:45.003: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 06:31:45.003: AAA/MEMORY: create_user (0xD7114D0) user='cisco1' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 17 06:31:45.004: AAA/AUTHEN/START (1085324727): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 17 06:31:45.005: AAA/AUTHEN/START (1085324727): using "default" list

*Sep 17 06:31:45.005: AAA/AUTHEN/START (1085324727): Method=tacacs+ (tacacs+)

*Sep 17 06:31:45.006: TAC+: send AUTHEN/START packet ver=192 id=1085324727

*Sep 17 06:31:45.006: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 17 06:31:45.007: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 06:31:45.028: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 06:31:45.029: TAC+: 10.1.1.1 (1085324727) AUTHEN/START/LOGIN/ASCII queued

*Sep 17 06:31:45.232: TAC+: (1085324727) AUTHEN/START/LOGIN/ASCII processed

*Sep 17 06:31:45.239: TAC+: ver=192 id=1085324727 received AUTHEN status = GETPASS

*Sep 17 06:31:45.240: AAA/AUTHEN (1085324727): status = GETPASS

*Sep 17 06:31:53.279: AAA/AUTHEN/CONT (1085324727): continue_login (user='cisco1')

*Sep 17 06:31:53.280: AAA/AUTHEN (1085324727): status = GETPASS

*Sep 17 06:31:53.280: AAA/AUTHEN (1085324727): Method=tacacs+ (tacacs+)

*Sep 17 06:31:53.281: TAC+: send AUTHEN/CONT packet id=1085324727

*Sep 17 06:31:53.282: TAC+: 10.1.1.1 (1085324727) AUTHEN/CONT queued

*Sep 17 06:31:53.483: TAC+: (1085324727) AUTHEN/CONT processed

*Sep 17 06:31:53.486: TAC+: ver=192 id=1085324727 received AUTHEN status = FAIL

*Sep 17 06:31:53.486: AAA/AUTHEN (1085324727): status = FAIL

*Sep 17 06:31:53.487: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 06:31:53.491: AAA/MEMORY: free_user (0xD7114D0) user='cisco1' ruser='NULL' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

*Sep 17 06:31:57.376: AAA/AUTHOR: auth_need : user= 'cisco1' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

NAS#

4、抓包

认证成功。

四次握手断开tcp连接-----用户认证建立的tcp连接

tcp三次握手建立tcp连接-用于授权

四次握手断开tcp连接-----用户授权建立的tcp连接

tcp三次握手建立tcp连接-用于授权

5、使用cisco15登录NAS(交换机)-10.1.1.254

NAS#debug tacacs

TACACS access control debugging is on

NAS#debug aaa authentication

AAA Authentication debugging is on

NAS#debug aaa authorization

AAA Authorization debugging is on

NAS#sh debugging

General OS:

TACACS access control debugging is on

AAA Authentication debugging is on

AAA Authorization debugging is on

NAS#

*Sep 17 05:53:03.561: AAA/BIND(0000004E): Bind i/f

*Sep 17 05:53:03.563: AAA/AUTHEN/LOGIN (0000004E): Pick method list 'test20'

*Sep 17 05:53:03.566: TPLUS: Queuing AAA Authentication request 78 for processing

*Sep 17 05:53:03.568: TPLUS(0000004E) login timer started 1020 sec timeout

*Sep 17 05:53:03.569: TPLUS: processing authentication start request id 78

*Sep 17 05:53:03.570: TPLUS: Authentication start packet created for 78()

*Sep 17 05:53:03.571: TPLUS: Using server 10.1.1.1

*Sep 17 05:53:03.580: TPLUS(0000004E)/0/NB_WAIT/10A204D8: Started 5 sec timeout

*Sep 17 05:53:03.591: TPLUS(0000004E)/0/NB_WAIT: socket event 2

*Sep 17 05:53:03.595: TPLUS(0000004E)/0/NB_WAIT: wrote entire 34 bytes request

*Sep 17 05:53:03.595: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:03.596: TPLUS(0000004E)/0/READ: Would block while reading

*Sep 17 05:53:03.605: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:03.606: TPLUS(0000004E)/0/READ: read entire 12 header bytes (expect 16 bytes data)

*Sep 17 05:53:03.607: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:03.607: TPLUS(0000004E)/0/READ: read entire 28 bytes response

*Sep 17 05:53:03.609: TPLUS(0000004E)/0/10A204D8: Processing the reply packet

*Sep 17 05:53:03.609: TPLUS: Received authen response status GET_USER (7)

*Sep 17 05:53:07.913: TPLUS: Queuing AAA Authentication request 78 for processing

*Sep 17 05:53:07.914: TPLUS(0000004E) login timer started 1020 sec timeout

*Sep 17 05:53:07.915: TPLUS: processing authentication continue request id 78

*Sep 17 05:53:07.915: TPLUS: Authentication continue packet generated for 78

*Sep 17 05:53:07.916: TPLUS(0000004E)/0/WRITE/E881048: Started 5 sec timeout

*Sep 17 05:53:07.960: TPLUS(0000004E)/0/WRITE: wrote entire 24 bytes request

*Sep 17 05:53:07.978: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:07.978: TPLUS(0000004E)/0/READ: read entire 12 header bytes (expect 16 bytes data)

*Sep 17 05:53:07.979: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:07.979: TPLUS(0000004E)/0/READ: read entire 28 bytes response

*Sep 17 05:53:07.980: TPLUS(0000004E)/0/E881048: Processing the reply packet

Sep 17 05:53:07.981:* TPLUS: Received authen response status GET_PASSWORD (8)**

*Sep 17 05:53:10.995: TPLUS: Queuing AAA Authentication request 78 for processing

*Sep 17 05:53:10.998: TPLUS(0000004E) login timer started 1020 sec timeout

*Sep 17 05:53:10.999: TPLUS: processing authentication continue request id 78

*Sep 17 05:53:10.999: TPLUS: Authentication continue packet generated for 78

*Sep 17 05:53:11.000: TPLUS(0000004E)/0/WRITE/10A204D8: Started 5 sec timeout

*Sep 17 05:53:11.004: TPLUS(0000004E)/0/WRITE: wrote entire 24 bytes request

*Sep 17 05:53:11.022: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:11.023: TPLUS(0000004E)/0/READ: read entire 12 header bytes (expect 6 bytes data)

*Sep 17 05:53:11.025: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:11.026: TPLUS(0000004E)/0/READ: read entire 18 bytes response

*Sep 17 05:53:11.027: TPLUS(0000004E)/0/10A204D8: Processing the reply packet

Sep 17 05:53:11.028:* TPLUS: Received authen response status PASS (2)**

*Sep 17 05:53:11.045: AAA/AUTHOR (0x4E): Pick method list 'test20'

*Sep 17 05:53:11.049: TPLUS: Queuing AAA Authorization request 78 for processing

*Sep 17 05:53:11.051: TPLUS(0000004E) login timer started 1020 sec timeout

*Sep 17 05:53:11.052: TPLUS: processing authorization request id 78

*Sep 17 05:53:11.053: TPLUS: Protocol set to None .....Skipping

*Sep 17 05:53:11.054: TPLUS: Sending AV service=shell

Sep 17 05:53:11.055: TPLUS: Sending AV cmd

*Sep 17 05:53:11.056: TPLUS: Authorization request created for 78(cisco15)

*Sep 17 05:53:11.057: TPLUS: using previously set server 10.1.1.1 from group tacacs+

*Sep 17 05:53:11.064: TPLUS(0000004E)/0/NB_WAIT/E881048: Started 5 sec timeout

*Sep 17 05:53:11.075: TPLUS(0000004E)/0/NB_WAIT: socket event 2

*Sep 17 05:53:11.084: TPLUS(0000004E)/0/NB_WAIT: wrote entire 60 bytes request

*Sep 17 05:53:11.084: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:11.086: TPLUS(0000004E)/0/READ: Would block while reading

*Sep 17 05:53:11.101: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:11.102: TPLUS(0000004E)/0/READ: read entire 12 header bytes (expect 17 bytes data)

*Sep 17 05:53:11.103: TPLUS(0000004E)/0/READ: socket event 1

*Sep 17 05:53:11.103: TPLUS(0000004E)/0/READ: read entire 29 bytes response

*Sep 17 05:53:11.105: TPLUS(0000004E)/0/E881048: Processing the reply packet

*Sep 17 05:53:11.105: TPLUS: Processed AV priv-lvl=1

*Sep 17 05:53:11.106: TPLUS: received authorization response for 78: PASS

*Sep 17 05:53:11.117: AAA/AUTHOR/EXEC(0000004E): processing AV cmd=

*Sep 17 05:53:11.118: AAA/AUTHOR/EXEC(0000004E): processing AV priv-lvl=1

*Sep 17 05:53:11.119: AAA/AUTHOR/EXEC(0000004E): Authorization successful

*Sep 17 05:53:19.607: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 17 05:53:19.608: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 05:53:19.608: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 05:53:19.609: AAA/MEMORY: create_user (0xAF7CB18) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 17 05:53:19.609: tty2 AAA/AUTHOR/CMD (3716374947): Port='tty2' list='test20' service=CMD

*Sep 17 05:53:19.610: AAA/AUTHOR/CMD: tty2 (3716374947) user='cisco15'

*Sep 17 05:53:19.610: tty2 AAA/AUTHOR/CMD (3716374947): send AV service=shell

*Sep 17 05:53:19.611: tty2 AAA/AUTHOR/CMD (3716374947): send AV cmd=show

*Sep 17 05:53:19.612: tty2 AAA/AUTHOR/CMD (3716374947): send AV cmd-arg=users

*Sep 17 05:53:19.612: tty2 AAA/AUTHOR/CMD (3716374947): send AV cmd-arg=<cr>

*Sep 17 05:53:19.613: tty2 AAA/AUTHOR/CMD(3716374947): found list "test20"

*Sep 17 05:53:19.613: tty2 AAA/AUTHOR/CMD (3716374947): Method=tacacs+ (tacacs+)

*Sep 17 05:53:19.614: AAA/AUTHOR/TAC+: (3716374947): user=cisco15

*Sep 17 05:53:19.614: AAA/AUTHOR/TAC+: (3716374947): send AV service=shell

*Sep 17 05:53:19.615: AAA/AUTHOR/TAC+: (3716374947): send AV cmd=show

*Sep 17 05:53:19.615: AAA/AUTHOR/TAC+: (3716374947): send AV cmd-arg=users

*Sep 17 05:53:19.616: AAA/AUTHOR/TAC+: (3716374947): send AV cmd-arg=<cr>

*Sep 17 05:53:19.616: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 17 05:53:19.617: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 05:53:19.654: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 05:53:19.655: TAC+: Opened 10.1.1.1 index=1

*Sep 17 05:53:19.656: TAC+: 10.1.1.1 (3716374947) AUTHOR/START queued

*Sep 17 05:53:20.337: TAC+: (3716374947) AUTHOR/START processed

*Sep 17 05:53:20.344: TAC+: (-578592349): received author response status = PASS_ADD

*Sep 17 05:53:20.345: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 05:53:20.349: AAA/AUTHOR (3716374947): Post authorization status = PASS_ADD

*Sep 17 05:53:20.350: AAA/MEMORY: free_user (0xAF7CB18) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 17 05:53:27.696: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 17 05:53:27.697: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 05:53:27.697: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 05:53:27.698: AAA/MEMORY: create_user (0x100F4458) user='cisco15' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 17 05:53:27.700: AAA/AUTHEN/START (2802003773): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 17 05:53:27.701: AAA/AUTHEN/START (2802003773): using "default" list

*Sep 17 05:53:27.702: AAA/AUTHEN/START (2802003773): Method=tacacs+ (tacacs+)

*Sep 17 05:53:27.703: TAC+: send AUTHEN/START packet ver=192 id=-1492963523

*Sep 17 05:53:27.704: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 17 05:53:27.704: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 05:53:27.725: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 05:53:27.727: TAC+: 10.1.1.1 (2802003773) AUTHEN/START/LOGIN/ASCII queued

*Sep 17 05:53:28.127: TAC+: (2802003773) AUTHEN/START/LOGIN/ASCII processed

*Sep 17 05:53:28.127: TAC+: ver=192 id=-1492963523 received AUTHEN status = GETPASS

*Sep 17 05:53:28.129: AAA/AUTHEN (2802003773): status = GETPASS

*Sep 17 05:53:30.087: AAA/AUTHEN/CONT (2802003773): continue_login (user='cisco15')

*Sep 17 05:53:30.088: AAA/AUTHEN (2802003773): status = GETPASS

*Sep 17 05:53:30.088: AAA/AUTHEN (2802003773): Method=tacacs+ (tacacs+)

*Sep 17 05:53:30.088: TAC+: send AUTHEN/CONT packet id=-1492963523

*Sep 17 05:53:30.090: TAC+: 10.1.1.1 (2802003773) AUTHEN/CONT queued

*Sep 17 05:53:30.291: TAC+: (2802003773) AUTHEN/CONT processed

*Sep 17 05:53:30.294: TAC+: ver=192 id=-1492963523 received AUTHEN status = FAIL

*Sep 17 05:53:30.295: AAA/AUTHEN (2802003773): status = FAIL

*Sep 17 05:53:30.295: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 05:53:30.300: AAA/MEMORY: free_user (0x100F4458) user='cisco15' ruser='NULL' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

*Sep 17 05:53:33.164: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 1 list= 'test20' AUTHOR-TYPE= 'commands'

*Sep 17 05:53:33.165: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 05:53:33.165: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 05:53:33.166: AAA/MEMORY: create_user (0xAF7CB18) user='cisco15' ruser='NAS' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 initial_task_id='0', vrf= (id=0)

*Sep 17 05:53:33.166: tty2 AAA/AUTHOR/CMD (4176688397): Port='tty2' list='test20' service=CMD

*Sep 17 05:53:33.166: AAA/AUTHOR/CMD: tty2 (4176688397) user='cisco15'

*Sep 17 05:53:33.167: tty2 AAA/AUTHOR/CMD (4176688397): send AV service=shell

*Sep 17 05:53:33.168: tty2 AAA/AUTHOR/CMD (4176688397): send AV cmd=connect

*Sep 17 05:53:33.168: tty2 AAA/AUTHOR/CMD (4176688397): send AV cmd-arg=cisco15

*Sep 17 05:53:33.169: tty2 AAA/AUTHOR/CMD (4176688397): send AV cmd-arg=<cr>

*Sep 17 05:53:33.169: tty2 AAA/AUTHOR/CMD(4176688397): found list "test20"

*Sep 17 05:53:33.169: tty2 AAA/AUTHOR/CMD (4176688397): Method=tacacs+ (tacacs+)

*Sep 17 05:53:33.170: AAA/AUTHOR/TAC+: (4176688397): user=cisco15

*Sep 17 05:53:33.170: AAA/AUTHOR/TAC+: (4176688397): send AV service=shell

*Sep 17 05:53:33.171: AAA/AUTHOR/TAC+: (4176688397): send AV cmd=connect

*Sep 17 05:53:33.171: AAA/AUTHOR/TAC+: (4176688397): send AV cmd-arg=cisco15

*Sep 17 05:53:33.172: AAA/AUTHOR/TAC+: (4176688397): send AV cmd-arg=<cr>

*Sep 17 05:53:33.172: TAC+: using previously set server 10.1.1.1 from group tacacs+

*Sep 17 05:53:33.173: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 05:53:33.211: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 05:53:33.212: TAC+: Opened 10.1.1.1 index=1

*Sep 17 05:53:33.213: TAC+: 10.1.1.1 (4176688397) AUTHOR/START queued

*Sep 17 05:53:33.414: TAC+: (4176688397) AUTHOR/START processed

*Sep 17 05:53:33.417: TAC+: (-118278899): received author response status = PASS_ADD

*Sep 17 05:53:33.418: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 05:53:33.423: AAA/AUTHOR (4176688397): Post authorization status = PASS_ADD

*Sep 17 05:53:33.424: AAA/MEMORY: free_user (0xAF7CB18) user='cisco15' ruser='NAS' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Sep 17 05:53:35.749: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

*Sep 17 05:53:35.750: AAA: parse name=tty2 idb type=-1 tty=-1

*Sep 17 05:53:35.750: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

*Sep 17 05:53:35.751: AAA/MEMORY: create_user (0xCDE98A0) user='cisco15' ruser='NULL' ds0=0 port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)

*Sep 17 05:53:35.752: AAA/AUTHEN/START (1813790717): port='tty2' list='test20' action=LOGIN service=ENABLE

*Sep 17 05:53:35.752: AAA/AUTHEN/START (1813790717): using "default" list

*Sep 17 05:53:35.753: AAA/AUTHEN/START (1813790717): Method=tacacs+ (tacacs+)

*Sep 17 05:53:35.754: TAC+: send AUTHEN/START packet ver=192 id=1813790717

*Sep 17 05:53:35.754: TAC+: Using default tacacs server-group "tacacs+" list.

*Sep 17 05:53:35.755: TAC+: Opening TCP/IP to 10.1.1.1/49 timeout=5

*Sep 17 05:53:35.773: TAC+: Opened TCP/IP handle 0xD7AAF70 to 10.1.1.1/49 using source 0.0.0.0

*Sep 17 05:53:35.775: TAC+: 10.1.1.1 (1813790717) AUTHEN/START/LOGIN/ASCII queued

*Sep 17 05:53:35.975: TAC+: (1813790717) AUTHEN/START/LOGIN/ASCII processed

*Sep 17 05:53:35.978: TAC+: ver=192 id=1813790717 received AUTHEN status = GETPASS

*Sep 17 05:53:35.978: AAA/AUTHEN (1813790717): status = GETPASS

*Sep 17 05:53:38.363: AAA/AUTHEN/CONT (1813790717): continue_login (user='cisco15')

*Sep 17 05:53:38.364: AAA/AUTHEN (1813790717): status = GETPASS

*Sep 17 05:53:38.365: AAA/AUTHEN (1813790717): Method=tacacs+ (tacacs+)

*Sep 17 05:53:38.365: TAC+: send AUTHEN/CONT packet id=1813790717

*Sep 17 05:53:38.367: TAC+: 10.1.1.1 (1813790717) AUTHEN/CONT queued

*Sep 17 05:53:38.567: TAC+: (1813790717) AUTHEN/CONT processed

*Sep 17 05:53:38.570: TAC+: ver=192 id=1813790717 received AUTHEN status = PASS

*Sep 17 05:53:38.571: AAA/AUTHEN (1813790717): status = PASS

*Sep 17 05:53:38.571: TAC+: Closing TCP/IP 0xD7AAF70 connection to 10.1.1.1/49

*Sep 17 05:53:38.576: AAA/MEMORY: free_user (0xCDE98A0) user='cisco15' ruser='NULL' port='tty2' rem_addr='10.1.1.101' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

*Sep 17 05:54:08.241: AAA/AUTHOR: auth_need : user= 'cisco15' ruser= 'NAS'rem_addr= '10.1.1.101' priv= 0 list= '' AUTHOR-TYPE= 'commands'

NAS#no debug all

All possible debugging has been turned off

六、TACACS+协议包的格式

1****、报文类型:

3种认证报文:

认证请求报文(Authentication Request)认证开始时,客户端向服务器发送认证开始报文,该报文中包括认证类型,同时可能包括用户名和一些认证数据。

认证持续报文(Authentication Continue):客户端接收到服务器回应的认证回应报文后,如果确认认证过程没有结束,则使用认证持续报文响应

认证回应报文(Authentication Reply):服务器接收到客户端发送的认证开始报文或认证持续报文后,向客户端发送的唯一一种认证报文,用于向客户端反馈当前认证的状态。

2种授权报文:

授权请求报文(Authorization Request):TACACS的认证和授权是分离的,用户可以使用TACACS认证而使用其他协议进行授权。如果需要通过TACACS进行授权,则客户端向服务器发送授权请求报文,该报文中包括了授权所需的一切信息。

授权回应报文(Authorization reply)服务器接收到授权请求报文后,向客户端发送授权回应报文,该报文中包括了授权的结果

2种计费报文:

计费请求报文(Accounting Request):该报文中包括了计费所需的信息。

计费回应报文(Accounting reply):服务器接收并成功记录计费请求报文后,需要回应一个计费响应报文。

2****、报文格式:

TACACS+报文除了具有相同的报文头之外,认证、授权和计费报文的格式均不同。

A、报文头部

B、认证报文

  • 认证开始报文

报文头部序列号为1

  • 认证持续报文

报文头部序列号为3-认证持续报文发送登录用户名。

报文头部序列号为5-认证持续报文发送密码。

  • 认证回应报文

报文头部序列号为2-认证回应报文要求输入登录用户名。

报文头部序列号为4-认证回应报文要求发送密码。

报文头部序列号为6-认证回应报文发送认证成功。

整个认证过程中,会话ID保持不变;序列号按照顺序递增。

6个报文完成登录认证。

enable认证请求报文

C、授权报文

  • 授权请求报文

exec授权请求报文

show privilege命令授权请求报文

  • 授权回应报文

exec授权成功

show privilege命令授权成功

exec和show privilege是不同的授权,两者的会话ID不一样。

其他命令授权不再介绍了。

D、计费报文

  • 计费请求报文

exec计费请求

show privilege命令计费请求

  • 计费回应报文

exec计费成功-看session ID。

show privilege命令计费成功

计费结束请求报文

计费结束回应报文

七、TACACS+认证授权计费流程

总结:

认证是一个tcp连接,需要通过三次握手建立,无论最后结果是认证通过还是失败,都需要经过四次握手终止tcp连接;

下一次认证重复上面的过程。

授权也是一个tcp连接,同样需要通过三次握手建立,无论最后结果是授权通过还是授权失败,都需要经过四次握手终止tcp连接;

exec授权,需要建立tcp连接,终止tcp连接;

show xxx 命令授权,需要再次建立tcp连接,授权完成后也要终止tcp连接;

每一条命令授权,都需要重复建立tcp连接,终止tcp连接这个过程。

计费和授权一样,只是最后输入退出命令后,没有授权行为,只有计费行为-同样需要建立tcp连接和终止tcp连接。

后面将详细介绍使用radius协议实现802.1x接入认证。

标签: 网络 安全 路由器

本文转载自: https://blog.csdn.net/phoenix1415/article/details/126945203
版权归原作者 phoenix1415 所有, 如有侵权,请联系我们删除。

“TACACS+实验(设备管理)”的评论:

还没有评论