Debugging Authentication

Previous page
Table of content
Next page

Certain debug commands can be enabled on a Cisco router to assist in the troubleshooting of authentication issues. Example 3-3 is the output from the debug text when an administrator accesses the console of the Cisco router with the configuration seen in this chapter. The command that enables the debug is as follows:

 debug aaa authentication

To disable this debug, use the "no" form of the command:

 no debug aaa authentication

You can also use the all-encompassing undebug all statement; the output is shown in Example 3-3.

Example 3-3. Debug Output for Login: Debug AAA Authentication
 User Access Verification Username: admin 7w4d: AAA: parse name=tty0 idb type=-1 tty=-1 7w4d: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0 7w4d: AAA/MEMORY: create_user (0x346934) user='NULL' ruser='NULL' ds0=0 port='tty0'   rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0' 7w4d: AAA/AUTHEN/START (1108173303): port='tty0' list='is-in' action=LOGIN   service=LOGIN 7w4d: AAA/AUTHEN/START (1108173303): found list is-in 7w4d: AAA/AUTHEN/START (1108173303): Method=LOCAL 7w4d: AAA/AUTHEN (1108173303): status = GETUSER Password: 7w4d: AAA/AUTHEN/CONT (1108173303): continue_login (user='(undef)') 7w4d: AAA/AUTHEN (1108173303): status = GETUSER 7w4d: AAA/AUTHEN/CONT (1108173303): Method=LOCAL 7w4d: AAA/AUTHEN (1108173303): status = GETPASS router> 7w4d: AAA/AUTHEN/CONT (1108173303): continue_login (user='admin') 7w4d: AAA/AUTHEN (1108173303): status = GETPASS 7w4d: AAA/AUTHEN/CONT (1108173303): Method=LOCAL 7w4d: AAA/AUTHEN (1108173303): status = PASS

From this point, the user attempts to access privileged EXEC mode and again is authenticated. In Example 3-4, you can see that the user admin is known after the login authentication; however, the enable authentication method is using the default list.

Example 3-4. Debug Output for Enable: Debug AAA Authentication

[View full width]

 router>en Password: 7w4d: AAA/MEMORY: dup_user (0x199254) user='admin' ruser='NULL' port='tty0'  rem_addr='async' authen_type=ASCII service=ENABLE priv=15 source='AAA dup enable' 7w4d: AAA/AUTHEN/START (332554494): port='tty0' list='' action=LOGIN service=ENABLE 7w4d: AAA/AUTHEN/START (332554494): using "default" list 7w4d: AAA/AUTHEN/START (332554494): Method=ENABLE 7w4d: AAA/AUTHEN (332554494): status = GETPASS r1# 7w4d: AAA/AUTHEN/CONT (332554494): continue_login (user='(undef)') 7w4d: AAA/AUTHEN (332554494): status = GETPASS 7w4d: AAA/AUTHEN/CONT (332554494): Method=ENABLE 7w4d: AAA/AUTHEN (332554494): status = PASS

These are examples of successful authentication attempts.



Previous page
Table of content
Next page
Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173
Authors: Brandon James Carroll
BUY ON AMAZON
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Information Dashboard Design: The Effective Visual Communication of Data
Sap Bw: a Step By Step Guide for Bw 2.0
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy