经过测试PPTP server和Raduis认证正常,并测试 Raduis认证失败后可以正常通过本地认证

Remote-test#sh run

Building configuration...


Current configuration : 3262 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Remote-test

!

boot-start-marker

boot system flash c3845-adventerprisek9_sna-mz.124-22.YB8.bin

boot-end-marker

!

logging message-counter syslog

logging buffered 4096

enable password 7 15

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization network default group radius local

!

!

aaa session-id common

!

dot11 syslog

ip source-route

ip cef

!

!

!

!

no ip domain lookup

ip name-server 202.96.134.134

ip address-pool local

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

mpls ldp explicit-null

no mpls ip propagate-ttl

mpls label protocol ldp

vpdn enable

!

vpdn-group 1

 accept-dialin

  protocol pptp

  virtual-template 1

 source-ip 202.96.134.133

!

!

voice-card 0

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

username chenhr privilege 15 secret 5 $1$7l

username novanova privilege 15 secret 5 $1$YOIq$JY

username Hunter password 0 hunter

archive

 log config

  hidekeys

!

!

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp keepalive 10

!

!

!

!

!

!

!

!

interface Loopback2

 no ip address

!

interface GigabitEthernet0/0

 ip address 202.96.134.133 255.255.255.224

 ip nat outside

 ip virtual-reassembly

 no ip route-cache cef

 no ip route-cache

 no ip mroute-cache

 load-interval 30

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/1

 ip address 202.96.130.1 255.255.255.252

 ip flow ingress

 load-interval 30

 shutdown

 duplex auto

 speed auto

 media-type rj45

!

interface Virtual-Template1

 description << *** PPTP CT Interface *** >>

 ip unnumbered GigabitEthernet0/0

 ip nat inside

 no ip virtual-reassembly

 peer match aaa-pools

 peer default ip address pool pool02

 ppp encrypt mppe 40

 ppp authentication chap pap ms-chap ms-chap-v2 callin

!

!

ip local pool test 192.168.1.2 192.168.1.250

ip local pool REMOTE_××× 192.168.123.2 192.168.123.150 group ×××_GROUP

ip local pool pool01 192.168.10.0 192.168.10.254 group ×××_GROUP

ip local pool pool02 192.168.20.0 192.168.20.254 group ×××_GROUP

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 202.96.134.1

no ip http server

no ip http secure-server

!

!

ip nat inside source list 100 interface GigabitEthernet0/0 overload

!

!

ip radius source-interface GigabitEthernet0/0

kron occurrence 123 in 23:0 recurring

 policy-list 333

!

access-list 100 permit ip 192.168.0.0 0.0.255.255 any

!

!

!

!

!

!

radius-server attribute 8 include-in-access-req

radius-server host 202.96.134.122 auth-port 1812 acct-port 1813

radius-server key 123456

!

control-plane

!

!

!

ccm-manager fax protocol cisco

!

mgcp fax t38 ecm

!

!

!

!

!

!

line con 0

 logging synchronous

line aux 0

line vty 0 4

 logging synchronous

 transport input telnet ssh

line vty 5 16

 logging synchronous

 transport input telnet ssh

line vty 17 20

 transport input telnet ssh

!

scheduler allocate 20000 1000

end


Remote-test#