经过测试PPTP server和Raduis认证正常,并测试 Raduis认证失败后可以正常通过本地认证
Remote-test#sh run
Building configuration...
Current configuration : 3262 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Remote-test
!
boot-start-marker
boot system flash c3845-adventerprisek9_sna-mz.124-22.YB8.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
enable password 7 15
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius local
aaa authorization network default group radius local
!
!
aaa session-id common
!
dot11 syslog
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip name-server 202.96.134.134
ip address-pool local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
mpls ldp explicit-null
no mpls ip propagate-ttl
mpls label protocol ldp
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pptp
virtual-template 1
source-ip 202.96.134.133
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username chenhr privilege 15 secret 5 $1$7l
username novanova privilege 15 secret 5 $1$YOIq$JY
username Hunter password 0 hunter
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
!
!
!
!
!
!
!
!
interface Loopback2
no ip address
!
interface GigabitEthernet0/0
ip address 202.96.134.133 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
load-interval 30
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 202.96.130.1 255.255.255.252
ip flow ingress
load-interval 30
shutdown
duplex auto
speed auto
media-type rj45
!
interface Virtual-Template1
description << *** PPTP CT Interface *** >>
ip unnumbered GigabitEthernet0/0
ip nat inside
no ip virtual-reassembly
peer match aaa-pools
peer default ip address pool pool02
ppp encrypt mppe 40
ppp authentication chap pap ms-chap ms-chap-v2 callin
!
!
ip local pool test 192.168.1.2 192.168.1.250
ip local pool REMOTE_××× 192.168.123.2 192.168.123.150 group ×××_GROUP
ip local pool pool01 192.168.10.0 192.168.10.254 group ×××_GROUP
ip local pool pool02 192.168.20.0 192.168.20.254 group ×××_GROUP
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 202.96.134.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
!
!
ip radius source-interface GigabitEthernet0/0
kron occurrence 123 in 23:0 recurring
policy-list 333
!
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
!
!
!
!
!
!
radius-server attribute 8 include-in-access-req
radius-server host 202.96.134.122 auth-port 1812 acct-port 1813
radius-server key 123456
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
transport input telnet ssh
line vty 5 16
logging synchronous
transport input telnet ssh
line vty 17 20
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Remote-test#
转载于:https://blog.51cto.com/fuxiaochuan/801035