test aaa ppp user
语法
test aaa ppp user username <agent-remote-id ari> <logical-system logical-system-name> <no-address-request> <password password> <profile access-profile-name> <routing-instance routing-instance-name> <service-type service-type> <terminate-code code-value>
描述
通过创建测试伪会话,验证点对点协议 (PPP) 订阅者访问身份验证、核算和地址分配配置。
该 test aaa 命令支持所有 RADIUS 来源的属性,包括 IETF 标准属性和瞻博网络 VSA。收到的属性显示在输出中。有关标准 RADIUS 属性的信息,请参阅 。./../../../其他/radius-std-attributes-vsas-support.html#id-radius-ietf-attributes-support-by-the-aaa-service-framework。有关瞻博网络 VSA 的信息,请参阅 。/../../../其他/radius-std-attributes-vsas-support.html#id-juniper-networks-vsas-support-by-the-aaa-service-framework。
选项
| username | 要测试的订阅者用户名。 |
||||||||||||
| 代理远程 ID ari | (可选)DSL 论坛代理远程 ID (VSA 26–2) 的价值。 |
||||||||||||
| 逻辑系统 logical-system-name | (可选)用户认证的逻辑系统。这是 AAA LS 中的逻辑系统:用户的 RI 上下文。此上下文不同于订阅者上下文,即由虚拟路由器 VSA (26-1) 或 Redirect-VRouter 名称 VSA (26–25) 放置订阅者的 LS:RI。 |
||||||||||||
| 无地址请求 | (可选)无需分配地址即可发送请求进行身份验证。仅适用于不需要地址分配请求的 2 层情景。
注意:
即使订阅者只应获得 IPv6 地址,命令 |
||||||||||||
| 密码 password | (可选)与用户名关联的密码。 |
||||||||||||
| 配置 文件 access-profile-name | (可选)与订阅者关联的访问配置文件。
注意:
系统从逻辑上将此配置文件视为客户端级配置。在域映射中配置的访问配置文件优先于客户端级配置。如果配置了一个或多个域图,则根据与任何其他订阅者相同的域图评估受测试用户的用户名。 例如,用户名可以与域映射完全匹配或与通配符域映射部分匹配。如果两者都不匹配,则与域映射相匹配 其结果是,如果测试用户匹配任何配置的域映射,则该映射中配置的访问配置文件将用于优先级测试,而您可使用 有关 域地图和访问配置文件的详细信息,请参阅 在域地图中指定 访问配置文件。 |
||||||||||||
| 路由实例 routing-instance-name | (可选)用户经过认证的路由实例。这是 AAA LS 中的路由实例:用户的 RI 上下文。此上下文不同于订阅者上下文,即由虚拟路由器 VSA (26-1) 或 Redirect-VRouter 名称 VSA (26–25) 放置订阅者的 LS:RI。对于 VSA 26-25,订阅者会在订阅者环境中重新认证。 |
||||||||||||
| 服务类型 service-type | (可选)与测试用户关联的服务类型 RADIUS 属性 [6] 的值;范围为 1 到 255 的编号,或对应于 RFC 定义的服务类型的以下字符串之一;数字是 RADIUS 属性中承载的值,用于指定服务:
|
||||||||||||
| 终止代码 code-value | (可选)与订阅者终止相关联的代码。 |
所需权限级别
视图
输出字段
输入此命令时,将向您提供有关请求状态的反馈。有关与身份验证、核算和订阅者特定信息相关的输出字段的信息,请参阅 show network-access aaa statistics、 show network-access aaa statistics authentication、 show network-access aaa subscribers和 show subscribers 命令。
命令 test 不支持容量计费。如果为测试订阅者配置了卷时计费,则 test 命令将统计信息替换为仅限时间的计费统计信息。
此命令仅显示 Junos OS 支持的属性;即使这些属性的值未设置,也会出现。虚拟路由器名称 (LS:RI) 字段匹配瞻博网络虚拟路由器 VSA (26-1),如果存在;否则字段将显示默认值:默认值。未接收的所有其他属性的显示值为 <not set>。
示例输出
测试 aaa ppp 用户
以下示例测试 PPP 订阅者用户的配置98BEDC 和密码$ABC 123,并显示生成的输出:
user@host> test aaa ppp user user98BEDC@test.net password $ABC123
Authentication Grant
************User Attributes***********
User Name - user98BEDC@test.net
Client IP Address - 192.168.1.1
Client IP Netmask - 255.255.0.0
Virtual Router Name (LS:RI) - default:default
Agent Remote Id - NULL
Reply Message - NULL
Primary DNS IP Address - 0.0.0.0
Secondary DNS IP Address - 0.0.0.0
Primary WINS IP Address - 0.0.0.0
Secondary WINS IP Address - 0.0.0.0
Primary DNS IPv6 Address - ::
Secondary DNS IPv6 Address - ::
Framed Pool - <not set>
Class Attribute - TEST
Service Type - 0
Client IPv6 Address - ::
Client IPv6 Mask - null
Framed IPv6 Prefix - ::/0
Framed IPv6 Pool - <not-set>
NDRA IPv6 Prefix - <not-set
Login IPv6 Host - ::
Framed Interface Id - 0:0:0:0
Delegated IPv6 Prefix - ::/0
Delegated IPv6 Pool - <not-set>
User Password - $ABC123
CHAP Password - NULL
Mac Address - 00:00:5E:00:53:ab
Idle Timeout - 600
Session Timeout - 6000
Service Name (1) - cos-service(video_sch, nc_sch)
Service Statistics (1) - 1
Service Acct Interim (1) - 600
Service Activation Type (1) - 1
Service Name (2) - filter-service(in_filter, out_filter)
Service Statistics (2) - 2
Service Acct Interim (2) - 900
Service Activation Type (2) - 1
Cos shaping rate - 100m
Filter Id - <not set>
Framed MTU - (null)
Framed Route - <not set>
Ingress Policy Name - <not set>
Egress Policy Name - <not set>
IGMP Enable - disabled
Redirect VR Name (LS:RI) - default
Service Bundle - Null
Framed Ip Route Tag - <not set>
Ignore DF Bit - disabled
IGMP Access Group Name - <not set>
IGMP Access Source Group Name - <not set>
MLD Access Group Name - <not set>
MLD Access Source Group Name - <not set>
IGMP Version - <not set>
MLD Version - <not set>
IGMP Immediate Leave - <not set>
MLD Immediate Leave - <not set>
IPv6 Ingress Policy Name - <not set>
IPv6 Egress Policy Name - <not set>
Dynamic Profile - <not set>
Acct Session ID - 1
Acct Interim Interval - 750
Acct Type - 1
Chargeable user identity - 0
NAS Port Id - -0/0/0.0
NAS Port - 4095
NAS Port Type - 15
Framed Protocol - 1
IPv4 ADF Rule - 010100
IPv4 ADF Rule - 010101
IPv6 ADF Rule - 030100
IPv6 ADF Rule - 030101
****Pausing 10 seconds before disconnecting the test user*********
Logging out subscriber
Terminate Id - <not set>
Test complete. Exiting
测试 aaa ppp 用户(隧道用户)
以下示例使用密码$ABC 123 和接入配置文件 financial-b 测试 PPP 隧道订阅者计费 14 的配置,并显示结果输出:
user@host> test aaa ppp user accounting14 password $ABC123 14 profile finance-b
Authentication Grant with Tunnel Attributes
************Tunnel Attributes***********
****Tunnel Definiton - 1
Tunnel Medium - 1
Tunnel Type - 3
Tunnel Max Sessions - 100
Tunnel Server Endpoint - 192.0.2.4
Tunnel Client Endpoint - 198.51.100.5
Tunnel Server AuthId - rt1
Tunnel Client AuthId - ts1
Tunnel Password - radius
Tunnel Assignment Id - til
Tunnel Logical System -
Tunnel Routing Instance -
****Pausing 10 seconds before disconnecting the test user*********
Logging out subscriber
Terminate Id - l2tp session-receive-cdn-avp-bad-hidden
Test complete. Exiting
测试 aaa ppp 用户(身份验证失败)
以下示例显示身份验证授权因无效密码而失败时的样本输出:
user@host>test aaa ppp user user45@test.net password $ABC123123
Authentication Deny
Reason : Access Denied
Received Attributes :
User Name - user45@test.net
Client IP Address - 0.0.0.0
Client IP Netmask - 0.0.0.0
Virtual Router Name (LS:RI)- default
Agent Remote Id - NULL
Reply Message - NULL
Primary DNS IP Address - 0.0.0.0
Secondary DNS IP Address - 0.0.0.0
Primary WINS IP Address - 0.0.0.0
Secondary WINS IP Address - 0.0.0.0
Primary DNS IPv6 Address - ::
Secondary DNS IPv6 Address - ::
Framed Pool - not set
Class Attribute - not set
Service Type - 0
Client IPv6 Address - ::
Client IPv6 Mask - null
Framed IPv6 Prefix - ::/0
Framed IPv6 Pool - not-set
NDRA IPv6 Prefix - not-set
Login IPv6 Host - ::
Framed Interface Id - 0:0:0:0
Delegated IPv6 Prefix - ::/0
Delegated IPv6 Pool - not-set
User Password - $ABC123123
CHAP Password - NULL
Mac Address - 00:00:5E:00:53:ab
Filter Id - not set
Framed MTU - (null)
Framed Route - not set
Ingress Policy Name - not set
Egress Policy Name - not set
IGMP Enable- disabled
Redirect VR Name (LS:RI)- default
Service Bundle - Null
Framed Ip Route Tag - not set
Ignore DF Bit - disabled
IGMP Access Group Name - not set
IGMP Access Source Group Name - not set
MLD Access Group Name - not set
MLD Access Source Group Name - not set
IGMP Version - not set
MLD Version - not set
IGMP Immediate Leave - not set
MLD Immediate Leave - not set
IPv6 Ingress Policy Name - not set
IPv6 Egress Policy Name - not set
Acct Session ID - 12
Acct Interim Interval - 0
Acct Type - 0 Chargeable user identity - 0
NAS Port Id - -0/0/0.0
NAS Port - 4095
NAS Port Type - 15
Framed Protocol - 0
Test complete. Exiting
测试 aaa ppp 用户(XML 输出)
以下示例显示新格式的 XML 示例输出摘录:
user@host>test aaa ppp user user45@test.net password $ABC123 | display xml
<rpc-reply xmlns:junos="namespace-URL">
<aaa-test-result>
<aaa-test-status>Authentication Grant</aaa-test-status>
<aaa-test-status>************User Attributes***********</aaa-test-status>
<radius-server-data>
<radius-server-attribute-name>User Name -</radius-server-attribute-name>
<radius-server-attribute-value>user45@test.net</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Virtual Router Name (LS:RI) -</radius-server-attribute-name>
<radius-server-attribute-value>default:default</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Service Type -</radius-server-attribute-name>
<radius-server-attribute-value>Framed</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Agent Remote Id -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
</radius-server-data>
...
<aaa-test-status>Test complete. Exiting</aaa-test-status>
</aaa-test-result>
<cli>
<banner></banner>
</cli>
</rpc-reply>