Cisco Systems 10000 Network Router User Manual


  Open as PDF
of 624
 
11-12
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 11 Configuring Local AAA Server, User Database—Domain to VRF
Example—VRF with ACL
Applying a defined output ACL to this PPP:
aaa attribute list cisco1.com
attribute type addr-pool "pppoe" protocol ip
attribute type ip-unnumbered "loopback1" service ppp protocol ip
attribute type vrf-id "vrf1" service ppp protocol ip
attribute type outacl "101" service ppp protocol ip
access-list 101 deny icmp any any
Monitoring and Maintaining Local AAA Server, User Database—Domain to VRF
The following debug commands can be helpful in monitoring and maintaining Local AAA Server, User
Database—Domain to VRF:
debug aaa id—displays a unique key for a session and provides a way to track sessions
debug aaa authentication—displays the methods of authentication being used and the results of
these methods
debug aaa authorization—displays the methods of authorization being used and the results of these
methods
debug aaa per-user—displays information about per-user QoS parameters
debug ppp negotiation—shows PPP negotiation debug messages
debug ppp authen—indicates if a client is passing authentication
debug ppp error—displays protocol errors and error statistics associated with PPP connection
negotiation and operation
debug ppp forward—displays who is taking control of a session
debug sss error—displays diagnostic information about errors that may occur during Subscriber
Service Switch (SSS) call setup
debug radius—displays information about the RADIUS server
Caution Because debugging output is assigned high priority in the CPU process, it can render the system
unusable. For this reason, use debug commands only to troubleshoot specific problems or during
troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use
debug commands during periods of lower network traffic and fewer users. Debugging during these
periods decreases the likelihood that increased debug command processing overhead will affect system
use.
 previous next