22nd May 2012

You are here: Home / Cisco / Cisco ASA and IOS command tip – test aaa-server

Cisco ASA and IOS Command Tip – Test Aaa-Server

18th February 2008 By Leave a Comment

When you are configuring AAA on your ASA or later versions IOS, you want to confirm that your configuration is goodly and that the server is available and responding correctly.

IOS Version


r1#test aaa group tacacs+ greg password legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.

r1#

ASA Version


fw2# test aaa-server authentication csacs-radius
Server IP Address or name: 192.168.200.80
Username: gf
Password: ********
INFO: Attempting Authentication test to IP address (timeout: 12 seconds)
ERROR: Authentication Rejected: AAA failure
fw2# test aaa-server authentication csacs-radius
Server IP Address or name: 192.168.200.80
Username: gf
Password: ********
INFO: Attempting Authentication test to IP address (timeout: 12 seconds)
INFO: Authentication Successful
fw2#

Note that you can choose the group, or specific server in the group on IOS. This makes it possible to check all servers in the group are working.

There are some other switches that would be of use to people doing more sophisticated AAA configuration. For example on IOS this accounting switch:


r1#test aaa accounting ?
alloc_fid Allocate flow id
alloc_uid Allocate AAA unique id
dealloc_fid Deallocate flow id
dealloc_uid Deallocate unique id
giga Giga-word accounting test
init Initialize test aaa accounting infrastructure
reset Reset the variables
send_acct_start Send accounting start
send_acct_stop Send accounting stop
send_authen_req Send authen req
r1#

Other posts in the series

  1. Cisco IOS CLI Regex: sh ip bgp in
  2. IOS CLI Tip: More accurate pipe commands
  3. Cisco Nexus NXOS and Fixing broken “switchto” syntax with alias
  4. show ip eigrp topology all
  5. Cisco IOS CLI Shortcuts
  6. The poor man's IOS Traffic Generator
  7. IOS: "terminal monitor" on, off - logging to your terminal
  8. IOS: Console, Terminal, Monitor, VTY - what is what ?
  9. IOS: Clearing an interface configuration
  10. IOS: Setting Terminal Window Length
  11. IOS CLI: show run linenum
  12. IOS: Setting the TCP timeout on IOS
  13. IOS: enable and .... disable ?
  14. IOS: Reverse SSH console access - Part 2
  15. IOS:Open Source Lab DNS and IP addressing
  16. IOS: Reverse SSH console access
  17. ip tcp timestamp
  18. Cisco ASA and IOS command tip - test aaa-server (This post)
This post is copyright of Thropos Ltd ©2008-2011 at Etherealmind.com - contact | email: greg.ferro@packetpushers.net - twitter: @etherealmind | All rights reserved
Filed Under: Cisco, Security Tagged With: ,
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus