When you are configuring AAA on your ASA or later versions IOS, you want to confirm that your configuration is goodly and that the server is available and responding correctly.

IOS Version


r1#test aaa group tacacs+ greg password legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.

r1#


ASA Version


fw2# test aaa-server authentication csacs-radius
Server IP Address or name: 192.168.200.80
Username: gf
Password: ********
INFO: Attempting Authentication test to IP address (timeout: 12 seconds)
ERROR: Authentication Rejected: AAA failure
fw2# test aaa-server authentication csacs-radius
Server IP Address or name: 192.168.200.80
Username: gf
Password: ********
INFO: Attempting Authentication test to IP address (timeout: 12 seconds)
INFO: Authentication Successful
fw2#


Note that you can choose the group, or specific server in the group on IOS. This makes it possible to check all servers in the group are working.

There are some other switches that would be of use to people doing more sophisticated AAA configuration. For example on IOS this accounting switch:


r1#test aaa accounting ?
alloc_fid Allocate flow id
alloc_uid Allocate AAA unique id
dealloc_fid Deallocate flow id
dealloc_uid Deallocate unique id
giga Giga-word accounting test
init Initialize test aaa accounting infrastructure
reset Reset the variables
send_acct_start Send accounting start
send_acct_stop Send accounting stop
send_authen_req Send authen req
r1#