Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7727
Views
5
Helpful
5
Replies

Test AAA group

Rizwan Khan
Level 1
Level 1

‎11-18-2013 12:23 PM - edited ‎03-10-2019 09:06 PM

hello everyone,

I want to test aaa authentication for cisco router, i have configured aaa group for redundancy. When i test aaa server group tacacs+ user password it works.and user gets authenticated via primary acs, now i want to check the authentication with secondary server.How can i do that?

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎11-18-2013 12:44 PM

There are a couple of things that you might consider that would allow you to test the secondary server.

- you could temporarily make the primary server not available and test with the secondary server.

- you could temporarily make the primary server to be secondary and test with the secondary server while it is acting as the active server.

- you could create a new aaa server group, assign the secondary server to that group, and change one of the aaa authentication statements to use that group.

HTH

Rick

HTH

Rick
0 Helpful

Rizwan Khan
Level 1
Level 1
In response to Richard Burts

‎11-18-2013 01:14 PM

Hello Burts,

Thank you for the reply. So it means i cannot specify aaa server so that we can test it. except the options u gave me.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Rizwan Khan

‎11-18-2013 01:34 PM

I am sure that there are other options. I gave the ones that I thought were the most simple to implement but there are surely other possibilities.

It sounds like you have something in mind. In that case please tell us what you would like and we can try to tell you is it is possible.

HTH

Rick

HTH

Rick
0 Helpful

Rizwan Khan
Level 1
Level 1
In response to Richard Burts

‎11-19-2013 08:56 AM

Hello mate,

Let me make you understand what i want in actual., below are the configurations

aaa group server tacacs+ AAA-Servers

server 10.10.7.32

server 192.168.150.16

exit

tacacs-server host 10.10.7.32 key *****

tacacs-server host 192.168.150.16 key *****

...........................................

1) when i issue the command

test aaa group server AAA-Servers user password legacy, it says user is authenticated. In that case it has done authentication via primary acs which is 10.10.7.32. Now i want to test it with the server 192.168.150.16. How can i do that?

2) it has an option to test a particular server too but its asking for too much info like,

test aaa group server AAA-Servers server 192.168.150.16 username password ( it asks for new-code, and port ) which i am unaware of.

Can you please throw some light on it?

Thanks in advance,

Rizwan

Richard Burts
Hall of Fame
Hall of Fame
In response to Rizwan Khan

‎11-19-2013 09:30 AM

Rizwan

Perhaps you can try something like this

aaa group server tacacs+ test-servers

server 192.168.150.16

server 10.10.7.32

and then this command

test aaa group server test-servers user password legacy

that should run your test using the secondary server.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents