Test AAA setup using Cisco ASA

A nice little command to test the AAA server will authenticate your users correctly (also works with PIX and FWSM).

The sytax is like this:

m00nies_ASA# test aaa-server [authentication|authorization] [host |] username password

If the authentication is successful you’ll get- INFO: Authentication Successful
If  the authentication fails you’ll get- ERROR: Authentication Rejected: Unspecified

A example of a test failure:

m00nies_ASA# test aaa-server authentication CSM-tac-grp username m00nie pass 123abc
Server IP Address or name: 10.0.0.2
INFO: Attempting Authentication test to IP address <10.0.0.2> (timeout: 12 seconds)
ERROR: Authentication Rejected: Unspecified

An example of a successful test 🙂 :

m00nies_ASA# test aaa-server authentication CSM-tac-grp username m00nie pass 456def
Server IP Address or name: 10.0.0.2
INFO: Attempting Authentication test to IP address <10.0.0.2> (timeout: 12 seconds)
INFO: Authentication Successful

Enjoy 🙂

Leave a Reply