March 29, 2010

Test AAA setup using Cisco ASA

A nice little command to test the AAA server will authenticate your users correctly (also works with PIX and FWSM).

The sytax is like this:

m00nies_ASA# test aaa-server [authentication|authorization] [host |] username password
If the authentication is successful you'll get- INFO: Authentication Successful If  the authentication fails you'll get- ERROR: Authentication Rejected: Unspecified

A example of a test failure:

m00nies_ASA# test aaa-server authentication CSM-tac-grp username m00nie pass 123abc Server IP Address or name: 10.0.0.2 INFO: Attempting Authentication test to IP address <10.0.0.2> (timeout: 12 seconds) ERROR: Authentication Rejected: Unspecified
An example of a successful test :) :
m00nies_ASA# test aaa-server authentication CSM-tac-grp username m00nie pass 456def Server IP Address or name: 10.0.0.2 INFO: Attempting Authentication test to IP address <10.0.0.2> (timeout: 12 seconds) INFO: Authentication Successful
Enjoy :)