Thursday, June 18, 2009

Test AAA Authentication on Cisco ASA

Have you ever been in a situation where you have configured AAA authentication on your Cisco ASA firewall, but you're not sure if it's working?

It can be difficult to determine if there is a problem with the ASA configuration or with the AAA server.

There is an excellent command on the Cisco ASA that allows you to test AAA authentication from the command line. The command is:

test aaa-server {authentication | authorization} server-tag [host server-ip]

An example of this command is included below. The first couple of lines show my AAA authentication configuration. And, the next commands show the 'test aaa authentication' command in action. The first attempt is with properly entered credentials. The second attempt is with improperly entered credentials.

Reblog this post [with Zemanta]

No comments: