This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.
CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E

Saturday, March 23, 2013

Testing AAA Authentication with ACS - Part 1

Confirming that local authentication on the switch and ACS is working after you finished your configuration perform the following:

Run the "test" command on the switch
sw1#test aaa group tacacs+ ro PASSWORD legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.

sw1#test aaa group tacacs+ admin99 PASSWORD legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User authentication request was rejected by server.

Even though the second attempt was rejected it still confirms that ACS rejected the request and is fully operational.

Step 1. Lets have a look at the ACS server. Once logged in navigate to "Monitoring and Reports" and click  "Launch Monitoring and Report Viewer"












Step 2. A new window pops up. Navigate to "Reports", "Catalog", and click "AAA Protocols".




















Step 3. On the right pain under reports click "TACACS Authentication. As you can see the first 2 entries correlate to what was seen on the switch. A pass and a fail.





Step 4. Lets look at some more details by clicking the magnifying glass under details. Lets look at the authentication that passed. As you can see there is alot of details. The big thing here is the "Status"









Step 5. Lets look at the authentication that was rejected. You can see the reason is identified. Wrong password :/











I will be adding a few more of these types of posts over the next week or so. Quick posts that provide specific detail on a particular topic.

0 comments:

Post a Comment