Run the "test" command on the switch
sw1#test aaa group tacacs+ ro PASSWORD legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.
sw1#test aaa group tacacs+ admin99 PASSWORD legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User authentication request was rejected by server.
Even though the second attempt was rejected it still confirms that ACS rejected the request and is fully operational.
Step 1. Lets have a look at the ACS server. Once logged in navigate to "Monitoring and Reports" and click "Launch Monitoring and Report Viewer"
Step 2. A new window pops up. Navigate to "Reports", "Catalog", and click "AAA Protocols".
Step 3. On the right pain under reports click "TACACS Authentication. As you can see the first 2 entries correlate to what was seen on the switch. A pass and a fail.
Step 4. Lets look at some more details by clicking the magnifying glass under details. Lets look at the authentication that passed. As you can see there is alot of details. The big thing here is the "Status"
Step 5. Lets look at the authentication that was rejected. You can see the reason is identified. Wrong password :/
I will be adding a few more of these types of posts over the next week or so. Quick posts that provide specific detail on a particular topic.
0 comments:
Post a Comment