1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Testing AAA Configuration

Testing AAA Configuration

Troubleshooting AAA can be rather comple—because it’s used so often with other features, such as PPP—so remembering to use the troubleshooting commands associated with any protocols or technologies working with AAA is important. This section looks at some common commands for confirming AAA configuration and activity.

When working with AAA in a specific environment, such as dial-up modems, ISDN, or PPP, don’t overlook Cisco’s web site for more information. Go to http://www.cisco.com on the Web and perform a search for AAA or ISDN AAA. No CCO account is needed for much of the information.

The show Commands

Two show commands useful in debugging AAA are

show running-config

To verify that local AAA is configured correctly

show tacacs

To verify network connectivity between NAS and AAA server

The debug Commands

Cisco IOS debug command output provides a valuable source of information and feedback concerning state transitions and functions within the AAA environment. In addition to debug command output gathered directly from devices running Cisco IOS, the Cisco AAA server can be configured to collect operational diagnostics. Use the following debug commands to capture AAA-related transitions and functions:

debug condition user username

Sets conditional debugging for a specific user and generates output debugs related to the user

debug aaa authentication

Displays authentication information with TACACS+ and RADIUS client/server interaction

debug aaa authorization

Displays authorization information with TACACS+ and RADIUS client/server interaction

debug aaa accounting

Displays accounting information with TACACS+ and RADIUS client/server interaction

debug tacacs

Displays TACACS+ interaction between the IOS client and the AAA server

debug radius

Displays RADIUS interaction between the IOS client and the AAA server

debug ppp negotiation

Shows if a client is passing PPP negotiation

debug ppp authentication

Shows if a client is passing PPP authentication

debug ppp error

Displays protocol errors and error statistics associated with PPP connection negotiation and operation



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Chapter 3: Cisco AAA Security Technology
The Cisco AAA Model
AAA System Components
Testing AAA Configuration
Chapter Review
Chapter 4: Cisco Secure ACS and TACACS+/RADIUS Technologies
Chapter 5: Securing Cisco Perimeter Routers
Chapter 6: IOS Firewall Feature Set - CBAC
Chapter 7: IOS Firewall - Intrusion Detection System
Chapter 8: IOS Firewall - Authentication Proxy
Part III: Virtual Private Networks (VPNs)
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars