Troubleshooting AAA can be rather comple—because it’s used so often with other features, such as PPP—so remembering to use the troubleshooting commands associated with any protocols or technologies working with AAA is important. This section looks at some common commands for confirming AAA configuration and activity.
When working with AAA in a specific environment, such as dial-up modems, ISDN, or PPP, don’t overlook Cisco’s web site for more information. Go to http://www.cisco.com on the Web and perform a search for AAA or ISDN AAA. No CCO account is needed for much of the information.
Two show commands useful in debugging AAA are
show running-config |
To verify that local AAA is configured correctly |
show tacacs |
To verify network connectivity between NAS and AAA server |
Cisco IOS debug command output provides a valuable source of information and feedback concerning state transitions and functions within the AAA environment. In addition to debug command output gathered directly from devices running Cisco IOS, the Cisco AAA server can be configured to collect operational diagnostics. Use the following debug commands to capture AAA-related transitions and functions:
debug condition user username |
Sets conditional debugging for a specific user and generates output debugs related to the user |
debug aaa authentication |
Displays authentication information with TACACS+ and RADIUS client/server interaction |
debug aaa authorization |
Displays authorization information with TACACS+ and RADIUS client/server interaction |
debug aaa accounting |
Displays accounting information with TACACS+ and RADIUS client/server interaction |
debug tacacs |
Displays TACACS+ interaction between the IOS client and the AAA server |
debug radius |
Displays RADIUS interaction between the IOS client and the AAA server |
debug ppp negotiation |
Shows if a client is passing PPP negotiation |
debug ppp authentication |
Shows if a client is passing PPP authentication |
debug ppp error |
Displays protocol errors and error statistics associated with PPP connection negotiation and operation |