Testing Your Configuration


Now that you have configured some users and a NAS, you are ready to test your configuration. The way to test AR locally without configuring an AAA client is to use a utility called radclient. The radclient utility uses the default Clients entry in AR of 127.0.0.1. The radclient utility simply creates and sends a RADIUS packet to AR.

The following step sequence creates an Access-Request packet for user john with password john and the packet identifier p001. It displays the packet before sending it. It uses the send command to send the packet, which displays the response packet object identifier p002. Then, the sequence shows how to display the contents of the response packet.

Step 1.

Run the radclient command. It prompts you for the cluster name, username, and password.

 # /opt/CSCOar/usrbin/radclient Cisco Access Registrar 3.5.0.7 RADIUS Test Client Copyright (C) 1995-2004 by Cisco Systems, Inc.  All rights reserved. 

Step 2.

Log in to the radclient utility as you would log in to aregcmd.

 Cluster: User: admin Password: Logging in to localhost...done 

Step 3.

Create a simple Access-Request packet for username john and password john. At the prompt, type

  The packet identifier is echod back to you 

The radclient command displays the ID of the packet p001.

Step 4.

Type the packet identifier to have the packet information echoed back to you as seen in Example 15-14:

Example 15-14. Creating a Request Packet
 p001 <cr> Packet: code = Access-Request, id = 0, length = 0, attributes =         User-Name = john         User-Password = john         NAS-Identifier = localhost         NAS-Port = 1  

Step 5.

Simulate an AAA client sending the packet to AR by using the packet identifier and the send command.

  The response packet is echod back to you. 

Step 6.

Type the response packet's identifier to display the contents of the Access-Accept packet, in this case, a denied access response as seen in Example 15-15:

Example 15-15. A Denied Response
 p002 <cr>  p002 Packet: code = Access-Reject, id = 1, length = 35, attributes =         Reply-Message = Access Denied  




Cisco Access Control Security(c) AAA Administrative Services
Cisco Access Control Security: AAA Administration Services
ISBN: 1587051249
EAN: 2147483647
Year: 2006
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net