test aaa authd-lite user
Syntax
test aaa authd-lite user username password password profile access-profile-name <port nas-port> <zero-stats>
Description
Verify authd-lite subscriber access authentication, accounting, and address allocation configuration.
The test aaa
command supports all RADIUS-sourced attributes, both IETF standard attributes and Juniper Networks VSAs. Received attributes are displayed in the output. For information about standard RADIUS attributes, see ../../../../Other/radius-std-attributes-vsas-support.html#id-radius-ietf-attributes-supported-by-the-aaa-service-framework. For information about Juniper Networks VSAs, see ../../../../Other/radius-std-attributes-vsas-support.html#id-juniper-networks-vsas-supported-by-the-aaa-service-framework.
Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag.
Options
username | Specify the subscriber username to test. |
password password | Specify the password associated with the username. |
profile access-profile-name | Specify the access profile associated with the subscriber. |
port nas-port | (Optional) Specify the NAS port used for the test. |
zero-stats | (Optional) Specify that no accounting statistics are set for this test. |
Required Privilege Level
view
Output Fields
When you enter this command, you are provided feedback on the status of your request. For information about output fields related to authentication, accounting, and subscriber-specific information, see the show network-access aaa statistics, show network-access aaa statistics authentication, show network-access aaa subscribers, and show subscribers commands.
The test command does not support volume-time accounting. If volume-time accounting is configured for the test subscriber, the test command replaces the statistics with time-only accounting statistics.
This command displays only attributes that are supported by Junos OS; these attributes appear even when their values are not set. The Virtual Router Name (LS:RI) field matches the Juniper Networks Virtual-Router VSA (26-1), if present; otherwise the field displays default:default. The displayed value for all other attributes that are not received is <not set>
.
Sample Output
test aaa authd-lite user
The following example tests the configuration for authd-lite subscriber user1bt with a password of $ABC123 and an access profile of employee12, and displays the resulting output:
user@host> test aaa authd-lite user user1bt password $ABC123 profile employee12 Authentication Grant ************User Attributes*********** User Name - user1bt Framed IPv6 Prefix - ::/0 Framed IPv6 Pool - NULL Nas IPv6 Address - :: NDRA IPv6 Prefix - NULL Login IPv6 Host - :: Framed Interface Id - 0:0:0:0 Delegated IPv6 Prefix - ::/0 NDRA IPv6 Pool - NULL User Password - $ABC123 Nas Ip Address - 0.0.0.0 NAS Port - 0 Service Type- 0 Framed IP Address - 0.0.0.0 Framed IP Netmask - 0.0.0.0 Filter Id - NULL Framed MTU - 0 Reply Message - NULL Framed Route- <not set> Framed MTU - 0 Class - SBR2CL Virtual Router Name (LS:RI) default:default Primary DNS IP Address - 0.0.0.0 Secondary DNS IP Address - 0.0.0.0 Primary WINS IP Address - 0.0.0.0 Secondary WINS IP Address - 0.0.0.0 Ingress Statistics - disabled Egress Statistics - disabled Ingress Policy Name - <not set> Engress Policy Name - <not set> IGMP Enable - disabled Redirect VR Name (LS:RI) default:default Service Bundle <not set> Framed Ip Route Tag <not set> LI Action 0 LI Interception Identifier 0 LI Mediation Device IP Address 0.0.0.0 LI_Mediation_Device_Port_Number 0 Activate Service NULL Deactivate Service NULL Service Statistics 0 Ignore_DF_Bit - disabled IGMP Access Group Name <not set> IGMP Access Source Group_Name - <not set> MLD Access Group Name <not set> MLD Access Source Group Name <not set> MLD Version - MLD Version not set IGMP Version IGMP Version not set IGMP Immediate Leave - <not set> MLD Immediate Leave - <not set> IPv6_Ingress_Policy_Name - <not set> IPv6_Egress_Policy_Name - <not set> Cos_Parameter_Type - <not set> Service Interim Acct Interval 0 Max Clients Per Interface 0 Cos_Scheduler_Pmt_Type <not set> Session Timeout 599999940 NAS Port Type 0 Framed Pool NULL Idle Timeout 0 Acct-start sent Acct-start succeeded Pausing 10 seconds Interim-Acct sent Acct-interim succeeded Pausing 10 seconds Acct-stop sent Acct-stop succeeded Logging out subscriber Test complete. Exiting
test aaa authd-lite user (XML Output)
The following example shows an excerpt of sample XML output in the new format:
user@host>test aaa authd-lite user user45@test.net password $ABC123 | display xml <rpc-reply xmlns:junos="namespace-URL"> <aaa-test-result> <aaa-test-status>Authentication Grant</aaa-test-status> <aaa-test-status>************User Attributes***********</aaa-test-status> <radius-server-data> <radius-server-attribute-name>User Name -</radius-server-attribute-name> <radius-server-attribute-value>user45@test.net</radius-server-attribute-value> </radius-server-data> <radius-server-data> <radius-server-attribute-name>Framed IPv6 Prefix -</radius-server-attribute-name> <radius-server-attribute-value><not set></radius-server-attribute-value> </radius-server-data> <radius-server-data> <radius-server-attribute-name>Framed IPv6 Pool -</radius-server-attribute-name> <radius-server-attribute-value><not set></radius-server-attribute-value> </radius-server-data> <radius-server-data> <radius-server-attribute-name>NDRA IPv6 Prefix -</radius-server-attribute-name> <radius-server-attribute-value><not set></radius-server-attribute-value> </radius-server-data> ... <aaa-test-status>Test complete. Exiting</aaa-test-status> </aaa-test-result> <cli> <banner></banner> </cli> </rpc-reply>