Radius server test
Author: r | 2025-04-24
The RADIUS test is a test of connectivity to the RADIUS server, not of full RADIUS functionality. The controller‘s RADIUS connectivity test initiates an access-request, to which the RADIUS server will respond. If a response is
Testing the RADIUS Server - Cisco
RADIUS command output are defined as follows: The aaa group server radius command shows the configuration of a server group. The radius server and address command defines the RADIUS server name and IP address of the RADIUS server with authorization and accounting ports specified. The radius-server load-balance command enables load balancing for the RADIUS server with the batch size specified. The show debug sample output below shows test requests being sent to servers. The response to the test request sent to the server is received, the server is removed from quarantine as appropriate, the server is marked alive, and then the idle timer is reset. Device# show debug*Feb 28 13:52:20.835:AAA/SG/TEST:Server (192.0.2.238:2015,2016) quarantined.*Feb 28 13:52:20.835:AAA/SG/TEST:Sending test request(s) to server (192.0.2.238:2015,2016)*Feb 28 13:52:20.835:AAA/SG/TEST:Sending 1 Access-Requests, 1 Accounting-Requests in current batch.*Feb 28 13:52:20.835:AAA/SG/TEST(Req#:1):Sending test AAA Access-Request.*Feb 28 13:52:20.835:AAA/SG/TEST(Req#:1):Sending test AAA Accounting-Request.*Feb 28 13:52:21.087:AAA/SG/TEST:Obtained Test response from server (192.0.2.238:2015,2016)*Feb 28 13:52:22.651:AAA/SG/TEST:Obtained Test response from server (192.0.2.238:2015,2016)*Feb 28 13:52:22.651:AAA/SG/TEST:Necessary responses received from server (192.0.2.238:2015,2016)*Feb 28 13:52:22.651:AAA/SG/TEST:Server (192.0.2.238:2015,2016) marked ALIVE. Idle timer set for 60 secs(s).*Feb 28 13:52:22.651:AAA/SG/TEST:Server (192.0.2.238:2015,2016) removed from quarantine.... The following example shows an authentication server group and an authorization server group that use the same servers 209.165.200.225 and 209.165.200.226. Both server groups have the preferred server flag enabled. Device> enableDevice# configure terminalDevice(config)# aaa group server radius authentication-groupDevice(config-sg-radius)# server 209.165.200.225 key radkey1Device(config-sg-radius)# server 209.165.200.226 key radkey2Device(config-sg-radius)# exitDevice(config)# aaa group server radius accounting-groupDevice(config-sg-radius)# server 209.165.200.225 key radkey1Device(config-sg-radius)# server 209.165.200.226 key radkey2Device(config-sg-radius)# end When a preferred server is selected for a session, all transactions for. The RADIUS test is a test of connectivity to the RADIUS server, not of full RADIUS functionality. The controller‘s RADIUS connectivity test initiates an access-request, to which the RADIUS server will respond. If a response is Use radius-server test-profile to configure a test profile for detecting the RADIUS server status. Use undo radius-server test-profile to delete a RADIUS test profile. Syntax. radius-server test-profile profile-name username name [ password { cipher The RADIUS Test tool tests network connectivity between a device acting as a RADIUS authenticator (RADIUS client) and RADIUS authentication server, which can be an Extreme Networks RADIUS server, or an external RADIUS authentication or accounting server. Use this task to test the connectivity between a RADIUS authenticator and a RADIUS server. Is there software I can run to test my radius I want to setup a radius server (on my test server first). Windows Radius testing tool. Radius Load Testing. Windows. Radius Test: A Comprehensive Tool for Testing RADIUS Servers. Radius Test by Radutils, Inc. is a powerful software application designed to help network administrators and IT professionals test the functionality and performance of RADIUS servers. Radius Test: A Comprehensive Tool for Testing RADIUS Servers. Radius Test by Radutils, Inc. is a powerful software application designed to help network administrators and IT professionals test the functionality and performance of RADIUS servers. Load: 3Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[1] load: 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[2] load: 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Selected Server[1] with load 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [3] transactions remaining in batch.Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [2] transactions remaining in batch. Reusing server. Step 3 Use the test aaa group command to manually verify the RADIUS load-balanced server status. The following sample output shows the response from a load-balanced RADIUS server that is alive when the username “test” does not match a user profile. The server is verified alive when it issues an Access-Reject response to an authentication, authorization, and accounting (AAA) packet generated using the test aaa group command. Example: Device# test aaa group SG1 test lab new-code 00:06:07: RADIUS/ENCODE(00000000):Orig. component type = INVALID00:06:07: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off00:06:07: RADIUS(00000000): Config NAS IP: 192.0.2.400:06:07: RADIUS(00000000): sending00:06:07: RADIUS/ENCODE: Best Local IP-Address 192.0.2.141 for Radius-Server 192.0.2.17600:06:07: RADIUS(00000000): Send Access-Request to 192.0.2.176:1645 id 1645/1, len 5000:06:07: RADIUS: authenticator CA DB F4 9B 7B 66 C8 A9 - D1 99 4E 8E A4 46 99 B400:06:07: RADIUS: User-Password [2] 18 *00:06:07: RADIUS: User-Name [1] 6 "test"00:06:07: RADIUS: NAS-IP-Address [4] 6 192.0.2.14100:06:07: RADIUS: Received from id 1645/1 192.0.2.176:1645, Access-Reject, len 4400:06:07: RADIUS: authenticator 2F 69 84 3E F0 4E F1 62 - AB B8 75 5B 38 82 49 C300:06:07: RADIUS: Reply-Message [18] 24 00:06:07: RADIUS: 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 66 [Authentication f]00:06:07: RADIUS:Comments
RADIUS command output are defined as follows: The aaa group server radius command shows the configuration of a server group. The radius server and address command defines the RADIUS server name and IP address of the RADIUS server with authorization and accounting ports specified. The radius-server load-balance command enables load balancing for the RADIUS server with the batch size specified. The show debug sample output below shows test requests being sent to servers. The response to the test request sent to the server is received, the server is removed from quarantine as appropriate, the server is marked alive, and then the idle timer is reset. Device# show debug*Feb 28 13:52:20.835:AAA/SG/TEST:Server (192.0.2.238:2015,2016) quarantined.*Feb 28 13:52:20.835:AAA/SG/TEST:Sending test request(s) to server (192.0.2.238:2015,2016)*Feb 28 13:52:20.835:AAA/SG/TEST:Sending 1 Access-Requests, 1 Accounting-Requests in current batch.*Feb 28 13:52:20.835:AAA/SG/TEST(Req#:1):Sending test AAA Access-Request.*Feb 28 13:52:20.835:AAA/SG/TEST(Req#:1):Sending test AAA Accounting-Request.*Feb 28 13:52:21.087:AAA/SG/TEST:Obtained Test response from server (192.0.2.238:2015,2016)*Feb 28 13:52:22.651:AAA/SG/TEST:Obtained Test response from server (192.0.2.238:2015,2016)*Feb 28 13:52:22.651:AAA/SG/TEST:Necessary responses received from server (192.0.2.238:2015,2016)*Feb 28 13:52:22.651:AAA/SG/TEST:Server (192.0.2.238:2015,2016) marked ALIVE. Idle timer set for 60 secs(s).*Feb 28 13:52:22.651:AAA/SG/TEST:Server (192.0.2.238:2015,2016) removed from quarantine.... The following example shows an authentication server group and an authorization server group that use the same servers 209.165.200.225 and 209.165.200.226. Both server groups have the preferred server flag enabled. Device> enableDevice# configure terminalDevice(config)# aaa group server radius authentication-groupDevice(config-sg-radius)# server 209.165.200.225 key radkey1Device(config-sg-radius)# server 209.165.200.226 key radkey2Device(config-sg-radius)# exitDevice(config)# aaa group server radius accounting-groupDevice(config-sg-radius)# server 209.165.200.225 key radkey1Device(config-sg-radius)# server 209.165.200.226 key radkey2Device(config-sg-radius)# end When a preferred server is selected for a session, all transactions for
2025-04-10Load: 3Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[1] load: 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[2] load: 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Selected Server[1] with load 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [3] transactions remaining in batch.Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [2] transactions remaining in batch. Reusing server. Step 3 Use the test aaa group command to manually verify the RADIUS load-balanced server status. The following sample output shows the response from a load-balanced RADIUS server that is alive when the username “test” does not match a user profile. The server is verified alive when it issues an Access-Reject response to an authentication, authorization, and accounting (AAA) packet generated using the test aaa group command. Example: Device# test aaa group SG1 test lab new-code 00:06:07: RADIUS/ENCODE(00000000):Orig. component type = INVALID00:06:07: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off00:06:07: RADIUS(00000000): Config NAS IP: 192.0.2.400:06:07: RADIUS(00000000): sending00:06:07: RADIUS/ENCODE: Best Local IP-Address 192.0.2.141 for Radius-Server 192.0.2.17600:06:07: RADIUS(00000000): Send Access-Request to 192.0.2.176:1645 id 1645/1, len 5000:06:07: RADIUS: authenticator CA DB F4 9B 7B 66 C8 A9 - D1 99 4E 8E A4 46 99 B400:06:07: RADIUS: User-Password [2] 18 *00:06:07: RADIUS: User-Name [1] 6 "test"00:06:07: RADIUS: NAS-IP-Address [4] 6 192.0.2.14100:06:07: RADIUS: Received from id 1645/1 192.0.2.176:1645, Access-Reject, len 4400:06:07: RADIUS: authenticator 2F 69 84 3E F0 4E F1 62 - AB B8 75 5B 38 82 49 C300:06:07: RADIUS: Reply-Message [18] 24 00:06:07: RADIUS: 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 66 [Authentication f]00:06:07: RADIUS:
2025-04-18Load: 3Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[1] load: 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Server[2] load: 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Selected Server[1] with load 0Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [3] transactions remaining in batch.Jul 16 03:15:05: AAA/SG/SERVER_SELECT: Obtaining least loaded server.Jul 16 03:15:05: AAA/SG/SERVER_SELECT: [2] transactions remaining in batch. Reusing server. Step 3 Use the test aaa group command to manually verify the RADIUS load-balanced server status. The following sample output shows the response from a load-balanced RADIUS server that is alive when the username “test” does not match a user profile. The server is verified alive when it issues an Access-Reject response to an authentication, authorization, and accounting (AAA) packet generated using the test aaa group command. Example: Device# test aaa group SG1 test lab new-code 00:06:07: RADIUS/ENCODE(00000000):Orig. component type = INVALID00:06:07: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off00:06:07: RADIUS(00000000): Config NAS IP: 192.0.2.400:06:07: RADIUS(00000000): sending00:06:07: RADIUS/ENCODE: Best Local IP-Address 192.0.2.141 for Radius-Server 192.0.2.17600:06:07: RADIUS(00000000): Send Access-Request to 192.0.2.176:1645 id 1645/1, len 5000:06:07: RADIUS: authenticator CA DB F4 9B 7B 66 C8 A9 - D1 99 4E 8E A4 46 99 B400:06:07: RADIUS: User-Password [2] 18 *00:06:07: RADIUS: User-Name [1] 6 "test"00:06:07: RADIUS: NAS-IP-Address [4] 6 192.0.2.14100:06:07: RADIUS: Received from id 1645/1 192.0.2.176:1645, Access-Reject, len 4400:06:07: RADIUS: authenticator 2F 69 84 3E F0 4E F1 62 - AB B8 75 5B 38 82 49 C300:06:07: RADIUS: Reply-Message [18] 24 00:06:07: RADIUS: 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 66 [Authentication f]00:06:07: RADIUS: 61 69 6C 75 72 65 [failure]00:06:07: RADIUS(00000000): Received from id 1645/100:06:07: RADIUS/DECODE: Reply-Message fragments, 22, total 22 bytes Enabling VRF Aware RADIUS Automated Testing To enable RADIUS automated testing for a non-default VRF, perform the following procedure: Procedure Command or Action Purpose Step 1 enable Example: Device>enable Enables privileged EXEC mode. Enter your password, if prompted. Step 2 configure terminal Example: Device# configure terminal Enters global configuration mode. Step 3 radius server name Example: Device(config)# radius server myserver Specifies the name of the RADIUS server configuration and enters RADIUS server configuration mode. Step 4 address { ipv4| ipv6} {
2025-04-15Available to process transactions, the RADIUS automated tester sends a request periodically to the server for a test user ID. If the server returns an Access-Reject message, the server is alive; otherwise the server is either dead or quarantined. A transaction sent to an unresponsive server is failed over to the next available server before the unresponsive server is marked dead. We recommend that you use the retry reorder mode for failed transactions. When using the RADIUS automated tester, verify that the authentication, authorization, and accounting (AAA) servers are responding to the test packets that are sent by the network access server (NAS). If the servers are not configured correctly, packets may be dropped and the server erroneously marked dead. Caution We recommend that you use a test user that is not defined on the RADIUS server for the RADIUS server automated testing to protect against security issues that may arise if the test user is not correctly configured. Note Use the test aaa group command to check load-balancing transactions. The automate-tester username name probe-on command is used to verify the status of a server by sending RADIUS packets. After this command is configured, a five-second dead timer is started and a RADIUS packet is sent to the external RADIUS server after five seconds. The server state is updated if there is a response from the external RADIUS server. If there is no response, the packets are sent out according to the timeout interval that is configured using the radius-server
2025-04-16