test aaa authd-lite user
Syntax
test aaa authd-lite user username password password profile access-profile-name <port nas-port> <zero-stats>
Description
Verify authd-lite subscriber access authentication, accounting, and address allocation configuration.
The test aaa command supports all RADIUS-sourced attributes, both IETF standard attributes and Juniper Networks VSAs. Received attributes are displayed in the output. For information about standard RADIUS attributes, see Standard and Vendor-Specific RADIUS Attributes. For information about Juniper Networks VSAs, see Standard and Vendor-Specific RADIUS Attributes.
Starting in Junos OS Release 19.3R1, the XML output format has changed. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.
Options
| username | Specify the subscriber username to test. |
| password password | Specify the password associated with the username. |
| profile access-profile-name | Specify the access profile associated with the subscriber. |
| port nas-port | (Optional) Specify the NAS port used for the test. |
| zero-stats | (Optional) Specify that no accounting statistics are set for this test. |
Required Privilege Level
view
Output Fields
When you enter this command, you are provided feedback on the status of your request. For information about output fields related to authentication, accounting, and subscriber-specific information, see the show network-access aaa statistics, show network-access aaa statistics authentication, show network-access aaa subscribers, and show subscribers commands.
The test command does not support volume-time accounting. If volume-time accounting is configured for the test subscriber, the test command replaces the statistics with time-only accounting statistics.
This command displays only attributes that are supported by Junos OS; these attributes appear even when their values are not set. The Virtual Router Name (LS:RI) field matches the Juniper Networks Virtual-Router VSA (26-1), if present; otherwise the field displays default:default. The displayed value for all other attributes that are not received is <not set>.
Sample Output
- test aaa authd-lite user
- test aaa authd-lite user (XML Output, Old Format)
- test aaa authd-lite user (XML Output, New Format)
test aaa authd-lite user
The following example tests the configuration for authd-lite subscriber user1bt with a password of $ABC123 and an access profile of employee12, and displays the resulting output:
user@host> test aaa authd-lite user user1bt password $ABC123 profile employee12
Authentication Grant
************User Attributes***********
User Name - user1bt
Framed IPv6 Prefix - ::/0
Framed IPv6 Pool - NULL
Nas IPv6 Address - ::
NDRA IPv6 Prefix - NULL
Login IPv6 Host - ::
Framed Interface Id - 0:0:0:0
Delegated IPv6 Prefix - ::/0
NDRA IPv6 Pool - NULL
User Password - $ABC123
Nas Ip Address - 0.0.0.0
NAS Port - 0
Service Type- 0
Framed IP Address - 0.0.0.0
Framed IP Netmask - 0.0.0.0
Filter Id - NULL
Framed MTU - 0
Reply Message - NULL
Framed Route- <not set>
Framed MTU - 0
Class - SBR2CL
Virtual Router Name (LS:RI) default:default
Primary DNS IP Address - 0.0.0.0
Secondary DNS IP Address - 0.0.0.0
Primary WINS IP Address - 0.0.0.0
Secondary WINS IP Address - 0.0.0.0
Ingress Statistics - disabled
Egress Statistics - disabled
Ingress Policy Name - <not set>
Engress Policy Name - <not set>
IGMP Enable - disabled
Redirect VR Name (LS:RI) default:default
Service Bundle <not set>
Framed Ip Route Tag <not set>
LI Action 0
LI Interception Identifier 0
LI Mediation Device IP Address 0.0.0.0
LI_Mediation_Device_Port_Number 0
Activate Service NULL
Deactivate Service NULL
Service Statistics 0
Ignore_DF_Bit - disabled
IGMP Access Group Name <not set>
IGMP Access Source Group_Name - <not set>
MLD Access Group Name <not set>
MLD Access Source Group Name <not set>
MLD Version - MLD Version not set
IGMP Version IGMP Version not set
IGMP Immediate Leave - <not set>
MLD Immediate Leave - <not set>
IPv6_Ingress_Policy_Name - <not set>
IPv6_Egress_Policy_Name - <not set>
Cos_Parameter_Type - <not set>
Service Interim Acct Interval 0
Max Clients Per Interface 0
Cos_Scheduler_Pmt_Type <not set>
Session Timeout 599999940
NAS Port Type 0
Framed Pool NULL
Idle Timeout 0
Acct-start sent
Acct-start succeeded
Pausing 10 seconds
Interim-Acct sent
Acct-interim succeeded
Pausing 10 seconds
Acct-stop sent
Acct-stop succeeded
Logging out subscriber
Test complete. Exiting
test aaa authd-lite user (XML Output, Old Format)
The following example shows an excerpt of sample XML output in the old format:
user@host>test aaa authd-lite user user45@test.net password $ABC123 profile test | display xml
<rpc-reply xmlns:junos=“namespace-URL”
<aaa-test-result>
<aaa-test-status>Authentication Grant</aaa-test-status>
<aaa-test-status>************User Attributes***********</aaa-test-status>
<radius-server-attribute-name>User Name -</radius-server-attribute-name>
<radius-server-attribute-value>user45@test.net</radius-server-attribute-value>
<radius-server-attribute-name>Framed IPv6 Prefix -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
<radius-server-attribute-name>Framed IPv6 Pool -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
<radius-server-attribute-name>NDRA IPv6 Prefix -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
...
<aaa-test-status>Test complete. Exiting</aaa-test-status>
</aaa-test-result>
<cli>
<banner></banner>
</cli>
</rpc-reply>
test aaa authd-lite user (XML Output, New Format)
The following example shows an excerpt of sample XML output in the new format:
user@host>test aaa authd-lite user user45@test.net password $ABC123 | display xml
<rpc-reply xmlns:junos="namespace-URL">
<aaa-test-result>
<aaa-test-status>Authentication Grant</aaa-test-status>
<aaa-test-status>************User Attributes***********</aaa-test-status>
<radius-server-data>
<radius-server-attribute-name>User Name -</radius-server-attribute-name>
<radius-server-attribute-value>user45@test.net</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Framed IPv6 Prefix -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Framed IPv6 Pool -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>NDRA IPv6 Prefix -</radius-server-attribute-name>
<radius-server-attribute-value><not set></radius-server-attribute-value>
</radius-server-data>
...
<aaa-test-status>Test complete. Exiting</aaa-test-status>
</aaa-test-result>
<cli>
<banner></banner>
</cli>
</rpc-reply>
Release Information
Command introduced in Junos OS Release 11.2.