test aaa dhcp user
Syntax
test aaa dhcp user username <agent-remote-id ari> <logical-system logical-system-name> <mac-address mac-address> <no-address-request> <option-82 option-82> <password password> <profile access-profile-name> <routing-instance routing-instance-name> <service-type service-type> <source-address source-address> <terminate-code code-value>
Description
Verify Dynamic Host Configuration Protocol (DHCP) subscriber access authentication, accounting, and address allocation configuration by creating a test pseudo session.
The test aaa command supports all RADIUS-sourced
attributes, both IETF standard attributes and Juniper Networks VSAs.
Received attributes are displayed in the output. For information about
standard RADIUS attributes, see Standard and Vendor-Specific RADIUS Attributes. For information about Juniper Networks VSAs,
see Standard and Vendor-Specific RADIUS Attributes.
Starting in Junos OS Release 19.3R1, the XML output format has changed. Each RADIUS server attribute name has an associated attribute value. Each of these pairs is now enclosed by the <radius-server-data> tag. The new tag makes it easier to recognize the name/value pairs, both for operators and API clients. You may have to change any scripts that use the XML output to work properly with the new format.
Options
| username | Subscriber username to test. |
||||||||||||
| agent-remote-id ari | (Optional) Value of the DSL Forum Agent-Remote-Id (VSA 26–2). |
||||||||||||
| logical-system logical-system-name | (Optional) Logical system in which the subscriber is authenticated. This is the logical system in the AAA LS:RI context for the subscriber. This context differs from the subscriber context, which is the LS:RI in which the subscriber is placed, by either the Virtual-Router VSA (26-1) or the Redirect-VRouter-Name VSA (26–25). |
||||||||||||
| mac-address mac-address | (Optional) MAC address of the DHCP client. |
||||||||||||
| no-address-request | (Optional) Request is sent for authentication without address allocation. Use for Layer 2-only scenarios where no address allocation request is needed. Note:
The |
||||||||||||
| option-82 option-82 | (Optional) DHCP relay agent information option (option-82) value. |
||||||||||||
| password password | (Optional) Password associated with the username. |
||||||||||||
| profile access-profile-name | (Optional) Access profile associated with the subscriber. |
||||||||||||
| routing-instance routing-instance-name | (Optional) Routing instance in which the subscriber is authenticated. This is the routing instance in the AAA LS:RI context for the subscriber. This context differs from the subscriber context, which is the LS:RI in which the subscriber is placed, by either the Virtual-Router VSA (26-1) or the Redirect-VRouter-Name VSA (26–25). In the case of VSA 26-25, the subscriber is re-authenticated in the subscriber context. |
||||||||||||
| service-type service-type | (Optional) Value of the Service Type RADIUS attribute [6] that is associated with the test user; either a number in the range 1 through 255 or one of the following strings that corresponds to an RFC-defined service type; the numbers are the values that are carried in the RADIUS attribute to specify the service:
|
||||||||||||
| source-address source-address | (Optional) IP address of the outgoing interface. |
||||||||||||
| terminate-code code-value | (Optional) Code associated with the subscriber termination. |
Required Privilege Level
view
Output Fields
When you enter this command, you are provided feedback on the status of your request. For information about output fields related to authentication, accounting, and subscriber-specific information, see the show network-access aaa statistics, show network-access aaa statistics authentication, show network-access aaa subscribers, and show subscribers commands.
The test command does not support volume-time accounting. If volume-time accounting is configured for the test subscriber, the test command replaces the statistics with time-only accounting statistics.
This command displays only attributes that are supported by
Junos OS; these attributes appear even when their values are not set.
The Virtual Router Name (LS:RI) field matches the Juniper Networks
Virtual-Router VSA (26-1), if present; otherwise the field displays
default:default. The displayed value for all other attributes that
are not received is <not set>.
Sample Output
- test aaa dhcp user
- test aaa dhcp user (XML Output, Old Format)
- test aaa dhcp user (XML Output, New Format)
test aaa dhcp user
The following example tests the configuration for DHCP subscriber user1DB and password $ABC123, and displays the resulting output:
user@host> test aaa dhcp user user1DB@test.net password $ABC123
Authentication Grant
************User Attributes***********
User Name - user1DB@test.net
Client IP Address - 192.168.1.1
Client IP Netmask - 255.255.0.0
Virtual Router Name (LS:RI)- default:default
Agent Remote Id - NULL
Reply Message - NULL
Primary DNS IP Address - 0.0.0.0
Secondary DNS IP Address - 0.0.0.0
Primary WINS IP Address - 0.0.0.0
Secondary WINS IP Address - 0.0.0.0
Primary DNS IPv6 Address - ::
Secondary DNS IPv6 Address - ::
Framed Pool - <not set>
Service Type - 0
DHCP Guided Relay Server - 0
Class Attribute - TEST
Client IPv6 Address - ::
Client IPv6 Mask - null
Framed IPv6 Prefix - ::/0
Framed IPv6 Pool - <not-set>
NDRA IPv6 Prefix - <not-set>
Login IPv6 Host - ::
Framed Interface Id - 0:0:0:0
Delegated IPv6 Prefix - ::/0
Delegated IPv6 Pool - <not-set>
User Password - $ABC123
CHAP Password - NULL
Mac Address - 00:00:5E:00:53:ab
Idle Timeout - 600
Session Timeout - 6000
Service Name (1) - cos-service(video_sch, nc_sch)
Service Statistics (1) - 1
Service Acct Interim (1) - 600
Service Activation Type (1) - 1
Service Name (2) - filter-service(in_filter, out_filter)
Service Statistics (2) - 2
Service Acct Interim (2) - 900
Service Activation Type (2) - 1
Cos shaping rate - 100m
Filter Id - <not set>
Framed MTU - (null)
Framed Route - <not set>
Ingress Policy Name - <not set>
Egress Policy Name - <not set>
IGMP Enable - disabled
Redirect VR Name (LS:RI)- default:default
Service Bundle - Null
Framed Ip Route Tag - <not set>
Ignore DF Bit - disabled
IGMP Access Group Name - <not set>
IGMP Access Source Group Name - <not set>
MLD Access Group Name - <not set>
MLD Access Source Group Name - <not set>
IGMP Version - <not set>
MLD Version - <not set>
IGMP Immediate Leave - <not set>
MLD Immediate Leave - <not set>
IPv6 Ingress Policy Name - <not set>
IPv6 Egress Policy Name - <not set>
Dynamic Profile - <not set>
Acct Session ID - 1
Acct Interim Interval - 750
Acct Type - 1
Ingress Statistics - disabled
Egress Statistics - disabled
Chargeable user identity - 0
NAS Port Id - -0/0/0.0
NAS Port - 4095
NAS Port Type - 15
Framed Protocol - 1
IPv4 ADF Rule - 010100
IPv4 ADF Rule - 010101
IPv6 ADF Rule - 030100
IPv6 ADF Rule - 030101
****Pausing 10 seconds before disconnecting the test user*********
Logging out subscriber
Terminate Id - <not set>
Test complete. Exitingtest aaa dhcp user (XML Output, Old Format)
The following example shows an excerpt of sample XML output in the old format:
user@host>test aaa dhcp user user45@test.net password $ABC123 profile test | display xml
<rpc-reply xmlns:junos=“namespace-URL”
<aaa-test-result>
<aaa-test-status>Authentication Grant</aaa-test-status>
<aaa-test-status>************User Attributes***********</aaa-test-status>
<radius-server-attribute-name>User Name -</radius-server-attribute-name>
<radius-server-attribute-value>user45@test.net</radius-server-attribute-value>
<radius-server-attribute-name>Virtual Router Name (LS:RI) -</radius-server-attribute-name>
<radius-server-attribute-value>default:default</radius-server-attribute-value>
<radius-server-attribute-name>Client IP Address -</radius-server-attribute-name>
<radius-server-attribute-value>198.51.100.7</radius-server-attribute-value>
<radius-server-attribute-name>Client IP Netmask -</radius-server-attribute-name>
<radius-server-attribute-value>255.255.255.255</radius-server-attribute-value>
...
<aaa-test-status>Test complete. Exiting</aaa-test-status>
</aaa-test-result>
<cli>
<banner></banner>
</cli>
</rpc-reply>
test aaa dhcp user (XML Output, New Format)
The following example shows an excerpt of sample XML output in the new format:
user@host>test aaa dhcp user user45@test.net password $ABC123 | display xml
<rpc-reply xmlns:junos="namespace-URL">
<aaa-test-result>
<aaa-test-status>Authentication Grant</aaa-test-status>
<aaa-test-status>************User Attributes***********</aaa-test-status>
<radius-server-data>
<radius-server-attribute-name>User Name -</radius-server-attribute-name>
<radius-server-attribute-value>user45@test.net</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Virtual Router Name (LS:RI) -</radius-server-attribute-name>
<radius-server-attribute-value>default:default</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Client IP Address -</radius-server-attribute-name>
<radius-server-attribute-value>198.51.100.7</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
<radius-server-attribute-name>Client IP Netmask -</radius-server-attribute-name>
<radius-server-attribute-value>255.255.255.255</radius-server-attribute-value>
</radius-server-data>
<radius-server-data>
...
<aaa-test-status>Test complete. Exiting</aaa-test-status>
</aaa-test-result>
<cli>
<banner></banner>
</cli>
</rpc-reply>
Release Information
Command introduced in Junos OS Release 11.2.
Option terminate-code added in Junos OS Release 11.4.
Option agent-remote-id added in Junos OS Release
14.1.
Options no-address-request and service-type added in Junos OS Release 16.1.