[TABS_R id=8782]
Which of the following statements about the test aaa group command is not true? (Select the best answer.)
- It does not work with a RADIUS server configuration.
- It can be used to verify a AAA server configuration.
- It can generate a “User rejected” message if the server is alive.
- It associates a DNIS or CLID named user profile with a record sent to the server.
Explanation/Reference:
The Cisco test aaa group command does work with a Remote Authentication DialIn User Service (RADIUS) configuration. The syntax of the test aaa group command is test aaa group {groupname | radius} username password newcode [profile profilename], where groupname is a subset of RADIUS servers, username is the name for the test user, and password is the test user’s password.
The test aaa group command can associate a Dialed Number Identification Service (DNIS) or Caller Line Identification (CLID) named user profile with a record sent to the server. The newcode keyword configures the command to support a CLID or DNIS user profile association with the RADIUS server. The profile profilename keyword associates the user profile specified by profilename with the RADIUS server.
The test aaa group command is used to verify an Authentication, Authorization, and Accounting (AAA) server configuration. RADIUS is a protocol that is used with AAA operations. RADIUS uses User Datagram Protocol (UDP) for packet delivery and is less secure and less flexible than TACACS+. RADIUS encrypts only the password of a packet? the rest of the packet would be viewable if the packet were intercepted by a malicious user. With RADIUS, the authentication and authorization functions of AAA are combined into a single function, which limits the flexibility that administrators have when configuring these functions. Furthermore, RADIUS does not provide router command authorization capabilities.
The test aaa group command can generate either a “User rejected” message or a “User successfully authenticated” message if the RADIUS server is alive. In order to generate either of those messages, the test aaa command must be able to connect to the RADIUS server.
[TABS_R id=8782]