Cisco Cisco IOS Software Release 12.4(22)YD Referencia técnica
debug aaa authentication
25
Cisco Mobile Wireless Home Agent Feature for IOS Release 12.4(22)YD3
OL-21463-02
debug aaa authentication
To display information on authentication, authorization, and accounting (AAA) TACACS+
authentication, use the debug aaa authentication command in privileged EXEC mode. To disable
debugging output, use the no form of this command.
authentication, use the debug aaa authentication command in privileged EXEC mode. To disable
debugging output, use the no form of this command.
debug aaa authentication
no debug aaa authentication
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Usage Guidelines
Use this command to learn the methods of authentication being used and the results of these methods.
Examples
The following is sample output from the debug aaa authentication command. A single EXEC login that
uses the “default” method list and the first method, TACACS+, is displayed. The TACACS+ server sends
a GETUSER request to prompt for the username and then a GETPASS request to prompt for the
password, and finally a PASS response to indicate a successful login. The number 50996740 is the
session ID, which is unique for each authentication. Use this ID number to distinguish between different
authentications if several are occurring concurrently.
uses the “default” method list and the first method, TACACS+, is displayed. The TACACS+ server sends
a GETUSER request to prompt for the username and then a GETPASS request to prompt for the
password, and finally a PASS response to indicate a successful login. The number 50996740 is the
session ID, which is unique for each authentication. Use this ID number to distinguish between different
authentications if several are occurring concurrently.
Router# debug aaa authentication
6:50:12: AAA/AUTHEN: create_user user='' ruser='' port='tty19' rem_addr='172.31.60.15'
authen_type=1 service=1 priv=1
6:50:12: AAA/AUTHEN/START (0): port='tty19' list='' action=LOGIN service=LOGIN
6:50:12: AAA/AUTHEN/START (0): using “default” list
6:50:12: AAA/AUTHEN/START (50996740): Method=TACACS+
6:50:12: TAC+ (50996740): received authen response status = GETUSER
6:50:12: AAA/AUTHEN (50996740): status = GETUSER
6:50:15: AAA/AUTHEN/CONT (50996740): continue_login
6:50:15: AAA/AUTHEN (50996740): status = GETUSER
6:50:15: AAA/AUTHEN (50996740): Method=TACACS+
6:50:15: TAC+: send AUTHEN/CONT packet
6:50:15: TAC+ (50996740): received authen response status = GETPASS
6:50:15: AAA/AUTHEN (50996740): status = GETPASS
6:50:20: AAA/AUTHEN/CONT (50996740): continue_login
6:50:20: AAA/AUTHEN (50996740): status = GETPASS
6:50:20: AAA/AUTHEN (50996740): Method=TACACS+
6:50:20: TAC+: send AUTHEN/CONT packet
6:50:20: TAC+ (50996740): received authen response status = PASS
6:50:20: AAA/AUTHEN (50996740): status = PASS