Table Of Contents
Supported Standards, MIBs, and RFCs
Associating a User Profile with a test aaa group Command
Verifying Enhanced Test Command
User Profile Associated With a test aaa group command Example
Enhanced Test Command
Feature History
Release Modification12.2(4)T
This feature was introduced.
12.2(27)SBA
This feature was integrated into Cisco IOS Release 12.2(27)SBA.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
This feature module describes the Enhanced Test Command feature in Cisco IOS Release 12.2(4)T. It includes the following sections:
•Supported Standards, MIBs, and RFCs
Feature Overview
The Enhanced Test Command feature introduces two new commands—aaa user profile and aaa attribute—that allow you to create a named user profile with calling line identification (CLID) or dialed number identification service (DNIS) attribute values, which can be associated with a test aaa group command.
Use the aaa attribute command to add CLID or DNIS attribute values to a user profile, which is created by using the aaa user profile command. The CLID or DNIS attribute values can be associated with the record that is going out with the user profile (via the test aaa group command), thereby providing the RADIUS server with access to CLID or DNIS attribute information for all incoming calls.
Benefits
The Enhanced Test Command feature allows you to add a named user profile with CLID or DNIS attribute values and associate the user profile with the test aaa group command. Thus, the attribute values that are added to the user profile go to the RADIUS server, and the RADIUS server can access CLID or DNIS information when it receives a RADIUS record.
Restrictions
The test aaa group command does not work with TACACS+.
Related Documents
•Cisco IOS Security Configuration Guide, Release 12.2
•Cisco IOS Security Command Reference, Release 12.2
Supported Platforms
•Cisco 7100 series
•Cisco 7200 series
Platform Support Through Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. As of May 2001, Feature Navigator supports M, T, E, S, and ST releases. You can access Feature Navigator at the following URL:
http://www.cisco.com/go/fn
Supported Standards, MIBs, and RFCs
Standards
None
MIBs
None
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
None
Configuration Tasks
See the following sections for configuration tasks for the Enhanced Test Command feature. Each task in the list is identified as either required or optional.
•Configuring a User Profile (required)
•Associating a User Profile with a test aaa group Command (required)
•Verifying Enhanced Test Command (optional)
Configuring a User Profile
To create a named user profile and add CLID or DNIS attribute values, use the following commands beginning in global configuration mode:
Associating a User Profile with a test aaa group Command
To associate a user profile with a test aaa group command, use the following command in privilege EXEC mode:
Verifying Enhanced Test Command
To verify the enhanced test command configurations, use the following privilege EXEC commands:
Configuration Examples
This section provides the following configuration example:
•User Profile Associated With a test aaa group command Example
User Profile Associated With a test aaa group command Example
The following example shows how to configure the dnis = dnisvalue user profile "prfl1" and associate it with a test aaa group command. In this example, the debug radius command has been enabled and the output follows the configuration.
aaa user profile prfl1aaa attribute dnisaaa attribute dnis dnisvalueno aaa attribute clid! Attribute not found.aaa attribute clid clidvalueno aaa attribute clidexit!! Associate the dnis user profile with the test aaa group command.test aaa group radius user1 pass new-code profile profl1!!!! debug radius output, which shows that the dnis value has been passed to the radius ! server.*Dec 31 16:35:48: RADIUS: Sending packet for Unique id = 0*Dec 31 16:35:48: RADIUS: Initial Transmit unknown id 8 171.69.71.21:1645, Access-Request, len 68*Dec 31 16:35:48: RADIUS: code=Access-Request id=08 len=0068authenticator=1E CA 13 F2 E2 81 57 4C - 02 EA AF 9D 30 D9 97 90T=User-Password[2] L=12 V=*T=User-Name[1] L=07 V="kalki"T=Called-Station-Id[30] L=0B V="dnisvalue"
T=Service-Type[6] L=06 V=Login [1]T=NAS-IP-Address[4] L=06 V=10.0.1.81*Dec 31 16:35:48: RADIUS: Received from id 8 171.69.71.21:1645, Access-Accept, len 38*Dec 31 16:35:48: RADIUS: code=Access-Accept id=08 len=0038Command Reference
This section documents new commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
aaa attribute
To add calling line identification (CLID) and dialed number identification service (DNIS) attribute values to a user profile, use the aaa attribute command in AAA-user configuration mode. To remove this command from your configuration, use the no form of this command.
aaa attribute {clid | dnis} attribute-value
no aaa attribute {clid | dnis} attribute-value
Syntax Description
clid
Adds CLID attribute values to the user profile.
dnis
Adds DNIS attribute values to the user profile.
attribute-value
Specifies a name for CLID or DNIS attribute values.
Defaults
If this command is not enabled, you will have an empty user profile.
Command Modes
AAA-user configuration
Command History
Release Modification12.2(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
Use the aaa attribute command to add CLID or DNIS attribute values to a named user profile, which is created by using the aaa user profile command. The CLID or DNIS attribute values can be associated with the record that is going out with the user profile (via the test aaa group command), thereby providing the RADIUS server with access to CLID or DNIS information when the server receives a RADIUS record.
Examples
The following example shows how to add CLID and DNIS attribute values to the user profile "cat":
aaa user profile cataaa attribute clid clidvalaaa attribute dnis dnisvalRelated Commands
Command Descriptionaaa user profile
Creates a AAA user profile.
test aaa group
Associates a DNIS or CLID user profile with the record that is sent to the RADIUS server.
aaa user profile
To create an authentication, authorization, and accounting (AAA) named user profile, use the aaa user profile command in global configuration mode. To remove a user profile from the configuration, use the no form of this command.
aaa user profile profile-name
no aaa user profile profile-name
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Release Modification12.2(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
Use the aaa user profile command to create a AAA user profile. Used in conjunction with the aaa attribute command, which adds calling line identification (CLID) and dialed number identification service (DNIS) attribute values, the user profile can be associated with the record that is sent to the RADIUS server (via the test aaa group command), which provides the RADIUS server with access to CLID or DNIS attribute information when the server receives a RADIUS record.
Examples
The following example shows how to configure a dnis = dnisvalue user profile named "prfl1":
aaa user profile prfl1aaa attribute dnisaaa attribute dnis dnisvalueno aaa attribute clid! Attribute not found.aaa attribute clid clidvalueno aaa attribute clidRelated Commands
Command Descriptionaaa attribute
Adds DNIS or CLID attribute values to a user profile.
test aaa group
Associates a DNIS or CLID user profile with the record that is sent to the RADIUS server.
test aaa group
To associate a dialed number identification service (DNIS) or calling line identification (CLID) user profile with the record that is sent to the RADIUS server, use the test aaa group command in privileged EXEC mode.
test aaa group {group-name | radius} username password new-code [profile profile-name]
Syntax Description
Defaults
If this command is not enabled, DNIS or CLID attribute values will not be sent to the RADIUS server.
Command Modes
Privileged EXEC
Command History
Release Modification12.2(4)T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
Usage Guidelines
Use the test aaa group command to associate a DNIS or CLID named user profile with the record that is sent to the RADIUS server, which can then access DNIS or CLID information when the server receives a RADIUS record.
Note The test aaa group command does not work with TACACS+.
Examples
The following example shows how to configure a dnis = dnisvalue user profile named "prfl1" and associate it with a test aaa group command:
aaa user profile prfl1aaa attribute dnisaaa attribute dnis dnisvalueno aaa attribute clid! Attribute not found.aaa attribute clid clidvalueno aaa attribute clidexit!! Associate the dnis user profile with the test aaa group command.test aaa group radius user1 pass new-code profile prfl1Related Commands
Command Descriptionaaa attribute
Adds DNIS or CLID attribute values to a user profile.
aaa user profile
Creates an AAA user profile.
Glossary
attribute—RADIUS Internet Engineering Task Force (IETF) attributes are the original set of 255 standard attributes that are used to communicate AAA information between a client and a server. Because IETF attributes are standard, the attribute data is predefined and well known; thus all clients and servers who exchange AAA information via IETF attributes must agree on attribute data such as the exact meaning of the attributes and the general bounds of the values for each attribute.
CLID—calling line identification. Also called caller ID. CLID provides the number from which a call originates.
DNIS—dialed number identification service. DNIS provides the number that is dialed.
Copyright © 2001-2005 Cisco Systems, Inc. All rights reserved.