Which of the following statements about the test aaa group command is not true? (Select the best answer.)
A.
It does not work with a RADIUS server configuration.
B.
It can be used to verify a AAA server configuration.
C.
It can generate a “User rejected” message if the server is alive.
D.
It associates a DNIS or CLID named user profile with a record sent to the server.
Explanation:
The Cisco test aaa group command does work with a Remote Authentication DialIn User Service (RADIUS)
configuration. The syntax of the test aaa group command is test aaa group {groupname | radius} username
password newcode [profile profilename], where groupname is a subset of RADIUS servers, username is the
name for the test user, and password is the test user’s password.
The test aaa group command can associate a Dialed Number Identification Service (DNIS) or Caller Line
Identification (CLID) named user profile with a record sent to the server. The newcode keyword configures the
command to support a CLID or DNIS user profile association with the RADIUS server. The profile profilename
keyword associates the user profile specified by profilename with the RADIUS server.
The test aaa group command is used to verify an Authentication, Authorization, and Accounting (AAA) server
configuration. RADIUS is a protocol that is used with AAA operations. RADIUS uses User Datagram Protocol
(UDP) for packet delivery and is less secure and less flexible than TACACS+. RADIUS encrypts only the
password of a packet? the rest of the packet would be viewable if the packet were intercepted by a malicious
user. With RADIUS, the authentication and authorization functions of AAA are combined into a single function,
which limits the flexibility that administrators have when configuring these functions. Furthermore, RADIUS
does not provide router command authorization capabilities.
The test aaa group command can generate either a “User rejected” message or a “User successfully
authenticated” message if the RADIUS server is alive. In order to generate either of those messages, the test
aaa command must be able to connect to the RADIUS server.Cisco: Demystifying RADIUS Server Configurations