Cisco IOS Software Releases 12.2 T

Table Of Contents

Enhanced Test Command

Contents

Feature Overview

Benefits

Restrictions

Configuration Tasks

Configuring a User Profile

Associating a User Profile with a test aaa group Command

Verifying Enhanced Test Command

Configuration Examples

User Profile Associated With a test aaa group command Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

aaa attribute

aaa user profile

test aaa group

Glossary

Enhanced Test Command

---

First Published: 12.2(4)T

Last Updated: 28, February, 2006

The Enhanced Test Command allows you to create named user profile with calling line ID (CLID) or dialed number identification service (DNIS) attribute values. The CLID or DNIS attribute values can be associated with the record that is going out with the user profile thereby providing the RADIUS server with access to CLID or DNIS attribute information for all incoming calls.

History for the Enhanced Test Command Feature

Release	Modification
12.2(4)T	This feature was introduced.
12.2(28)SB	This feature was integrated into Cisco IOS Release 12.2(28)SB.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

•Feature Overview

•Configuration Tasks

•Configuration Examples

•Additional References

•Command Reference

•Glossary

Feature Overview

The Enhanced Test Command feature introduces two new commands—aaa user profile and aaa attribute—that allow you to create a named user profile with calling line ID (CLID) or dialed number identification service (DNIS) attribute values, which can be associated with a test aaa group command.

Use the aaa attribute command to add CLID or DNIS attribute values to a user profile, which is created by using the aaa user profile command. The CLID or DNIS attribute values can be associated with the record that is going out with the user profile (via the test aaa group command), thereby providing the RADIUS server with access to CLID or DNIS attribute information for all incoming calls.

Benefits

The Enhanced Test Command feature allows you to add a named user profile with CLID or DNIS attribute values and associate the user profile with the test aaa group command. Thus, the attribute values that are added to the user profile go to the RADIUS server, and the RADIUS server can access CLID or DNIS information when it receives a RADIUS record.

Restrictions

The test aaa group command does not work with TACACS+.

Configuration Tasks

See the following sections for configuration tasks for the Enhanced Test Command feature. Each task in the list is identified as either required or optional.

•Configuring a User Profile (required)

•Associating a User Profile with a test aaa group Command (required)

•Verifying Enhanced Test Command (optional)

Configuring a User Profile

To create a named user profile and add CLID or DNIS attribute values, use the following commands beginning in global configuration mode:

	Command	Purpose
Step 1	Router(config)# aaa user profile profile-name	Creates a user profile.
Step 2	Router(config-aaa-user)# aaa attribute {dnis | clid} attribute-value	Adds DNIS or CLID attribute values to the user profile and enters AAA-user configuration mode.

Associating a User Profile with a test aaa group Command

To associate a user profile with a test aaa group command, use the following command in privileged EXEC mode:

Command	Purpose
Router# test aaa group {group-name | radius} username password new-code [profile profile-name]	Associates a DNIS or CLID named user profile with the record that is sent to the RADIUS server. Note The profile-name must match the profile-name specified in the aaa user profile command.

Verifying Enhanced Test Command

To verify the enhanced test command configurations, use the following privileged EXEC mode:

Command	Purpose
Router# debug radius	Displays information associated with RADIUS.
Router# more system:running-config	Displays the contents of the current running configuration file. (Note that the more system:running-config command has replaced the show running-config command.)

Configuration Examples

This section provides the following configuration example:

•User Profile Associated With a test aaa group command Example

User Profile Associated With a test aaa group command Example

The following example shows how to configure the dnis = dnisvalue user profile "prfl1" and associate it with a test aaa group command. In this example, the debug radius command has been enabled and the output follows the configuration.

aaa user profile prfl1

  aaa attribute dnis

  aaa attribute dnis dnisvalue

  no aaa attribute clid

! Attribute not found.

  aaa attribute clid clidvalue

  no aaa attribute clid 

  exit

!

! Associate the dnis user profile with the test aaa group command.

test aaa group radius user1 pass new-code profile profl1

!

!

!

! debug radius output, which shows that the dnis value has been passed to the radius 
! server.

*Dec 31 16:35:48: RADIUS: Sending packet for Unique id = 0

 *Dec 31 16:35:48: RADIUS: Initial Transmit unknown id 8 172.22.71.21:1645, 
Access-Request, len 68

 *Dec 31 16:35:48: RADIUS: code=Access-Request id=08 len=0068

         authenticator=1E CA 13 F2 E2 81 57 4C - 02 EA AF 9D 30 D9 97 90

         T=User-Password[2]                 L=12 V=*

         T=User-Name[1]                     L=07 V="kalki"

         T=Called-Station-Id[30]            L=0B V="dnisvalue"

         T=Service-Type[6]                  L=06 V=Login                     [1]

         T=NAS-IP-Address[4]                L=06 V=10.0.1.81                 

 *Dec 31 16:35:48: RADIUS: Received from id 8 172.22.71.21:1645, Access-Accept, len 38

 *Dec 31 16:35:48: RADIUS: code=Access-Accept id=08 len=0038

Additional References

The following sections provide references related to Enhanced Test Command.

Related Documents

Related Topic	Document Title
Security Configuration Tasks	Cisco IOS Security Configuration Guide, Release 12.4
Security Commands	Cisco IOS Security Command Reference, Release 12.4

Standards

Standard	Title
None	—

MIBs

MIB	MIBs Link
None	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFC	Title
None	—

Technical Assistance

Description	Link
The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/techsupport

Command Reference

This section documents new commands only.

•aaa attribute

•aaa user profile

•test aaa group

aaa attribute

To add calling line identification (CLID) and dialed number identification service (DNIS) attribute values to a user profile, use the aaa attribute command in AAA-user configuration mode. To remove this command from your configuration, use the no form of this command.

aaa attribute {clid | dnis} attribute-value

no aaa attribute {clid | dnis} attribute-value

Syntax Description

clid	Adds CLID attribute values to the user profile.
dnis	Adds DNIS attribute values to the user profile.
attribute-value	Specifies a name for CLID or DNIS attribute values.

Command Default

If this command is not enabled, you will have an empty user profile.

Command Modes

AAA-user configuration

Command History

Release	Modification
12.2(4)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Use the aaa attribute command to add CLID or DNIS attribute values to a named user profile, which is created by using the aaa user profile command. The CLID or DNIS attribute values can be associated with the record that is going out with the user profile (via the test aaa group command), thereby providing the RADIUS server with access to CLID or DNIS information when the server receives a RADIUS record.

Examples

The following example shows how to add CLID and DNIS attribute values to the user profile "cat":

aaa user profile cat

 aaa attribute clid clidval

 aaa attribute dnis dnisval

Related Commands

Command	Description
aaa user profile	Creates a AAA user profile.
test aaa group	Associates a DNIS or CLID user profile with the record that is sent to the RADIUS server.

aaa user profile

To create an authentication, authorization, and accounting (AAA) named user profile, use the aaa user profile command in global configuration mode. To remove a user profile from the configuration, use the no form of this command.

aaa user profile profile-name

no aaa user profile profile-name

Syntax Description

profile-name

Character string used to name the user profile.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release	Modification
12.2(4)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Use the aaa user profile command to create a AAA user profile. Used in conjunction with the aaa attribute command, which adds calling line identification (CLID) and dialed number identification service (DNIS) attribute values, the user profile can be associated with the record that is sent to the RADIUS server (via the test aaa group command), which provides the RADIUS server with access to CLID or DNIS attribute information when the server receives a RADIUS record.

Examples

The following example shows how to configure a dnis = dnisvalue user profile named "prfl1":

aaa user profile prfl1

 aaa attribute dnis

 aaa attribute dnis dnisvalue

 no aaa attribute clid

! Attribute not found.

 aaa attribute clid clidvalue

 no aaa attribute clid 

Related Commands

Command	Description
aaa attribute	Adds DNIS or CLID attribute values to a user profile.
test aaa group	Associates a DNIS or CLID user profile with the record that is sent to the RADIUS server.

test aaa group

To associate a dialed number identification service (DNIS) or calling line identification (CLID) user profile with the record that is sent to the RADIUS server, use the test aaa group command in privileged EXEC mode.

test aaa group {group-name | radius} username password new-code [profile profile-name]

Syntax Description

group-name	Subset of RADIUS servers that are used as defined by the server group group-name.
radius	Uses RADIUS servers for authentication.
username	Specifies a name for the user.
password	Character string that specifies the password.
new-code	The code path through the new code, which supports a CLID or DNIS user profile association with a RADIUS server.
profile profile-name	(Optional) Identifies the user profile specified in the aaa user profile command. To associate a user profile with the RADIUS server, the user profile name must be identified.

Command Default

If this command is not enabled, DNIS or CLID attribute values will not be sent to the RADIUS server.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(4)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Use the test aaa group command to associate a DNIS or CLID named user profile with the record that is sent to the RADIUS server, which can then access DNIS or CLID information when the server receives a RADIUS record.

---

Note The test aaa group command does not work with TACACS+.

---

Examples

The following example shows how to configure a dnis = dnisvalue user profile named "prfl1" and associate it with a test aaa group command:

aaa user profile prfl1

  aaa attribute dnis

  aaa attribute dnis dnisvalue

  no aaa attribute clid

! Attribute not found.

  aaa attribute clid clidvalue

  no aaa attribute clid 

  exit

!

! Associate the dnis user profile with the test aaa group command.

test aaa group radius user1 pass new-code profile prfl1

Related Commands

Command	Description
aaa attribute	Adds DNIS or CLID attribute values to a user profile.
aaa user profile	Creates an AAA user profile.

Glossary

attribute—RADIUS Internet Engineering Task Force (IETF) attributes are the original set of 255 standard attributes that are used to communicate AAA information between a client and a server. Because IETF attributes are standard, the attribute data is predefined and well known; thus all clients and servers who exchange AAA information via IETF attributes must agree on attribute data such as the exact meaning of the attributes and the general bounds of the values for each attribute.

CLID—calling line ID. CLID provides the number from which a call originates.

DNIS—dialed number identification service. DNIS provides the number that is dialed.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2001-2002, 2004-2006 Cisco Systems, Inc. All rights reserved.