Use the show uauth command to display one or all
currently authenticated users, the host IP to which they are bound, and any
cached IP and port authorization information. In the example in Figure
, aaauser with an
IP address of 192.168.2.10 is authenticated.
To display AAA server
statistics for all configured server groups, or for a particular group, use the
aaa-server command. In the example in Figure
, the top
portion the show aaa-server statistic, displays the server
statistics. The bottom portion displays the server messaging statistics. In the
example in Figure
, the
server group is NY_ACS. It uses TACACS+ protocol, has an IP address of
10.0.1.10, uses server port number 49 for messaging, and is active. There are
two requests, two challenges, and two accept messages.
The administrator
can also view the aaa-server messaging statistics. In the example in Figure
, there was an
authentication request, a challenge, and an accept message. There were no
rejects or re-transmissions.
Troubleshooting Downloaded
ACLs
Once a user is authenticated, the administrator can view the
downloaded ACL using the show access-list command. In the
example in Figure
, the user at
192.168.1.10 attempts to gain access to web server at 192.168.2.10. After an
end user enters their username and password, the PIX Security Appliance
forwards their credentials to the ACS server. If the end user is authenticated,
the ACS server downloads a pre-configured ACL, #ACSACL#-IP-
RADIUSAUTH-3ddb8ab6, to the PIX. The ACL name is the name for the ACL as
defined in the SPC, #ACSACL#-IP- RADIUSAUTH, and the unique version
identification, 3ddb8ab6. In this example, the end user is authorized to access
192.168.2.10 using HTTP.
The show uauth command can
be used to view the authenticated end user, their IP address, and the matching
downloaded ACL.