TACTest can be used to test or qualify other TACACS+ servers too!

TACTest

TACTest is a free utility that is used for testing TACACS+ servers. It will print out request and response information, and can be used for performance testing. This tool is very helpful when testing, debugging, and qualifying TACACS+ servers. TACTest can be scripted and can log results to a text file.

TACTest is an independent utility that can be run in standalone mode without requiring TACACS.net or any other TACACS+ server to be running on the same computer. It can be used to test any server that runs the TACACS+ protocol. TACTest is included with the server installation wizard and is installed by default with the TACACS.net TACACS+ server. TACTest can be installed without the TACACS.net TACACS+ Server if this option is chosen when running the installation wizard.

TACTest is free software. It can be downloaded and used without requiring registration.

Download TACTest

Using TACTest

IMPORTANT NOTE: In order for TACTest to work, the system running the utility must be added to the TACACS+ server’s authorized clients list. In TACACS.net, localhost (127.0.0.1) and RFC 1918 IP Addresses are added by default to the clients configuration.

After the software has been downloaded and installed, it is run from the command line. The Command Prompt can be found in the Start Menu under Accessories. After you have launched the Command Prompt, you will see the prompt C:\> on most computers. This is where you enter your commands.

Type tactest without any options to see general information.

C:>tactest
TACTest 1.0.4143.32116 (C) TACACS.net
Type tactest -? for help.

Type tactest -? to see options and examples.

C:>tactest -?
TACTest 1.0.4143.32116 (C) TACACS.net
A tool for testing TACACS+ server responses.
This host must be in the server's authorized client list to work.
Usage: tactest [options]

Options:

-?Display help
-sServerIP IP (If this is not provided then 127.0.0.1 is used)
-portServerIP Port (If this is not provided then port 49 is used)
-kShared Key (If this is not provided then no encryption is used)
-uUsername
-pPassword
-npNew Password (used only for change password commands)
-typeAuthentication type. Can be ASCII or PAP, CHAP Default is ASCII
-enThis sends an enable command to the server
-cSend this many requests. Default is 1
-mSend repeatedly for this many seconds.
-tSend this many requests per second.
-rRetries
-wWait time between retries in seconds.
-fInput file to be used.
-serviceThis is used to request authorization AV pairs from server
-commandThis is used to request authorization of a command from server
-authenThis is used to send authentication commands to the server. This is the default command.
-acctThe type of accounting command to send. Valid values are start, stop & watchdog
-authorThis is used to send authorization commands to server or to request authorization AV pairs from the server

 

Input file can be used for commands e.g., tactest -f filename.txt
If input file is used then the 't' option must be specified at command line
e.g, tactest -f filename.txt -t 20

Authentication Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -c 20
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -t 20
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5 -t 20

Accounting Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -acct start bytes_in=100 bytes_out=200
tactest -s 127.0.0.1 -k mykey -u myuser -acct stop bytes_in=400 bytes_out=300
tactest -s 127.0.0.1 -k mykey -u myuser -m 5 -acct stop bytes_in=400 bytes_out=300

Authorization Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -author -service shell
tactest -s 127.0.0.1 -k mykey -u myuser -author -command configure terminal
tactest -s 127.0.0.1 -k mykey -u myuser -author -c 20 -command configure terminal