TACTest is a free utility that is used for testing TACACS+ servers. It will print out request and response information, and can be used for performance testing. This tool is very helpful when testing, debugging, and qualifying TACACS+ servers. TACTest can be scripted and can log results to a text file.
TACTest is an independent utility that can be run in standalone mode without requiring TACACS.net or any other TACACS+ server to be running on the same computer. It can be used to test any server that runs the TACACS+ protocol. TACTest is included with the server installation wizard and is installed by default with the TACACS.net TACACS+ server. TACTest can be installed without the TACACS.net TACACS+ Server if this option is chosen when running the installation wizard.
TACTest is free software. It can be downloaded and used without requiring registration.
IMPORTANT NOTE: In order for TACTest to work, the system running the utility must be added to the TACACS+ server's authorized clients list. In TACACS.net, localhost (127.0.0.1) and RFC 1918 IP Addresses are added by default to the clients configuration.
After the software has been downloaded and installed, it is run from the command line. The Command Prompt can be found in the Start Menu under Accessories. After you have launched the Command Prompt, you will see the prompt C:\> on most computers. This is where you enter your commands.
Type tactest without any options to see general information.
C:\>tactest TACTest 1.0.4143.32116 (C) TACACS.net Type tactest -? for help.
Type tactest -? to see options and examples.
C:\>tactest -? TACTest 1.0.4143.32116 (C) TACACS.net A tool for testing TACACS+ server responses. This host must be in the server's authorized client list to work.
Usage: tactest [options]
|-s||ServerIP IP (If this is not provided then 127.0.0.1 is used)|
|-port||ServerIP Port (If this is not provided then port 49 is used)|
|-k||Shared Key (If this is not provided then no encryption is used)|
|-np||New Password (used only for change password commands)
|-type||Authentication type. Can be ASCII or PAP, CHAP Default is ASCII|
|-en||This sends an enable command to the server|
|-c||Send this many requests. Default is 1|
|-m||Send repeatedly for this many seconds.|
|-t||Send this many requests per second.|
|-w||Wait time between retries in seconds.|
|-f||Input file to be used.|
|-service||This is used to request authorization AV pairs from server|
|-command||This is used to request authorization of a command from server|
|-authen||This is used to send authentication commands to the server. This is the default command.|
|-acct||The type of accounting command to send. Valid values are start, stop & watchdog|
|-author||This is used to send authorization commands to server or to request|
Authentication Examples: tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -c 20 tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -t 20 tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5 tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5 -t 20
Accounting Examples: tactest -s 127.0.0.1 -k mykey -u myuser -acct start bytes_in=100 bytes_out=200 tactest -s 127.0.0.1 -k mykey -u myuser -acct stop bytes_in=400 bytes_out=300 tactest -s 127.0.0.1 -k mykey -u myuser -m 5 -acct stop bytes_in=400 bytes_out=300
Authorization Examples: tactest -s 127.0.0.1 -k mykey -u myuser -author -service shell tactest -s 127.0.0.1 -k mykey -u myuser -author -command configure terminal tactest -s 127.0.0.1 -k mykey -u myuser -author -c 20 -command configure terminal