TACTest can be used to test or qualify other TACACS+ servers too!


TACTest is a free utility that is used for testing TACACS+ servers. It will print out request and response information, and can be used for performance testing. This tool is very helpful when testing, debugging, and qualifying TACACS+ servers. TACTest can be scripted and can log results to a text file.

TACTest is an independent utility that can be run in standalone mode without requiring TACACS.net or any other TACACS+ server to be running on the same computer. It can be used to test any server that runs the TACACS+ protocol. TACTest is included with the server installation wizard and is installed by default with the TACACS.net TACACS+ server. TACTest can be installed without the TACACS.net TACACS+ Server if this option is chosen when running the installation wizard.

TACTest is free software. It can be downloaded and used without requiring registration.

Watch the TACTest demo here.

Download TACTest

Using TACTest

IMPORTANT NOTE: In order for TACTest to work, the system running the utility must be added to the TACACS+ server’s authorized clients list. In TACACS.net, localhost ( and RFC 1918 IP Addresses are added by default to the clients configuration.

After the software has been downloaded and installed, it is run from the command line. The Command Prompt can be found in the Start Menu under Accessories. After you have launched the Command Prompt, you will see the prompt C:> on most computers. This is where you enter your commands.

Type tactest without any options to see general information.

TACTest 1.0.4143.32116 (C) TACACS.net
Type tactest -? for help.

Type tactest -? to see options and examples.

C:>tactest -?
TACTest 1.0.4143.32116 (C) TACACS.net
A tool for testing TACACS+ server responses.
This host must be in the server's authorized client list to work.
Usage: tactest [options]


-? Display help
-s ServerIP IP (If this is not provided then is used)
-port ServerIP Port (If this is not provided then port 49 is used)
-k Shared Key (If this is not provided then no encryption is used)
-u Username
-p Password
-np New Password (used only for change password commands)
-type Authentication type. Can be ASCII or PAP, CHAP Default is ASCII
-en This sends an enable command to the server
-c Send this many requests. Default is 1
-m Send repeatedly for this many seconds.
-t Send this many requests per second.
-r Retries
-w Wait time between retries in seconds.
-f Input file to be used.
-service This is used to request authorization AV pairs from server
-command This is used to request authorization of a command from server
-authen This is used to send authentication commands to the server. This is the default command.
-acct The type of accounting command to send. Valid values are start, stop & watchdog
-author This is used to send authorization commands to server or to request authorization AV pairs from the server



Input file can be used for commands e.g., tactest -f filename.txt
If input file is used then the 't' option must be specified at command line
e.g, tactest -f filename.txt -t 20

Authentication Examples:
tactest -s -k mykey -u myuser -p mypassword
tactest -s -k mykey -u myuser -p mypassword -c 20
tactest -s -k mykey -u myuser -p mypassword -t 20
tactest -s -k mykey -u myuser -p mypassword -m 5
tactest -s -k mykey -u myuser -p mypassword -m 5 -t 20

Accounting Examples:
tactest -s -k mykey -u myuser -acct start bytes_in=100 bytes_out=200
tactest -s -k mykey -u myuser -acct stop bytes_in=400 bytes_out=300
tactest -s -k mykey -u myuser -m 5 -acct stop bytes_in=400 bytes_out=300

Authorization Examples:
tactest -s -k mykey -u myuser -author -service shell
tactest -s -k mykey -u myuser -author -command configure terminal
tactest -s -k mykey -u myuser -author -c 20 -command configure terminal