Using the radclient Command

Table 6-1: radclient Arguments

Argument Definition

-C

Specifies the name of the cluster to log into by default.

-N

Specifies the name of the administrator.

-P

Specifies the password.

-i

Forces interactive mode.

-n

Does not automatically load radclient.tcl.

-p <path>

Specifies the path used for radclient.tcl.

-S <file>

Specifies the source for the file to load after radclient.tcl.

-v

Prints the version information and then exits.

Argument	Definition
-C	Specifies the name of the cluster to log into by default.
-N	Specifies the name of the administrator.
-P	Specifies the password.
-i	Forces interactive mode.
-n	Does not automatically load radclient.tcl.
-p <path>	Specifies the path used for radclient.tcl.
-S <file>	Specifies the source for the file to load after radclient.tcl.
-v	Prints the version information and then exits.

Working with Packets

Using the radclient command, you can create packets (default or specific packets), view packets, send packets, read the value of packets, and delete packets.

Creating Packets

To create a basic RADIUS Access-Request packet, use the radclient command simple. This function creates a packet and fills in basic attributes. The syntax of the simple command is:

: simple <user_name> <user_password>

For example, to create an Access-Request packet for user bob whose password is bigDog, type:

: --> simple bob bigDog
p001

The radclient command responds with p001, which is the identifier (name) of the newly created packet.

Creating CHAP Access-Request Packets

To create a CHAP Access-Request packet, use the radclient command simple_chap. The syntax of the simple_chap command is:

: simple_chap <user_name> <user_password> <use_challenge>

<use_challenge> is a boolean that indicates whether to use the CHAP-Challenge attribute.

For example, to create a CHAP packet and use a <use_challenge>, type:

: --> simple_chap bob bigDog 1
p002

Viewing Packets

To view a packet or any other object, type the object identifier at the radclient prompt. For example, to display packet p001, type:

: --> p001
Packet: code=Access-Request,id=0,length=0,\ attributes = User-Name = bob User-Password = bigDog NAS-Identifier = localhost NAS-Port = 0

Sending Packets

To send a packet, specify the packet identifier and use the word send. You can optionally specify the host and port to which to send the packet. The default host is localhost, and the default port is 1645.

When you want to send a packet to a different host and different port, you must specify them on the command line. For example, to send a packet to the RADIUS server amazon, at port number 1812, type:

: --> p001 send amazon 1812
p002

When Cisco Access Registrar receives a response to the packet you sent, it prints the response packet's object identifier before the radclient prompt returns.

Creating Empty Packets

Using radclient, you can create empty packets you can then modify to contain the appropriate fields.

To create an empty packet, the syntax is:

: --> packet <packet-type>

The optional <packet-type> argument can be the numerical RADIUS packet type identifier, such as 2, or the string representation, such as Access-Accept:

: --> packet 2
p00d
: --> p00d
Packet: code = Access-Accept,\ id = 0, length = 0, attributes =

Setting Packet Fields

You can modify the value of a packet field using the syntax:

: <packet-identifier> set <attrib> <value>

<packet-identifier> is the packet number, such as p001. <attrib> is the attribute you want to set. <value> is either a numeric packet-type, the string representation, or the hex string with a colon separating each byte.

For example, to set the identifier field to 99, type:

: --> p001 set identifier 99
99
: --> p001
Packet: code = Access-Request, id = 99, length = 0, attributes = User-Name = bob User-Password = bigDog NAS-Identifier = localhost NAS-Port = 0

Reading Packet Fields

You can read (get) the value of any of the packet fields by using the syntax:

: <packet-identifier> get <attrib>

For example, to get the identifier field, type:

: --> p001 get identifier
99

Deleting Packets

When you are writing long running or iterating scripts, you might want to conserve memory by deleting packets when you are through with them. To delete a packet, type:

: <packet-identifier> delete

For example, to delete all resources referred to by the packet p001, type:

: --> p001 delete

Attributes

Using the radclient command you can create attributes, which are specific RFC-defined components of requests and responses.

Creating Attributes

To create an attribute object, the syntax is:

: <attrib> name <value>

<attrib> is a recognized RADIUS attribute name. <value> is the value of the attribute.

For example, to create the attribute User-Name and set its value to Bob, type:

: --> attrib User-Name bob
a001

Note, a001 is the object identifier for the newly created attribute.

Viewing Attributes

To view an attribute, or any other object, type the object identifier at the radclient prompt. For example, to display attribute a001 created in the example above, type:

: --> a001
User-Name = bob

Getting Attribute Information

You can get the name and value of an attribute in various formats:

get name---gets the name as a string
get value---gets the value as a string
get type---gets the name as an integer
get valueAsInt---gets the value as an integer
get valueAsIPAddress---gets the value as an IP address.

The following examples show how to get an attribute's name, type, value, and value as integer:

: --> a001 get name
User-Name
: --> a001 get type
1
: --> a001 get value
bob
: --> a001 get valueAsInt
a001: the value is not an int

Deleting Attributes

When you are writing long running or iterating scripts, you might want to conserve memory by deleting attributes when you are through with them (be sure not to delete attributes being referred to by other objects, like packets.)

To delete all resources referred to by the attribute a001, type:

: --> a001 delete

Using the radclient Command

The following examples show how to use radclient to create, send, and modify packets.

Example 1

This example creates an Access-Request packet for user jane with password jane, and sends it to the default RADIUS server (localhost).

: --> simple jane jane
p001
: --> p001
Packet: code = Access-Request, id = 0, length = 0, attributes = User-Name = jane User-Password = jane NAS-Identifier = localhost NAS-Port = 0
: --> p001 send
p002
: --> p002
Packet: code = Access-Accept, id = 1,\ length = 38, attributes =
: Login-IP-Host = 204.253.96.3
: Login-Service = Telnet
: Login-TCP-Port = 541

The first command (simple jane jane) creates the packet (the packet object identifier is p001). Next, the example displays the packet before sending it (by typing the packet identifier, p001). Next, the packet is sent (p001 send), and radclient prints the response packet object identifier, p002. Finally, the example shows dumping the contents of the response packet (p002).

Example 2

This example creates a simple Access-Request packet, and adds other attributes to it.

: --> simple jane jane
p003
: --> attrib Service-Type Framed
a00c
: --> a00c
Service-Type = Framed
: --> p003 set attrib a00c
: --> attrib NAS-Port 99
a00d
: --> a00d
NAS-Port = 99
: --> p003 set attrib a00d
: --> p003
Packet: code = Access-Request, id = 0,\ length = 0, attributes =

        User-Name = jane
        User-Password = jane
        NAS-Identifier = localhost
        Service-Type = Framed
        NAS-Port = 99

This example shows creation of the packet p003 using user-id jane and password jane. Then, creation of the Service-Type attribute (with the object identifier a00c). Next, the attribute object is printed by typing just the object identifier. Then, the new attribute is added to the packet. The same steps are followed for the NAS-Port attribute. And finally, the packet contents are printed.

Example 3

This example performs the same tasks as Example 2, however, with less steps.

: --> simple jane jane
p004
: --> p004 set attrib [ attrib Service-Type Framed ]
: --> p004 set attrib [ attrib NAS-Port 99 ]
: --> p004
Packet: code = Access-Request, id = 0,\ length = 0, attributes =
: User-Name = jane
: User-Password = jane
: NAS-Identifier = localhost
: Service-Type = Framed
: NAS-Port = 99

When you do not need references to intermediate objects, you can use the command substitution feature of Tcl, which allows you to use the result of one command as an argument to another command. Square brackets invoke command substitution, and everything inside the brackets is evaluated, and the result is substituted in place of the bracketed command.

Table of Contents

Using the radclient Command