There is a handy test commands once you've configured radius/tacacs and you're wondering if the authentication is working as expected. I've tested it on 3750 and 2800 with the specified versions of IOS below. According to cisco it should work from 12.2(28)SB.
SW#sh ver
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
SW#test aaa group radius server 1.2.3.4 auth-port 1645 user correctpass new-code
User successfully authenticated
SW#test aaa group radius server 1.2.3.4 auth-port 1645 user wrongpass new-code
User rejected
and on my 2800 router:
(C2800NM-ENTBASEK9-M), Version 12.4(13d), RELEASE SOFTWARE (fc2)
R1#test aaa group radius user correctpass new-code
Trying to authenticate with Servergroup radius
User successfully authenticated
R1#test aaa group radius user wrongpass new-code
Trying to authenticate with Servergroup radius
Note that on 2800 if the authentication is not successful you dont get any output for it. Could be a bug solved in later versions, or might be working as designed ;-)
