RADIUS Authentication, Authorization, and Accounting > Viewing RADIUS statistics

  

 next

Viewing RADIUS statistics

General RADIUS statistics

Syntax:

show radius [host <ip-addr>]

Shows general RADIUS configuration, including the server IP addresses. Optional form shows data for a specific RADIUS host. To use show radius, the server's IP address must be configured in the switch, which. requires prior use of the radius-server host command. See Accounting services for more information.

General RADIUS information from show radius command

HP Switch# show radius

 Status and Counters - General RADIUS Information

  Deadtime(min) : 5
  Timeout(secs) : 10
  Retransmit Attempts : 2
  Global Encryption Key : myg10balkey
  Dynamic Authorization UDP Port : 3799
  Source IP Selection : Outgoing Interface

                  Auth Acct DM/ Time
  Server IP Addr  Port Port CoA Window Encryption Key  OOBM
  --------------- ---- ---- --- ------ --------------  ----
  192.33.12.65    1812 1813 No  300    my65key         No

RADIUS server information from the show radius host command

HP Switch(config)# show radius host 192.33.12.65

 Status and Counters - RADIUS Server Information

  Server IP Addr : 192.33.12.65
  Authentication UDP Port : 1812    Accounting UDP Port  : 1813
  Round Trip Time         : 2       Round Trip Time      : 7
  Pending Requests        : 0       Pending Requests     : 0
  Retransmissions         : 0       Retransmissions      : 0
  Timeouts                : 0       Timeouts             : 0
  Malformed Responses     : 0       Malformed Responses  : 0
  Bad Authenticators      : 0       Bad Authenticators   : 0
  Unknown Types           : 0       Unknown Types        : 0
  Packets Dropped         : 0       Packets Dropped      : 0
  Access Requests         : 2       Accounting Requests  : 2
  Access Challenges       : 0       Accounting Responses : 2
  Access Accepts          : 0
  Access Rejects          : 0

Values for show radius host output

Term Definition
Round Trip Time The time interval between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server.
Pending Requests The number of RADIUS Accounting-Request packets sent to this server that have not yet timed out or received a response. This variable is incremented when an accounting-Request is sent and decremented due to receipt of an Accounting-Response, a timeout or a retransmission.
Retransmissions The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server. Retransmissions include retries where the Identifier and Acct-Delay have been updated, as well as those in which they remain the same.
Timeouts The number of accounting timeouts to this server. After a timeout the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout. A send to a different server is counted as an Accounting-Request as well as a timeout.
Malformed Responses The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
Bad Authenticators The number of RADIUS Accounting-Response packets which contained invalid authenticators received from this server.
Unknown Types The number of RADIUS packets of unknown type which were received from this server on the accounting port.
Packets Dropped The number of RADIUS packets which were received from this server on the accounting port and dropped for some other reason.
Access Requests The number of RADIUS Access-Requests the switch has sent since it was last rebooted. (Does not include retransmissions.)
Accounting Requests The number of RADIUS Accounting-Request packets sent. This does not include retransmissions.
Access Challenges The number of RADIUS Access-Challenge packets (valid or invalid) received from this server.
Access Accepts The number of RADIUS Access-Accept packets (valid or invalid) received from this server.
Access Rejects The number of RADIUS Access-Reject packets (valid or invalid) received from this server.
Responses The number of RADIUS packets received on the accounting port from this server.

RADIUS authentication statistics

Syntax:

show authentication

Displays the primary and secondary authentication methods configured for the Console, Telnet, Port-Access (802.1X), and SSH methods of accessing the switch. Also displays the number of access attempts currently allowed in a session.

show radius authentication

Displays NAS identifier and data on the configured RADIUS server and the switch interactions with this server. Requires prior use of the radius-server host command to configure a RADIUS server IP address in the switch, see Accounting services.

Login attempt and primary/secondary authentication information from the show authentication command

HP Switch(config)# show authentication

 Status and Counters - Authentication Information

  Login Attempts : 3
  Respect Privilege : Disabled

              | Login      Login        Login
  Access Task | Primary    Server Group Secondary
  ----------- + ---------- ------------ ----------
  Console     | Local                   None
  Telnet      | Radius                  None
  Port-Access | Local                   None
  Webui       | Local                   None
  SSH         | Radius                  None
  Web-Auth    | ChapRadius  radius      None
  MAC-Auth    | ChapRadius  radius      None

              | Enable     Enable       Enable
  Access Task | Primary    Server Group Secondary
  ----------- + ---------- ------------ ----------
  Console     | Local                   None
  Telnet      | Radius                  None
  Webui       | Local                   None
  SSH         | Radius                  None

RADIUS authentication information from a specific server

HP Switch(config)# show radius authentication

 Status and Counters - RADIUS Authentication Information

  NAS Identifier : Networking
  Invalid Server Addresses : 0

                 UDP
  Server IP Addr Port Timeouts  Requests  Challenges Accepts  Rejects
  -------------- ---- --------- --------- ---------- -------- -------
  192.33.12.65   1812 0         2         0          2        0

RADIUS accounting statistics

Syntax:

show accounting

Lists configured accounting interval, "Empty User" suppression status, session ID, accounting types, methods, and modes.

show radius accounting

Lists accounting statistics for the RADIUS server(s) configured in the switch (using the radius-server host command).

show accounting sessions

Lists the accounting sessions currently active on the switch.

Listing the accounting configuration in the switch

HP Switch(config)# show accounting

 Status and Counters - Accounting Information

  Interval(min) : 5
  Suppress Empty User : No
  Sessions Identification : Common
  
  Type     | Method Mode           Server Group
  -------- + ------ -------------- ------------
  Network  | None
  Exec     | Radius Start-Stop
  System   | Radius Stop-Only
  Commands | Radius Interim-Update

RADIUS accounting information for a specific server

HP Switch(config)# show radius accounting

 Status and Counters - RADIUS Accounting Information

  NAS Identifier : Networking
  Invalid Server Addresses : 0

                  UDP
  Server IP Addr  Port  Timeouts   Requests   Responses
  --------------- ----- ---------- ---------- ----------
  192.33.12.65    1813  0          1          1

Listing of active RADIUS accounting sessions on the switch

HP Switch(config)# show accounting sessions

Active Accounted actions on SWITCH, User (n/a) Priv (n/a),
  Acct-Session-Id 0x013E00000006, System Accounting record,
  1:45:34 Elapsed
  system event 'Accounting On

prev

 

up

 next

Accounting services 

home

 Changing RADIUS-server access order

Copyright © 2015 Hewlett-Packard Development Company, L.P.