Examples
The following is sample output from the
show
aaa
servers
private command. Only the first four lines of the display pertain to the status of private RADIUS servers, and the output fields in this part of the display are described in the table below.
Router# show aaa servers private
RADIUS: id 24, priority 1, host 172.31.164.120, auth-port 1645, acct-port 1646
State: current UP, duration 375742s, previous duration 0s
Dead: total time 0s, count 0
Quarantined: No
Authen: request 5, timeouts 1, failover 0, retransmission 1
Response: accept 4, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 14ms
Transaction: success 4, failure 0
Throttled: transaction 0, timeout 0, failure 0
Author: request 0, timeouts 0, failover 0, retransmission 0
Response: accept 0, reject 0, challenge 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Throttled: transaction 0, timeout 0, failure 0
Account: request 5, timeouts 0, failover 0, retransmission 0
Request: start 3, interim 0, stop 2
Response: start 3, interim 0, stop 2
Response: unexpected 0, server error 0, incorrect 0, time 12ms
Transaction: success 5, failure 0
Throttled: transaction 0, timeout 0, failure 0
Elapsed time since counters last cleared: 4d8h22m
Estimated Outstanding Access Transactions: 0
Estimated Outstanding Accounting Transactions: 0
Estimated Throttled Access Transactions: 0
Estimated Throttled Accounting Transactions: 0
Maximum Throttled Transactions: access 0, accounting 0
Requests per minute past 24 hours:
high - 8 hours, 22 minutes ago: 0
low - 8 hours, 22 minutes ago: 0
average: 0
The table below describes the significant fields in the display.
Table 1 show aaa servers Field Descriptions
Field
|
Description
|
id
|
A unique identifier for all AAA servers defined on the router.
|
priority
|
Order of use for servers within a group.
|
host
|
IP address of the private RADIUS server host.
|
auth-port
|
UDP destination port on the AAA server that is used for authentication and authorization requests. The default value is 1645.
|
acct-port
|
UDP destination port on the AAA server that is used for accounting requests. The default value is 1646.
|
State
|
Describes the current state of the AAA server; the duration, in seconds, that the server has been in that state; and the duration, in seconds, that the server was in the previous state.
The following states are possible:
DEAD--Indicates that the server is currently down and, in the case of failovers, this server will be omitted unless it is the last server in the group.
duration--Indicates the amount of time the server is assumed to be in the current state, either UP or DEAD.
previous duration--Indicates the amount of time the server was considered to be in the previous state.
UP--Indicates that the server is currently considered alive and attempts will be made to communicate with it.
|
Dead
|
Indicates the number of times that this server has been marked dead, and the cumulative amount of time, in seconds, that it spent in that state.
|
Authen
|
Provides information about authentication packets that were sent to and received from the server, and authentication transactions that were successful or that failed. The following information may be reported in this field:
|
Author
|
The fields in this category are similar to those in the Authen: fields. An important difference, however, is that because authorization information is carried in authentication packets for the RADIUS protocol, these fields are not incremented when using RADIUS.
|
Account
|
The fields in this category are similar to those in the Authen: fields, but provide accounting transaction and packet statistics.
|
Elapsed time since counters last cleared
|
Displays the time in days, hours, and minutes that have passed since the counters were last cleared.
|
Note |
In case of Intelligent Services Gateway (ISG), the estimated outstanding accounting transactions will take some time to become zero. This is because there is a constant churn in the interim accounting requests.
|
The fields in the output of the
show
aaa
serverscommand are mapped to Simple Network Management Protocol (SNMP) objects in the Cisco AAA-SERVER-MIB and are used in SNMP reporting. The first line of the sample output of the
show
aaa
serverscommand (RADIUS: id 24, priority 1, host 172.31.164.120, auth-port 1645, acct-port 1646) is mapped to the Cisco AAA-SERVER-MIB as follows:
id maps to casIndex
priority maps to casPriority
host maps to casAddress
auth-port maps to casAuthenPort
acct-port maps to casAcctPort
Mapping the following set of objects listed in the Cisco AAA-SERVER-MIB map to fields displayed by the
show
aaa
servers command is more straightforward. For example, the casAuthenRequests field corresponds to the Authen: request portion of the report, casAuthenRequestTimeouts corresponds to the Authen: timeouts portion of the report, and so on.
casAuthenRequests
casAuthenRequestTimeouts
casAuthenUnexpectedResponses
casAuthenServerErrorResponses
casAuthenIncorrectResponses
casAuthenResponseTime
casAuthenTransactionSuccesses
casAuthenTransactionFailures
casAuthorRequests
casAuthorRequestTimeouts
casAuthorUnexpectedResponses
casAuthorServerErrorResponses
casAuthorIncorrectResponses
casAuthorResponseTime
casAuthorTransactionSuccesses
casAuthorTransactionFailures
casAcctRequests
casAcctRequestTimeouts
casAcctUnexpectedResponses
casAcctServerErrorResponses
casAcctIncorrectResponses
casAcctResponseTime
casAcctTransactionSuccesses
casAcctTransactionFailures
casState
casCurrentStateDuration
casPreviousStateDuration
casTotalDeadTime
casDeadCount
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs.