Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference, Release 5.1.x
BNG AAA Commands
Downloads: This chapterpdf (PDF - 1.58MB) The complete bookPDF (PDF - 4.65MB) | Feedback

BNG AAA Commands

Contents

BNG AAA Commands

This module describes the Cisco IOS XR software commands used to configure the AAA commands for Broadband Network Gateway (BNG) on the Cisco ASR 9000 Series Router. For details regarding the related configurations, refer to the Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide.

accounting aaa list

To configure the subscriber accounting feature, use the accounting aaa list command in the dynamic template configuration mode. To disable this feature, use the no form of this command.

accounting aaa list { method_list_name | default } type session { dual-stack-delay time | periodic-interval time }

no accounting aaa list { method_list_name | default } type session { dual-stack-delay time | periodic-interval time }

Syntax Description

method_list_name

Specifies the preconfigured method list name.

default

Specifies the default method list.

type

Specifies the type of accounting performed.

session

Applies the accounting to a session.

dual-stack-delay

Specifies the dual stack set delay wait in seconds.

time

Specifies the value of the dual stack delay time in seconds. The value ranges from 1-30.

periodic-interval

Specifies the periodic accounting interval in minutes.

time

Specifies the value of the periodic accounting interval in minutes. The value ranges from 1-65535.

Command Default

None

Command Modes

Dynamic template configuration

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the dynamic-template command to enter dynamic template configuration mode.

Task ID

Task ID Operation

config-services

read, write

Examples

This is an example of configuring accounting aaa list command for periodic accounting interval of 456 minutes:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dynamic-template
RP/0/RSP0/CPU0:router(config-dynamic-template)# type service s1
RP/0/RSP0/CPU0:router(config-dynamic-template-type)# accounting aaa list l1 type session periodic-interval 456

Related Commands

Command

Description

dynamic-template

Enables the dynamic template configuration mode.

dynamic-template type ppp

Enables the ppp dynamic template type.

dynamic-template type ipsubscriber

Enables the ipsubscriber dynamic template type.

accounting aaa list type service

To configure the service accounting feature, use the accounting aaa list type service command in the dynamic template configuration mode. To disable this feature, use the no form of this command.

accounting aaa list { method_list_name | default } type service [ periodic-interval time ]

no accounting aaa list { method_list_name | default } type service [ periodic-interval time ]

Syntax Description

method_list_name

Specifies the pre-configured method list name.

default

Specifies the default method list.

type

Specifies the type of accounting performed.

service

Applies the accounting to a service.

periodic-interval

Specifies the periodic accounting interval in minutes.

time

Value of the periodic accounting interval in minutes. The range is from 1 to 65535.

Command Default

None

Command Modes

Dynamic template configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the dynamic-template command to enter dynamic template configuration mode.

Task ID

Task ID Operation

config-services

read, write

Examples

This is an example of configuring service accounting for periodic accounting interval of 600 minutes:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# dynamic-template
RP/0/RSP0/CPU0:router(config-dynamic-template)# type service s1
RP/0/RSP0/CPU0:router(config-dynamic-template-type)# accounting aaa list l1 type service periodic-interval 600

Related Commands

Command

Description

dynamic-template

Enables the dynamic template configuration mode.

dynamic-template type service

Specifies the service template type for a group of subscribers or services.

aaa accounting service

To create an accounting list for service accounting, use the aaa accounting service command in global configuration mode or administration configuration mode. To disable the service authentication method, use the no form of this command.

aaa accounting service { list_name | default } { broadcast group { group_name | radius } | group { group_name | radius } }

no aaa accounting subscriber { list_name | default } { broadcast group { group_name | radius } | group { group_name | radius } }

Syntax Description

default

Uses the listed authentication methods that follow this keyword as the default list of methods for authentication.

list-name

Represents the character string of the list name for AAA authentication.

broadcast

Specifies the broadcast accounting for the service.

group

Specifies the server-group.

group_name

Specifies the server group name.

radius

Specifies the list of all RADIUS hosts.

Command Default

None

Command Modes

Global configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the aaa accounting service command for the grpFR server group:

RP/0/RSP0/CPU0:router(config)# aaa accounting service default group grpFR 

Related Commands

Command

Description

aaa accounting subscriber

Creates an accounting list for subscriber accounting.

aaa accounting subscriber

To create an accounting list for subscriber accounting, use the aaa accounting subscriber command in global configuration mode or administration configuration mode. To disable this accounting list for subscriber accounting, use the no form of this command.

aaa accounting subscriber { list_name | default } { broadcast group { group_name | radius } | group { group_name | radius } }

no aaa accounting subscriber { list_name | default } { broadcast group { group_name | radius } | group { group_name | radius } }

Syntax Description

default

Uses the listed authentication methods that follow this keyword as the default list of methods for authentication.

list-name

Represents the character string for the list name for AAA authentication.

broadcast

Specifies the broadcast accounting for subscriber.

group

Specifies the server-group.

group_name

Specifies the server group name.

radius

Specifies the list of all RADIUS hosts.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the aaa accounting subscriber command for sg1 server group:

RP/0/RSP0/CPU0:router(config)# aaa accounting subscriber sub1 broadcast group radius group sg1 

Related Commands

Command

Description

aaa accounting system rp-failover

Creates an accounting list for system events.

aaa accounting system rp-failover

To create an accounting list to send rp-failover or rp-switchover start or stop accounting messages, use the aaa accounting system rp-failover command in global configuration mode. To disable the system accounting for rp-failover, use the no form of this command.

aaa accounting system rp-failover { list_name { start-stop | stop-only } | default { start-stop | stop-only } }

no aaa accounting system rp-failover { list_name { start-stop | stop-only } | default { start-stop | stop-only } }

Syntax Description

list_name

Specifies the accounting list name.

default

Specifies the default accounting list.

start-stop

Enables the start and stop records.

stop-only

Enables the stop records only.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the aaa accounting system rp-failover command for default accounting list:

RP/0/RSP0/CPU0:router(config)# aaa accounting system rp-failover default start-stop none

Related Commands

Command

Description

aaa attribute format

Create an AAA attribute format name.

aaa attribute format

To create an AAA attribute format name and to enter the configuration ID format sub mode, use the aaa attribute format command in global configuration mode. To disable this AAA attribute format, use the no form of this command.

aaa attribute format format_name [ circuit-id [plus][ mac-address| remote-id ] [ separator separator] | format-string [ length length] { string [ Identity-Attribute]} | mac-address [plus][ circuit-id | remote-id ][ separator separator] | remote-id [plus][ circuit-id | mac-address ][ separator separator] | username-strip { prefix-delimiter | suffix-delimiter } { delimiter} ]

no aaa attribute format format_name

Syntax Description

format_name

Specifies the name of the format.

circuit-id

Specifies the construction of the AAA attribute format name for subscribers based on the circuit-ID.

format-string

Specifies the extended string format of the AAA attribute format name.

string

Specifies the regular ASCII characters that includes conversion specifiers. The value is enclosed in double quotes.

Identity-Attribute

Identifies a session.

For more information about the syntax for the router, use the question mark (?) online help function.

length

Specifies the length of the formatted attribute string.

length

Length of the formatted string, in integer.

The range is from 1 to 253.

mac-address

Specifies the construction of the AAA attribute format name for subscribers based on the mac-address. The MAC address must be in the form of three 4-digit values (12 digits in dotted decimal notation).

remote-id

Specifies the construction of the AAA attribute format name for subscribers based on the remote-ID.

plus

Specifies the use of additional identifiers.

separator

Specifies the separator to be used between keys.

separator

Separator to be used between keys, default is a semicolon.

username-strip

Configures a network access server (NAS) to strip both suffixes and/or prefixes from the username before forwarding the username to the remote RADIUS server.

prefix-delimiter

Enables prefix stripping and specifies the character that will be recognized as a prefix delimiter.

suffix-delimiter

Enables suffix stripping and specifies the character that will be recognized as a suffix delimiter.

Delimiter

Suffix or prefix delimiter.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Release 4.2.1

The support for format-string keyword was added.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the aaa attribute format command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# aaa attribute format form1
RP/0/RSP0/CPU0:router(config-id-format)# format-string "%s%s"
RP/0/RSP0/CPU0:router(config-id-format)# username-strip prefix-delimiter @

Related Commands

Command

Description

aaa accounting subscriber

Creates an accounting list for subscriber accounting.

aaa authentication subscriber

To create a method list for subscriber authentication, use the aaa authentication subscriber command in global configuration mode. To disable this subscriber authentication method, use the no form of this command.

aaa authentication subscriber { list_name | default } group { server_group_name | radius }

no aaa authentication subscriber { list_name | default } group { server_group_name | radius }

Syntax Description

default

Uses the listed authentication methods that follow this keyword as the default list of methods for authentication.

list-name

Represents the character string for the list name for AAA authentication.

group

Specifies the server-group.

radius

Specifies the list of all RADIUS hosts.

server_group_name

Specifies the server group name.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the aaa authentication subscriber command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# aaa authentication subscriber sub1 group sg1 group sg2

Related Commands

Command

Description

aaa authorization subscriber

Creates authorization-related configurations

aaa authorization subscriber

To create authorization-related configurations, use the aaa authorization subscriber command in global configuration mode. To disable this subscriber authorization method, use the no form of this command.

aaa authorization subscriber { list_name | default } group { server_group_name | radius }

no aaa authorization subscriber { list_name | default } group { server_group_name | radius }

Syntax Description

default

Uses the listed authentication methods that follow this keyword as the default list of methods for authentication.

list-name

Represents the character string for the list name for AAA authorization.

group

Specifies the server-group.

radius

Specifies the list of all RADIUS hosts.

server_group_name

Specifies the server group name.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the aaa authorization subscriber command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# aaa authorization subscriber sub1 group sg1 group sg2

Related Commands

Command

Description

aaa authentication subscriber

Creates a method list for subscriber authentication.

aaa group server radius (BNG)

To configure a group server radius, use the aaa group server radius command in global configuration mode. To disable this AAA group server radius, use the no form of this command.

aaa group server radius sever_group_name [ accounting | authorization | deadtime | load-balance | server | server-private | source-interface | throttle | vrf ]

no aaa group server radius sever_group_name [ accounting | authorization | deadtime | load-balance | server | server-private | source-interface | throttle | vrf ]

Syntax Description

server_group_name

Specifies the AAA group server RADIUS name.

accounting

Specifies a RADIUS attribute filter for accounting.

authorization

Specifies a RADIUS attribute filter for authorization.

deadtime

Specifies the time in minutes after which a RADIUS server will be marked up after it has gone dead.

load-balance

Specifies the radius load-balancing options.

server

Specifies the RADIUS server.

server-private

Specifies the RADIUS server.

source-interface

Specifies interface for source address in RADIUS packet.

throttle

Specifies RADIUS throttling options.

vrf

Specifies the VRF to which the server group belongs.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

ip-services

read, write

Examples

This is an example of configuring the aaa group server radius command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)#aaa group server radius SG1
RP/0/RSP0/CPU0:router(config-sg-radius)#server 99.1.1.10 auth-port 1812 acct-port 1813
RP/0/RSP0/CPU0:router(config-sg-radius)#throttle access 10 access-timeout 5 accounting 5

aaa intercept

To enable RADIUS-based Lawful Intercept (LI) feature on a router, use the aaa intercept command in global configuration mode. To disable RADIUS-based Lawful Intercept feature, use the no form of this command.

aaa intercept

no aaa intercept

Syntax Description

This command has no keywords or arguments.

Command Default

RADIUS-based Lawful Intercept feature is not enabled.

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.3.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the aaa intercept command to enable a RADIUS-Based Lawful Intercept solution on your router. Intercept requests are sent (through Access-Accept packets or CoA-Request packets) to the network access server (NAS) or the Layer 2 Tunnel Protocol (L2TP) access concentrator (LAC) from the RADIUS server. All data traffic going to, or from, a PPP or L2TP session is passed to a mediation device.

Task ID

Task ID Operation

aaa

read, write

li

read

Examples

This example shows how to configure aaa intercept command:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# aaa intercept

aaa radius attribute

To configure a format e encode string for particular interface or NAS-Port type and to create an AAA radius attribute format configuration, use the aaa radius attribute command in global configuration mode. To disable this AAA Radius attribute, use the no form of this command.

aaa radius attribute { called-station-id { format format_name | type value } | calling-station-id { format format_name | type value } | nas-port { format e format_name | type value } | nas-port-id { format e format_name | type value } }

no aaa radius attribute { called-station-id { format format_name | type value } | calling-station-id { format format_name | type value } | nas-port { format e format_name | type value } | nas-port-id { format e format_name | type value } }

Syntax Description

called-station-id

Specifies the AAA nas-port attribute.

calling-station-id

Specifies the AAA nas-port attribute.

nas-port

Specifies the AAA nas-port attribute.

nas-port-id

Specifies the AAA nas-port-id attribute.

format

Specifies the AAA nas-port attribute format.

e

Specifies the AAA format type.

format_name

Specifies a 32 character string representing the format to be used.

type

Specifies the AAA nas-port attribute format.

value

Specifies the Nas-Port-Type value to apply format string on. The nas port value ranges from 0-44.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

ip-services

read, write

Examples

This is an example of configuring the aaa radius attribute command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# aaa radius attribute format e red type 40

aaa service-accounting

To set accounting parameters for service, use the aaa service-accounting command in global configuration mode or administration configuration mode. To disable this behavior, use the no form of this command.

aaa service-accounting [ extended | brief ]

no aaa service-accounting [ extended | brief ]

Syntax Description

extended

Sends extended service accounting records.

brief

Sends brief service accounting records.

Command Default

The default setting is extended.

Command Modes

Global configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The extended keyword allows to report all the subscriber accounting identities and state attributes within all the service accounting records. While, the brief keyword allows to report only brief information about service accounting records without any parent accounting record details.

Task ID

Task ID Operation

aaa

read, write

Examples

This example shows how to set service accounting parameters to send brief information about service accounting records:

RP/0/RSP0/CPU0:router(config)# aaa service-accounting brief

Related Commands

Command

Description

aaa accounting subscriber

Creates an accounting list for subscriber accounting.

aaa accounting service

Creates an accounting list for service accounting.

aaa server radius dynamic-author

To configure radius dynamic author server, use theaaa server radius dynamic-author command in global configuration mode or administration configuration mode. To disable this subscriber authentication method, use the no form of this command.

aaa server radius dynamic-author { auth-type { all | any | session-key } | client hostname | ignore { server-key | session-key } | port port_number | server-key { 0 | 7 | line_number } }

no aaa server radius dynamic-author

Syntax Description

auth-type

Represents the COA client authentication type.

all

Represents all the COA client authentication type.

any

Represents any COA client authentication type.

session-key

Specifies that the session-key could be ignored.

client

Represents the COA client configuration.

ignore

Specifies the ignore options.

port

Specifies the COA server port to listen on.

server-key

Sets the shared secret to verify client COA requests.

port_number

Represents the port number and the value ranges from 1000 to 5000.

0

Specifies that the unencrypted key will follow.

7

Specifies that the encrypted key will follow.

line_number

Represents the unencrypted (cleartext) key.

Command Default

No default behavior or values

Command Modes

Global configuration

Command History

Release Modification

Release 4.2.0

This command was introduced.

Release 4.2.1

The support for the keywords, auth-key and ignore {session-key} were removed.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

RP/0/RSP0/CPU0:router(config)# aaa server radius dynamic-author ignore server-key

Related Commands

Command

Description

show radius (BNG)

Displays all trace data for AAA sub-system.

show aaa trace

Displays the tunnel-related information.

aaa radius attribute nas-port-type

To configure the AAA RADIUS attribute nas-port-type for a physical interface or a VLAN sub-interface, use the aaa radius attribute nas-port-type command in the interface configuration mode. To remove the configuration of nas-port-type from the interface or VLAN sub-interface, use the no form of this command.

aaa radius attribute nas-port-type { value | string }

no aaa radius attribute nas-port-type

Syntax Description

value

The nas-port-type value for the interface or VLAN sub-interface.

The range is from 0 to 44.

string

The nas-port-type name for the interface or VLAN sub-interface.

Command Default

None

Command Modes

Interface or VLAN sub-interface configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The permissible values for nas-port-type within the given range are 0 - 6, 9, 15 and 30 - 44.

Task ID

Task ID Operation

aaa

read, write

Examples

This example shows how to configure the AAA RADIUS attribute, nas-port-type for each physical interface :

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# aaa radius attribute nas-port-type 15

Related Commands

Command

Description

aaa radius attribute

Configures a format e encode string for particular interface or NAS-Port type.  

radius-server attribute

To customize the selected radius attributes, use the radius-server attribute command in the global configuration mode. To disable the Radius server attribute, use the no form of this command.

radius-server attribute list list_name [ attribute { list | vendor-id value } ]

no radius-server attribute list list_name [ attribute { list | vendor-id value } ]

Syntax Description

list

Specifies a list of attributes that are used in conjunction with server-groups to accept or reject a list of attributes.

list_name

Specifies the list name.

attribute

Specifies a list of Radius attributes.

list

Specifies the list of comma-delimited Radius attributes.

vendor-id

Specifies the vendor-id of the RADIUS attribute.

value

Specifies the vendor-id value. The value ranges from 0 to 429496729.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server attribute command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# radius-server attribute list list1
RP/0/RSP0/CPU0:router(config-attribute-filter)# attribute list_1
RP/0/RSP0/CPU0:router(config-attribute-filter)# radius-server attribute vendor-id 429

radius-server dead-criteria

To configure the dead server detection criteria for a configured RADIUS server, use the radius-server dead-criteria command in the global configuration mode. To disable the Radius server dead-criteria, use the no form of this command.

radius-server dead-criteria { time value | tries number_of_tries }

no radius-server dead-criteria { time value | tries number_of_tries }

Syntax Description

time

Specifies the minimum time that must elapse since a response was received from this RADIUS server.

value

Specifies the time in seconds. The value ranges from 1 to 120.

tries

Specifies the minimum number of transmissions (original attempts plus retransmits) to this RADIUS server.

number_of_tries

Specifies the number of tries. The range is from 1 to 100.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server dead-criteria command with 100s time and 34 tries:

RP/0/RSP0/CPU0:router(config)#radius-server dead-criteria time 100
RP/0/RSP0/CPU0:router(config)#radius-server dead-criteria tries 34

radius-server deadtime (BNG)

To improve RADIUS response times when some servers are unavailable and cause the unavailable servers to be skipped immediately, use the radius-server deadtime command. To set deadtime to 0, use the no form of this command.

radius-server deadtime value

no radius-server deadtime value

Syntax Description

value

Length of time, in minutes, for which a RADIUS server is skipped over by transaction requests, up to a maximum of 1440 (24 hours). The range is from 1 to 1440. The default value is 0.

Command Default

Dead time is set to 0.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported on BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

A RADIUS server marked as dead is skipped by additional requests for the duration of minutes unless all other servers are marked dead and there is no rollover method.

Task ID

Task ID

Operations

aaa

read, write

Examples

This example specifies five minutes of deadtime for RADIUS servers that fail to respond to authentication requests for the radius-server deadtime command:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# radius-server deadtime 5

radius-server disallow null-username

To drop radius access-requests that has blank or no username, use the radius-server disallow null-username command in the global configuration mode. To disable the Radius server disallow null-username, use the no form of this command.

radius-server disallow null-username

no radius-server disallow null-username

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server disallow null-username command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)#radius-server disallow null-username

radius-server host (BNG)

To specify a RADIUS server host, use the radius-server host command in global configuration mode. To delete the specified RADIUS host, use the no form of this command.

radius-server host ip-address [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit retries ] [ key string ]

no radius-server host ip-address [ auth-port port-number ] [ acct-port port-number ]

Syntax Description

ip-address

IP address of the RADIUS server host.

auth-port port-number

(Optional) Specifies the User Datagram Protocol (UDP) destination port for authentication requests; the host is not used for authentication if set to 0. If unspecified, the port number defaults to 1645.

acct-port port-number

(Optional) Specifies the UDP destination port for accounting requests; the host is not used for accounting if set to 0. If unspecified, the port number defaults to 1646.

timeout seconds

(Optional) The time interval (in seconds) that the router waits for the RADIUS server to reply before retransmitting. This setting overrides the global value of the radius-server timeout command. If no timeout value is specified, the global value is used. Enter a value in the range from 1 to 1000. Default is 5.

retransmit retries

(Optional) The number of times a RADIUS request is re-sent to a server, if that server is not responding or is responding slowly. This setting overrides the global setting of the radius-server retransmit command. If no retransmit value is specified, the global value is used. Enter a value in the range from 1 to 100. Default is 3.

key string

(Optional) Specifies the authentication and encryption key used between the router and the RADIUS server. This key overrides the global setting of the radius-server key command. If no key string is specified, the global value is used.

The key is a text string that must match the encryption key used on the RADIUS server. Always configure the key as the last item in the radius-server host command syntax. This is because the leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in the key, do not enclose the key in quotation marks unless the quotation marks themselves are part of the key.

Command Default

No RADIUS host is specified; use global radius-server command values.

Command Modes

Global configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported on BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

You can use multiple radius-server host commands to specify multiple hosts. The Cisco IOS XR software searches for hosts in the order in which you specify them.

If no host-specific timeout, retransmit, or key values are specified, the global values apply to each host.

Task ID

Task ID

Operations

aaa

read, write

Examples

This example shows how to establish the host with IP address 172.29.39.46 as the RADIUS server, use ports 1612 and 1616 as the authorization and accounting ports, set the timeout value to 6, set the retransmit value to 5, and set “rad123” as the encryption key, matching the key on the RADIUS server:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# radius-server host 172.29.39.46 auth-port 1612 acct-port 1616 timeout 6 retransmit 5 key rad123

To use separate servers for accounting and authentication, use the zero port value as appropriate.

Related Commands

Command

Description

aaa accounting subscriber

Creates a method list for accounting.

aaa authentication subscriber

Creates a method list for authentication.

aaa authorization subscriber

Creates a method list for authorization.

radius-server key (BNG)

Sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon.

radius-server retransmit (BNG)

Specifies how many times Cisco IOS XR software retransmits packets to a server before giving up.

radius-server timeout (BNG)

Sets the interval a router waits for a server host to reply.

radius-server ipv4 dscp

To mark the dscp bit for the ipv4 packets, use the radius-server ipv4 dscp command in the global configuration mode. To disable the Radius server IPv4 dscp, use the no form of this command.

radius-server ipv4 dscp value

no radius-server ipv4 dscp value

Syntax Description

value

Specifies the differentiated services codepoint value. The value ranges from 1 to 63.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server ipv4 dscp command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)#radius-server ipv4 dscp 34

radius-server key (BNG)

To set the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon, use the radius-server key command. To disable the key, use the no form of this command.

radius-server key { 0 clear-text-key | 7 encrypted-key | clear-text-key }

no radius-server key

Syntax Description

0 clear-text-key

Specifies an unencrypted (cleartext) shared key.

7 encrypted-key

Specifies a encrypted shared key.

clear-text-key

Specifies an unencrypted (cleartext) shared key.

Command Default

The authentication and encryption key is disabled.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported on BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The key entered must match the key used on the RADIUS server. All leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in your key, do not enclose the key in quotation marks unless the quotation marks themselves are part of the key.

Task ID

Task ID

Operations

aaa

read, write

Examples

This example shows how to set the cleartext key to “samplekey”:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# radius-server key 0 samplekey

This example shows how to set the encrypted shared key to “anykey”:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# radius-server key 7 anykey

radius-server load-balance

To configure the RADIUS load-balancing options, use the radius-server load-balance command in the global configuration mode. To disable the Radius server load-balance, use the no form of this command.

radius-server load-balance method least-outstanding [ batch-size value | ignore-preferred-server ]

no radius-server load-balance method least-outstanding

Syntax Description

method

Specifies the method by which the next host will be picked.

least-outstanding

Picks the server with the least transactions outstanding.

batch-size

Specifies the batch size for the selection of the server.

value

Specifies the batch size value. The value ranges from 1 to 1500. The default is 25.

ignore-preferred-server

Disables the preferred server for this server group.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server load-balance command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)#radius-server load-balance method lead-outstanding batch-size 25
RP/0/RSP0/CPU0:router(config)#radius-server load-balance method lead-outstanding batch-size ignore-preferred-server

radius-server retransmit (BNG)

To specify the number of times the Cisco IOS XR software retransmits a packet to a server before giving up, use the radius-server retransmit command. The no form of this command sets it to the default value of 3 .

radius-server retransmit { retries disable}

no radius-server retransmit { retries disable}

Syntax Description

retries

Maximum number of retransmission attempts. The range is from 1 to 100. Default is 3.

disable

Disables the radius-server transmit command.

Command Default

The RADIUS servers are retried three times, or until a response is received.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported on BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

The RADIUS client tries all servers, allowing each one to time out before increasing the retransmit count.

Task ID

Task ID

Operations

aaa

read, write

Examples

This example shows how to specify a retransmit counter value of five times:

RP/0/RSP0/CPU0:router# configure 
RP/0/RSP0/CPU0:router(config)# radius-server retransmit 5 

Related Commands

Command

Description

radius-server key (BNG)

Sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon.

radius-server source-port

To configure the NAS to use a total of 50 ports as the source ports for sending out RADIUS requests, use the radius-server source-port command in the global configuration mode. To disable the Radius server source-port, use the no form of this command.

radius-server source-port extended

no radius-server source-port extended

Syntax Description

extended

Specifies that the source-port can be extended to 50.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

Having 200 source ports allows up to 256*200 authentication and accounting requests to be outstanding at one time. During peak call volume, typically when a router first boots or when an interface flaps, the extra source ports allow sessions to recover more quickly on large-scale aggregation platforms.

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server source-port command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)#radius-server source-port extended

radius-server timeout (BNG)

To set the interval for which a router waits for a server host to reply before timing out, use the radius-server timeout command. To restore the default, use the no form of this command.

radius-server timeout seconds

no radius-server timeout

Syntax Description

seconds

Number that specifies the timeout interval, in seconds. Range is from 1 to 1000.

Command Default

The default radius-server timeout value is 5 seconds.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported on BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the radius-server timeout command to set the number of seconds a router waits for a server host to reply before timing out.

Task ID

Task ID

Operations

aaa

read, write

Examples

This example shows how to change the interval timer to 10 seconds:

RP/0/RSP0/CPU0:router# configure 
RP/0/RSP0/CPU0:router(config)# radius-server timeout 10 

radius-server vsa attribute ignore unknown

To specify the unknown vsa ignore configuration for RADIUS server, use the radius-server vsa attribute ignore unknown command in the global configuration mode. To disable this feature, use the no form of this command.

radius-server vsa attribute ignore unknown

no radius-server vsa attribute ignore unknown

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Global configuration mode

Command History

Release

Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

aaa

read, write

Examples

This is an example of configuring the radius-server vsa attribute ignore unknown command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)#radius-server vsa attribute ignore unknown

radius-server throttle

To configure RADIUS throttling options for access and accounting to flow control the number of access and accounting requests sent to a RADIUS server, use the radius-server throttle command in the global configuration mode. To disable the radius server throttle, use the no form of this command.

radius-server throttle { access value { access-timeout time | accounting value } | accounting acc_value }

no radius-server throttle { access value { access-timeout time | accounting value } | accounting acc_value }

Syntax Description

access

Controls the number of access requests sent to a radius server.

value

Specifies the number of outstanding access requests after which throttling should be performed. The value ranges from 0 to 65535 and the preferred value 100.

access-timeout

Specifies the number of timeouts exceeding which a throttled access request is dropped.

time

Specifies the number of timeouts for a transaction. The default value is 3.

accounting

Controls the number of accounting requests sent to a radius server.

acc_value

Specifies the number of outstanding accounting transactions after which throttling should be performed. The value ranges from 0 to 65535 and the preferred value 100.

Command Default

None

Command Modes

Global configuration mode

Command History

Release Modification

Release 4.2.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read, write

Examples

This is an example of configuring the radius-server throttle command in the global configuration mode:

RP/0/RSP0/CPU0:router(config)# radius-server throttle access 10 access-timeout 5 accounting 10

radius source-interface (BNG)

To force RADIUS to use the IP address of a specified interface or subinterface for all outgoing RADIUS packets, use the radius source-interface command. To prevent only the specified interface from being the default and not from being used for all outgoing RADIUS packets, use the no form of this command.

radius source-interface interface [ vrf vrf_name ]

no radius source-interface interface

Syntax Description

interface-name

Name of the interface that RADIUS uses for all of its outgoing packets.

vrf vrf-id

Specifies the name of the assigned VRF.

Command Default

If a specific source interface is not configured, or the interface is down or does not have an IP address configured, the system selects an IP address.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Release 4.2.0

This command was supported on BNG.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Use the radius source-interface command to set the IP address of the specified interface or subinterface for all outgoing RADIUS packets. This address is used as long as the interface or subinterface is in the up state. In this way, the RADIUS server can use one IP address entry for every network access client instead of maintaining a list of IP addresses.

The specified interface or subinterface must have an IP address associated with it. If the specified interface or subinterface does not have an IP address or is in the down state, then RADIUS reverts to the default. To avoid this, add an IP address to the interface or subinterface or bring the interface to the up state.

The radius source-interface command is especially useful in cases in which the router has many interfaces or subinterfaces and you want to ensure that all RADIUS packets from a particular router have the same IP address.

Task ID

Task ID

Operations

aaa

read, write

Examples

This example shows how to make RADIUS use the IP address of subinterface s2 for all outgoing RADIUS packets:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# radius source-interface Loopback 10 vrf vrf-1

show aaa trace

To display all trace data for AAA sub-system, use the show aaa trace command in the EXEC mode.

show aaa trace [ basic | errors | file | func | hexdump | job | last | location | reverse | stats | tailf | unique | usec | verbose | wide | wrapping ]

Syntax Description

basic

Displays the data for AAA basic events.

errors

Displays the data for AAA client library errors.

file

Displays the specific file.

func

Displays the data for AAA function.

hexdump

Displays the traces in hexadecimal.

job

Displays the job ID.

last

Displays the last n entries.

location

Displays the card location.

reverse

Displays the latest traces first.

stats

Displays the statistics.

tailf

Displays the new traces as they were added.

unique

Displays the unique entries with counts.

verbose

Displays the internal debugging information.

wrapping

Displays the wrapping entries.

|

Displays the output modifiers.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read

Examples

This is the sample output of the show aaa trace command:

RP/0/RSP0/CPU0:router# show aaa trace func	
Tue Jan 15 07:59:10.381 UTC
4 wrapping entries (1088 possible, 64 allocated, 0 filtered, 4 total)
Jan 15 06:11:00.958 aaa/func 0/RSP0/CPU0 t5  ENTERING aaa_connect2
Jan 15 06:11:00.962 aaa/func 0/RSP0/CPU0 t5  ENTERING get_unique_context
Jan 15 06:11:00.963 aaa/func 0/RSP0/CPU0 t5  EXITTING get_unique_context
Jan 15 06:11:00.963 aaa/func 0/RSP0/CPU0 t5  EXITTING aaa_connect2

show radius (BNG)

To display the tunnel-related information, use the show radius command in the EXEC mode.

show radius [ accounting | authentication | dead-criteria | double-dip | location | server-groups ]

Syntax Description

accounting

Displays the RADIUS accounting data.

authentication

Displays the RADIUS authentication data.

dead-criteria

Displays the RADIUS dead-server detection criteria.

double-dip

Displays the RADIUS double-dip data.

location

Specifies the RADIUS instance location.

server-groups

Displays the RADIUS server group information.

|

Displays the output modifiers.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read

Examples

This is the sample output of the show radius command:

RP/0/RSP0/CPU0:router#show radius | file tftp: vrf vrf1 |

The show radius output is as follows:

Wed Mar  7 19:22:40.392 IST
Global dead time: 0 minute(s)
Number of Servers:2

Server: 10.1.0.3/1645/1646  is UP
  Total Deadtime: 0s Last Deadtime: 0s
  Timeout: 5 sec, Retransmit limit: 3
  Quarantined: No
  Authentication:
    1 requests, 0 pending, 0 retransmits
    1 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 50 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
  Accounting:
    1 requests, 0 pending, 0 retransmits
    1 responses, 0 timeouts, 0 bad responses
    0 bad authenticators, 0 unknown types, 0 dropped
    189 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Accounting Transactions: 0 
    Maximum Throttled Accounting Transactions: 0

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending

Server: 1.1.1.1/1645/1646  is UP
  Total Deadtime: 0s Last Deadtime: 0s
  Timeout: 5 sec, Retransmit limit: 3
  Quarantined: No
  Authentication:
    0 requests, 0 pending, 0 retransmits
    0 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 0 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
  Accounting:
    0 requests, 0 pending, 0 retransmits
    0 responses, 0 timeouts, 0 bad responses
    0 bad authenticators, 0 unknown types, 0 dropped
    0 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Accounting Transactions: 0 
    Maximum Throttled Accounting Transactions: 0

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending

RP/0/RSP0/CPU0:router# show rad server-groups SG1

Server group 'SG1' has 1 server(s)
  VRF  (id 0x0)
  Dead time: 0 minute(s) (inherited from global)
  Contains 1 server(s)
Server 10.1.0.3/1645/1646
  Authentication:
    1 requests, 0 pending, 0 retransmits
    1 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 50 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending
  Accounting:
    1 requests, 0 pending, 0 retransmits
    1 responses, 0 timeouts, 0 bad responses
    0 bad authenticators, 0 unknown types, 0 dropped
    189 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Accounting Transactions: 0 
    Maximum Throttled Accounting Transactions: 0

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending

This table describes the significant fields shown in the display.

Table 1 show radius Field Descriptions

Field

Description

Server

Server IP address/UDP destination port for authentication requests/UDP destination port for accounting requests.

Timeout

Number of seconds the router waits for a server host to reply before timing out.

Retransmit limit

Number of times the Cisco IOS XR software searches the list of RADIUS server hosts before giving up.

Deadtime

Length of time in minutes for a RADIUS server to remain marked dead.

show radius server-groups detail

To display the detailed summary of the RADIUS server group information, use the show radius server-groups detail command in the EXEC mode.

show radius server-groups server_group_name detail

Syntax Description

server_group_name

Specifies the name of the RADIUS server group.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 4.2.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

aaa

read

Examples

This is sample output of the show radius server-groups detail command:

RP/0/RSP0/CPU0:router# show radius server-groups SG1 detail
Wed Jan 18 06:04:59.432 EST

Server group 'SG1' has 1 server(s)
  VRF  (id 0x0)
  Dead time: 0 minute(s) (inherited from global)
  Contains 1 server(s)
Server 99.0.0.10/1812/1813
  Authentication:
    100 requests, 0 pending, 0 retransmits
    100 accepts, 0 rejects, 0 challenges
    0 timeouts, 0 bad responses, 0 bad authenticators
    0 unknown types, 0 dropped, 0 ms latest rtt
    Throttled: 0 transactions, 0 timeout, 0 failures
    Estimated Throttled Access Transactions: 0 
    Maximum Throttled Access Transactions: 0 

    Automated TEST Stats:
        0 requests, 0 timeouts, 0 response, 0 pending

This table describes the significant fields shown in the display.

Table 2 show radius Field Descriptions

Field

Description

Server

Server IP address/UDP destination port for authentication requests/UDP destination port for accounting requests.

Deadtime

Length of time in minutes for a RADIUS server to remain marked dead.

Authentication

Specifies the authentication details.

Automated TEST Stats

Specifies the total time taken for sending requests, total timeouts, and the response time.

statistics period service-accounting

To set collection period for statistics collectors, use the statistics period service-accounting command in global configuration mode or administration configuration mode. To disable this behavior, use the no form of this command.

statistics period service-accounting { period | disable }

no statistics period service-accounting { period | disable }

Syntax Description

period

Collection period in seconds. The range is from 30 to 3600. The default is 900.

disable

Disables periodic statistics collection.

Command Default

Default collection period is 900 seconds.

Command Modes

Global configuration

Command History

Release Modification

Release 4.3.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID Operation

diag

read, write

Examples

This example shows how to change the collection period or polling interval for statistics collector:

RP/0/RSP0/CPU0:router(config)# statistics period service-accounting 2000

Related Commands

Command

Description

aaa accounting subscriber

Creates an accounting list for subscriber accounting.

aaa accounting service

Creates an accounting list for service accounting.