Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Software Releases 12.2 T

RADIUS Debug Enhancements

Downloads

Table Of Contents

RADIUS Debug Enhancements

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring Default Debug ASCII Display

Configuring Debug Display in Brief Format

Configuring Debug Display in Hex Format

Verifying the debug radius Command

Configuration Examples

Default debug radius Command Example

Compact Debugging Output Example

Command Reference

debug radius

Glossary


RADIUS Debug Enhancements

Feature History

Release
Modification

12.2(11)T

This feature was introduced on the Cisco 1400 series, Cisco 1600 series, Cisco 1700 series, Cisco 2500 series, Cisco 2600 series, Cisco 3600 series, Cisco 7100, Cisco 7200, Cisco 7500, Cisco AS5300, Cisco AS5800, Cisco Catalyst 5000, Cisco MC3810, and Cisco MGX8850 platforms.


This document describes the Remote Authentication Dial-In User Services (RADIUS) Debug Enhancements feature in Cisco IOS Release 12.2(11)T. It includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuration Examples

Command Reference

Glossary

Feature Overview

This document details the RADIUS Debug Enhancements feature. RADIUS is a distributed client/server system that provides the following functionality:

secures networks against unauthorized access

enables authorization of specific service limits

provides accounting information so that services can be billed

In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.

The debug radius command displays information associated with RADIUS. Prior to the RADIUS Debug Enhancements feature, debug radius output was available only in an expanded, hexadecimal string format, resulting in displays that were difficult to interpret and analyze. Moreover, attribute value displays were truncated, particularly for vendor-specific attributes (VSAs).

The new feature provides enhanced RADIUS display including the following:

Packet dump in a more readable, user-friendly ASCII format than before

Complete display of attribute values without truncation

Ability to select a brief RADIUS debug output display

Benefits

Provides RADIUS debug display in a user-friendly format

Supports complete RADIUS debug information

Provides the default display of packet dump in ASCII format

Allows a compact debugging output option that is useful for high-traffic, operational environments

Restrictions

Only Internet Engineering Task Force (IETF) attributes and Cisco VSAs used in voice applications are supported. For unsupported attributes, "undebuggable" is displayed.

Related Features and Technologies

Cisco IOS security

RADIUS authentication, authorization, and accounting (AAA)

Cisco Voice over IP (VoIP)

Related Documents

Configuration Guide for AAA Billing Features in Cisco Voice-Enabled Routers and Access Servers

Cisco IOS Security Configuration Guide, Release 12.2, "Configuring RADIUS" chapter

RADIUS Vendor-Specific Attributes Voice Implementation Guide, Release 12.1

Cisco IOS Debug Command Reference, Release 12.2

Supported Platforms

Cisco 1400 series

Cisco 1600 series

Cisco 1700 series

Cisco 2500 series

Cisco 2600 series

Cisco 3600 series

Cisco 7100 series

Cisco 7200 series

Cisco 7500 series

Cisco AS5300

Cisco AS5800

Cisco Catalyst 5000

Cisco MC3810

Cisco MGX8850

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco  MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco  MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

RFCs

No new or modified RFCs are supported by this feature.

Prerequisites

Establish a working IP network. For more information about configuring IP, refer to the part "IP Overview," and the "Configuring IP Addressing," and "Configuring IP Services" chapters in the Cisco IOS Release 12.0 Network Protocols Configuration Guide, Part 1.

Configure VoIP. For more information about configuring VoIP, refer to

Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2.

Configure the gateway as a RADIUS client. Refer to the chapter "Configuring the RADIUS Client Gateway" in the RADIUS Vendor-Specific Attributes Voice Implementation Guide, Release 12.1.

Have a familiarity of Internet Engineering Task Force (IETF) RFC 2138.

Configuration Tasks

See the following sections for configuration tasks for the RADIUS Debug Enhancements feature. Each task in the list is identified as either required or optional.

Configuring Default Debug ASCII Display (optional)

Configuring Debug Display in Brief Format (optional)

Configuring Debug Display in Hex Format (optional)

Verifying the debug radius Command (optional)

Configuring Default Debug ASCII Display

The complete ASCII format debug display with no truncation is enabled by default; no configuration tasks are required to enable this feature. To reenable the feature if it was disabled by using the no debug radius command, use the following command in privileged EXEC mode:

Command
Purpose

Router# debug radius

Enables RADIUS debugging output.


Note Prior to Cisco IOS Release 12.2(11)T, the debug radius command enabled truncated debugging output in hexadecimal notation, rather than ASCII. To enable debugging output in hex format, use the debug radius hex command.

Configuring Debug Display in Brief Format

Debugging output is available in a compact output that displays only basic information. To enable this display option, use the following command in privileged EXEC mode:

Command
Purpose

Router# debug radius brief

Enables RADIUS debugging output displaying only the client/server interaction and minimum packet information.


Configuring Debug Display in Hex Format

Debugging output is available in hexadecimal notation. To enable this display option, use the following command in privileged EXEC mode:

Command
Purpose

Router# debug radius hex

Enables RADIUS debugging output in hexadecimal notation.


Verifying the debug radius Command

Use the show debug command to verify RADIUS output options. 

5300# show debug


Radius protocol debugging is on

Radius packet hex dump debugging is on

5300_43#

17:26:52: RADIUS: ustruct sharecount=3

17:26:52: Radius: radius_port_info() success=0 radius_nas_port=1

17:26:52: RADIUS: Initial Transmit ISDN 0:D:23 id 10 10.0.0.0:1824, Accounting-Request, 
len 361

17:26:52:         Attribute 4 6 01081D03

17:26:52:         Attribute 26 19 00000009020D4953444E20303A443A3233

17:26:52:         Attribute 61 6 00000000

17:26:52:         Attribute 1 12 34303835323734323036

17:26:52:         Attribute 30 7 3532393831

17:26:52:         Attribute 31 12 34303835323734323036

17:26:52:         Attribute 40 6 00000001

17:26:52:         Attribute 6 6 00000001

17:26:52:         Attribute 26 27 000000092115683332332D67772D69643D353330305F34332E

17:26:52:         Attribute 26 57 
000000090133683332332D696E636F6D696E672D636F6E662D69643D3846334133313633204234393830303046
20302033424537314238

17:26:52:         Attribute 26 31 
000000091A19683332332D63616C6C2D6F726967696E3D616E73776572

17:26:52:         Attribute 26 32 
000000091B1A683332332D63616C6C2D747970653D54656C6570686F6E79

17:26:52:         Attribute 26 56 
000000091932683332332D73657475702D74696D653D2A30393A32363A35322E3838302050535420536174204A
616E20312032303030

17:26:52:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38

17:26:52:         Attribute 44 10 3030303030303035

17:26:52:         Attribute 41 6 00000000

17:26:52: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206 

17:26:52: RADIUS: Received from id 10 1.7.157.1:1824, Accounting-response, len 20

17:27:01: RADIUS: ustruct sharecount=3

17:27:01: Radius: radius_port_info() success=0 radius_nas_port=1

17:27:01: RADIUS: Initial Transmit ISDN 0:D:23 id 11 10.0.0.1:1823, Access-Request, len 
173

17:27:01:         Attribute 4 6 01081D03

17:27:01:         Attribute 26 19 00000009020D4953444E20303A443A3233

17:27:01:         Attribute 61 6 00000000

17:27:01:         Attribute 1 8 313233343536

17:27:01:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38

17:27:01:         Attribute 31 12 34303835323734323036

17:27:01:         Attribute 2 18 C980D8D0E9A061B3D783C61AA6F27214

17:27:01:         Attribute 26 36 
00000009011E683332332D6976722D6F75743D7472616E73616374696F6E49443A33

17:27:01: RADIUS: Received from id 11 1.7.157.1:1823, Access-Accept, len 115

17:27:01:         Attribute 6 6 00000001

17:27:01:         Attribute 26 29 000000096517683332332D6372656469742D616D6F756E743D3435

17:27:01:         Attribute 26 27 000000096615683332332D6372656469742D74696D653D3333

17:27:01:         Attribute 26 26 000000096714683332332D72657475726E2D636F64653D30

17:27:01:         Attribute 25 7 6C6F63616C

17:27:01: RADIUS: saved authorization data for user 61AA0698 at 6215087C

17:27:09: %ISDN-6-DISCONNECT: Interface Serial0:22  disconnected from 4085554206 , call 
lasted 17 seconds

17:27:09: RADIUS: ustruct sharecount=2

17:27:09: Radius: radius_port_info() success=0 radius_nas_port=1

17:27:09: RADIUS: Sent class "local" at 621508E8 from user 61AA0698

17:27:09: RADIUS: Initial Transmit ISDN 0:D:23 id 12 10.0.0.0:1824, Accounting-Request, 
len 776

17:27:09:         Attribute 4 6 01081D03

17:27:09:         Attribute 26 19 00000009020D4953444E20303A443A3233

17:27:09:         Attribute 61 6 00000000

17:27:09:         Attribute 1 8 313233343536

17:27:09:         Attribute 30 7 3532393831

17:27:09:         Attribute 31 12 34303835323734323036

17:27:09:         Attribute 40 6 00000002

17:27:09:         Attribute 25 7 6C6F63616C

17:27:09:         Attribute 45 6 00000001

17:27:09:         Attribute 6 6 00000001

17:27:09:         Attribute 26 27 000000092115683332332D67772D69643D353330305F34332E

17:27:09:         Attribute 26 57 
000000090133683332332D696E636F6D696E672D636F6E662D69643D3846334133313633204234393830303046
20302033424537314238

17:27:09:         Attribute 26 31 
000000091A19683332332D63616C6C2D6F726967696E3D616E73776572

17:27:09:         Attribute 26 32 
000000091B1A683332332D63616C6C2D747970653D54656C6570686F6E79

17:27:09:         Attribute 26 56 
000000091932683332332D73657475702D74696D653D2A30393A32363A35322E3838302050535420536174204A
616E20312032303030

17:27:09:         Attribute 26 58 
000000091C34683332332D636F6E6E6563742D74696D653D2A30393A32363A35322E3930372050535420536174
204A616E20312032303030

17:27:09:         Attribute 26 61 
000000091D37683332332D646973636F6E6E6563742D74696D653D2A30393A32373A31302E3133372050535420
536174204A616E20312032303030

17:27:09:         Attribute 26 32 
000000091E1A683332332D646973636F6E6E6563742D63617573653D3130

17:27:09:         Attribute 26 28 000000091F16683332332D766F6963652D7175616C6974793D30

17:27:09:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38

17:27:09:         Attribute 44 10 3030303030303035

17:27:09:         Attribute 42 6 00000000

17:27:09:         Attribute 43 6 00012CA0

17:27:09:         Attribute 47 6 00000000

17:27:09:         Attribute 48 6 000001E1

17:27:09:         Attribute 46 6 00000011

17:27:09:         Attribute 26 30 000000090118737562736372696265723D526567756C61724C696E65

17:27:09:         Attribute 26 35 
00000009011D683332332D6976722D6F75743D5461726966663A556E6B6E6F776E

17:27:09:         Attribute 26 22 0000000901107072652D62797465732D696E3D30

17:27:09:         Attribute 26 23 0000000901117072652D62797465732D6F75743D30

17:27:09:         Attribute 26 21 00000009010F7072652D70616B732D696E3D30

17:27:09:         Attribute 26 22 0000000901107072652D70616B732D6F75743D30

17:27:09:         Attribute 26 22 0000000901106E61732D72782D73706565643D30

17:27:09:         Attribute 26 22 0000000901106E61732D74782D73706565643D30

17:27:09:         Attribute 41 6 00000000

17:27:09: RADIUS: Received from id 12 10.0.0.0:1824, Accounting-response, len 20

Configuration Examples

This section provides the following configuration examples:

Default debug radius Command Example

Compact Debugging Output Example

Default debug radius Command Example

The following sample output shows the default RADIUS output in ASCII notation, generated by the debug radius command:

Note The following output displays the internal information found inside a RADIUS protocol message. For information about RADIUS protocol messages, see IETF RFC 2138. 

router# debug radius


Radius protocol debugging is on 

Radius packet hex dump debugging is off 

router# 

00:02:50: RADIUS: ustruct sharecount=3 

00:02:50: Radius: radius_port_info() success=0 radius_nas_port=1 

00:02:50: RADIUS: Initial Transmit ISDN 0:D:23 id 0 10.0.0.0:1824, Accounting-Request, len 
358 

00:02:50: RADIUS: NAS-IP-Address [4] 6 10.0.0.1 

00:02:50: RADIUS: Vendor, Cisco [26] 19 VT=02 TL=13 ISDN 0:D:23 

00:02:50: RADIUS: NAS-Port-Type [61] 6 Async 

00:02:50: RADIUS: User-Name [1] 12 "4085274206" 

00:02:50: RADIUS: Called-Station-Id [30] 7 "52981" 

00:02:50: RADIUS: Calling-Station-Id [31] 12 "4085554206" 

00:02:50: RADIUS: Acct-Status-Type [40] 6 Start 

00:02:50: RADIUS: Service-Type [6] 6 Login 

00:02:50: RADIUS: Vendor, Cisco [26] 27 VT=33 TL=21 h323-gw-id=5300_43. 

00:02:50: RADIUS: Vendor, Cisco [26] 55 VT=01 TL=49 h323-incoming-conf-id=8F3A3163 
B4980003 0 29BD0 

00:02:50: RADIUS: Vendor, Cisco [26] 31 VT=26 TL=25 h323-call-origin=answer 

00:02:50: RADIUS: Vendor, Cisco [26] 32 VT=27 TL=26 h323-call-type=Telephony 

00:02:50: RADIUS: Vendor, Cisco [26] 57 VT=25 TL=51 h323-setup-time=*16:02:48.681 PST Fri 
Dec 31 1999 

00:02:50: RADIUS: Vendor, Cisco [26] 46 VT=24 TL=40 h323-conf-id=8F3A3163 B4980003 029BD0 

00:02:50: RADIUS: Acct-Session-Id [44] 10 "00000002" 

00:02:50: RADIUS: Delay-Time [41] 6 0 

00:02:51: RADIUS: Received from id 0 10.0.0.0:1824, Accounting-response, len 20 

00:02:51: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085554206 

00:03:01: RADIUS: ustruct sharecount=3 

00:03:01: Radius: radius_port_info() success=0 radius_nas_port=1 

00:03:01: RADIUS: Initial Transmit ISDN 0:D:23 id 1 1.7.157.1:1823, Access-Request, len 
171 

00:03:01: RADIUS: NAS-IP-Address [4] 6 10.0.0.1 

00:03:01: RADIUS: Vendor, Cisco [26] 19 VT=02 TL=13 ISDN 0:D:23 

00:03:01: RADIUS: NAS-Port-Type [61] 6 Async 

00:03:01: RADIUS: User-Name [1] 8 "123456" 

00:03:01: RADIUS: Vendor, Cisco [26] 46 VT=24 TL=40 h323-conf-id=8F3A3163 B4980003 0 29BD0 

00:03:01: RADIUS: Calling-Station-Id [31] 12 "4085274206" 

00:03:01: RADIUS: User-Password [2] 18 * 

00:03:01: RADIUS: Vendor, Cisco [26] 36 VT=01 TL=30 h323-ivr-out=transactionID:0 

00:03:01: RADIUS: Received from id 1 1.7.157.1:1823, Access-Accept, len 115 

00:03:01: RADIUS: Service-Type [6] 6 Login 

00:03:01: RADIUS: Vendor, Cisco [26] 29 VT=101 TL=23 h323-credit-amount=45 

00:03:01: RADIUS: Vendor, Cisco [26] 27 VT=102 TL=21 h323-credit-time=33 

00:03:01: RADIUS: Vendor, Cisco [26] 26 VT=103 TL=20 h323-return-code=0 

00:03:01: RADIUS: Class [25] 7 6C6F63616C 

00:03:01: RADIUS: saved authorization data for user 62321E14 at 6233D258 

00:03:13: %ISDN-6-DISCONNECT: Interface Serial0:22 disconnected from 4085274206, call 
lasted 22 seconds 

00:03:13: RADIUS: ustruct sharecount=2 

00:03:13: Radius: radius_port_info() success=0 radius_nas_port=1 

00:03:13: RADIUS: Sent class "local" at 6233D2C4 from user 62321E14 

00:03:13: RADIUS: Initial Transmit ISDN 0:D:23 id 2 10.0.0.0:1824, Accounting-Request, len 
775 

00:03:13: RADIUS: NAS-IP-Address [4] 6 10.0.0.1 

00:03:13: RADIUS: Vendor, Cisco [26] 19 VT=02 TL=13 ISDN 0:D:23 

00:03:13: RADIUS: NAS-Port-Type [61] 6 Async 

00:03:13: RADIUS: User-Name [1] 8 "123456" 

00:03:13: RADIUS: Called-Station-Id [30] 7 "52981"

00:03:13: RADIUS: Calling-Station-Id [31] 12 "4085554206"

00:03:13: RADIUS: Acct-Status-Type [40] 6 Stop

00:03:13: RADIUS: Class [25] 7 6C6F63616C

00:03:13: RADIUS: Undebuggable [45] 6 00000001

00:03:13: RADIUS: Service-Type [6] 6 Login

00:03:13: RADIUS: Vendor, Cisco [26] 27 VT=33 TL=21 h323-gw-id=5300_43.

00:03:13: RADIUS: Vendor, Cisco [26] 55 VT=01 TL=49 h323-incoming-conf-id=8F3A3163 
B4980003 0 29BD0

00:03:13: RADIUS: Vendor, Cisco [26] 31 VT=26 TL=25 h323-call-origin=answer

00:03:13: RADIUS: Vendor, Cisco [26] 32 VT=27 TL=26 h323-call-type=Telephony

00:03:13: RADIUS: Vendor, Cisco [26] 57 VT=25 TL=51 h323-setup-time=*16:02:48.681 PST Fri 
Dec 31 1999

00:03:13: RADIUS: Vendor, Cisco [26] 59 VT=28 TL=53 h323-connect-time=*16:02:48.946

PST Fri Dec 31 1999

00:03:13: RADIUS: Vendor, Cisco [26] 62 VT=29 TL=56 h323-disconnect-time=*16:03:11.306

PST Fri Dec 31 1999

00:03:13: RADIUS: Vendor, Cisco [26] 32 VT=30 TL=26 h323-disconnect-cause=10

00:03:13: RADIUS: Vendor, Cisco [26] 28 VT=31 TL=22 h323-voice-quality=0

00:03:13: RADIUS: Vendor, Cisco [26] 46 VT=24 TL=40 h323-conf-id=8F3A3163 B4980003 0 29BD0

00:03:13: RADIUS: Acct-Session-Id [44] 10 "00000002"

00:03:13: RADIUS: Acct-Input-Octets [42] 6 0

00:03:13: RADIUS: Acct-Output-Octets [43] 6 88000

00:03:13: RADIUS: Acct-Input-Packets [47] 6 0

00:03:13: RADIUS: Acct-Output-Packets [48] 6 550

00:03:13: RADIUS: Acct-Session-Time [46] 6 22

00:03:13: RADIUS: Vendor, Cisco [26] 30 VT=01 TL=24 subscriber=RegularLine

00:03:13: RADIUS: Vendor, Cisco [26] 35 VT=01 TL=29 h323-ivr-out=Tariff:Unknown

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 pre-bytes-in=0

00:03:13: RADIUS: Vendor, Cisco [26] 23 VT=01 TL=17 pre-bytes-out=0

00:03:13: RADIUS: Vendor, Cisco [26] 21 VT=01 TL=15 pre-paks-in=0

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 pre-paks-out=0

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 nas-rx-speed=0

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 nas-tx-speed=0

00:03:13: RADIUS: Delay-Time [41] 6 0

00:03:13: RADIUS: Received from id 2 10.0.0.0:1824, Accounting-response, len 20

Compact Debugging Output Example

A new EXEC command, debug radius brief, enables this abbreviated output option. The following sample output displays only the client/server interaction and minimum packet information (packet type, ID and so forth). 

router# debug radius brief


Radius protocol debugging is on

Radius packet hex dump debugging is off

Radius protocol in brief format debugging is on

00:05:21: RADIUS: Initial Transmit ISDN 0:D:23 id 6 10.0.0.1:1824, Accounting-Request, len 
358

00:05:21: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085554206

00:05:26: RADIUS: Retransmit id 6

00:05:31: RADIUS: Tried all servers.

00:05:31: RADIUS: No valid server found. Trying any viable server

00:05:31: RADIUS: Tried all servers.

00:05:31: RADIUS: No response for id 7

00:05:31: RADIUS: Initial Transmit ISDN 0:D:23 id 8 10.0.0.0:1823, Access-Request, len 171

00:05:36: RADIUS: Retransmit id 8

00:05:36: RADIUS: Received from id 8 10.0.0.0:1823, Access-Accept, len 115

00:05:47: %ISDN-6-DISCONNECT: Interface Serial0:22 disconnected from 4085554206, call 
lasted 26 seconds

00:05:47: RADIUS: Initial Transmit ISDN 0:D:23 id 9 10.0.0.1:1824, Accounting-Request, len 
775

00:05:47: RADIUS: Received from id 9 1.7.157.1:1824, Accounting-response, len 20

Command Reference

This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

Modified Commands

debug radius

debug radius

To display information associated with RADIUS, use the debug radius command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug radius [brief | hex]

no debug radius [brief | hex]

Syntax Description

brief

(Optional) Displays abbreviated debug output.

hex

(Optional) Displays debug output in hexadecimal notation.


Defaults

Debugging output in ASCII format is enabled by default.

Command Modes

Privileged EXEC

Command History

Release
Modification

11.2(1)T

This command was introduced.

12.2(11)T

The brief and hex keywords were added. The default output format became ASCII rather than hexadecimal.


Usage Guidelines

RADIUS is a distributed security system that secures networks against unauthorized access. Cisco supports RADIUS under the authentication, authorization, and accounting (AAA) security system. When RADIUS is used on the router, you can use the debug radius command to display detailed debugging and troubleshooting information in ASCII format. Use the debug radius brief command for abbreviated output displaying client/server interaction and minimum packet information. Use the debug radius hex command

to display untruncated packet dump in hex format.

Examples

The following is sample output from the debug radius command: 

router# debug radius


Radius protocol debugging is on

Radius packet hex dump debugging is off

router#

00:02:50: RADIUS: ustruct sharecount=3

00:02:50: Radius: radius_port_info() success=0 radius_nas_port=1

00:02:50: RADIUS: Initial Transmit ISDN 0:D:23 id 0 10.0.0.1:1824, Accounting-Request, len 
358

00:02:50: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.0

00:02:50: RADIUS:  Vendor, Cisco       [26]  19  VT=02 TL=13 ISDN 0:D:23

00:02:50: RADIUS:  NAS-Port-Type       [61]  6   Async

00:02:50: RADIUS:  User-Name           [1]   12  "4085554206"

00:02:50: RADIUS:  Called-Station-Id   [30]  7   "52981"

00:02:50: RADIUS:  Calling-Station-Id  [31]  12  "4085554206"

00:02:50: RADIUS:  Acct-Status-Type    [40]  6   Start

00:02:50: RADIUS:  Service-Type        [6]   6   Login

00:02:50: RADIUS:  Vendor, Cisco       [26]  27  VT=33 TL=21 h323-gw-id=5300_43.

00:02:50: RADIUS:  Vendor, Cisco       [26]  55  VT=01 TL=49 
h323-incoming-conf-id=8F3A3163 B4980003 0 29BD0

00:02:50: RADIUS:  Vendor, Cisco       [26]  31  VT=26 TL=25 h323-call-origin=answer

00:02:50: RADIUS:  Vendor, Cisco       [26]  32  VT=27 TL=26 h323-call-type=Telephony

00:02:50: RADIUS:  Vendor, Cisco       [26]  57  VT=25 TL=51 h323-setup-time=*16:02:48.681 
PST Fri Dec 31 1999

00:02:50: RADIUS:  Vendor, Cisco       [26]  46  VT=24 TL=40 h323-conf-id=8F3A3163 
B4980003 0 29BD0

00:02:50: RADIUS:  Acct-Session-Id     [44]  10  "00000002"

00:02:50: RADIUS:  Delay-Time          [41]  6   0

00:02:51: RADIUS: Received from id 0 1.7.157.1:1824, Accounting-response, len 20

00:02:51: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206 

00:03:01: RADIUS: ustruct sharecount=3

00:03:01: Radius: radius_port_info() success=0 radius_nas_port=1

00:03:01: RADIUS: Initial Transmit ISDN 0:D:23 id 1 1.7.157.1:1823, Access-Request, len 
171

00:03:01: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.0

00:03:01: RADIUS:  Vendor, Cisco       [26]  19  VT=02 TL=13 ISDN 0:D:23

00:03:01: RADIUS:  NAS-Port-Type       [61]  6   Async

00:03:01: RADIUS:  User-Name           [1]   8   "123456"

00:03:01: RADIUS:  Vendor, Cisco       [26]  46  VT=24 TL=40 h323-conf-id=8F3A3163 
B4980003 0 29BD0

00:03:01: RADIUS:  Calling-Station-Id  [31]  12  "4085554206"

00:03:01: RADIUS:  User-Password       [2]   18  *

00:03:01: RADIUS:  Vendor, Cisco       [26]  36  VT=01 TL=30 h323-ivr-out=transactionID:0

00:03:01: RADIUS: Received from id 1 1.7.157.1:1823, Access-Accept, len 115

00:03:01: RADIUS:  Service-Type        [6]   6   Login

00:03:01: RADIUS:  Vendor, Cisco       [26]  29  VT=101 TL=23 h323-credit-amount=45

00:03:01: RADIUS:  Vendor, Cisco       [26]  27  VT=102 TL=21 h323-credit-time=33

00:03:01: RADIUS:  Vendor, Cisco       [26]  26  VT=103 TL=20 h323-return-code=0

00:03:01: RADIUS:  Class               [25]  7   6C6F63616C

00:03:01: RADIUS: saved authorization data for user 62321E14 at 6233D258

00:03:13: %ISDN-6-DISCONNECT: Interface Serial0:22  disconnected from 4085274206, call 
lasted 22 seconds

00:03:13: RADIUS: ustruct sharecount=2

00:03:13: Radius: radius_port_info() success=0 radius_nas_port=1

00:03:13: RADIUS: Sent class "local" at 6233D2C4 from user 62321E14

00:03:13: RADIUS: Initial Transmit ISDN 0:D:23 id 2 1.7.157.1:1824, Accounting-Request, 
len 775

00:03:13: RADIUS:  NAS-IP-Address      [4]   6   10.0.0.0

00:03:13: RADIUS:  Vendor, Cisco       [26]  19  VT=02 TL=13 ISDN 0:D:23

00:03:13: RADIUS:  NAS-Port-Type       [61]  6   Async

00:03:13: RADIUS:  User-Name           [1]   8   "123456"

00:03:13: RADIUS:  Called-Station-Id   [30]  7   "52981"

00:03:13: RADIUS:  Calling-Station-Id  [31]  12  "4085274206"

00:03:13: RADIUS:  Acct-Status-Type    [40]  6   Stop

00:03:13: RADIUS:  Class               [25]  7   6C6F63616C

00:03:13: RADIUS:  Undebuggable        [45]  6   00000001

00:03:13: RADIUS:  Service-Type        [6]   6   Login

00:03:13: RADIUS:  Vendor, Cisco       [26]  27  VT=33 TL=21 h323-gw-id=5300_43.

00:03:13: RADIUS:  Vendor, Cisco       [26]  55  VT=01 TL=49 
h323-incoming-conf-id=8F3A3163 B4980003 0 29BD0

00:03:13: RADIUS:  Vendor, Cisco       [26]  31  VT=26 TL=25 h323-call-origin=answer

00:03:13: RADIUS:  Vendor, Cisco       [26]  32  VT=27 TL=26 h323-call-type=Telephony

00:03:13: RADIUS:  Vendor, Cisco       [26]  57  VT=25 TL=51 h323-setup-time=*16:02:48.681 
PST Fri Dec 31 1999

00:03:13: RADIUS:  Vendor, Cisco       [26]  59  VT=28 TL=53 
h323-connect-time=*16:02:48.946 PST Fri Dec 31 1999

00:03:13: RADIUS:  Vendor, Cisco       [26]  62  VT=29 TL=56in=0

00:03:13: RADIUS:  Vendor, Cisco       [26]  23  VT=01 TL=17 pre-bytes-out=0

00:03:13: RADIUS:  Vendor, Cisco       [26]  21  VT=01 TL=15 pre-paks-in=0

00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 pre-paks-out=0

00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 nas-rx-speed=0

00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 nas-tx-speed=0

00:03:13: RADIUS:  Delay-Time          [41]  6   0

00:03:13: RADIUS: Received from id 2 1.7.157.1:1824, Accounting-response, len 20

h323-disconnect-time=*16:03:11.306 PST Fri Dec 31 1999

00:03:13: RADIUS:  Vendor, Cisco       [26]  32  VT=30 TL=26 h323-disconnect-cause=10

00:03:13: RADIUS:  Vendor, Cisco       [26]  28  VT=31 TL=22 h323-voice-quality=0

00:03:13: RADIUS:  Vendor, Cisco       [26]  46  VT=24 TL=40 h323-conf-id=8F3A3163 
B4980003 0 29BD0

00:03:13: RADIUS:  Acct-Session-Id     [44]  10  "00000002"

00:03:13: RADIUS:  Acct-Input-Octets   [42]  6   0

00:03:13: RADIUS:  Acct-Output-Octets  [43]  6   88000

00:03:13: RADIUS:  Acct-Input-Packets  [47]  6   0

00:03:13: RADIUS:  Acct-Output-Packets [48]  6   550

00:03:13: RADIUS:  Acct-Session-Time   [46]  6   22

00:03:13: RADIUS:  Vendor, Cisco       [26]  30  VT=01 TL=24 subscriber=RegularLine

00:03:13: RADIUS:  Vendor, Cisco       [26]  35  VT=01 TL=29 h323-ivr-out=Tariff:Unknown

00:03:13: RADIUS:  Vendor, Cisco       [26]  22  VT=01 TL=16 pre-bytes-

The following is sample output from the debug radius brief command: 

router# debug radius brief


Radius protocol debugging is on

Radius packet hex dump debugging is off

Radius protocol in brief format debugging is on

00:05:21: RADIUS: Initial Transmit ISDN 0:D:23 id 6 10.0.0.1:1824, Accounting-Request, len 
358

00:05:21: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206

00:05:26: RADIUS: Retransmit id 6

00:05:31: RADIUS: Tried all servers.

00:05:31: RADIUS: No valid server found. Trying any viable server

00:05:31: RADIUS: Tried all servers.

00:05:31: RADIUS: No response for id 7

00:05:31: RADIUS: Initial Transmit ISDN 0:D:23 id 8 10.0.0.0:1823, Access-Request, len 171

00:05:36: RADIUS: Retransmit id 8

00:05:36: RADIUS: Received from id 8 1.7.157.1:1823, Access-Accept, len 115

00:05:47: %ISDN-6-DISCONNECT: Interface Serial0:22 disconnected from 4085274206, call 
lasted 26 seconds

00:05:47: RADIUS: Initial Transmit ISDN 0:D:23 id 9 10.0.0.1:1824, Accounting-Request, len 
775

00:05:47: RADIUS: Received from id 9 1.7.157.1:1824, Accounting-response, len 20

The following example shows debug radius hex output: 

router# debug radius hex


Radius protocol debugging is on

Radius packet hex dump debugging is on

router#

17:26:52: RADIUS: ustruct sharecount=3

17:26:52: Radius: radius_port_info() success=0 radius_nas_port=1

17:26:52: RADIUS: Initial Transmit ISDN 0:D:23 id 10 10.0.0.1:1824, Accounting-Request, 
len 361

17:26:52:         Attribute 4 6 01081D03

17:26:52:         Attribute 26 19 00000009020D4953444E20303A443A3233

17:26:52:         Attribute 61 6 00000000

17:26:52:         Attribute 1 12 34303835323734323036

17:26:52:         Attribute 30 7 3532393831

17:26:52:         Attribute 31 12 34303835323734323036

17:26:52:         Attribute 40 6 00000001

17:26:52:         Attribute 6 6 00000001

17:26:52:         Attribute 26 27 000000092115683332332D67772D69643D353330305F34332E

17:26:52:         Attribute 26 57 
000000090133683332332D696E636F6D696E672D636F6E662D69643D3846334133313633204234393830303046
20302033424537314238

17:26:52:         Attribute 26 31 
000000091A19683332332D63616C6C2D6F726967696E3D616E73776572

17:26:52:         Attribute 26 32 
000000091B1A683332332D63616C6C2D747970653D54656C6570686F6E79

17:26:52:         Attribute 26 56 
000000091932683332332D73657475702D74696D653D2A30393A32363A35322E3838302050535420536174204A
616E20312032303030

17:26:52:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38

17:26:52:         Attribute 44 10 3030303030303035

17:26:52:         Attribute 41 6 00000000

17:26:52: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085274206

17:26:52: RADIUS: Received from id 10 10.0.0.1:1824, Accounting-response, len 20

17:27:01: RADIUS: ustruct sharecount=3

17:27:01: Radius: radius_port_info() success=0 radius_nas_port=1

17:27:01: RADIUS: Initial Transmit ISDN 0:D:23 id 11 10.0.0.0:1823, Access-Request, len 
173

17:27:01:         Attribute 4 6 01081D03

17:27:01:         Attribute 26 19 00000009020D4953444E20303A443A3233

17:27:01:         Attribute 61 6 00000000

17:27:01:         Attribute 1 8 313233343536

17:27:01:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38

17:27:01:         Attribute 31 12 34303835323734323036

17:27:01:         Attribute 2 18 C980D8D0E9A061B3D783C61AA6F27214

17:27:01:         Attribute 26 36 
00000009011E683332332D6976722D6F75743D7472616E73616374696F6E49443A33

17:27:01: RADIUS: Received from id 11 1.7.157.1:1823, Access-Accept, len 115

17:27:01:         Attribute 6 6 00000001

17:27:01:         Attribute 26 29 000000096517683332332D6372656469742D616D6F756E743D3435

17:27:01:         Attribute 26 27 000000096615683332332D6372656469742D74696D653D3333

17:27:01:         Attribute 26 26 000000096714683332332D72657475726E2D636F64653D30

17:27:01:         Attribute 25 7 6C6F63616C

17:27:01: RADIUS: saved authorization data for user 61AA0698 at 6215087C

17:27:09: %ISDN-6-DISCONNECT: Interface Serial0:22  disconnected from 4085554206, call 
lasted 17 seconds

17:27:09: RADIUS: ustruct sharecount=2

17:27:09: Radius: radius_port_info() success=0 radius_nas_port=1

17:27:09: RADIUS: Sent class "local" at 621508E8 from user 61AA0698

17:27:09: RADIUS: Initial Transmit ISDN 0:D:23 id 12 1.7.157.1:1824, Accounting-Request, 
len 776

17:27:09:         Attribute 4 6 01081D03

17:27:09:         Attribute 26 19 00000009020D4953444E20303A443A3233

17:27:09:         Attribute 61 6 00000000

17:27:09:         Attribute 1 8 313233343536

17:27:09:         Attribute 30 7 3532393831

17:27:09:         Attribute 31 12 34303835323734323036

17:27:09:         Attribute 40 6 00000002

17:27:09:         Attribute 25 7 6C6F63616C

17:27:09:         Attribute 45 6 00000001

17:27:09:         Attribute 6 6 00000001

17:27:09:         Attribute 26 27 000000092115683332332D67772D69643D353330305F34332E

17:27:09:         Attribute 26 57 
000000090133683332332D696E636F6D696E672D636F6E662D69643D3846334133313633204234393830303046
20302033424537314238

17:27:09:         Attribute 26 31 
000000091A19683332332D63616C6C2D6F726967696E3D616E73776572

17:27:09:         Attribute 26 32 
000000091B1A683332332D63616C6C2D747970653D54656C6570686F6E79

17:27:09:         Attribute 26 56 
000000091932683332332D73657475702D74696D653D2A30393A32363A35322E3838302050535420536174204A
616E20312032303030

17:27:09:         Attribute 26 58 
000000091C34683332332D636F6E6E6563742D74696D653D2A30393A32363A35322E3930372050535420536174
204A616E20312032303030

17:27:09:         Attribute 26 61 
000000091D37683332332D646973636F6E6E6563742D74696D653D2A30393A32373A31302E3133372050535420
536174204A616E20312032303030

17:27:09:         Attribute 26 32 
000000091E1A683332332D646973636F6E6E6563742D63617573653D3130

17:27:09:         Attribute 26 28 000000091F16683332332D766F6963652D7175616C6974793D30

17:27:09:         Attribute 26 48 
00000009182A683332332D636F6E662D69643D3846334133313633204234393830303046203020334245373142
38

17:27:09:         Attribute 44 10 3030303030303035

17:27:09:         Attribute 42 6 00000000

17:27:09:         Attribute 43 6 00012CA0

17:27:09:         Attribute 47 6 00000000

17:27:09:         Attribute 48 6 000001E1

17:27:09:         Attribute 46 6 00000011

17:27:09:         Attribute 26 30 000000090118737562736372696265723D526567756C61724C696E65

17:27:09:         Attribute 26 35 
00000009011D683332332D6976722D6F75743D5461726966663A556E6B6E6F776E

17:27:09:         Attribute 26 22 0000000901107072652D62797465732D696E3D30

17:27:09:         Attribute 26 23 0000000901117072652D62797465732D6F75743D30

17:27:09:         Attribute 26 21 00000009010F7072652D70616B732D696E3D30

17:27:09:         Attribute 26 22 0000000901107072652D70616B732D6F75743D30

17:27:09:         Attribute 26 22 0000000901106E61732D72782D73706565643D30

17:27:09:         Attribute 26 22 0000000901106E61732D74782D73706565643D30

17:27:09:         Attribute 41 6 00000000

17:27:09: RADIUS: Received from id 12 10.0.0.1:1824, Accounting-response, len 20

Related Commands

Command
Description

debug aaa accounting

Displays information on accountable events as they occur.

debug aaa authentication

Displays information on AAA/TACACS+ authentication.


Glossary

AAA authentication, authorization, and accounting. Pronounced "triple a."

ASCII — American Standard Code for Information Interchange. 8-bit code for character representation (7 bits plus parity).

attribute — Form of information items provided by the X.500 Directory Service. The directory information base consists of entries, each containing one or more attributes. Each attribute consists of a type identifier together with one or more values.

IETF Internet Engineering Task Force. Task force consisting of over 80 working groups responsible for developing Internet standards. The IETF operates under the auspices of ISOC.

RADIUS — Remote Authentication Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.

VoIP — Voice over IP. The capability to carry normal telephony-style voice over an IP-based internet with POTS-like functionality, reliability, and voice quality. VoIP enables a router to carry voice traffic (for example, telephone calls and faxes) over an IP network. In VoIP, the DSP segments the voice signal into frames, which then are coupled in groups of two and stored in voice packets. These voice packets are transported using IP in compliance with ITU-T specification H.323.

VSA — vendor-specific attribute. An attribute that has been implemented by a particular vendor. It uses the attribute Vendor-Specific to encapsulate the resulting AV pair: essentially, Vendor-Specific = protocol:attribute = value.