Guest

Networking Software (IOS & NX-OS)

RADIUS Debug Enhancements

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

RADIUS Debug Enhancements

Finding Feature Information

Contents

Prerequisites for RADIUS Debug Enhancements

Restrictions for RADIUS Debug Enhancements

Information About RADIUS Debug Enhancements

RADIUS Overview

Benefits of RADIUS Debug Enhancements

How to Enable RADIUS Debug Parameters

Enabling RADIUS Debug Parameters

Verifying RADIUS Debug Parameters

Configuration Examples for RADIUS Debug Enhancements

Enabling RADIUS Debug Parameters: Example

Verifying RADIUS Debug Parameters: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for RADIUS Debug Enhancements

Glossary


RADIUS Debug Enhancements

First Published: August 12, 2002
Last Updated: September 14, 2009

This document describes the Remote Authentication Dial-In User Services (RADIUS) Debug Enhancements feature.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for RADIUS Debug Enhancements" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for RADIUS Debug Enhancements

Restrictions for RADIUS Debug Enhancements

Information About RADIUS Debug Enhancements

How to Enable RADIUS Debug Parameters

Configuration Examples for RADIUS Debug Enhancements

Additional References

Feature Information for RADIUS Debug Enhancements

Glossary

Prerequisites for RADIUS Debug Enhancements

Establish a working IP network. For more information about configuring IP refer to the Configuring IPv4 Addresses module.

Configure the gateway as a RADIUS client. Refer to the section "Configuring the Voice Gateway as a RADIUS Client" section in the CDR Accounting for Cisco IOS Voice Gateways document.

Be familiar with IETF RFC 2138.

Restrictions for RADIUS Debug Enhancements

Only Internet Engineering Task Force (IETF) attributes and Cisco vendor-specific attributes (VSAs) used in voice applications are supported. For unsupported attributes, "undebuggable" is displayed.

Information About RADIUS Debug Enhancements

To enable RADIUS Debug parameters, you should understand the following concepts:

RADIUS Overview, page 2

Benefits of RADIUS Debug Enhancements, page 3

RADIUS Overview

RADIUS is a distributed client/server system that provides the following functionality:

Secures networks against unauthorized access.

Enables authorization of specific service limits.

Provides accounting information so that services can be billed.

In the Cisco implementation, RADIUS clients run on Cisco routers and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.

Benefits of RADIUS Debug Enhancements

The debug radius command displays information associated with RADIUS. Prior to the RADIUS Debug Enhancements feature, debug radius output was available only in an expanded, hexadecimal string format, resulting in displays that were difficult to interpret and analyze. Moreover, attribute value displays were truncated, particularly for VSAs.

This feature provides enhanced RADIUS display including the following:

Packet dump in a more readable, user-friendly ASCII format than before.

Complete display of attribute values without truncation.

Ability to select a brief RADIUS debug output display.

Allows a compact debugging output option that is useful for high-traffic, operational environments.

How to Enable RADIUS Debug Parameters

This section contains the following procedures:

Enabling RADIUS Debug Parameters (optional)

Verifying RADIUS Debug Parameters (optional)

Enabling RADIUS Debug Parameters

Perform this task to enable RADIUS debug parameters. By default, event logging is enabled.

Note Prior to Cisco IOS Release 12.2(11)T, the debug radius command enabled truncated debugging output in hexadecimal notation, rather than ASCII.

SUMMARY STEPS

1. enable

2. debug radius [accounting | authentication | brief | elog | failover | retransmit | verbose]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

debug radius [accounting | authentication | brief | elog | failover | retransmit | verbose]

Example:

Router# debug radius accounting

Enables debugging for the specified parameters associated with RADIUS configuration.

Verifying RADIUS Debug Parameters

Perform this task to verify RADIUS debug parameters.

SUMMARY STEPS

1. enable

2. show debug

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show debug

Example:

Router# show debug

Displays debug information.

Configuration Examples for RADIUS Debug Enhancements

This section provides the following configuration examples:

Enabling RADIUS Debug Parameters: Example

Verifying RADIUS Debug Parameters: Example

Enabling RADIUS Debug Parameters: Example

The following example shows how to enable debugging of RADIUS accounting collection. 

Router> enable

Router# debug radius accounting


Radius protocol debugging is on

Radius protocol brief debugging is off

Radius protocol verbose debugging is off

Radius packet hex dump debugging is off

Radius packet protocol (authentication) debugging is off

Radius packet protocol (accounting) debugging is on

Radius packet retransmission debugging is off

Radius server fail-over debugging is off

Radius elog debugging is off

Note The sample output above displays information that is found inside a RADIUS protocol message. For more information about RADIUS protocol messages, see IETF RFC 2138.

Verifying RADIUS Debug Parameters: Example

The following example shows how to verify RADIUS debug parameters. 

Router> enable

Router# show debug


00:02:50: RADIUS: ustruct sharecount=3 

00:02:50: Radius: radius_port_info() success=0 radius_nas_port=1 

00:02:50: RADIUS: Initial Transmit ISDN 0:D:23 id 0 10.0.0.0:1824, Accounting-Request, len 
358 

00:02:50: RADIUS: NAS-IP-Address [4] 6 10.0.0.1 

00:02:50: RADIUS: Vendor, Cisco [26] 19 VT=02 TL=13 ISDN 0:D:23 

00:02:50: RADIUS: NAS-Port-Type [61] 6 Async 

00:02:50: RADIUS: User-Name [1] 12 "4085274206" 

00:02:50: RADIUS: Called-Station-Id [30] 7 "52981" 

00:02:50: RADIUS: Calling-Station-Id [31] 12 "4085554206" 

00:02:50: RADIUS: Acct-Status-Type [40] 6 Start 

00:02:50: RADIUS: Service-Type [6] 6 Login 

00:02:50: RADIUS: Vendor, Cisco [26] 27 VT=33 TL=21 h323-gw-id=5300_43. 

00:02:50: RADIUS: Vendor, Cisco [26] 55 VT=01 TL=49 h323-incoming-conf-id=8F3A3163 
B4980003 0 29BD0 

00:02:50: RADIUS: Vendor, Cisco [26] 31 VT=26 TL=25 h323-call-origin=answer 

00:02:50: RADIUS: Vendor, Cisco [26] 32 VT=27 TL=26 h323-call-type=Telephony 

00:02:50: RADIUS: Vendor, Cisco [26] 57 VT=25 TL=51 h323-setup-time=*16:02:48.681 PST Fri 
Dec 31 1999 

00:02:50: RADIUS: Vendor, Cisco [26] 46 VT=24 TL=40 h323-conf-id=8F3A3163 B4980003 029BD0 

00:02:50: RADIUS: Acct-Session-Id [44] 10 "00000002" 

00:02:50: RADIUS: Delay-Time [41] 6 0 

00:02:51: RADIUS: Received from id 0 10.0.0.0:1824, Accounting-response, len 20 

00:02:51: %ISDN-6-CONNECT: Interface Serial0:22 is now connected to 4085554206 

00:03:01: RADIUS: ustruct sharecount=3 

00:03:01: Radius: radius_port_info() success=0 radius_nas_port=1 

00:03:01: RADIUS: Initial Transmit ISDN 0:D:23 id 1 1.7.157.1:1823, Access-Request, len 
171 

00:03:01: RADIUS: NAS-IP-Address [4] 6 10.0.0.1 

00:03:01: RADIUS: Vendor, Cisco [26] 19 VT=02 TL=13 ISDN 0:D:23 

00:03:01: RADIUS: NAS-Port-Type [61] 6 Async 

00:03:01: RADIUS: User-Name [1] 8 "123456" 

00:03:01: RADIUS: Vendor, Cisco [26] 46 VT=24 TL=40 h323-conf-id=8F3A3163 B4980003 0 29BD0 

00:03:01: RADIUS: Calling-Station-Id [31] 12 "4085274206" 

00:03:01: RADIUS: User-Password [2] 18 * 

00:03:01: RADIUS: Vendor, Cisco [26] 36 VT=01 TL=30 h323-ivr-out=transactionID:0 

00:03:01: RADIUS: Received from id 1 1.7.157.1:1823, Access-Accept, len 115 

00:03:01: RADIUS: Service-Type [6] 6 Login 

00:03:01: RADIUS: Vendor, Cisco [26] 29 VT=101 TL=23 h323-credit-amount=45 

00:03:01: RADIUS: Vendor, Cisco [26] 27 VT=102 TL=21 h323-credit-time=33 

00:03:01: RADIUS: Vendor, Cisco [26] 26 VT=103 TL=20 h323-return-code=0 

00:03:01: RADIUS: Class [25] 7 6C6F63616C 

00:03:01: RADIUS: saved authorization data for user 62321E14 at 6233D258 

00:03:13: %ISDN-6-DISCONNECT: Interface Serial0:22 disconnected from 4085274206, call 
lasted 22 seconds 

00:03:13: RADIUS: ustruct sharecount=2 

00:03:13: Radius: radius_port_info() success=0 radius_nas_port=1 

00:03:13: RADIUS: Sent class "local" at 6233D2C4 from user 62321E14 

00:03:13: RADIUS: Initial Transmit ISDN 0:D:23 id 2 10.0.0.0:1824, Accounting-Request, len 
775 

00:03:13: RADIUS: NAS-IP-Address [4] 6 10.0.0.1 

00:03:13: RADIUS: Vendor, Cisco [26] 19 VT=02 TL=13 ISDN 0:D:23 

00:03:13: RADIUS: NAS-Port-Type [61] 6 Async 

00:03:13: RADIUS: User-Name [1] 8 "123456" 

00:03:13: RADIUS: Called-Station-Id [30] 7 "52981"

00:03:13: RADIUS: Calling-Station-Id [31] 12 "4085554206"

00:03:13: RADIUS: Acct-Status-Type [40] 6 Stop

00:03:13: RADIUS: Class [25] 7 6C6F63616C

00:03:13: RADIUS: Undebuggable [45] 6 00000001

00:03:13: RADIUS: Service-Type [6] 6 Login

00:03:13: RADIUS: Vendor, Cisco [26] 27 VT=33 TL=21 h323-gw-id=5300_43.

00:03:13: RADIUS: Vendor, Cisco [26] 55 VT=01 TL=49 h323-incoming-conf-id=8F3A3163 
B4980003 0 29BD0

00:03:13: RADIUS: Vendor, Cisco [26] 31 VT=26 TL=25 h323-call-origin=answer

00:03:13: RADIUS: Vendor, Cisco [26] 32 VT=27 TL=26 h323-call-type=Telephony

00:03:13: RADIUS: Vendor, Cisco [26] 57 VT=25 TL=51 h323-setup-time=*16:02:48.681 PST Fri 
Dec 31 1999

00:03:13: RADIUS: Vendor, Cisco [26] 59 VT=28 TL=53 h323-connect-time=*16:02:48.946

PST Fri Dec 31 1999

00:03:13: RADIUS: Vendor, Cisco [26] 62 VT=29 TL=56 h323-disconnect-time=*16:03:11.306

PST Fri Dec 31 1999

00:03:13: RADIUS: Vendor, Cisco [26] 32 VT=30 TL=26 h323-disconnect-cause=10

00:03:13: RADIUS: Vendor, Cisco [26] 28 VT=31 TL=22 h323-voice-quality=0

00:03:13: RADIUS: Vendor, Cisco [26] 46 VT=24 TL=40 h323-conf-id=8F3A3163 B4980003 0 29BD0

00:03:13: RADIUS: Acct-Session-Id [44] 10 "00000002"

00:03:13: RADIUS: Acct-Input-Octets [42] 6 0

00:03:13: RADIUS: Acct-Output-Octets [43] 6 88000

00:03:13: RADIUS: Acct-Input-Packets [47] 6 0

00:03:13: RADIUS: Acct-Output-Packets [48] 6 550

00:03:13: RADIUS: Acct-Session-Time [46] 6 22

00:03:13: RADIUS: Vendor, Cisco [26] 30 VT=01 TL=24 subscriber=RegularLine

00:03:13: RADIUS: Vendor, Cisco [26] 35 VT=01 TL=29 h323-ivr-out=Tariff:Unknown

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 pre-bytes-in=0

00:03:13: RADIUS: Vendor, Cisco [26] 23 VT=01 TL=17 pre-bytes-out=0

00:03:13: RADIUS: Vendor, Cisco [26] 21 VT=01 TL=15 pre-paks-in=0

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 pre-paks-out=0

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 nas-rx-speed=0

00:03:13: RADIUS: Vendor, Cisco [26] 22 VT=01 TL=16 nas-tx-speed=0

00:03:13: RADIUS: Delay-Time [41] 6 0

00:03:13: RADIUS: Received from id 2 10.0.0.0:1824, Accounting-response, len 20

Additional References

The following sections provide references related to the RADIUS Debug Enhancements feature.

Related Documents

Related Topic
Document Title

Configuring RADIUS

"Configuring RADIUS" module.

Debug commands: complete command syntax, defaults, command mode, command history, usage guidelines, and examples

Cisco IOS Debug Command Reference


Standards

Standard
Title

None


MIBs

MIB
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

RFC 2138

Remote Authentication Dial In User Service (RADIUS)


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for RADIUS Debug Enhancements

Table 1 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 1 Feature Information for RADIUS Debug Enhancements

Feature Name
Releases
Feature Information

RADIUS Debug Enhancements

12.2(11)T

This feature provides enhancements to the existing functionality of RADIUS debug parameters.

The following sections provide information about this feature:

Information About RADIUS Debug Enhancements

The following commands were introduced or modified: debug radius and show debug.


Glossary

AAA—authentication, authorization, and accounting. Pronounced "triple A."

ASCII—American Standard Code for Information Interchange. 8-bit code for character representation (7 bits plus parity).

attribute—Form of information items provided by the X.500 Directory Service. The directory information base consists of entries, each containing one or more attributes. Each attribute consists of a type identifier together with one or more values.

IETF—Internet Engineering Task Force. Task force consisting of over 80 working groups responsible for developing Internet standards. The IETF operates under the auspices of ISOC.

RADIUS—Remote Authentication Dial-In User Service. Database for authenticating modem and ISDN connections and for tracking connection time.

VoIP—Voice over IP. The capability to carry normal telephony-style voice over an IP-based internet with POTS-like functionality, reliability, and voice quality. VoIP enables a router to carry voice traffic (for example, telephone calls and faxes) over an IP network. In VoIP, the DSP segments the voice signal into frames, which then are coupled in groups of two and stored in voice packets. These voice packets are transported using IP in compliance with ITU-T specification H.323.

VSA—vendor-specific attribute. An attribute that has been implemented by a particular vendor. It uses the attribute Vendor-Specific to encapsulate the resulting AV pair: essentially, Vendor-Specific = protocol:attribute = value.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2002-2009 Cisco Systems, Inc. All rights reserved.