Monitoring Remote Access
You can use the following commands to monitor remote access on E-series routers.
show aaa accounting
- Accounting duplication—Name of the virtual router to which duplicate accounting records are sent to the accounting server
- Broadcast accounting—Name of the virtual router groups to which broadcast accounting records are sent to the accounting server
- send acct-stop on AAA access deny—Enabled, disabled
- send acct-stop on authentication server access deny—Enabled, disabled
- acct-interval (for PPP Clients)—Number of minutes between accounting update operations
- service-acct-interval—Number of minutes between interim accounting updates for services created by the Service Manager feature
- send immediate-update—On receipt of response to Acct-Start message; enabled, disabled
host1:vrXyz7#show aaa accounting
Accounting duplication set to router vrXyz25
Broadcast accounting uses group groupXyzCompany20
send acct-stop on AAA access deny is enabled
send acct-stop on authentication server access deny is disabled
acct-interval (for PPP Clients) 0
service-acct-interval 0
send immediate-update is enabled
show aaa accounting default
- Use to display the AAA accounting default method for a subscriber type. You can view the method used for ATM 1483, IPSec, PPP, RADIUS relay server, and tunnel subscribers, and IP subscriber management interfaces.
- Example
host1#show aaa accounting tunnel default
radius
show aaa accounting interval
host1#show aaa accounting interval
acct-interval (for PPP Clients) 10
show aaa accounting vr-group
- Use to display the names of a specific virtual router group or of all virtual router groups configured on the router and the virtual routers making up the groups.
- Field descriptions
- vr-group—Name of the virtual router group.
- virtual-router—Index entry and name of virtual routers in the group.
host1#show aaa accounting vr-group
vr-group groupXyzCompany10:
virtual-router 1 vrXyzA
virtual-router 2 vrXyzB
virtual-router 3 vrXyzC
virtual-router 4 vrXyzD
vr-group groupXyzCompany20:
virtual-router 1 vrXyzP
virtual-router 2 vrXyzQ
virtual-router 3 vrXyzR
virtual-router 4 vrXyzS
show aaa authentication default
- Use to display the default AAA authentication method list for a subscriber type. You can view the method list used for ATM 1483 subscribers, IPSec subscribers, IP subscriber management interfaces, PPP subscribers, RADIUS relay subscribers, and tunnel subscribers. For example, you can verify that the local authentication method is configured for PPP subscribers.
- Example
host1#show aaa authentication ppp default
local none
show aaa delimiters
- Use to display the domain and realm name delimiters, parse order, and parse direction configured on the router.
- Example
host1#show aaa delimiters
domain delimiters "@!"
realm delimiters "/"
parse order is realm-first
domain parse direction is right-to-left
realm parse direction is left-to-right
show aaa domain-map
- Use to display the mapping between user domains and virtual routers.
- The following keywords have significance when used as user domains:
- none—All client requests with no user domain name are associated with the virtual router mapped to the none entry
- default—All client requests with a domain present that have no map are associated with the virtual router mapped to the default entry
- Domain—Name of the domain
- router-name—Virtual router to which user domain name is mapped
- tunnel-group—Name of the tunnel group assigned to the domain map
- ipv6-router-name—IPv6 virtual router to which user domain name is mapped
- local-interface—Interface information to use on the local (E-series) side of the subscriber's interface
- ipv6-local-interface—IPv6 interface information to use on the local (E-series) side of the subscriber's interface
- poolname—Local address pool from which the router allocates addresses for this domain
- IP hint—IP hint is enabled
- strip-domain—Strip domain is enabled
- override-username—Single username used for all users from a domain in place of the values received from the remote client
- override-password—Single password used for all users from a domain in place of the values received from the remote client
- Tunnel Tag—Tag that identifies the tunnel
- Tunnel Peer—Destination address of the tunnel
- Tunnel Source—Source address of the tunnel
- Tunnel Type—L2TP
- Tunnel Medium—Type of medium for the tunnel; only IPv4 is supported
- Tunnel Password—Password for the tunnel
- Tunnel Id—ID of the tunnel
- Tunnel Client Name—Host name that the LAC sends to the LNS when communicating to the LNS about the tunnel
- Tunnel Server Name—Host name expected from the peer (the LNS) when during tunnel startup
- Tunnel Preference—Preference level for the tunnel
- Tunnel Max Sessions—Maximum number of sessions allowed on a tunnel
- Tunnel RWS—L2TP receive window size (RWS) for a tunnel on the LAC; displays either the configured value or the default behavior, which is indicated by
system chooses - Tunnel Virtual Router—Name of the virtual router to map to the user domain name
- Tunnel Failover Resync—L2TP peer resynchronization method
- Tunnel Switch Profile—Name of the L2TP tunnel switch profile
- Tunnel Tx Speed Method—Method that the router uses to calculate the transmit connect speed of the subscriber's access interface: static layer2, dynamic layer2, qos, actual, not set
host1#show aaa domain-map
Domain: lac-tunnel; router-name: lac; ipv6-router-name: default
Tunnel Tunnel Tunnel Tunnel Tunnel
Tag Tunnel Peer Source Type Medium Password Tunnel Id
------ ----------- ------ ------ ------ -------- -----------
5 192.168.1.1 <null> l2tp ipv4 welcome lac-tunnel
Tunnel Tunnel
Tunnel Tunnel Server Tunnel Max
Tag Client Name Name Preference Sessions Tunnel RWS
------ ----------- ------ ---------- -------- --------------
5 lac boston 5 0 4
Tunnel
Tunnel Tunnel Tunnel Tx
Tunnel Virtual Failover Switch Speed
Tag Router Resync Profile Method
------ ------- -------- --------- ------
5 <null> silent failover denver qos
show aaa duplicate-address-check
- Use to display whether the routing table address lookup or duplicate address check is enabled or disabled.
- Example
host1#show aaa duplicate-address-check
enabled
show aaa model
host1#show aaa model
aaa model: old model
show aaa name-servers
host1#show aaa name-servers
Name Server Addresses (for PPP Clients):
primary DNS Addr 10.2.3.4
secondary DNS Addr 10.6.7.8
primary NBNS (WINS) Addr 10.22.33.44
secondary NBNS (WINS) Addr 10.66.77.88
show aaa profile
- atm nas-port-type—Configuration of NAS-Port-Type attribute for ATM interfaces
- ethernet nas-port-type—Configuration of NAS-Port-Type attribute for Ethernet interfaces
- profile-service-description—Description configured in the Service-Description attribute
- pre-authenticate—Indicates that subscriber preauthentication is configured for the profile
- allow—One or more domain names that are allowed access to AAA authentication
- deny—One or more domain names that are denied access to AAA authentication
- translate—Original domain name and the name to which it is mapped for domain map lookup
host1#show aaa profile name PreAuth1
preAuth1:
atm nas-port-type: ADLSL-CAP
ethernet nas-port-type: Cable
profile-service-description: xyzService
pre-authenticate
allow xyz.com
deny default
translate xyz1.com abc.com
- Use to display statistics about the RADIUS route-download server configuration.
- Use the optional statistics keyword to display information about the RADIUS route download server operation.
- Use the optional delta keyword to show baselined statistics.
- Field descriptions
- AAA Route Downloader—Virtual router where the RADIUS route-download server is configured
- Download Interval—Number of minutes between route downloads
- Retry Interval—Number of minutes before retry after a download failure
- Default Cost—Default cost of downloaded routes
- Default Tag—Default tag for downloaded routes
- Base User Name—Virtual router used for route-download requests; either <HOSTNAME> or the configured name
- Password—Password for route-download requests or <DEFAULT>
- Synchronization—Either <NOT SET> or the time that the server starts the route download operation each day
- Status—Current status of route-download server; waiting for base router, waiting for IP warmstart, idle, downloading, updating ip, downloading and updating ip, or suspended
- Last Download Attempt—Either <NEVER> or the day, date, and time of attempt
- Last Download Success—Either <NEVER> or the day, date, and time of success
- Last Regular Download—Status of last regular download; either complete or not complete
- Next Download Scheduled—<DOWNLOAD ACTIVE>,<NOT SCHEDULED>, or the day, date, and time of next download
- Next Regular Download—Day, date, and time
- Total Download Attempts—Number of downloads attempted
- Successful Downloads—Number of successful download operations
- Downloaded Fragments—Number of downloaded fragments
- Downloaded Routes—Number of downloaded routes
- IP Updates—Number of IP updates
- Updated Routes—Number of updated routes
- Cleared Route Intervals—Number of cleared route intervals
host1#show aaa route-download
AAA Route Downloader: configured in virtual router default
Download Interval: 720 minutes
Retry Interval: 10 minutes
Default Cost: 2
Default Tag: 0
Base User Name: <HOSTNAME>
Password: <DEFAULT>
Synchronization: <NOT SET>
Status: idle
Last Download Attempt: TUE DEC 19 22:46:47 2006
Last Download Success: TUE DEC 19 22:46:47 2006
Last Regular Download: complete
Next Download Scheduled: WED DEC 20 10:46:47 2006
Next Regular Download: WED DEC 20 10:46:47 2006
host1#show aaa route-download statistics
Total Download Attempts: 2
Successful Downloads: 2
Downloaded Fragments: 3756
Downloaded Routes: 192000
IP Updates: 1
Updated Routes: 96000
Cleared Route Intervals: 0
show aaa route-download routes
- Use to display information about the routes that are downloaded by the RADIUS route-download server.
- Use the optional detail keyword to display more detailed information about the downloaded routes.
- Field descriptions
- downloaded routes—Number of current downloaded routes
- Prefix/Length—IP address prefix and mask information for downloaded routes
- Type—Type of downloaded routes; Access-P indicates routes downloaded from the RADIUS route-download server
- NextHop—IP address of the next hop
- Dst/Met—Administrative distance and number of hops for the route
- Tag—Tag assigned to downloaded routes
- Intf—Interface type and specifier
host1#show aaa route-download routes
96000 downloaded routes
host1#show aaa route-download routes detail
Prefix/Length Type NextHop Dst/Met Intf Tag
--------------- -------- --------------- ------- ----- ---
192.168.1.1/32 Access-P 255.255.255.255 254/2 null0 0
192.168.1.5/32 Access-P 255.255.255.255 254/2 null0 0
192.168.1.9/32 Access-P 255.255.255.255 254/2 null0 0
192.168.1.13/32 Access-P 255.255.255.255 254/2 null0 0
192.168.1.17/32 Access-P 255.255.255.255 254/2 null0 0
192.168.1.21/32 Access-P 255.255.255.255 254/2 null0 0
show aaa route-download routes global
- Use to display chassis-wide information about routes that are downloaded by RADIUS route-download servers.
- Use the optional detail keyword to display more detailed information about the downloaded routes.
- Use the optional start keyword to specify the first router context that you want to display in the output. For example, aaa:a2 specifies that the display shows a list of router contexts starting with VRF a2 in virtual router aaa.
- Field descriptions
- Virtual Router—Name of the virtual router used to download the routes
- VRF—Name of the VRF used to download the routes
- Present—Routes have been downloaded; y (yes) or n (no) indicates if the router context has been created.
- Number of Routes—Number of current downloaded routes
- Prefix/Length—IP address prefix and mask information for downloaded routes
- Type—Type of downloaded routes; Access-P indicates routes downloaded from the RADIUS route-download server
- NextHop—IP address of the next hop
- Dst/Met—Administrative distance and number of hops for the route
- Tag—Tag assigned to downloaded routes
- Intf—Interface type and specifier
host1#show aaa route-download routes global
Number
of
Virtual Router VRF Present Routes
--------------- --------------- ------- ------
aaa n 4
aaa a1 n 4
default y 4
default d1 n 4
host1#show aaa route-download routes global detail
Virtual Router VRF Present Prefix/Length Type NextHop Dst/Met Intf Tag
--------------- --- ------- --------------- -------- --------------- ------- ----- ---
aaa n 192.168.1.1/32 Access-P 255.255.255.255 0/2 null0 0
aaa n 192.168.1.2/32 Access-P 255.255.255.255 0/2 null0 0
aaa n 192.168.3.1/32 Access-P 255.255.255.255 0/2 null0 0
aaa n 192.168.4.1/32 Access-P 255.255.255.255 0/2 null0 0
aaa a1 n 192.168.5.3/32 Access-P 255.255.255.255 0/2 null0 0
aaa a1 n 192.168.7.1/32 Access-P 255.255.255.255 0/2 null0 0
aaa a1 n 192.168.7.5/32 Access-P 255.255.255.255 0/2 null0 0
aaa a1 n 192.168.9.1/32 Access-P 255.255.255.255 0/2 null0 0
default y 192.168.22.1/32 Access-P 255.255.255.255 0/2 null0 0
default y 192.168.23.1/32 Access-P 255.255.255.255 0/2 null0 0
default y 192.168.24.1/32 Access-P 255.255.255.255 0/2 null0 0
default y 192.168.25.1/32 Access-P 255.255.255.255 0/2 null0 0
default d1 n 192.168.40.6/32 Access-P 255.255.255.255 0/2 null0 0
default d1 n 192.168.40.7/32 Access-P 255.255.255.255 0/2 null0 0
default d1 n 192.168.40.8/32 Access-P 255.255.255.255 0/2 null0 0
default d1 n 192.168.40.9/32 Access-P 255.255.255.255 0/2 null0 0
host1#show aaa route-download routes global start aaa:a2
Number
of
Virtual Router VRF Present Routes
--------------- --------------- ------- ------
default y 4
default d1 n 4
show aaa statistics
- Use to display authentication, authorization, and accounting statistics.
- Use the optional delta keyword to specify that baselined statistics are to be shown.
- Field descriptions
- incoming initiate requests—Number of incoming AAA requests (from other E-series applications) for user connect services
- incoming disconnect requests—Number of incoming AAA requests (from other E-series applications) for user disconnect services
- outgoing grant (tunnel) responses—Number of outgoing tunnel grant responses to AAA requests
- outgoing grant responses—Number of outgoing grant responses to AAA requests
- outgoing deny responses—Number of outgoing deny responses to AAA requests
- outgoing error responses—Number of outgoing error responses to AAA requests
- outgoing Authentication requests—Number of authentication requests from AAA to the authentication task
- incoming Authentication responses—Number of authentication responses from the authentication task to AAA
- outgoing Re-Authentication requests—Number of reauthentication requests from AAA to the authentication task
- incoming Re-Authentication responses—Number of reauthentication responses from the authentication task to AAA
- outgoing Pre-Authentication requests—Number of preauthentication requests from AAA to the preauthentication task
- incoming Pre-Authentication responses—Number of preauthentication responses from the preauthentication task to AAA
- outgoing Accounting requests—Number of accounting requests (starts, updates, stops) from AAA to the accounting task
- incoming Accounting responses—Number of accounting responses (starts, updates, stops) from the accounting task to AAA
- outgoing Duplicate Acct requests—Number of duplicate accounting requests (starts, updates, stops) from AAA to the accounting task
- incoming Duplicate Acct responses—Number of duplicate accounting responses (starts, updates, stops) from the accounting task to AAA
- outgoing Broadcast Acct requests—Number of broadcast accounting requests (starts, updates, stops) from AAA to the accounting task
- incoming Broadcast Acct responses—Number of broadcast accounting responses (starts, updates, stops) from the accounting task to AAA
- outgoing Address requests—Number of address allocation/release requests from AAA to address allocation task
- incoming Address responses—Number of address allocation/release responses from the address allocation task to AAA
host1#show aaa statistics
AAA Statistics
--------------
Statistic Count
------------------------------------ -----
incoming initiate requests 109
incoming disconnect requests 7
outgoing grant (tunnel) responses 3
outgoing grant responses 6
outgoing deny responses 0
outgoing error responses 0
outgoing Authentication requests 9
incoming Authentication responses 9
outgoing Re-Authentication requests 0
incoming Re-Authentication responses 0
outgoing Pre-Authentication requests 1
incoming Pre-Authentication responses 1
outgoing Accounting requests 120
incoming Accounting responses 120
outgoing Duplicate Acct requests 18
incoming Duplicate Acct responses 18
outgoing Broadcast Acct requests 32
incoming Broadcast Acct responses 32
outgoing Address requests 0
incoming Address responses 0
show aaa subscriber per-port-limit
host1#show aaa subscriber per-port-limit
Subscriber Port Limits
----------------------
Port Limit
--------------- ---------------
0/2 5
0/3 2
3/2 2
show aaa subscriber per-vr-limit
host1#show aaa subscriber per-vr-limit
subscriber limit is 0
show aaa timeout
host1#show aaa timeout
idle timeout (for PPP Clients) 0 seconds
session timeout (for PPP Clients) 31622400 seconds
show aaa user accounting interval
- Use to display the default interval used for interim accounting for users on the virtual router.
- An entry of 0 indicates that the feature is disabled.
- Example
host1:vrXyz7#show aaa user accounting interval
user-acct-interval 20
show configuration category aaa global-attributes
- Use to display the virtual router groups that are configured for AAA broadcast accounting.
- For additional information about the show configuration command, see Customizing the Configuration Output in JUNOSe System Basics Configuration Guide, Chapter 5, Managing the System.
- Field descriptions
- aaa accounting vr-group—Name of virtual router groups
- aaa virtual-router—Name and index number of the virtual routers that are members of the virtual router group
host1#show configuration category aaa global-attributes
! Configuration script being generated on MON JAN 10 2005 15:19:19 UTC
! Juniper Edge Routing Switch ERX-1440
! Version: 9.9.9 development-4.0 (January 7, 2005 17:26)
! Copyright (c) 1999-2004 Juniper Networks, Inc. All rights reserved.
!
! Commands displayed are limited to those available at privilege level 15
!
! NOTE: This script represents only a subset of the full system configuration.
! The category displayed is: aaa global-attributes
!
aaa accounting vr-group groupXyzCompany10
aaa virtual-router 1 vrXyzA
aaa virtual-router 2 vrXyzB
aaa virtual-router 3 vrXyzC
aaa virtual-router 4 vrXyzD
aaa accounting vr-group groupXyzCompany20
aaa virtual-router 1 vrXyzP
aaa virtual-router 2 vrXyzQ
aaa virtual-router 3 vrXyzR
aaa virtual-router 4 vrXyzS
!
hostname "host1"
show configuration category aaa local-authentication
- Use to display the configuration information for AAA local authentication. You can display information for the following keywords:
- databases—Local user databases configured on the router
- users—Users configured in the local user databases
- virtual-router—Local user database selected by the specified virtual router for local authentication
- For additional information about the show configuration command, see Customizing the Configuration Output in JUNOSe System Basics Configuration Guide, Chapter 5, Managing the System.
- Field descriptions for all keywords
- aaa local database—Name of the local user database; the name default specifies the default local user database
- aaa local select database—Local user database that the virtual router uses for local authentication
- aaa local username—Unique user entry in the local user database
- database—Name of the local user database for the specified username
- hostname—Name of the host router
- ip-address—IP address parameter for the user entry
- ip-address-pool—IP address pool parameter for the user entry
- operational virtual-router—Virtual router parameter for the user entry
- password—Password used to authenticate the subscriber
- secret—Secret used to authenticate the subscriber
- virtual-router—Name of virtual router
- Example (see Local Authentication Example in Chapter 1, Configuring Remote Access for additional examples with the users and virtual-router keywords).
host1#show configuration category aaa local-authentication databases
! Configuration script being generated on TUE NOV 09 2004 12:50:18 UTC
! Juniper Edge Routing Switch ERX-1400
! Version: 6.1.0 (November 8, 2004 18:31)
! Copyright (c) 1999-2004 Juniper Networks, Inc. All rights reserved.
!
! Commands displayed are limited to those available at privilege level 15
!
! NOTE: This script represents only a subset of the full system configuration.
! The category displayed is: aaa local-authentication databases
!
hostname host1
aaa new-model
aaa local database default
aaa local database svaleLdb10
show configuration category aaa server-attributes include-defaults
- Use to display status of the attributes on the AAA server, including AAA accounting duplication and broadcast.
- For additional information about the show configuration command, see Customizing the Configuration Output in JUNOSe System Basics Configuration Guide, Chapter 5, Managing the System.
- Field descriptions
- virtual router—Name of the virtual router
- aaa accounting duplication—Virtual router used for duplicate accounting
- aaa accounting broadcast—Virtual router group used for broadcast accounting
- aaa duplicate-address-check—Enabled, disabled
- aaa accounting acct-stop on-aaa-failure—Enabled, disabled
- aaa accounting acct-stop on-access-deny—Enabled, disabled
- aaa subscriber limit per-vr—Enabled, disabled
- aaa intf-desc-format include sub-intf—Enabled, disabled
- aaa intf-desc-format include adapter—Enabled, disabled
- aaa accounting immediate-update—Enabled, disabled
host1#show configuration category aaa server-attributes include-defaults
! Configuration script being generated on MON JAN 10 2005 15:12:02 UTC
! Juniper Edge Routing Switch ERX-1440
! Version: 9.9.9 development-4.0 (January 7, 2005 17:26)
! Copyright (c) 1999-2004 Juniper Networks, Inc. All rights reserved.
!
! Commands displayed are limited to those available at privilege level 15
!
! NOTE: This script represents only a subset of the full system configuration.
! The category displayed is: aaa server-attributes
!
virtual-router default
aaa accounting duplication lac
aaa accounting broadcast group1
aaa duplicate-address-check enable
aaa accounting acct-stop on-aaa-failure enable
aaa accounting acct-stop on-access-deny disable
aaa subscriber limit per-vr 0
aaa intf-desc-format include sub-intf enable
aaa intf-desc-format include adapter enable
aaa accounting immediate-update disable
!
! ==============================================================================
!
virtual-router lac
no aaa accounting duplication
no aaa accounting broadcast
aaa duplicate-address-check enable
aaa accounting acct-stop on-aaa-failure enable
aaa accounting acct-stop on-access-deny disable
aaa subscriber limit per-vr 0
aaa intf-desc-format include sub-intf enable
aaa intf-desc-format include adapter enable
aaa accounting immediate-update disable
!
! ==============================================================================
!
virtual-router isp
no aaa accounting duplication
no aaa accounting broadcast
aaa duplicate-address-check enable
aaa accounting acct-stop on-aaa-failure enable
aaa accounting acct-stop on-access-deny disable
aaa subscriber limit per-vr 0
aaa intf-desc-format include sub-intf enable
aaa intf-desc-format include adapter enable
aaa accounting immediate-update disable
show cops info
- Use to display information about the COPS layer over which the SRC connection is made.
- Field descriptions
- Session Created—Number of COPS sessions created
- Sessions Deleted—Number of COPS sessions deleted
- Current Sessions—Number of current COPS sessions
- Bytes Received—Number of bytes received on all COPS sessions
- Packets Received—Number of packets received on all COPS sessions
- Bytes Sent—Number of bytes transmitted on all COPS sessions
- Packets Sent—Number of packets transmitted on all COPS sessions
- Keep Alive Received—Number of COPS keepalive messages received
- Keep Alive Sent—Number of COPS keepalive messages sent
- Remote IP Address—IP address of the remote peer
- Remote TCP Port—TCP port number of the remote peer
- Client Type—Type of client for the session. For this release the client type must be 16640 (SRC client).
- Bytes Received—Number of bytes received for this COPS session
- Packets Received—Number of packets received for this COPS session
- Bytes Sent—Number of bytes sent on this COPS session
- Packets Sent—Number of packets sent on this COPS session
- REQ Sent—Number of Request packets sent on this COPS session
- DEC Rcv—Number of Decision packets received on this COPS session
- RPT Sent—Number of Report packets sent on this COPS session
- DRQ Sent—Number of Delete Requests sent on this COPS session
- SSQ Rcv—Number of Synch Requests received on this COPS session
- OPN Sent—Number of Open messages sent on this COPS session
- CAT Rcv—Number of Client Accepts packets received on this COPS session
- CC Sent—Number of Client Closes packets sent on this COPS session
- CC Rcv—Number of Client Closes packets received on this COPS session
- SSC Sent—Number of Sync Complete packets sent on this COPS session
host1#show cops info
General Cops Information:
Sessions Created: 1
Sessions Deleted: 0
Current Sessions: 1
Bytes Received: 680
Packets Received: 17
Bytes Sent: 692
Packets Sent: 21
Keep Alive Received: 12
Keep Alive Sent: 12
Session Information
Remote Ip Address: 10.10.0.223
Remote TCP Port: 4001
Client Type: 16384
Bytes Received: 2224
Packets Received: 5
Bytes Sent: 596
Packets Sent: 9
REQ Sent: 4
DEC Rcv: 4
RPT Sent: 4
DRQ Sent: 0
SSQ Rcv: 0
OPN Sent: 1
CAT Rcv: 1
CC Sent: 0
CC Rcv: 0
SSC Sent: 0
show cops statistics
- Use to display statistics about the COPS layer over which the SRC connection is made.
- Field descriptions
- Session Created—Number of COPS sessions created
- Sessions Deleted—Number of COPS sessions deleted
- Current Sessions—Number of current COPS sessions
- Bytes Received—Number of bytes received on all COPS sessions
- Packets Received—Number of packets received on all COPS sessions
- Bytes Sent—Number of bytes transmitted on all COPS sessions
- Packets Sent—Number of packets transmitted on all COPS sessions
- Keep Alive Received—Number of COPS keepalive messages received
- Keep Alive Sent—Number of COPS keepalive messages sent
- Client Type—Type of client for the session.
- Bytes Received—Number of bytes received for this COPS session
- Packets Received—Number of packets received for this COPS session
- Bytes Sent—Number of bytes sent on this COPS session
- Packets Sent—Number of packets sent on this COPS session
- REQ Sent—Number of Request packets sent on this COPS session
- DEC Rcv—Number of Decision packets received on this COPS session
- RPT Sent—Number of Report packets sent on this COPS session
- DRQ Sent—Number of Delete Requests sent on this COPS session
- SSQ Rcv—Number of Synch Requests received on this COPS session
- OPN Sent—Number of Open messages sent on this COPS session
- CAT Rcv—Number of Client Accepts packets received on this COPS session
- CC Sent—Number of Client Closes packets sent on this COPS session
- CC Rcv—Number of Client Closes packets received on this COPS session
- SSC Sent—Number of Sync Complete packets sent on this COPS session
host1#show cops statistics
General Cops Information:
Sessions Created: 0
Sessions Deleted: 0
Current Sessions: 0
Bytes Received: 1108
Packets Received: 12
Bytes Sent: 1572
Packets Sent: 18
Keep Alive Received: 2
Keep Alive Sent: 2
Session Information:
Client Type: 24754
Bytes Received: 2539032
Packets Received: 20388
Bytes Sent: 4386648
Packets Sent: 51337
REQ Sent: 21203
DEC Rcv: 20388
RPT Sent: 20391
DRQ Sent: 9743
SSQ Rcv: 0
OPN Sent: 0
CAT Rcv: 0
CC Sent: 0
CC Rcv: 0
SSC Sent: 0
show ip local alias
- Use to display information about aliases for the local address pools configured on your router.
- If you do not specify an alias, the router displays all aliases.
- Field descriptions
host1#show ip local alias
Alias Pool
------ -----
alias1 poolA
alias2 poolB
alias3 poolC
poolA poolD
poolB poolD
poolC poolD
show ip local pool
- Use to display information about the local address pools configured on your router.
- If you do not specify the name of a local address pool, the router displays all local address pools.
- Field descriptions
- Pool—User-specified name of the address pool
- High Thresh—High utilization threshold value
- Abated Thresh—Abated utilization threshold value
- Trap—Enable SNMP pool utilization traps: Y (yes) or N (no)
- Aliases—Aliases for the local address pool
- Begin—Starting IP address
- End—Ending IP address
- Free—Number of addresses available for use
- In Use—Number of addresses currently in use
host1#show ip local pool
High Abated
Pool Thresh Thresh Trap Group
----- ------ ------ ---- -----
poolA 85 75 N
Aliases
-------
alias1
In
Begin End Free Use
-------- --------- ---- ---
10.1.1.1 10.1.1.10 10 0
10.1.2.1 10.1.2.10 10 0
10.1.3.1 10.1.3.10 10 0
High Abated
Pool Thresh Thresh Trap Group
----- ------ ------ ---- -----
poolB 85 75 N
Aliases
-------
alias2
In
Begin End Free Use
-------- --------- ---- ---
10.2.1.1 10.2.1.10 10 0
10.2.2.1 10.2.2.10 10 0
High Abated
Pool Thresh Thresh Trap Group
----- ------ ------ ---- -----
poolC 85 75 N
Aliases
-------
alias3
In
Begin End Free Use
-------- --------- ---- ---
10.3.1.1 10.3.1.10 10 0
High Abated
Pool Thresh Thresh Trap Group
----- ------ ------ ---- -----
poolD 85 75 N
Aliases
-------
poolA
poolB
poolC
In
Begin End Free Use
-------- ---------- ---- ---
10.4.1.1 10.4.1.255 255 0
show ip local pool statistics
- Use to display local address pool statistics.
- Use the optional delta keyword to specify that baselined statistics are to be shown.
- Example
host1#show ip local pool statistics
Local Address Pool Statistics
Statistic Values
--------------------------------- ------
Requests denied (pool exhaustion) 0
show ip local shared-pool
- Shared Pool—Name of the shared local address pool
- In Use—Number of addresses allocated
- Dhcp Pool—Name of the DHCP address pool
host1#show ip local shared-pool
Shared Pool In Use Dhcp Pool
----------- ------ ---------
shared_poolA 253 dhcp_pool_25
shared_poolB 83 dhcp_pool_25
shared_poolC 99 dhcp_pool_17
show ip route
- Use to display the current state of the routing table, including routes not used for forwarding.
- An Access-P entry in the Type column of the output indicates routes that are downloaded by the RADIUS route-download server.
- Refer to the description of the show ip route command in JUNOSe IP, IPv6, and IGP Configuration Guide, Chapter 1, Configuring IP for additional information about the show ip route command.
host1#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
P- periodic download, O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
L- MPLS label, V- VRF, *- via indirect next-hop
Prefix/Length Type Next Hop Dst/Met Interface
------------------ --------- --------------- ---------- -----------------
0.0.0.0/0 Static 10.13.10.1 1/0 FastEthernet6/0/0
192.168.10.0/23 Connect 10.13.10.187 0/0 FastEthernet6/0/0
192.168.21.21/32 Access-P 255.255.255.255 254/2 null0
192.168.22.22/32 Access-P 255.255.255.255 254/2 null0
192.168.23.23/32 Access-P 255.255.255.255 254/2 null0
192.168.24.24/32 Access-P 255.255.255.255 254/2 null0
show license b-ras
host1#show license b-ras
K4bZ16Lr
show radius algorithm
host1#show radius algorithm
direct
show radius override
- nas-ip-addr—Either the NAS-IP-Address [4] attribute is used, or it is overridden with the Tunnel-Client-Endpoint [66] attribute.
- nas-info—Either the NAS-IP-Address [4] and NAS-Identifier [32] attributes of the virtual router generating the accounting information are used, or they are overridden with the respective attributes of the authentication virtual router.
host1:vrXyz7#show radius override
nas-ip-addr: nas-ip-addr
nas-info: from authentication virtual router
show radius rollover-on-reject
host1#show radius rollover-on-reject
rollover-on-reject enabled
show radius servers
- Use to display RADIUS server information.
- Use with the optional accounting, authentication, dynamic-request, route-download, or pre-authentication keywords to limit output to the specific type of server.
- Field descriptions
- IP Address—IP address of RADIUS server
- Udp Port—Number of the UDP port of the RADIUS server
- Retry Count—Maximum number of times that the router retransmits a RADIUS packet to the RADIUS server
- Timeout—Interval (in seconds) before the router retransmits a RADIUS packet to the RADIUS server
- Maximum Sessions—Number of outstanding requests to the RADIUS server
- Dead Time—Amount of time to remove the authentication server or accounting server from the available list when a timeout occurs
- Secret—Configured authentication server or accounting server secret
host1#show radius servers
RADIUS Authentication Configuration
-----------------------------------
Udp Retry Maximum Dead
IP Address Port Count Timeout Sessions Time Secret
------------- ---- ----- ------- -------- ---- ------
172.28.30.117 1812 3 3 255 0 radius
RADIUS Accounting Configuration
-------------------------------
Udp Retry Maximum Dead
IP Address Port Count Timeout Sessions Time Secret
------------- ---- ----- ------- -------- ---- ------
172.28.30.117 1813 3 3 255 0 radius
RADIUS Pre-Authentication Configuration
---------------------------------------
Udp Retry Maximum Dead
IP Address Port Count Timeout Sessions Time Secret
------------- ---- ----- ------- -------- ---- ------
172.28.30.117 1812 3 3 255 0 radius
RADIUS Route-Download Configuration
-----------------------------------
Udp Retry Maximum Dead
IP Address Port Count Timeout Sessions Time Secret
------------- ---- ----- ------- -------- ---- ------
192.168.30.16 1812 3 3 255 0 radius
show radius statistics
- Use to display statistics on RADIUS services.
- Use with the optional accounting, authentication, dynamic-request, route-download, or pre-authentication keywords to limit output to the specific type of statistics.
- Use the optional delta keyword to specify that baselined statistics are to be shown.
- Field descriptions
NOTE: All descriptions apply to the primary, secondary, and tertiary RADIUS authentication and accounting servers.
- UDP Port—Number of the UDP port of a RADIUS server
- Round Trip Time—Hundreds of seconds from request to response
- Access Requests—Number of access requests sent to server
- Rollover Requests—Number of requests coming into server as a result of the previous server timing out
- Retransmissions—Number of retransmissions
- Access Accepts—Number of Access-Accepts received from the server
- Access Rejects—Number of Access-Rejects received from the server
- Access Challenges—Number of access challenges received from the server
- Malformed Responses—Number of responses with attributes having an invalid length or unexpected attributes (such as two attributes when the response is required to have at most one)
- Bad Authenticators—Number of responses in which the authenticator is incorrect for the matching request. This can occur if the RADIUS secret for the client and server does not match.
- Requests Pending—Number of requests waiting for a response
- Request Timeouts—Number of requests that timed out
- Unknown Responses—Number of unknown responses. The RADIUS response type in the header is invalid or unsupported.
- Packets Dropped—Number of packets dropped either because they are too short or the E-series router receives a response for which there is no corresponding request. For example, if the router sends a request and the request times out, the router removes the request from the list and sends a new request. If the server is slow and sends a response to the first request after the router removes the request, the packet is dropped.
- Requests—Total number of accounting requests sent, which is the combined total of Start Requests, Interim Requests, Stop Requests, and Reject Requests
- Start Requests—Number of accounting start requests sent; includes Acct-On, Acct-Start, Acct-Link-State, and Acct-Tunnel-Start requests
- Interim Requests—Number of interim accounting requests
- Stop Requests—Number of accounting stop requests sent; includes Acct-Off, Acct-Stop, Acct-Link-Stop, and Acct-Tunnel-Stop requests
- Reject Requests—Number of accounting reject requests sent; includes Acct-Link-Reject and Acct-Tunnel-Reject requests
- Responses—Number of accounting responses received from the server
- Start Responses—Number of accounting start responses received; includes Acct-On, Acct-Start, Acct-Link-Start, and Acct-Tunnel-Start responses
- Interim Responses—Number of interim accounting responses
- Stop Responses—Number of accounting stop responses received; includes Acct-Off, Acct-Stop, Acct-Link-Stop, and Acct-Tunnel-Stop responses
- Reject Responses—Number of accounting reject responses received; includes Acct-Link-Reject and Acct-Tunnel-Reject responses
host1#show radius statistics
RADIUS Authentication Statistics
--------------------------------
Statistic 10.10.121.128
------------------- -------------
UDP Port 1812
Round Trip Time 0
Access Requests 0
Rollover Requests 0
Retransmissions 0
Access Accepts 0
Access Rejects 0
Access Challenges 0
Malformed Responses 0
Bad Authenticators 0
Requests Pending 0
Request Timeouts 0
Unknown Responses 0
Packets Dropped 0
RADIUS Accounting Statistics
----------------------------
Statistic 10.10.121.128
------------------- -------------
UDP Port 1646
Round Trip Time 2
Requests 1
Start Requests 1
Interim Requests 0
Stop Requests 0
Reject Requests 0
Rollover Requests 0
Retransmissions 3
Responses 1
Start Responses 1
Interim Responses 0
Stop Responses 0
Reject Responses 0
Malformed Responses 0
Bad Authenticators 0
Requests Pending 0
Request Timeouts 3
Unknown Responses 0
Packets Dropped 0
host1#show radius pre-authentication statistics
RADIUS Pre-Authentication Statistics
------------------------------------
Statistic 172.28.30.117
------------------- -------------
UDP Port 1812
Round Trip Time 0
Access Requests 2809
Rollover Requests 0
Retransmissions 56
Access Accepts 2809
Access Rejects 0
Access Challenges 0
Malformed Responses 0
Bad Authenticators 0
Requests Pending 0
Request Timeouts 72
Unknown Responses 0
Packets Dropped 2
host1#show radius route-download statistics
RADIUS Route-Download Statistics
--------------------------------
Statistic 192.168.30.16
------------------- -------------
UDP Port 1812
Round Trip Time 0
Access Requests 1613
Rollover Requests 0
Retransmissions 6
Access Accepts 1612
Access Rejects 1
Access Challenges 0
Malformed Responses 0
Bad Authenticators 0
Requests Pending 0
Request Timeouts 6
Unknown Responses 0
Packets Dropped 5
show radius trap
host1#show radius trap
trap for auth-server-not-responding enabled
trap for no-auth-server-responding disabled
trap for auth-server-responding enabled
trap for acct-server-not-responding enabled
trap for no-acct-server-responding disabled
trap for acct-server-responding disabled
show radius tunnel-accounting
host1#show radius tunnel-accounting
disabled
show radius udp-checksum
host1#show radius udp-checksum
enabled
show radius update-source-addr
host1#show radius update-source-address
192.168.1.228
show sscc info
- Use to display the current status of the SRC client connection to the SAEs. The command output refers to the SRC client by its former name, SSC client.
- Field descriptions
- The SSC client configured servers—IP addresses of the primary, secondary, and tertiary SAEs
- Local Source—Fixed source interface for the TCP/COPS connection
- Local Source Address—Fixed source address for the TCP/COPS connection
- The configured transport router is—Router on which is TCP/COPS connection is established
- The configured retry timer is (seconds)—Delay period the client waits for a response from the SAE before submitting request again
- The connection state is—Current state of the TCP/COPS connection
- SSC Client Statistics—Statistics about the connection between the SRC client and SAE
- Policy Commands received—Number of policy commands received on the SRC client connection
- Policy Commands(List)—Number of Policy Commands with subtype List
- Policy Commands(Acct)—Number of Policy Commands with subtype Accounting
- Bad Policy Cmds received—Number of Policy Commands received with bad policies
- Error Policy Cmds received—Number of Policy Commands received with errors
- Policy Reports sent—Number of Policy Reports sent
- Connection Open requests—Number of connections the SRC client has tried to open with a remote SAE
- Connection Open completed—Number of connections successfully open to the SAE
- Connection Closed sent—Number of connections the SRC client has closed
- Connection Closed remotely—Number of connections that were closed by the remote SAE
- Create Interfaces sent—Number of create interface indications sent to the SAE
- Delete Interfaces sent—Number of delete interface indications sent to the SAE
- Active IP Interfaces—Current number of active IP interfaces the SRC client is aware of
- IP Interface Transitions—Number of IP interface transitions logged by the SRC client
- Synchronizes received—Number of synchronization requests the SRC client received from the SAE
- Synchronize Complete sent—Number of synchronization complete indications sent
- Internal Errors—Number of internal errors
- Communication Errors—Number of errors with lower-layer communications (such as socket errors)
host1#show sscc info
The SSC Client is currently unconnected
The SSC Client configured servers are:
Primary: 10.10.2.2:3
Secondary: 0.0.0.0:0
Tertiary: 0.0.0.0:0
Local Source: FastEthernet 0/0, Local Source Address: 10.13.5.61
The configured transport router is: default
The configured retry timer is (seconds): 90
The connection state is: NoConnection
SSC Client Statistics:
Policy Commands received 0
Policy Commands(List) 0
Policy Commands(Acct) 0
Bad Policy Cmds received 0
Error Policy Cmds received 0
Policy Reports sent 0
Connection Open requests 0
Connection Open completed 0
Connection Closed sent 0
Connection Closed remotely 0
Create Interfaces sent 0
Delete Interfaces sent 0
Active IP Interfaces 2
IP Interface Transitions 0
Synchronizes received 0
Synchronize Complete sent 0
Internal Errors 0
Communication Errors 0
Tokens Seen 0
Active Tokens 0
Token Transitions 0
Token Creates Sent 0
Token Deletes Sent 0
Active Addresses 0
Address Transitions 0
Create Addresses Sent 0
Delete Addresses Sent 0
Authentication Successes 0
Authentication Failures 0
show sscc statistics
- Use to display statistics about connection between the SRC client and SAE. The command output refers to the SRC client by its former name, SSC client.
- Field descriptions
- Policy Commands received—Number of policy commands received on the SRC client connection
- Policy Commands(List)—Number of Policy Commands with subtype List
- Policy Commands(Acct)—Number of Policy Commands with subtype Accounting
- Bad Policy Cmds received—Number of Policy Commands received with bad policies
- Error Policy Cmds received—Number of Policy Commands received with errors
- Policy Reports sent—Number of Policy Reports sent
- Connection Open requests—Number of connections the SRC client has tried to open with a remote SAE
- Connection Open completed—Number of connections successfully open to the SAE
- Connection Closed sent—Number of connections the SRC client has closed
- Connection Closed remotely—Number of connections that were closed by the remote SAE
- Create Interfaces sent—Number of create interface indications sent to the SAE
- Delete Interfaces sent—Number of delete interface indications sent to the SAE
- Active IP Interfaces—Current number of active IP interfaces the SRC client is aware of
- IP Interface Transitions—Number of IP interface transitions logged by the SRC client
- Synchronizes received—Number of synchronization requests the SRC client received from the SAE
- Synchronize Complete sent—Number of synchronization complete indications sent
- Internal Errors—Number of internal errors
- Communication Errors—Number of errors with lower-layer communications (such as socket errors)
host1#show sscc statistics
SSC Client Statistics:
Policy Commands received 0
Policy Commands(List) 0
Policy Commands(Acct) 0
Bad Policy Cmds received 0
Error Policy Cmds received 0
Policy Reports sent 3
Connection attempts 7
Connection Open requests 7
Connection Open completed 0
Connection Closed sent 0
Connection Closed remotely 5
Create Interfaces sent 0
Delete Interfaces sent 3
Active IP Interfaces 3282
IP Interface Transitions 3281
Synchronizes received 0
Synchronizes rcvd & droped 0
Synchronize Complete sent 2
Internal Errors 0
Communication Errors 0
Discovers Seen 15263
Active Discovers 4911
Discover Transitions 20704
Discover Creates Sent 15263
Discover Deletes Sent 10352
Active Addresses 3274
Address Transitions 3280
Create Addresses Sent 3277
Delete Addresses Sent 3
show sscc version
host1#show sscc version
The SSC Client version is: 4.0
show subscribers
- Use to display the active subscribers on the router.
- If you specify a username, the router displays only the users that match.
- When you issue the command in the default VR, all users are displayed. When you issue the command in a nondefault VR, only those users attached to that VR are displayed.
- You can use the domain, interface, port, slot, username, or virtual-router keywords on all routers to filter the results. If you do not use a keyword, all active users are displayed.
- When you use the interface keyword to display detailed subscriber information by interface, you must also specify either the atm or ethernet keyword, an interface specifier, and optionally a subinterface specifier.
- The output displayed in the interface field depends on the configuration of two commands at the time the subscriber logs in: aaa intf-desc-format include sub-intf and aaa intf-desc-format include adapter (for the E120 and E320 routers).
When the aaa intf-desc-format include sub-intf disable command has been issued, the subinterface is stripped from the subscriber's interface field at login and is not displayed in the output. In the default state, or when the aaa intf-desc-format include sub-intf enable command has been issued, the subinterface is included in the subscriber's interface field at login, and is displayed in the output.
When the aaa intf-desc-format include adapter disable command has been issued, the adapter is stripped from the subscriber's interface field at login and is not displayed in the output. In the default state, or when the aaa intf-desc-format include adapter enable command has been issued, the adapter is included in the subscriber's interface field at login and is displayed in the output.
Even when the subinterface has been stripped from the subscriber's interface field, you can still include the subinterface specifier in the show subscribers interface command. Even though the subinterface itself is not displayed, only subscribers on the specified subinterface are displayed.
These considerations do not apply when you issue the summary keyword. The output displayed in the Interface field of summary versions is not affected by the state of either the aaa intf-desc-format include sub-intf command or the aaa intf-desc-format include adapter command when the subscriber logs in.
- You can use the ipv6 keyword to display all IPv6 subscribers or include the IPv6 prefix to limit the display to only IPv6 subscribers on a specific network.
- You can use the summary keyword to display only summary information about active subscribers.
- Field descriptions
- User Name—Name of the subscriber
- Type—Type of subscriber: atm, ip, ipsec, ppp, tnl (tunnel), tst (test)
- Addr | Endpt—IP or IPv6 address and source of the address: l2tp, local, dhcp, radius, user. For local, dhcp, radius, and user endpoints, the address is that of the user. When the endpoint is l2tp, the address is that of the LNS.
- Virtual Router—Name of the virtual router context
- Interface—Interface specifier over which the subscriber is connected
- Login Time—Date, in YY/MM/DD format, and time the subscriber logged in
- Circuit Id—User circuit ID value specified by PPPoE
- Remote Id—User remote ID value specified by PPPoE
- Total Subscribers—Number of active subscribers, chassis-wide
- Peak Subscribers—Maximum value of the Total Subscriber field during the time the router has been active, chassis-wide
- Subscribers—Number of subscribers; the sum of the Ppp and Ip fields
- Ppp—Number of PPPoA and PPPoE users, combined
- Ip—Number of DHCP and IP subscriber manager users, combined
- Tnl—Number of users tunneled to an LNS
- Total—Total number of users per virtual router; the sum of the Ppp, Ip, and Tnl fields
- Domain Name—Domain name used by the subscriber
- Count—Number of subscribers
- Slot—Number of slot in the chassis
host1#show subscribers
Subscriber List
----------------
Virtual
User Name Type Addr|Endpt Router
----------------------- ----- -------------------- ------------
fred tst 10.10.65.86/radius default
bert tst 192.168.10.3/user default
User Name Interface
----------------------- --------------------------------
fred atm 2/1.42:100.104
bert FastEthernet 5/2.4
User Name Login Time Circuit Id
----------------------- ------------------- ----------------
fred 06/05/12 10:58:42 atm 5/1.3
bert 06/05/12 10:59:08
User Name Remote Id
----------------------- ----------------
fred
bert (800) 555-1212
host1#show subscribers interface ethernet 5/2
Subscriber List
---------------
Virtual
User Name Type Addr|Endpt Router
------------------------ ----- -------------------- ------------
bert tst 192.168.10.3/user default
User Name Interface
------------------------ --------------------------------
bert FastEthernet 5/2.4
User Name Login Time Circuit Id
------------------------ ------------------- ----------------
bert 06/05/12 10:59:08
User Name Remote Id
----------------------- ----------------
bert (800) 555-0000
host1#show subscribers slot 5
Subscriber List
---------------
Virtual
User Name Type Addr|Endpt Router
------------------------ ----- -------------------- ------------
fred tst 10.10.65.86/radius default
User Name Interface
------------------------ --------------------------------
fred atm 5/1.42:100.104
User Name Login Time Circuit Id
------------------------ ------------------- ----------------
fred 06/05/12 10:58:42 atm 5/1.3
User Name Remote Id
----------------------- ----------------
fred
- Example 4—Shows the number of subscribers on each virtual router, as well as the total and peak subscribers for the chassis
host1#show subscribers summary
Virtual
Router Subscribers Ppp Ip Tnl Total
------------ ------------ ------ ------ ------ ------
default 1 1 0 0 1
Total Subscribers : 10 (chassis-wide total)
Peak Subscribers : 15 (chassis-wide total)
host1#show subscribers summary port
Interface Count
------------ ------
3/1 5
2/1 5
Total Subscribers : 10 (chassis-wide total)
Peak Subscribers : 15 (chassis-wide total)
host1#show subscribers summary domain
Domain Name Count
-------------------------------- ------
abc.com 5
iii.com 5
Total Subscribers : 10 (chassis-wide total)
Peak Subscribers : 15 (chassis-wide total)
host1#show subscribers summary interface
Interface Count
-------------------- ------
ATM 3/2.1 1
ETHERNET 5/2.1 2
Total Subscribers : 3 (chassis-wide total)
Peak Subscribers : 6 (chassis-wide total)
host1#show subscribers summary slot
Slot Count
-------- -----
3 1
5 4
Total Subscribers : 5 (chassis-wide total)
Peak Subscribers : 8 (chassis-wide total)
show terminate-code
- Apps—The application generating the terminate reason; AAA, L2TP, PPP, or RADIUS client
- Terminate Reason—The application's terminate reason
- Description—The terminate reason
- Radius Code—The RADIUS Acct-Terminate-Cause code to which the application's terminate reason is mapped
- Example 1—Specifies the radius keyword to display all current terminate reasons mapped to RADIUS Acct-Terminate-Cause codes. This command lists all PPP mappings, followed by L2TP mappings, and then AAA mappings.
host1(config)#run show terminate-code radius
Radius
Apps Terminate Reason Description Code
--------- -------------------------- -------------------------- ------
ppp authenticate-authenticator authenticate authenticator 17
-timeout timeout
ppp authenticate-challenge-tim authenticate challenge tim 10
eout eout
ppp authenticate-chap-no-resou authenticate chap no resou 10
rces rces
ppp authenticate-chap-peer-aut authenticate chap peer aut 17
henticator-timeout henticator timeout
ppp authenticate-deny-by-peer authenticate deny by peer 17
ppp authenticate-inactivity-ti authenticate inactivity ti 4
meout meout
ppp authenticate-max-requests authenticate max requests 10
--More--
host1(config)#run show terminate-code radius 4
Radius
Apps Terminate Reason Description Code
--------- -------------------------- -------------------------- ------
ppp authenticate-inactivity-ti authenticate inactivity ti 4
meout meout
l2tp session-timeout-inactivity session timeout inactivity 4
host1(config)#run show terminate-code aaa
Radius
Apps Terminate Reason Description Code
--------- -------------------------- -------------------------- ------
aaa deny-server-not-available deny server not available 17
aaa deny-server-request-timeou deny server request timed 17
t out
aaa deny-authentication-failur deny authentication failur 17
e e from server
aaa deny-address-assignment-fa deny address assignment fa 17
ilure ilure
aaa deny-address-allocation-fa deny address allocation fa 17
ilure ilure
aaa deny-no-address-allocation deny insufficient resource 17
-resources s for address allocation
aaa deny-unknown-subscriber deny no such server entry 17
aaa deny-no-resources deny no resources availabl 10
e
--More--
host1(config)#run show terminate-code l2tp session-access-interface-down
Radius
Terminate Reason Description Code
------------------------------------------------------------ ------
session access interface down 8