Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show network-access aaa radius-servers

Syntax

Description

Display RADIUS server status and information.

Options

detail

(Optional) Display detailed level of information.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show network-access aaa radius-servers command. Output fields are listed in the approximate order in which they appear.

Table 1: show network-access aaa radius-servers Output Fields

Field Name

Field Description

Level of Output

Profile

Name of the profile associated with the RADIUS server. A RADIUS server can be associated with more than one profile.

All levels

Server address

IPv4 or IPv6 address of the RADIUS server.

All levels

Authentication port

RADIUS server authentication port number.

All levels

Preauthentication port

RADIUS server preauthentication port number.

All levels

Accounting port

RADIUS server accounting port number.

All levels

Accounting retry

Number of times the router retransmits RADIUS accounting messages when no response is received from the server.

Detail

Accounting timeout

Period the local router waits to receive a response from a RADIUS accounting server before retransmitting the message.

Detail

Status

RADIUS server status, UP (Alive), UNREACHABLE, or DOWN (DEAD).

If status is DOWN, the Status field includes the number of seconds configured by the revert-interval statement. The router does not send requests to servers in the DOWN state, but does send requests to servers with a status of either UP or UNREACHABLE.

This field also displays the status of AAA accounting suspension or resumption, and the status of baselining of accounting statistics if you suspended or resumed accounting operations or initiated the generation of a baseline. This information is applicable only for RADIUS servers that are in the UP state.

Note:

After requests to a server or set of servers time out after 10 seconds, the status of the servers changes. The following guidelines apply to server status:

  • For the purpose of marking a server as Down (DEAD), the request includes the original request and any retries that are configured. The 10-second timeout period starts after the initial request and all retries have expired without receiving a response from the server.

    The amount of the timeout period that elapses before the server is marked Down is not always exactly 10 seconds, and can vary depending on how frequently subscribers are logging in. When subscribers are continually and rapidly logging in, the server is marked as Down at 10 seconds. However, if subscribers are logging in less frequently and at a slower pace, then the server is not marked Down until a subsequent subscriber attempts to log in. For example, if the subsequent subscriber logs in a minute after the request and all retries lapse, and the 10-second timeout starts, the actual time until the server is marked Down is 50 seconds after the timeout starts (the one minute between subscriber login minus the 10-second timeout).

  • All servers cannot be marked as DOWN; instead, the unresponsive servers are marked as UNREACHABLE.

    For example, if only one RADIUS server is configured and that server is unresponsive, the server status is marked as UNREACHABLE rather than DOWN.

  • If at least one server has a status of UP, the status of all unresponsive servers is set to DOWN for the remainder of the configured revert-interval setting.

  • If no server has a status of UP, then the status of the unresponsive servers is set to UNREACHABLE for the remainder of the revert-interval setting or for 30 seconds, whichever is less.

  • The status of unresponsive servers is returned to UP from DOWN or UNREACHABLE at the end of the revert-interval setting (or the 30-second interval).

  • If no requests are sent to a server, the server’s status is always UP.

All levels

RADIUS servers

Details for specific RADIUS server, identified by IP address.

Detail

Authentication requests

Number of authentication requests received by the authentication server.

Detail

Authentication rollover requests

Number of requests coming into the server as a result of the previous server timing out.

Detail

Authentication retransmissions

Number of retransmissions.

Detail

Accepts

Number of authentication requests accepted by the authentication server.

Detail

Rejects

Number of authentication requests rejected by the authentication server.

Detail

Challenges

Number of authentication requests challenged by the authentication server.

Detail

Authentication malformed responses

Number of responses with attributes having an invalid length or unexpected attributes (such as two attributes when the response is required to have at most one).

Detail

Authentication bad authenticators

Number of responses in which the authenticator is incorrect for the authentication request. This can occur if the RADIUS secrets for the client and server do not match.

Detail

Authentication requests pending

Number of authentication requests waiting for a response.

Detail

Authentication request timeouts

Number of times an authentication request to the server timed out.

Detail

Authentication unknown responses

Number of unknown responses. The RADIUS response type in the header is invalid or unsupported.

Detail

Authentication packets dropped

Number of packets dropped because they are too short or because the router receives a response for which there is no corresponding request.

Detail

Preauthentication requests

Number of preauthentication requests received by the preauthentication server.

Detail

Preauthentication rollover requests

Number of preauthentication requests coming into the server as a result of the previous server timing out.

Detail

Preauthentication retransmissions

Number of retransmissions of preauthentication requests.

Detail

Preauthentication Accepts

Number of preauthentication requests accepted by the preauthentication server.

Detail

Preauthentication Rejects

Number of preauthentication requests rejected by the preauthentication server.

Detail

Preauthentication Challenges

Number of preauthentication requests challenged by the preauthentication server.

Detail

Preauthentication malformed responses

Number of responses to preauthentication requests with attributes having an invalid length or unexpected attributes (such as two attributes when the response is required to have at most one).

Detail

Preauthentication bad authenticators

Number of responses in which the authenticator is incorrect for the preauthentication request. This can occur if the RADIUS secrets for the client and server do not match.

Detail

Preauthentication requests pending

Number of preauthentication requests waiting for a response.

Detail

Preauthentication request timeouts

Number of times a preauthentication request to the server timed out.

Detail

Preuthentication unknown responses

Number of unknown responses during the preauthentication phase. The RADIUS response type in the header is invalid or unsupported.

Detail

Preauthentication packets dropped

Number of preauthentication packets dropped because they are too short or because the router receives a response for which there is no corresponding request.

Detail

Accounting start requests

Number of accounting start requests received.

Detail

Accounting interim requests

Number of accounting interim requests received.

Detail

Accounting stop requests

Number of accounting stop requests received.

Detail

Accounting rollover requests

Number of requests coming into the server as a result of the previous server timing out.

Detail

Accounting retransmissions

Number of retransmissions.

Detail

Accounting start responses

Number of accounting start responses sent by the server.

Detail

Accounting interim responses

Number of accounting interim responses sent by the server.

Detail

Accounting stop responses

Number of accounting stop responses sent by the server.

Detail

Accounting malformed responses

Number of responses with attributes having an invalid length or unexpected attributes (such as two attributes when the response is required to have at most one).

Detail

Accounting bad authenticators

Number of responses in which the authenticator is incorrect for the accounting request. This can occur if the RADIUS secrets for the client and server do not match.

Detail

Accounting requests pending

Number of accounting requests waiting for a response.

Detail

Accounting request timeouts

Number of accounting requests to the accounting server that timed out.

Detail

Accounting unknown responses

Number of unknown responses. The RADIUS response type in the header is invalid or unsupported.

Detail

Accounting packets dropped

Number of packets dropped because they are too short or because the router receives a response for which there is no corresponding request.

Detail

Sample Output

show network-access aaa radius-servers

show network-access aaa radius-servers

show network-access aaa radius-servers detail

Release Information

Command introduced in Junos OS Release 12.1.