show radius

show radius {mgmt-access | netlogin} {primary | secondary | index}

Description

Displays the current RADIUS client configuration and statistics.

Syntax Description

mgmt-access Specifies configuration and statistics for the switch management RADIUS authentication server.
netlogin Specifies configuration and statistics for the network login RADIUS authentication server.
primary Primary server.
secondary Secondary server.
index RADIUS server index.

Default

N/A.

Usage Guidelines

If you do not specify a keyword, configuration details related to both management and network login are displayed. The output from this command displays the status of RADIUS and RADIUS accounting (enabled or disabled) and the primary and secondary servers for RADIUS and RADIUS accounting.

Use the mgmt-access keyword to display only RADIUS configuration details related to management access.

Use the netlogin keyword to only RADIUS configuration details related to network login.

Example

The following sample output displays the current RADIUS client configuration and statistics for both management and network login:

# show radius
RADIUS Default State:   enabled
RADIUS Default Timeout: 3 seconds
RADIUS Algorithm: standard
RADIUS Retries: 3
RADIUS dynamic-authorization: enabled
RADIUS TLS TCP Timeout: default
RADIUS TLS OCSP: on
Switch Management RADIUS: disabled
Switch Management RADIUS server connect time out: 3 seconds *
Switch Management RADIUS Accounting: disabled *
Switch Management RADIUS Accounting server connect time out: 3 seconds
Netlogin RADIUS: enabled
Netlogin RADIUS server connect time out: 3 seconds *
Netlogin RADIUS Accounting: disabled *
Netlogin RADIUS Accounting server connect time out: 3 seconds

RADIUS server        :  1 Status is Active
    host name     :  
    IP address    :  10.51.1.150
    Server IP Port:  1812
    Protocol      :  UDP
    Client address:  10.68.5.4 (VR-Mgmt)
    Retries       :  3 *
    Timeout       :  3 *
    Realm         :  Netlogin
    shared secret :  #$Qzamzk1OwQoU9jmTyFiEH1qT+Hp6+g==
Access Requests   :  2          Access Accepts    :  2         
Access Rejects    :  0          Access Challenges :  0         
Access Retransmits:  0          Client timeouts   :  0         
Bad authenticators:  0          Unknown types     :  0         
Round Trip Time   :  221       

RADIUS DynAuth server:  1 Status is Active
    host name     :  
    IP address    :  10.51.1.150
    Server IP Port:  3799
    Protocol      :  UDP
    Client address:  10.68.5.4 (VR-Mgmt)
    shared secret :  #$Mpu4FUpTNAtZ2cQAM/xAQI92SpD9vw==
    NAS-IP        :  Require
CoA Requests      :  11         Disc Requests     :  5         
CoA Accepts       :  2          Disc Accepts      :  3         
CoA Rejects       :  7          Disc Rejects      :  1         
CoA Dup Requests  :  0          Disc Dup Requests :  0         
CoA Bad Auths     :  0          Disc Bad Auths    :  0         
CoA Packet Drops  :  2          Disc Packet Drops :  1

The following command displays RADIUS TLS OCSP attributes (lines 9-12):

# show radius
RADIUS Default State:   enabled
RADIUS Default Timeout: 3 seconds
RADIUS Algorithm: standard
RADIUS Retries: 3
RADIUS dynamic-authorization: disabled
RADIUS TLS TCP Timeout: default
RADIUS TLS OCSP: on
RADIUS TLS OCSP Attributes:
  Nonce               : on
  Signer ocsp-nocheck : on
  Override Server URL : http://radiusocsp:2021
Switch Management RADIUS: disabled
Switch Management RADIUS server connect time out: 3 seconds *
Switch Management RADIUS Accounting: disabled *
Switch Management RADIUS Accounting server connect time out: 3 seconds
Netlogin RADIUS: enabled
Netlogin RADIUS server connect time out: 3 seconds *
Netlogin RADIUS Accounting: disabled *
Netlogin RADIUS Accounting server connect time out: 3 seconds

Primary Netlogin RADIUS server: Status is Active
    host name     :
    IP address    :  10.127.6.195
    Server IP Port:  1812
    Protocol      :  UDP
    Client address:  10.127.6.85 (VR-Mgmt)
    Retries       :  3 *
    Timeout       :  3 *
    shared secret :  #$1HkCDc0zAm64sGwES6xVTN91clZEXQ==
Access Requests   :  655        Access Accepts    :  655
Access Rejects    :  0          Access Challenges :  0
Access Retransmits:  0          Client timeouts   :  0
Bad authenticators:  0          Unknown types     :  0
Round Trip Time   :  0

Legend: An asterisk (*) indicates a global value is in use.

History

This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

The primary and secondary keywords, and index variable were added in ExtremeXOS 16.1.

This command was updated to show dynamic authorization status in ExtremeXOS 22.1.

This command was updated to show counters for dynamic authorization in ExtremeXOS 31.4.

RADIUS TLS OCSP attributes were added in ExtremeXOS 31.6.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.

9037487-00 Rev AB