Displays the current RADIUS client configuration and statistics.
mgmt-access | Specifies configuration and statistics for the switch management RADIUS authentication server. |
netlogin | Specifies configuration and statistics for the network login RADIUS authentication server. |
primary | Primary server. |
secondary | Secondary server. |
index | RADIUS server index. |
N/A.
If you do not specify a keyword, configuration details related to both management and network login are displayed. The output from this command displays the status of RADIUS and RADIUS accounting (enabled or disabled) and the primary and secondary servers for RADIUS and RADIUS accounting.
Use the mgmt-access keyword to display only RADIUS configuration details related to management access.
Use the netlogin keyword to only RADIUS configuration details related to network login.
The following sample output displays the current RADIUS client configuration and statistics for both management and network login:
# show radius RADIUS Default State: enabled RADIUS Default Timeout: 3 seconds RADIUS Algorithm: standard RADIUS Retries: 3 RADIUS dynamic-authorization: enabled RADIUS TLS TCP Timeout: default RADIUS TLS OCSP: on Switch Management RADIUS: disabled Switch Management RADIUS server connect time out: 3 seconds * Switch Management RADIUS Accounting: disabled * Switch Management RADIUS Accounting server connect time out: 3 seconds Netlogin RADIUS: enabled Netlogin RADIUS server connect time out: 3 seconds * Netlogin RADIUS Accounting: disabled * Netlogin RADIUS Accounting server connect time out: 3 seconds RADIUS server : 1 Status is Active host name : IP address : 10.51.1.150 Server IP Port: 1812 Protocol : UDP Client address: 10.68.5.4 (VR-Mgmt) Retries : 3 * Timeout : 3 * Realm : Netlogin shared secret : #$Qzamzk1OwQoU9jmTyFiEH1qT+Hp6+g== Access Requests : 2 Access Accepts : 2 Access Rejects : 0 Access Challenges : 0 Access Retransmits: 0 Client timeouts : 0 Bad authenticators: 0 Unknown types : 0 Round Trip Time : 221 RADIUS DynAuth server: 1 Status is Active host name : IP address : 10.51.1.150 Server IP Port: 3799 Protocol : UDP Client address: 10.68.5.4 (VR-Mgmt) shared secret : #$Mpu4FUpTNAtZ2cQAM/xAQI92SpD9vw== NAS-IP : Require CoA Requests : 11 Disc Requests : 5 CoA Accepts : 2 Disc Accepts : 3 CoA Rejects : 7 Disc Rejects : 1 CoA Dup Requests : 0 Disc Dup Requests : 0 CoA Bad Auths : 0 Disc Bad Auths : 0 CoA Packet Drops : 2 Disc Packet Drops : 1
The following command displays RADIUS TLS OCSP attributes (lines 9-12):
# show radius RADIUS Default State: enabled RADIUS Default Timeout: 3 seconds RADIUS Algorithm: standard RADIUS Retries: 3 RADIUS dynamic-authorization: disabled RADIUS TLS TCP Timeout: default RADIUS TLS OCSP: on RADIUS TLS OCSP Attributes: Nonce : on Signer ocsp-nocheck : on Override Server URL : http://radiusocsp:2021 Switch Management RADIUS: disabled Switch Management RADIUS server connect time out: 3 seconds * Switch Management RADIUS Accounting: disabled * Switch Management RADIUS Accounting server connect time out: 3 seconds Netlogin RADIUS: enabled Netlogin RADIUS server connect time out: 3 seconds * Netlogin RADIUS Accounting: disabled * Netlogin RADIUS Accounting server connect time out: 3 seconds Primary Netlogin RADIUS server: Status is Active host name : IP address : 10.127.6.195 Server IP Port: 1812 Protocol : UDP Client address: 10.127.6.85 (VR-Mgmt) Retries : 3 * Timeout : 3 * shared secret : #$1HkCDc0zAm64sGwES6xVTN91clZEXQ== Access Requests : 655 Access Accepts : 655 Access Rejects : 0 Access Challenges : 0 Access Retransmits: 0 Client timeouts : 0 Bad authenticators: 0 Unknown types : 0 Round Trip Time : 0 Legend: An asterisk (*) indicates a global value is in use.
This command was first available in ExtremeXOS 10.1.
The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.
The primary and secondary keywords, and index variable were added in ExtremeXOS 16.1.
This command was updated to show dynamic authorization status in ExtremeXOS 22.1.
This command was updated to show counters for dynamic authorization in ExtremeXOS 31.4.
RADIUS TLS OCSP attributes were added in ExtremeXOS 31.6.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.