You are here: Home > CLI Commands > Just_CLI_Topics > show aaa load-balance statistics

show aaa load-balance statistics

show aaa load-balance statistics server-group <sg_name>

Description

Display the load balancing statistics for RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  servers.

Syntax

Parameter

Description

<sg_name>

Name of the server group.

Example

(host) #show aaa load-balance statistics server-group dot1x-test-apsim

Statistics for Radius Servers in Server Group

---------------------------------------------

Server Acct Rq Raw Rq PAP Rq CHAP Rq MSCHAP Rq MSCHAPv2 Rq Mismatch Rsp Bad Auth Acc Rej Acct Rsp Chal Ukn Rsp Tmout Tot Rq Tot Rsp Rd Err Outstanding Auths

------ ------- ------ ------ ------- --------- ----------- ------------ -------- --- --- -------- ---- ------- ----- ------ ------- ------ -----------------

abc _RADIUS 0 0 0 0 0 26 0 0 26 0 0 0 0 0 26 26 0 0

AUTOMATIONRAD 0 0 0 0 0 207 0 0 207 0 0 0 0 0 207 207 0 0

 

Parameter

Description

Server

Name of the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

Acct Rq

Accounting requests. This reports the number of accounting messages (for example, start/stop/interim update) sent by the controller to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server. This counter increments whenever the controller sends one of these messages.

Raw Rq

Raw requests. Number of raw authentication requests the controller sent to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. Rq

PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. Requests. Number of PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. authentication requests the controller sent to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients. Rq

CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients. requests. Number of CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients. authentication requests the controller sent to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

MSCHAP Rq

MSCHAP requests. Number of MS-CHAPMicrosoft Challenge Handshake Authentication Protocol. MS-CHAP is Password-based, challenge-response, mutual authentication protocol that uses MD4 and DES encryption. authentication requests the controller sent to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

MSCHAPv2 Rq

MSCHAPv2 requests. Number of MS-CHAPv2Microsoft Challenge  Handshake Authentication Protocol version 2. MS-CHAPv2 is an enhanced version of the MS-CHAP protocol that supports mutual authentication. requests the controller sent to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

Mismatch Rsp

Mismatch responses. Number of responses from a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server for which the controller does not have the proper request context.

Bad Auth

Bad authenticator. Number of responses from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server with an invalid secret or bad reply digest.

Acc

Access accept. Number of responses from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server with invalid secret or bad reply digest.

Rej

Access reject. Number of responses from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server that indicate that client authentication failed.

Acct Rsp

Accounting response. Number of responses sent from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server in response to accounting requests sent from the controller.

Chal

Access  challenge. Number of responses from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server containing a challenge for the client (to complete authentication).

Ukn Rsp

Unknown Response code. Number of responses from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server that were not understood by the controller due to the purpose or type of the response

Tmout

Timeouts. Number of messages sent by the controller for which the controller did not receive a response before the message timed out.

NOTE: Timeouts include RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting requests. Every request controller sends to the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server is monitored for a timeout, so each retry increments this counter.

AvgRspTme

Average response time. Time taken, on an average, for the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server to respond to a message from the controller.

Tot Rq

Total errors. This counter reflects the total number of requests sent to the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server (auth and accounting requests).

Tot Rsp

This counter reflects the total number of responses received by the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server (auth and accounting responses).

Rd Err

Read errors. This counter reflects the total number of errors encountered while reading off socket corresponding to that RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

Uptime

Amount of for which the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server has been active/up. The RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server is considered to have an UP status if the server is active and serving requests. The RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server is considered to be DOWN if the server is not responding. For example, if the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server does not respond for (<no of retries> *< timeout>) seconds, the controller takes the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server down. It brings the radius server back into service after the dead timeout.

SEQ

Information corresponding to the sequence number of requests. SEQ total corresponds to the total number of sequence numbers that can be used to communicate with the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server. SEQ free corresponds to the free/available/not in use sequence numbers for a particular RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

Outstanding Auths

This value keeps track of the number of clients that are currently getting authenticated against this authentication server, i.e. clients for which the controller has sent Access-RequestRADIUS packet sent to a RADIUS server requesting authorization. but has not yet received Access-AcceptResponse from the RADIUS server indicating successful authentication and containing authorization information. or Access-RejectResponse from RADIUS server indicating that a user is not authorized. and also the Access-RequestRADIUS packet sent to a RADIUS server requesting authorization. has not timed out completely.

Related Commands

Command

Description

aaa authentication-server radius

This command configures a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication server using that server’s fully qualified domain name.

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/