Viewing
Viewing RADIUS server group information
Syntax
show server-group radiusDisplays the same information as the
show radiuscommand, but displays the servers in their server groups.
![[NOTE: ]](images/note.gif) | NOTE: For the 3800, 5400zl, and 8200zl switches, when the switch is in enhanced secure mode, you are prompted about displaying sensitive information before the command is executed. See Secure Mode (3800, 3810, 5400zl, and 8200zl Switches). |
Viewing and changing the SNMP access configuration
Syntax
snmp-server mib hpswitchauthmib <excluded|included>
includedEnables manager-level SNMP read/write access to the switch authentication configuration (hpSwitchAuth) MIB.
excludedDisables manager-level SNMP read/write access to the switch authentication configuration (hpSwitchAuth) MIB.
Default: included
Syntax
show snmp-serverThe output for this command has been enhanced to display the current access status of the switch authentication configuration MIB in the
Excluded MIBsfield.
Example
To disable SNMP access to the switch authentication MIB and then display the result in the Excluded MIB field, execute the following two commands.
An alternate method of determining the current
Authentication MIB access state is to use the show run command.
Viewing authorization information
Syntax
Viewing RADIUS Statistics
Syntax
Shows general RADIUS configuration, including the server IP addresses. Optional form shows data for a specific RADIUS host. To use
show radius, the server's IP address must be configured in the switch, which. requires prior use of theradius-server hostcommand. See Accounting services for more information.For the 3800, 5400zl, and 8200zl switches, when the switch is in enhanced secure mode, you are prompted about displaying sensitive information before the command is executed. For more information, see Secure Mode (3800, 3810, 5400zl, and 8200zl Switches).
Values for show radius host output
| Term | Definition |
|---|---|
| Round Trip Time | The time interval between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server. |
| Pending Requests | The number of RADIUS Accounting-Request packets sent to this server that have not yet timed out or received a response. This variable is incremented when an accounting-Request is sent and decremented due to receipt of an Accounting-Response, a timeout or a retransmission. |
| Retransmissions | The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server. Retransmissions include retries where the Identifier and Acct-Delay have been updated, as well as those in which they remain the same. |
| Timeouts | The number of accounting timeouts to this server. After a timeout the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout. A send to a different server is counted as an Accounting-Request as well as a timeout. |
| Malformed Responses | The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses. |
| Bad Authenticators | The number of RADIUS Accounting-Response packets which contained invalid authenticators received from this server. |
| Unknown Types | The number of RADIUS packets of unknown type which were received from this server on the accounting port. |
| Packets Dropped | The number of RADIUS packets which were received from this server on the accounting port and dropped for some other reason. |
| Access Requests | The number of RADIUS Access-Requests the switch has sent since it was last rebooted. (Does not include retransmissions.) |
| Accounting Requests | The number of RADIUS Accounting-Request packets sent. This does not include retransmissions. |
| Access Challenges | The number of RADIUS Access-Challenge packets (valid or invalid) received from this server. |
| Access Accepts | The number of RADIUS Access-Accept packets (valid or invalid) received from this server. |
| Access Rejects | The number of RADIUS Access-Reject packets (valid or invalid) received from this server. |
| Responses | The number of RADIUS packets received on the accounting port from this server. |
Viewing RADIUS authentication statistics
Syntax
show authenticationDisplays the primary and secondary authentication methods configured for the Console, Telnet, Port-Access (802.1X), and SSH methods of accessing the switch. Also displays the number of access attempts currently allowed in a session.
show radius authenticationDisplays NAS identifier and data on the configured RADIUS server and the switch interactions with this server. Requires prior use of the
radius-server hostcommand to configure a RADIUS server IP address in the switch, see Accounting services.
Example of login attempt and primary/secondary authentication information from the show authentication command
Viewing port-access information
The show port-access summary command
displays the dynamically changed client limit settings.
Syntax
show port-access summary [radius-overridden]Displays summary configuration information for all ports, including the ports that have client limits set by RADIUS VSAs.
radius-overriddenDisplays only the ports with client limits that are overridden by RADIUS attributes.
| NOTE: If the command If the 802.1X client-limit is configured with a value from 1-32, the port access is in user-mode. |
To display the configuration information for
just those ports that are dynamically overridden by RADIUS attributes,
use the show port-access summary radius-overridden command.
Viewing RADIUS accounting statistics
Syntax
show accountingLists configured accounting interval, "Empty User" suppression status, session ID, accounting types, methods, and modes.
