show network-access aaa statistics

Syntax

Description

Display AAA accounting, address-assignment, dynamic request statistics, RADIUS settings and statistics, and subscriber session limit statistics.

Options

accounting (detail)	(Optional) Display AAA accounting statistics. The `detail` keyword displays additional accounting information
address-assignment (client \| pool `pool-name`)	(Optional) Display AAA address-assignment client and pool statistics.
dynamic-requests	(Optional) Display AAA dynamic requests.
radius	(Optional) Display RADIUS settings and statistics.
session-limit-per-username	Maximum number of sessions allowed for a username per access profile. Use the `brief` option to display only active users with blocked requests. Use the `detail` option to display all active users.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show network-access aaa statistics command. Output fields are listed in the approximate order in which they appear.

Table 1: show network-access aaa statistics Output Fields
Field Name	Field Description	Level of Output
`Requests received`	Number of accounting requests generated by the AAA framework. Number of dynamic requests received from the external server. Does not include requests sent from backup accounting.	All levels
`Accounting request failures`	Number of accounting requests that failed to be sent or queued from a client to a RADIUS accounting server. Does not include requests sent from backup accounting.	`detail`
`Accounting request success`	Number of accounting requests successfully sent or queued from a client to a RADIUS accounting server. Does not include requests sent from backup accounting.	`detail`
`Account on requests`	Number of accounting on requests sent from a client to a RADIUS accounting server.	`detail`
`Accounting start requests`	Number of accounting start requests sent from a client to a RADIUS accounting server.	`detail`
`Accounting interim requests`	Number of accounting interim requests sent from a client to a RADIUS accounting server.	`detail`
`Accounting stop requests`	Number of accounting stop requests sent from a client to a RADIUS accounting server. Does not include requests sent from backup accounting.	`detail`
`Accounting request timeouts`	Number of accounting requests to the accounting server that timed out. This field was named `Timed out requests` in releases before Junos OS Release 16.1. Does not include requests sent from backup accounting.	All levels
`Accounting Response failures`	Number of accounting requests not acknowledged (NAK) by the accounting server. Does not include requests sent from backup accounting.	All levels
`Accounting response success`	Number of accounting requests acknowledged by the accounting server. Does not include requests sent from backup accounting.	All levels
`Account on responses`	Number of accounting on requests acknowledged by the RADIUS accounting server.	`detail`
`Accounting start responses`	Number of accounting start requests acknowledged by the RADIUS accounting server.	`detail`
`Accounting interim responses`	Number of accounting interim requests acknowledged by the RADIUS accounting server.	`detail`
`Accounting stop responses`	Number of accounting stop requests acknowledged by the RADIUS accounting server. Does not include requests sent from backup accounting.	`detail`
`Accounting rollover requests`	Number of accounting requests coming to a RADIUS accounting server after a previous server timing out.	`detail`
`Accounting unknown requests`	Number of unknown accounting requests sent from a client to a RADIUS accounting server (for example, when the header has invalid or unsupported information).	`detail`
`Accounting radius pending requests`	Number of accounting requests sent from a client to a RADIUS accounting server that are waiting for a response from the server.	`detail`
`Accounting malformed responses`	Number of accounting responses from a RADIUS accounting server that have invalid or unexpected attributes.	`detail`
`Accounting retransmissions`	Number of accounting requests made by a client to the RADIUS sever that were retransmitted. Does not include requests sent from backup accounting.	`detail`
`Accounting bad authenticators`	Number of accounting responses from a RADIUS accounting server that have an incorrect authenticator (for example, the client and server RADIUS secret do not match).	`detail`
`Accounting packets dropped`	Number of accounting responses from a RADIUS accounting server that are dropped by a client.	`detail`
`Accounting backup record creation requests`	Number of accounting stop requests from a client to a RADIUS accounting server that were forwarded to be backed up.	`detail`
`Accounting backup replay request success`	Number of backup accounting stop requests successfully created by clients after each timeout for replay to a RADIUS accounting server.	`detail`
`Accounting backup request failures`	Number of backup accounting requests that failed to be sent or queued from a client to a RADIUS accounting server.	`detail`
`Accounting backup request success`	Number of backup accounting requests successfully sent or queued from a client to a RADIUS accounting server.	`detail`
`Accounting backup timeouts`	Number of backup accounting requests that timed out after being sent to a RADIUS accounting server.	`detail`
`Accounting backup in-flight requests`	Number of backup accounting requests that were successfully sent or queued to a RADIUS accounting server for which no response or error has been received yet. Backup requests are replayed only in the following circumstances: When the request being replayed receives a positive response, the next request can be replayed. When the request being replayed receives a timeout response, it can be replayed again. Consequently this intermediate timer displays 1 or 0. The value eventually drops to 0 as requests are responded to positively or fail due to error.	`detail`
`Accounting backup responses success`	Number of backup records that were successfully acknowledged with a positive response from a RADIUS accounting server.	`detail`
`Accounting backup radius requests`	Number of backup requests sent to UDP level. This is a RADIUS-level counter and increments rapidly based on the configured retries and timeouts and the RADIUS-level retransmissions. An observation that the value is increasing is more significant than the exact value of the counter.	`detail`
`Accounting backup radius responses`	Number of responses received at the UDP level for backup requests. This is a RADIUS-level counter and increments rapidly based on the configured retries and timeouts and the RADIUS-level retransmissions. Observation that the value is increasing is more significant than the exact value of the counter.	`detail`
`Accounting backup radius timeouts`	Number of backup requests that timed out after being sent to UDP. This is a RADIUS-level counter and increments rapidly based on the configured retries and timeouts and the RADIUS-level retransmissions. Observation that the value is increasing is more significant than the exact value of the counter.	`detail`
`Accounting backup radius pending requests`	Number of backup requests sent to a RADIUS accounting server that are waiting for a response from the server. This is an intermediate state counter that eventually drops to zero as requests are responded to or failed due to error.	`detail`
`Accounting backup radius retransmissions`	Sum of backup request retransmissions for each RADIUS accounting server. This is a RADIUS-level counter and increments rapidly based on the configured retries and timeouts and the RADIUS-level retransmissions. Observation that the value is increasing is more significant than the exact value of the counter.	`detail`
`Accounting backup malformed responses`	Sum of malformed responses received for backup requests sent to each RADIUS accounting server at the UDP level.	`detail`
`Accounting backup bad authenticators`	Sum of responses received for backup accounting requests for each RADIUS accounting server where authenticators were mismatched.	`detail`
`Accounting backup responses dropped`	Sum of responses for backup accounting requests for each RADIUS accounting server that were dropped due to various sanity checks.	`detail`
`Accounting backup rollover requests`	Sum of backup accounting requests rolled over for each RADIUS accounting server.	`detail`
`Accounting backup unknown responses`	Sum of unknown responses for backup accounting requests for each RADIUS accounting server.	`detail`
`Client`	Client type; for example, DHCP, Mobile IP, PPP.	none specified
`Out of Memory`	Number of times an address was not given to the client due to memory issues.	none specified
`No Matches`	Number of times there were no network matches for the pool.	none specified
`Pool Name`	Name of the address-assignment pool for this client.	none specified
`Out of Addresses`	Number of times there were no available addresses in the pool.	none specified
`Address total`	Number of addresses in the pool.	none specified
`Addresses in use`	Number of addresses in use.	none specified
`Addresses excluded`	Number of addresses excluded from being allocated from the pool with the `excluded-address` or `excluded-range` statements.	none specified
`Address Usage (percent)`	Percentage of total addresses in use. This value does not take excluded addresses into account.	none specified
`Pool drain configured`	Configuration state of active drain for the specified local address pool, `yes` or `no`.	none specified
`Pool Usage`	Percentage of allocated addresses in the specified address pool.	none specified
`processed successfully`	Number of dynamic requests processed successfully by the AAA framework.	All levels
`errors during processing`	Number of dynamic requests that resulted in processing errors by the AAA framework.	All levels
`Link Name`	Name of the secondary address-assignment pool to which the primary pool is linked.
`silently dropped`	Number of dynamic requests dropped by the AAA framework due to multiple back-to-back or duplicate requests.	All levels
`RADIUS Server`	IPv4 or IPv6 address of the RADIUS server to which the router is sending requests.	All levels
`Profile`	Name of the RADIUS profile associated with the RADIUS server. A RADIUS server can be associated with more than one RADIUS profile.	All levels
`Configured`	Configured maximum number of outstanding requests from the router to the RADIUS server for a specific profile. An outstanding request is a request to which the RADIUS server has not yet responded. The range of values is 0 through 2000 outstanding requests. The default value is 1000.	All levels
`Current`	Current number of outstanding requests from the router to the RADIUS server for a specific profile. An outstanding request is a request to which the RADIUS server has not yet responded.	All levels
`Peak`	Highest number of outstanding requests from the router to the RADIUS server for a specific profile at any point in time since the router was started or since the counter was last cleared. Note: If the value of this field is equal to the value of the `Configured` field, you may want to increase the value of the `Configured` field.	All levels
`Exceeded`	Number of times that the router attempted to send requests to the RADIUS server in excess of the configured maximum value for a specific profile. Note: If the value of this field is nonzero, you may want to increase the value of the `Configured` field.	All levels
`Username`	Username for a subscriber with one or more active sessions for an access profile.	`briefdetail`
`Access-profile`	Name of the access profile where the username is active.	`briefdetail`
`Blocked requests`	Number of session requests that have been blocked for the username for an access profile. A request is blocked when it exceeds the configured session limit.	`briefdetail`
`Session count`	Number of active sessions for the username for an access profile.	`briefdetail`
`Total usernames`	Number of active usernames for all access profiles.	none `summary`
`Total usernames exceeding session limit`	Number of usernames that have attempted sessions greater than the limit configured for the username.	none `summary`
`Total blocked requests`	Number of session requests that have been blocked because the session limit is exceeded.	none `summary`

Sample Output

show network-access aaa statistics accounting
show network-access aaa statistics accounting detail
show network-access aaa statistics address-assignment client
show network-access aaa statistics address-assignment pool
show network-access aaa statistics address-assignment pool (Excluded Addresses)
show network-access aaa statistics dynamic-requests
show network-access aaa statistics radius
show network-access aaa statistics session-limit-per-username (Users with Blocked Requests)
show network-access aaa statistics session-limit-per-username (All Active Users)
show network-access aaa statistics session-limit-per-username

show network-access aaa statistics accounting

show network-access aaa statistics accounting detail

show network-access aaa statistics address-assignment client

show network-access aaa statistics address-assignment pool

show network-access aaa statistics address-assignment pool (Excluded Addresses)

show network-access aaa statistics dynamic-requests

show network-access aaa statistics radius

show network-access aaa statistics session-limit-per-username (Users with Blocked Requests)

show network-access aaa statistics session-limit-per-username (All Active Users)

show network-access aaa statistics session-limit-per-username

Release Information

Command introduced in Junos OS Release 9.1.

address-assignment option introduced in Junos OS Release 10.0.

radius option introduced in Junos OS Release 11.4.

detail option introduced in Junos OS Release 13.3.

session-limit-per-username option introduced in Junos OS Release 18.4R1 on MX Series routers.

ON THIS PAGE