show service user-identification authentication-source aruba-clearpass user-query counters
Syntax
show service user-identification authentication-source aruba-clearpass user-query counters
Description
Display statistics on the counters maintained by the user query function. The output identifies the ClearPass webserver as the destination of the user query requests. It displays the number of requests sent from the SRX Series Firewall to the ClearPass webserver and the number of responses that the SRX Series Firewall received from it. You can use this command to identify that a problem exists–the number of responses received is less than the number of requests sent.—and then analyze and correct it.
If there are no problems with the communication between the ClearPass Policy Manager (CPPM) and the SRX Series Firewall, the number of requests sent is equal to the number of responses received and the number of error responses.
number-of-requests = number-of-responses + error-message-responses
The user query function is part of the SRX Series integrated ClearPass authentication and enforcement feature. The SRX Series Firewall can automatically send requests for individual user authentication and identity information to ClearPass in the event that ClearPass does not post that information to it. For this to occur, you must have configured the user query function.
The SRX Series Firewall exposes to ClearPass a Web API (webapi) that ClearPass uses to send POST request messages to it automatically. These messages contain user authentication and identity information.
The user query function supplements use of the SRX Series Web API function.
Options
| authentication-source | Specify aruba-clearpass to identifies Aruba ClearPass as the authentication source. |
Required Privilege Level
view
Output Fields
Webserver Address—The IP address of the ClearPass webserver.
Access token—The token string that the SRX Series Firewall obtains from ClearPass which allows the SRX Series Firewall to query the ClearPass webserver for an individual user’s authentication and identity information.
Requests sent number—A counter that shows the number of individual user authentication information queries that the SRX Series Firewall sent to the ClearPass webserver.
Total response received number—A counter that shows the number of returns from the ClearPass webserver in response to the individual user authentication information queries that the SRX Series Firewall sent to it. The number of responses should match the number of requests unless an error occurred.
Error response received number—The number errors that occurred in relation to requests.
Time of last response—A timestamp showing when the last response from the ClearPass webserver was received.
Sample Output
show service user-identification authentication-source aruba-clearpass user-query counters
user@host> show service user-identification authentication-source aruba-clearpass user-query counters
Web server Address: 4.0.0.20
Access token: 433feffae5c3eb3ff8ffdc49f968b03437ca1ce5
Request sent number: 7
Total response received number: 7
Error response received number: 0
Time of last response: 2000-01-01 11:57:17Release Information
Command introduced in Junos OS Release 12.3X48-D30.