There are some stats on the controllers but we haven't been able to work out how to poll them via snmp which would be ideal. The other option would be scripting SSH to run the command and pull the relevant information for graphing.
(Cisco Controller) >show radius auth statistics Authentication Servers: Server Index..................................... 1 Server Address................................... xxxxxxxxx Msg Round Trip Time.............................. 0 (msec) First Requests................................... 0 Retry Requests................................... 0 Accept Responses................................. 0 Reject Responses................................. 0 Challenge Responses.............................. 0 Malformed Msgs................................... 0 Bad Authenticator Msgs........................... 0 Pending Requests................................. 0 Timeout Requests................................. 0 Consecutive Drops ............................... 0 Unknowntype Msgs................................. 0 Other Drops...................................... 0 Server Index..................................... 3 Server Address................................... xxxxxxxxx Msg Round Trip Time.............................. 66 (msec) First Requests................................... 2406297 Retry Requests................................... 936 Accept Responses................................. 244593 Reject Responses................................. 10527 Challenge Responses.............................. 2151076 Malformed Msgs................................... 0 Bad Authenticator Msgs........................... 0 Pending Requests................................. 9 Timeout Requests................................. 1037 Consecutive Drops ............................... 0 Unknowntype Msgs................................. 0 Other Drops...................................... 0 Server Index..................................... 4 Server Address................................... xxxxxxxxx Msg Round Trip Time.............................. 32 (msec) First Requests................................... 1242604 Retry Requests................................... 2373 Accept Responses................................. 117933 Reject Responses................................. 8209 Challenge Responses.............................. 1116035 Malformed Msgs................................... 0 Bad Authenticator Msgs........................... 0 Pending Requests................................. 0 Timeout Requests................................. 2800 Consecutive Drops ............................... 0 Unknowntype Msgs................................. 0 Other Drops...................................... 0 Server Index..................................... 5 Server Address................................... xxxxxxxxx Msg Round Trip Time.............................. 14 (msec) First Requests................................... 248129 Retry Requests................................... 34 Accept Responses................................. 23145 Reject Responses................................. 2192 Challenge Responses.............................. 222790 Malformed Msgs................................... 0 Bad Authenticator Msgs........................... 0 Pending Requests................................. 0 Timeout Requests................................. 36 Consecutive Drops ............................... 0 Unknowntype Msgs................................. 0 Other Drops...................................... 0 -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Wang, Yu Sent: Friday, 16 October 2015 9:23 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths One way is to parse through radius logs (each controller has its unique client name) and generate stats for auth/sec, auth/min, auth/day. You can also generate graphs from scripts. I wrote a few to generate and mail graphic reports daily. Yu Wang CS, FSU ________________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [[email protected]] on behalf of Jeremy Gibbs [[email protected]] Sent: Thursday, October 15, 2015 5:28 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths Hmm, I am interested to hear how you might accomplish that. My first instinct is to port mirror the controller to a large enough box to handle the traffic and have a filter looking for port 1645/1812 (whatever your RADIUS AUTH port is) so you only capture that traffic (I would use tcpdump). Then you might be able to do some stats on it if you capture for an hour or so. -- Jeremy L. Gibbs Sr. Network Engineer Utica College IITS T: (315) 223-2383 F: (315) 792-3814 E: [email protected]<mailto:[email protected]> http://www.utica.edu On Thu, Oct 15, 2015 at 5:13 PM, Charles Rumford <[email protected]<mailto:[email protected]>> wrote: We are using FreeRADIUS, but I want to measure independent of the RADIUS server. -- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746-2808<tel:215-746-2808> Sent from my phone On Oct 15, 2015, at 17:12, Jeremy Gibbs <[email protected]<mailto:[email protected]>> wrote: What are you using for a RADIUS server? -- Jeremy L. Gibbs Sr. Network Engineer Utica College IITS T: (315) 223-2383<tel:%28315%29%20223-2383> F: (315) 792-3814<tel:%28315%29%20792-3814> E: [email protected]<mailto:[email protected]> http://www.utica.edu On Thu, Oct 15, 2015 at 5:08 PM, Charles Rumford <[email protected]<mailto:[email protected]>> wrote: I'm currently embarking on a project to determine the number of RADIUS auths per minute each one of my controllers is generating to plan for the capacity I need for my RADIUS servers. I was curious if anyone has embarked on a similar journey and tried to measure auth rates coming from their controllers? I have a couple of ideas that I'm up for sharing, but I wanted to see if anyone else has done this. Thanks! ---- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746-2808<tel:215-746-2808> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
