Hi Walter. Yeah I'd certainly like to see how you do the queries, we've only just started looking into this and that would certainly save some time
-- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Walt Reynolds Sent: Friday, 16 October 2015 1:24 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths We have Cisco controllers and have a script that polls the radius table and then queries the radius stats table to combine the address of the radius servers with their stats. This is done on a Unix box with snmpwalk and the like. I will send that out in the morning if you want. I also did some work and got these same stats into cacti. Walter Reynolds University of Michigan > On Oct 15, 2015, at 7:36 PM, Jason Cook <[email protected]> wrote: > > There are some stats on the controllers but we haven't been able to work out > how to poll them via snmp which would be ideal. The other option would be > scripting SSH to run the command and pull the relevant information for > graphing. > > > (Cisco Controller) >show radius auth statistics Authentication > Servers: > > Server Index..................................... 1 Server > Address................................... xxxxxxxxx Msg Round Trip > Time.............................. 0 (msec) First > Requests................................... 0 Retry > Requests................................... 0 Accept > Responses................................. 0 Reject > Responses................................. 0 Challenge > Responses.............................. 0 Malformed > Msgs................................... 0 Bad Authenticator > Msgs........................... 0 Pending > Requests................................. 0 Timeout > Requests................................. 0 Consecutive Drops > ............................... 0 Unknowntype > Msgs................................. 0 Other > Drops...................................... 0 > > > Server Index..................................... 3 Server > Address................................... xxxxxxxxx Msg Round Trip > Time.............................. 66 (msec) First > Requests................................... 2406297 Retry > Requests................................... 936 Accept > Responses................................. 244593 Reject > Responses................................. 10527 Challenge > Responses.............................. 2151076 Malformed > Msgs................................... 0 Bad Authenticator > Msgs........................... 0 Pending > Requests................................. 9 Timeout > Requests................................. 1037 Consecutive Drops > ............................... 0 Unknowntype > Msgs................................. 0 Other > Drops...................................... 0 > > > Server Index..................................... 4 Server > Address................................... xxxxxxxxx Msg Round Trip > Time.............................. 32 (msec) First > Requests................................... 1242604 Retry > Requests................................... 2373 Accept > Responses................................. 117933 Reject > Responses................................. 8209 Challenge > Responses.............................. 1116035 Malformed > Msgs................................... 0 Bad Authenticator > Msgs........................... 0 Pending > Requests................................. 0 Timeout > Requests................................. 2800 Consecutive Drops > ............................... 0 Unknowntype > Msgs................................. 0 Other > Drops...................................... 0 > > > Server Index..................................... 5 Server > Address................................... xxxxxxxxx Msg Round Trip > Time.............................. 14 (msec) First > Requests................................... 248129 Retry > Requests................................... 34 Accept > Responses................................. 23145 Reject > Responses................................. 2192 Challenge > Responses.............................. 222790 Malformed > Msgs................................... 0 Bad Authenticator > Msgs........................... 0 Pending > Requests................................. 0 Timeout > Requests................................. 36 Consecutive Drops > ............................... 0 Unknowntype > Msgs................................. 0 Other > Drops...................................... 0 > > > > -- > > > Jason Cook > The University of Adelaide, AUSTRALIA 5005 > Ph : +61 8 8313 4800 > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Wang, Yu > Sent: Friday, 16 October 2015 9:23 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths > > One way is to parse through radius logs (each controller has its unique > client name) and generate stats for auth/sec, auth/min, auth/day. You can > also generate graphs from scripts. I wrote a few to generate and mail graphic > reports daily. > > > Yu Wang > CS, FSU > ________________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [[email protected]] on behalf of Jeremy Gibbs > [[email protected]] > Sent: Thursday, October 15, 2015 5:28 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Measuring RADIUS Auths > > Hmm, I am interested to hear how you might accomplish that. My first > instinct is to port mirror the controller to a large enough box to handle the > traffic and have a filter looking for port 1645/1812 (whatever your RADIUS > AUTH port is) so you only capture that traffic (I would use tcpdump). Then > you might be able to do some stats on it if you capture for an hour or so. > > > -- > > Jeremy L. Gibbs > Sr. Network Engineer > Utica College IITS > > T: (315) 223-2383 > F: (315) 792-3814 > E: [email protected]<mailto:[email protected]> > http://www.utica.edu > > On Thu, Oct 15, 2015 at 5:13 PM, Charles Rumford > <[email protected]<mailto:[email protected]>> wrote: > We are using FreeRADIUS, but I want to measure independent of the RADIUS > server. > > -- > Charles Rumford > Network Engineer/Senior Wireless Engineer ISC Network Operations > University of Pennsylvania OpenPGP Key ID: 0xF3D8215A > (p) 215-746-2808<tel:215-746-2808> > > Sent from my phone > > On Oct 15, 2015, at 17:12, Jeremy Gibbs > <[email protected]<mailto:[email protected]>> wrote: > > What are you using for a RADIUS server? > > > -- > > Jeremy L. Gibbs > Sr. Network Engineer > Utica College IITS > > T: (315) 223-2383<tel:%28315%29%20223-2383> > F: (315) 792-3814<tel:%28315%29%20792-3814> > E: [email protected]<mailto:[email protected]> > http://www.utica.edu > > On Thu, Oct 15, 2015 at 5:08 PM, Charles Rumford > <[email protected]<mailto:[email protected]>> wrote: > I'm currently embarking on a project to determine the number of RADIUS auths > per minute each one of my controllers is generating to plan for the capacity > I need for my RADIUS servers. > > I was curious if anyone has embarked on a similar journey and tried to > measure auth rates coming from their controllers? > > I have a couple of ideas that I'm up for sharing, but I wanted to see if > anyone else has done this. > > Thanks! > > ---- > Charles Rumford > Network Engineer/Senior Wireless Engineer ISC Network Operations > University of Pennsylvania OpenPGP Key ID: 0xF3D8215A > (p) 215-746-2808<tel:215-746-2808> > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
