Reset aaa server dead time and count?

Leroy Plock · ‎01-27-2016

On most IOS devices when you run "show aaa servers," it will give the total time and count that the servers have been marked dead, like this:

RADIUS: id 1, priority 1, host <a.b.c.d> auth-port 1812, acct-port 1813
State: current UP, duration 54925s, previous duration 749s
Dead: total time 4349s, count 2 <-----------------------------------------------------------

Is there a non-service impacting way to reset these counters to zero? Have tried all the clear aaa and clear radius commands.

Thanks.

Jatin Katyal · ‎01-27-2016

I guess those are only 2 commands to clear counters / stat's for aaa on IOS.

- Jatin

~Jatin

nspasov · ‎01-27-2016

Good question! I tried just about anything and could not get rid of those counters. I even removed the instance configuration and then re-added it. All that did is set the server id to 3 and priority to 2 (Used to be #1) but still kept the stats :s

RADIUS: id 3, priority 2, host 192.168.40.100, auth-port 1812, acct-port 1813
State: current UP, duration 16781s, previous duration 2518s
Dead: total time 113834s, count 11
Quarantined: No
Authen: request 0, timeouts 0, failover 0, retransmission 0

Perhaps a bug? :) Maybe Jatin can see if someone from the BU can shed some light :)

Thank you for rating helpful posts!

Jatin Katyal · ‎01-31-2016

Sure Neno, I'll check that and let you guys know. ~ Jatin

~Jatin

Jatin Katyal · ‎02-23-2016

Hi Guys, sorry for any delay. in one of my t-shoot call I discovered the appropriate command to clear the counter. I guess you already have that command and I confirmed there is no way to run this command in a silent mode.

clear aaa counters servers { all | radius { server-id | all } | sg name }

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-c1.html#wp1784604007

~ Jatin

~Jatin

nspasov · ‎02-23-2016

Thanks for the tip Jatin! Unfortunately, that command clears all stats except the ones that we need :(

NS-3560c-01#show aaa servers

RADIUS: id 2, priority 1, host 192.168.40.101, auth-port 1812, acct-port 1813
 State: current UP, duration 125937s, previous duration 18205s
 Dead: total time 135220s, count 11
 Quarantined: No
 Authen: request 0, timeouts 0, failover 0, retransmission 0
 Response: accept 0, reject 0, challenge 0
 Response: unexpected 0, server error 0, incorrect 0, time 0ms
 Transaction: success 0, failure 0
 Throttled: transaction 0, timeout 0, failure 0
 Author: request 0, timeouts 0, failover 0, retransmission 0
 Response: accept 0, reject 0, challenge 0
 Response: unexpected 0, server error 0, incorrect 0, time 0ms
 Transaction: success 0, failure 0
 Throttled: transaction 0, timeout 0, failure 0
 Account: request 0, timeouts 0, failover 0, retransmission 0
 Request: start 0, interim 0, stop 0
 Response: start 0, interim 0, stop 0
 Response: unexpected 0, server error 0, incorrect 0, time 0ms
 Transaction: success 0, failure 0
 Throttled: transaction 0, timeout 0, failure 0
 Elapsed time since counters last cleared: 0m
 Estimated Outstanding Access Transactions: 0
 Estimated Outstanding Accounting Transactions: 0
 Estimated Throttled Access Transactions: 0
 Estimated Throttled Accounting Transactions: 0
 Maximum Throttled Transactions: access 0, accounting 0

Thank you for rating helpful posts!

Jatin Katyal · ‎02-23-2016

Hi Neno -Thanks for testing. I discussed this issue with one of the IOS DE and per him This is expected behavior. Dead counters are server-state counters and they will not be cleared as part of the clear command as server-state statistics have to be .This change has been made as part of CSCdz50774 so when clear command is issue the server state counters are kept intact and only the authen,author,accounting related counters are cleared.

~ Jatin

~Jatin

nspasov · ‎02-23-2016

So just to confirm: There is no way to clear those counters? :)

Thank you for rating helpful posts!