| show snmp trap history verbose| grep -i AAA |
| show radius counters all |
| monitor subscriber |
| show sub full |
| show radius clients status |
| show srp mon all |
| show radius (auth | account) server detail |
| ThreshAAAAuthFail |
| ThreshClearAAAAuthFail |
| AAAAuthSrvReachable/Unreachable |
| SRPAAAUnreachable/Reachable |
| show mipfa stat |
| show mipha stat |
| show ppp stat |
| ping |
| radius test (Auth | account) |
| show task resources facility aaamgr |
| show session subsystem facility aaamgr |
| show npu flow record min-flowid <aaa min flowid> max-flowid <aaa max flowid> |
| show radius info instance |
| show sub aaa-config |
| show session disconnect-reasons |
|
| logging filter runtime facility <aaamgr | aaa-client | radius-auth | radius-acct> level <warning | unusual | info | trace | debug> |
| radius test probe authentication server X.X.X.X port yyy username test password test |
PS: Multiple iterations of above commands should suffice the troubleshooting process. Also "logging facility" logs should be taken with caution on the production logs as this could negative effect on CPU load and should be activated on the basis of cisco support advice only ( preferably in the low traffic time )
