Cisco Systems Understanding radius-server deadtime and radius-server dead-criteria in Cisco IOS XR

Page 35

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

radius-server dead-criteria time

radius-server dead-criteria time

To specify the minimum amount of time, in seconds, that must elapse from the time that the router last received a valid packet from the RADIUS server to the time the server is marked as dead, use the radius-serverdead-criteria time command in global configuration mode. To disable the criteria that were set, use the no form of this command.

radius-server dead-criteria time seconds

no radius-server dead-criteria time seconds

Syntax Description		seconds	Length of time, in seconds. The range is from 1 to120 seconds. If the seconds argument
			is not configured, the number of seconds ranges from 10 to 60, depending on the
			transaction rate of the server.
			Note The time criterion must be met for the server to be marked as dead.


Defaults		If the seconds argument is not configured, the number of seconds ranges from 10 to 60 seconds,
		depending on the transaction rate of the server.

Command Modes

Command History

Global configuration

Release	Modification
Release 3.3.0	This command was introduced on the Cisco CRS-1 and
	Cisco XR 12000 Series Router.

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Note If you configure the radius-server dead-criteria time command before the radius-server deadtime command, the radius-server dead-criteria time command may not be enforced.

If a packet has not been received since the router booted and there is a timeout, the time criterion is treated as though it were met.

If the seconds argument is not indicated, the time is set to the defaults.

Task ID	Task ID	Operations
	aaa	read, write

Cisco IOS XR System Security Command Reference

SR-35

Image 35

Contents SR-1 SR-2 Aaa accountingSR-3 Creates a method list to be used for authorizationAaa Read, write SR-4 Aaa accounting system defaultSR-5 Creates a method list for authenticationCreates a method list for authorization SR-6 Aaa authenticationSR-7 Radius, group named-group,local, or line optionsCreates a method list for accounting SR-8 Command DescriptionSR-9 Aaa authorizationNetwork LocalSR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 SR-17 Aaa accounting commandAccounting SR-18 List named listname2 on a line template named configureSR-19 AuthorizationAuthorization command SR-20 Listname4 on a line template named configureSR-21 Deadtime server-group configurationDeadtime minutes no deadtime SR-22 Related Commands DescriptionSR-23 Description AAADescription string No description SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 SR-29 Inherit usergroupInherit usergroup usergroup-name SR-30 Sales user groupSR-31 Login authenticationAuthentication login command SR-32 SR-33 Password AAAPassword 0 7 password No password 0 7 password SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeSR-39 Radius-server deadtimeRadius-server deadtime minutes No radius-server deadtime SR-40 SR-41 Timeout secondsRadius-server host Retransmit retriesSR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitSR-47 Radius-server timeoutRadius-server timeout seconds No radius-server timeout SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSR-50 SecretSecret 0 5 secret no secret 0 5 secret SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userSR-60 If no radius servers are configured, no output is displayedShow radius Show radiusSR-61 Field DescriptionSR-62 Show radius accountingShow radius accounting SR-63 Show radius authenticationSR-64 Show radius authenticationShow radius authentication SR-65 Show radius accountingSR-66 Show radius clientShow radius client SR-67 SR-68 Show radius dead-criteriaSR-69 SR-70 No default behavior or valuesShow radius server-groups Show radius server-groupsSR-71 Field DescriptionSR-72 Show tacacsShow tacacs SR-73 SR-74 Show tacacs server-groupsShow tacacs server-groups SR-75 SR-76 Show task supportedShow task supported Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 SR-84 Tacacs-server keyTacacs-server key key-nameno tacacs-server key SR-85 Specifies a TACACS+ hostSR-86 Tacacs-server timeoutTacacs-server timeout seconds No tacacs-server timeout SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusDebug TaskWrite ExecuteSR-90 SR-91 TaskgroupSR-92 Creates a task group description in task configuration modeAdds a task ID to a task group SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameSR-98 Defines a method list for authenticationCreates a login password for a user Adds a user to a groupSR-99 Users groupSR-100 Given operator privileges