You can use a standard telnet program or command to connect to the 8950 AAA administrative interface. The 8950 AAA servers listen for telnet connections on the port specified in the Server Properties panel of the Server Management Tool.
Run a Telnet program and connect to the Telnet Port your RADIUS server is running.
For example:
telnet myradiusserver 9023
Log on using the login <user> <password> command.
You created your user name and password when you installed 8950 AAA. This information can be updated through the 8950 AAA Operators panel of the Server Management Tool.
For example:
login admin secret-pass
help <command>
to view the description and
applicable arguments.
The Admin Interface for the Policy Server and the Configuration Server use a shared a set of common base commands. In addition to these common commands, the Policy server has additional admin interface commands. All commands listed below are for use in the Policy server. The commands that are common to both servers are marked.
Command Description cache add The cache add operation adds an entry to the cache. The add operation requires the key for the entry to add. Multiple attributes and values to be stored in the cache entry may be specified after the key. Also up to two options can be specified before the key:
- The -idle option sets the maximum time in milliseconds this entry can be idle before it is deleted.
- The -live option sets the maximum time in milliseconds this entry will exist before it is deleted.
Login: true
Common: false
cache count This command is used to to establish the identify of the user accessing the admin interface. The cache count operation counts and displays the number of times a key appears in the cache. The count operation requires key of the entry to count. The key to count may end with the wildcard character (*), but it may not start with the wildcard character.
Login: true
Common: false
cache delete The cache delete operation deletes an entry in the cache. The delete operation requires key of the entry to delete. The key to delete may end with the wildcard character (*), but it may not start with the wildcard character.
Login: true
Common: false
cache dump Dump entries stored in the cache manager.
Login: true
Common: false
cache list The cache list operation is used to display entries in the cache. The list operation requires one key of the entry to list. The key may end with the wildcard character (*). If key specified is an exact match for an entry and does not contain the wildcard character, then the contents of the entry are displayed. If the key to list contains the wildcard character then a list of matching entries is displayed.
Login: true
Common: false
cache load Load cache manager contents from a file written either by the 'cache save' command, or by setting the server property 'Cache-DataFile', which tells the server to persist the cache at shutdown. Login: true
Common: false
cache names List the names of caches. Login: true
Common: false
cache save Save the contents of the cache manager to a file. Login: true
Common: false
call method Calls a policy method with optional request. Login: true
Common: false
client classes This the names of client classes, defined in the client_properties file. Login: true
Common: false
derby backup Back up a named Derby database. Login: true
Common: false
derby connect Establish a connect to a named Derby database. Login: true
Common: false
derby create Create a Derby database. Login: true
Common: false
derby disconnect Close the currently open connection to a Derby database. Login: true
Common: false
derby exec Execute an SQL statement with the currently open Derby database. Login: true
Common: false
derby freeze Freeze the currently open Derby database. Login: true
Common: false
derby info Output information about the currently open database, and its drivers. Login: true
Common: false
derby list Output a list of Derby databases. Login: true
Common: false
derby login Provide credentials to used in the next 'derby connect' command. These credentials over-ride those used to establish the command session. Login: true
Common: false
derby logout Clear cached database login credentials. Login: true
Common: false
derby restore Restore a Derby database from a backup. Login: true
Common: false
derby run Run a file of scripted SQL statements. Statements are separated by ';'. Login: true
Common: false
derby unfreeze Unfreeze the currently open Derby database. Login: true
Common: false
diag atfile dump Dump the contents of properties cached by AtFilePI. Login: true
Common: false
diag bufferpool stats Dump buffer pool statistics. Login: true
Common: false
diag chrono dump Dump high-resolution timers. Login: true
Common: true
diag chrono kick Kick high-resolution timer task. Login: true
Common: true
diag chrono list This command lists unexpired alarms(timers) maintained by the chronograph. The output contains the time the alarm will fire, and a description.
Login: true
Common: true
diag engine active The diag engine active option displays a list of all work items that are currently being processed or are in the queue waiting to be processed. This is the information can be used to determine if an incoming request is a duplicate of an existing request.
If the log option is present, the logging output in them work item is also displayed.
Login: true
Common: true
diag engine state Dump a list of work items waiting challenge responses. This are normally new requests with the 'State' attribute present. Login: true
Common: true
diag engine stats Dump various engine statistics. Login: true
Common: true
diag field list List cached field (reference) strings. Login: true
Common: false
diag field stats List cached field (reference) statistics. Login: true
Common: false
diag fuse list Dump low-resolution timers. Login: true
Common: true
diag method stats Dump method statistics. Login: true
Common: true
diag normal list List cached Normals. Login: true
Common: true
diag normal stats Dump Normal cache statistics. Login: true
Common: true
diag pending stats Dump statistics about pending RADIUS requests. Login: true
Common: false
diag queue list Dump Queue statistics. Login: true
Common: true
diag queue reset Reset a named queue. Login: true
Common: true
diag queue resetstats Reset statistics for a named queue. Login: true
Common: true
diag tal literal dump Dump a list of cached TAL (Triple-A language) literals. Login: true
Common: false
diag tcp keys List TCP(NIO) keys. Login: true
Common: false
diag tcp stats Dump TCP(NIO) statistics. Login: true
Common: false
diag watch list Dump low-resolution timers. (2nd generation) Login: true
Common: false
diameter route list Dump the Diameter realm routing table. Login: true
Common: true
eap aka cache count Count fast reauth entries by permanent user name. Login: true
Common: true
eap aka cache delete Delete fast reauth entries by permanent user name. Login: true
Common: true
eap aka cache list List fast reauth entries by permanent user name. Login: true
Common: true
eap sim cache count Count fast reauth entries by permanent user name. Login: true
Common: true
eap sim cache delete Delete fast reauth entries by permanent user name. Login: true
Common: true
eap sim cache list List fast reauth entries by permanent user name. Login: true
Common: true
file close This command flushes pending output and closes a currently open file. See 'file open' for details. Once the file is closed, an external process may modify the file. Care should be taken: if the server still needs to use the file it may immediately reopen the file. Login: true
Common: true
file delete This command atomically performs a file closecommand followed by a delete operation. If the server needs to write to a file that has been deleted it will recreate the file on the next write. Care should be used when issuing thefile deletecommand as once a file is deleted all data in that file is lost.Login: true
Common: true
file list List files in the run directory. Login: true
Common: true
file open This command lists the files that the server currently has open for writing. This includes files that may be in use by plug-ins such as the WriteDetailFile plug-in.
Each line of output contains the file name, and the current file size.
Login: true
Common: true
file reload This command has no arguments, currently reloadable files are listed. Otherwise, the arguments are the names of the files to reload.
Reloadable files are files whose contents are cached by the running server, and can be re-read, without restarting the server.
Files will be listed once for each time they are referenced in the PolicyFlow. Files that are loaded dynamically (the file name is read from a variable) will not be listed until they have been accessed.
Login: true
Common: true
file rename This command atomically performs a
file closeand a rename file operation.When this command is used it does not change any internal reference to the original file name. If server needs to write to the file a new file with the old file name will be created. For example if the server is configured to log to a file called mylog.log and you rename it to mylog.old a new mylog.log file will be created the next time the server needs to log to the file.
A common use of the
log renamecommand is to rotate log files.Login: true
Common: true
file view List the contents of a file in the run directory. Login: true
Common: true
help List available commands or usage. Login: false
Common: true
ipam lease Show ipam lease(s) matching the given IP address and optional selector. Login: true
Common: false
ipam pool Dump ipam pool prefixes. Login: true
Common: false
java gc This command initiates Java VM garbage collection. Garbage collection is used to recover memory no longer being used by the JVM and normally happens automatically. This command should be used only on instructions from technical support. Login: true
Common: true
java gc stats This command displays Java VM garbage collection statistics. Login: true
Common: true
java memory List JVM memory statistics. Login: true
Common: true
java properties List java system properties. Login: true
Common: true
java thread dump Login: true
Common: true
java thread dump List stack traces for all threads. Login: true
Common: true
java thread locks Display java lock info. Login: true
Common: true
java thread monitor contention Control java thread contention monitoring. Login: true
Common: true
java thread monitor cpu Control java thread cputime monitoring. Login: true
Common: true
java thread stats List java thread statistics. Login: true
Common: true
java threads List Java threads. Login: true
Common: true
java version Output the current JVM version. Login: true
Common: true
login This command is used to to establish the identify of the user accessing the admin interface. Login: false
Common: true
logrule add Login: true
Common: true
logrule areas This command lists all of the currently active areas for which logging rules may be defined. Some logging areas are created dynamically as needed so not all areas may be listed. Login: true
Common: true
logrule clear Clear the log rule list. Login: true
Common: true
logrule delete Remove a log rule. Login: true
Common: true
logrule insert Add a log rule. Login: true
Common: true
logrule list This command lists the currently active logging rules for the server. Login: true
Common: true
logrule load Load the log rule list from a file. Login: true
Common: true
logrule move Change a log rule's position in the log rule list. Login: true
Common: true
logrule save Save the log rule list to a file. Login: true
Common: true
logrule swap Swap two log rules. Login: true
Common: true
peer auto Place a peer on-demand mode. Login: true
Common: false
peer down Bring a Diameter peer down. Login: true
Common: false
peer up Attempt to bring a Diameter peer up. Login: true
Common: false
peer list List Diameter peers. Login: true
Common: false
radius clients List Radius clients. Login: true
Common: false
quit Login: false
Common: true
server kill Forcibly terminate the server without calling any shutdown hooks. Login: true
Common: true
server pause Stop processing Radius work items. Login: true
Common: true
server property add Add a property to runtime server properties. This property does not get written to the server_properties file. Login: true
Common: true
server property list This command displays the value of server properties. Properties for the server can be accessed from the server's PolicyFlow using the server variable prefix and the property name.
Login: true
Common: true
server property set This command is used to set the value of a existing server property. If the property exists, its value is changed. If the property does not exist when the command is issued then a new property is created with the value. Changes made while the server is running are not saved to the servers configuration file. Login: true
Common: true
server property unset This command removes a property from the server property list. Login: true
Common: true
server resume Resume processing Radius packets. Login: true
Common: false
server shutdown Perform a clean server shutdown. Login: true
Common: true
server status This command is used to display the current status of the server. Login: false
Common: true
server uptime Display server uptime. Login: true
Common: true
server version Display server version. Login: true
Common: true
server wait Wait for server shutdown. Normally only used by Windows service launcher. Login: true
Common: true
session codes This command allows setting whether command code responses are returned when commands are executed. Response codes provide a programmatic way to see if a command was successful.
Code Description 100 Ack - Command Succeeded. 101 Single Line Ack - Command Succeeded and single result line returned. 102 Multi Line Ack - Command Succeeded and a known number of lines in the result returned. 103 Variable Length Ack - Command Succeeded and a variable number lines in the result returned. 200 Nack - Command Failed. 201 Error Nack - Error encountered in executing command. 202 Format Nack - Command failed due to a formatting problem. 203 Unknown Command Nack - The command is unknown. 204 Multi Line Nack - The command failed and multiple lines were returned in the result. 900 Login Required - You must log in before running the command. 901 Password Required - A password is required 902 Shutdown - The server is shutting down. Login: false
Common: true
session echo This command enables echoing of characters as commands are typed. This command is generally used with the telnet interface in cases where commands are not seen on the screen. Login: false
Common: true
session exec This command reads a file that contains a list of admin interface commands to execute. The file must contain one command per line. Login: true
Common: true
session info Login: false
Common: true
stat Login: true
Common: true
state counts The counts command is used to display or modify the contents of state server counters.
Usage
- If no arguments are given, the counter names and current value count are output.
- If a single argument is given, it is taken a counter name, and all values for that counter are output. In the second form of the command, a single counter name is given as an argument. All counter values or that counter and their respective counts are listed. In this example we see the actual counts for the three User-Realms being tracked.
==> state count User-Name counts User-Realm 103 Multi-line response follows. Alaska-OnLine 176 Beach.net 145 mountains.com 151 100 Ok. ==>- If two arguments are given, they are taken as a counter name and a value. The output is the count for that value of the counter.
Login: true
Common: true
state entry Display an entry in the state cache. If only the key is present, all fields are dumped. Otherwise, each additional argument tells which portion of the entry to output.
Login: true
Common: true
state index list If no arguments are given, the command will output all indexes and how many values are present for each.
If an index is specified, the command list all of the values currently associated with the index and how many entries are present for each.
If an index and a value are specified, the command lists all entries when a matching value.
Login: true
Common: true
state keys Login: true
Common: true
state list The list command lists state server entries. If a specific key is provided only the entry for that key is displayed. If no key is provided, then all entries are displayed. If a NAS is specified (a key with no key separator character) then all entries matching the NAS are printed.
Do NOT use this command to print all entries on an active system with a large number of entries. This will lock the session database for the duration of execution and cause delays in processing USS requests.
Login: true
Common: true
state load Login: true
Common: true
state repl secstate Login: true
Common: true
state save Login: true
Common: true
state stats describe Prints the name, type, and description of the statistical informations. Login: true
Common: true
state stats list Lists the names and values of all statistical variables. Login: true
Common: true
state stats reset Resets all USS statistics and high-water marks to 0. Login: true
Common: true
state stop key Cause an entry indicated by key to enter INACTIVE state. Counts associated with the entry will be updated appropriately. Login: true
Common: true
state stop nas Cause all entries associated with a give NAS to enter INACTIVE state. Counts associated with each entry will be updated appropriately. Login: true
Common: true
state naslist The state naslist> command lists all current NASes, one per line. A NAS can be passed as an argument to the state list command in order to obtain all the entries associated with that NAS. Login: true
Common: true
stats client List statistics for a specified RADIUS client. Login: true
Common: true
stats clients List RADIUS clients. Login: true
Common: true
stats group list List groups available to the statistics collector. Login: true
Common: false
stats inst list List instances available for a specified statistics group. Login: true
Common: false
stats list List old-style MIB statistics. Login: true
Common: false
stats reset Reset old-Style MIB statistics. Login: true
Common: false
stats server List statistics for a specified RADIUS server. Login: true
Common: false
stats servers List RADIUS servers. Login: true
Common: true
stats var dump Dump statistics for a given group. Login: true
Common: true
stats var list List statistics for a given group. Login: true
Common: true
system hostaddr Output the system host address. Login: true
Common: true
system hostname Output the system host name. Login: true
Common: true
system time This command prints the current system date and time. Login: true
Common: true
system version This command prints the (operating) system version. This is the operating system the JVM in hosted upon. Login: true
Common: true
tacacsplus clients List TACACS+ clients. Login: true
Common: false
uss counts Output USS counter information. Login: true
Common: false
uss entry Output a specific USS entry. Login: true
Common: false
index list List USS indices. Login: true
Common: false
uss keys List USS primary keys. Login: true
Common: false
uss list List one or all USS entries. Login: true
Common: false
uss load Load entries into the USS from a 'USS save' file. This file can be written automatically at a clean server shutdown by specifying the server property 'StateServer-DataFile'. Login: true
Common: false
uss naslist List all NASs with entries in the USS. Login: true
Common: false
uss save Save all USS entries to a file. Login: true
Common: false
uss stats List USS statistics. Login: true
Common: false
uss stats help Give help for USS statistics. Login: true
Common: false
uss stats reset Reset USS statistics. Login: true
Common: false
uss status Gives current high level status of the USS. Login: true
Common: false
uss stop all Stop (place in INACTIVE state) all USS entries. Login: true
Common: false
uss stop key Stop (place in INACTIVE state) a USS entries. Login: true
Common: false
uss stop nas Stop (place in INACTIVE state) all USS entries associated with a given NAS. Login: true
Common: false
uss2 entry dump Show selected data from one or all USSv2 entries. Login: true
Common: false
uss2 entry list Show all data from one or all USSv2 entries. Login: true
Common: false
uss2 load Load USSv2 entries from a file. Login: true
Common: false
uss2 model dump Show information about one or all USSv2 models. Login: true
Common: false
uss2 node list Show one or all USSv2 nodes. Login: true
Common: false
uss2 reset Reset a given USSv2 entry. Login: true
Common: false
uss2 reset all Reset all USSv2 entries. Login: true
Common: false
uss2 reset nas Reset all USSv2 entries for a given NAS. Login: true
Common: false
uss2 resource Show available USSv2 resources. Login: true
Common: false
uss2 resource dump Show information about one or all USSv2 resources. Login: true
Common: false
uss2 resource list Login: true
Common: false
Login: true
Common: false