display hwtacacs scheme
Use display hwtacacs scheme to display the configuration or statistics of HWTACACS schemes.
Syntax
display hwtacacs scheme [ hwtacacs-scheme-name [ statistics ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a case-insensitive string of 1 to 32 characters. If you do not specify an HWTACACS scheme, this command displays the configuration of all HWTACACS schemes.
statistics: Displays the HWTACACS service statistics. If you do not specify this keyword, the command displays the configuration of the specified HWTACACS scheme.
Examples
# Displays the configuration of all HWTACACS schemes.
<Sysname> display hwtacacs scheme Total 1 HWTACACS schemes ------------------------------------------------------------------ HWTACACS Scheme Name : hwtac Index : 0 Primary Auth Server: Host name: Not configured IP : 2.2.2.2 Port: 49 State: Active VPN Instance: 2 Single-connection: Enabled Primary Author Server: Host name: Not configured IP : 2.2.2.2 Port: 49 State: Active VPN Instance: 2 Single-connection: Disabled Primary Acct Server: Host name: Not configured IP : Not Configured Port: 49 State: Block VPN Instance: Not configured Single-connection: Disabled VPN Instance : 2 NAS IP Address : 2.2.2.3 Server Quiet Period(minutes) : 5 Realtime Accounting Interval(minutes) : 12 Stop-accounting packets buffering : Enabled Retransmission times : 100 Response Timeout Interval(seconds) : 5 Username Format : with-domain Data flow unit : Byte Packet unit : one ------------------------------------------------------------------
Table 8: Command output
Field | Description |
---|---|
Index | Index number of the HWTACACS scheme. |
Primary Auth Server | Primary HWTACACS authentication server. |
Primary Author Server | Primary HWTACACS authorization server. |
Primary Acct Server | Primary HWTACACS accounting server. |
Secondary Auth Server | Secondary HWTACACS authentication server. |
Secondary Author Server | Secondary HWTACACS authorization server. |
Secondary Acct Server | Secondary HWTACACS accounting server. |
Host name | Host name of the server. This field displays Not configured in the following situations:
|
IP | IP address of the server. This field displays Not configured in the following situations:
|
Port | Service port of the HWTACACS server. If no port configuration is performed, this field displays the default port number. |
State | Status of the HWTACACS server: active or blocked. |
VPN Instance | MPLS L3VPN instance to which the HWTACACS server or scheme belongs. If no VPN instance is specified for the server or scheme, this field displays Not configured. |
Single-connection | Single connection status:
|
NAS IP Address | Source IP address for outgoing HWTACACS packets. |
Server Quiet Period(minutes) | Quiet period for the primary servers, in minutes. |
Realtime Accounting Interval(minutes) | Real-time accounting interval, in minutes. |
Stop-accounting packets buffering | Whether buffering of nonresponded HWTACACS stop-accounting requests is enabled. |
Retransmission times | Maximum number of transmission attempts for individual HWTACACS stop-accounting requests. |
Response Timeout Interval(seconds) | HWTACACS server response timeout period, in seconds. |
Username Format | Format for the usernames sent to the HWTACACS server:
|
Data flow unit | Measurement unit for data flows. |
Packet unit | Measurement unit for packets. |
# Display statistics for HWTACACS scheme tac.
<Sysname> display hwtacacs scheme tac statistics Primary authentication server : 111.8.0.244 Round trip time: 20 seconds Request packets: 1 Login request packets: 1 Change-password request packets: 0 Request packets including plaintext passwords: 0 Request packets including ciphertext passwords: 0 Response packets: 2 Pass response packets: 1 Failure response packets: 0 Get-data response packets: 0 Get-username response packets: 0 Get-password response packets: 1 Restart response packets: 0 Error response packets: 0 Follow response packets: 0 Malformed response packets: 0 Continue packets: 1 Continue-abort packets: 0 Pending request packets: 0 Timeout packets: 0 Unknown type response packets: 0 Dropped response packets: 0 Primary authorization server :111.8.0.244 Round trip time: 1 seconds Request packets: 1 Response packets: 1 PassAdd response packets: 1 PassReply response packets: 0 Failure response packets: 0 Error response packets: 0 Follow response packets: 0 Malformed response packets: 0 Pending request packets: 0 Timeout packets: 0 Unknown type response packets: 0 Dropped response packets: 0 Primary accounting server :111.8.0.244 Round trip time: 0 seconds Request packets: 2 Accounting start request packets: 1 Accounting stop request packets: 1 Accounting update request packets: 0 Pending request packets: 0 Response packets: 2 Success response packets: 2 Error response packets: 0 Follow response packets: 0 Malformed response packets: 0 Timeout response packets: 0 Unknown type response packets: 0 Dropped response packets: 0
Table 9: Command output
Field | Description |
---|---|
Primary authentication server | Primary HWTACACS authentication server. |
Primary authorization server | Primary HWTACACS authorization server. |
Primary accounting server | Primary HWTACACS accounting server. |
Secondary authentication server | Secondary HWTACACS authentication server. |
Secondary authorization server | Secondary HWTACACS authorization server. |
Secondary accounting server | Secondary HWTACACS accounting server. |
Round trip time | The time interval during which the device processed a pair of request and response. The unit is second. |
Request packets | Total number of sent request packets. |
Login request packets | Number of login request packets. |
Change-password request packets | Number of request packets for changing passwords. |
Request packets including plaintext passwords | Number of request packets that include plaintext passwords. |
Request packets including ciphertext passwords | Number of request packets that include ciphertext passwords. |
Response packets | Total number of received response packets. |
Pass response packets | Number of response packets indicating successful authentication. |
Failure response packets | Number of response packets indicating authentication or authorization failure. |
Get-data response packets | Number of response packets for obtaining user data. |
Get-username response packets | Number of response packets for obtaining usernames. |
Get-password response packets | Number of response packets for obtaining passwords. |
Restart response packets | Number of response packets for reauthentication. |
Error response packets | Number of error-type response packets. |
Follow response packets | Number of follow-type response packets. |
Malformed response packets | Number of malformed response packets. |
Continue packets | Number of sent Continue packets. |
Continue-abort packets | Number of sent Continue-abort packets. |
Pending request packets | Number of request packets waiting for a response. |
Timeout packets/Timeout response packets | Number of timeout response packets. |
Unknown type response packets | Number of unknown-type response packets. |
Dropped response packets | Number of dropped response packets. |
PassAdd response packets | Number of received PassAdd response packets. The packets indicate that all requested authorization attributes are assigned and additional authorization attributes are added. |
PassReply response packets | Number of received PassReply response packets. The device uses the specified authorization attributes in the packets to replace the requested authorization attributes. |
Accounting start request packets | Number of accounting start request packets. |
Accounting stop request packets | Number of accounting stop request packets. |
Accounting update request packets | Number of accounting update request packets. |
Success response packets | Number of accounting success response packets. |
Related commands
reset hwtacacs statistics