display hwtacacs scheme
Use display hwtacacs scheme to display the configuration or statistics of HWTACACS schemes.
Syntax
display hwtacacs scheme [ hwtacacs-scheme-name [ statistics ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a case-insensitive string of 1 to 32 characters. If you do not specify an HWTACACS scheme, this command displays the configuration of all HWTACACS schemes.
statistics: Displays the HWTACACS service statistics. If you do not specify this keyword, the command displays the configuration of the specified HWTACACS scheme.
Examples
# Displays the configuration of all HWTACACS schemes.
<Sysname> display hwtacacs scheme
Total 1 HWTACACS schemes
------------------------------------------------------------------
HWTACACS Scheme Name : hwtac
Index : 0
Primary Auth Server:
Host name: Not configured
IP : 2.2.2.2 Port: 49 State: Active
VPN Instance: 2
Single-connection: Enabled
Primary Author Server:
Host name: Not configured
IP : 2.2.2.2 Port: 49 State: Active
VPN Instance: 2
Single-connection: Disabled
Primary Acct Server:
Host name: Not configured
IP : Not Configured Port: 49 State: Block
VPN Instance: Not configured
Single-connection: Disabled
VPN Instance : 2
NAS IP Address : 2.2.2.3
Server Quiet Period(minutes) : 5
Realtime Accounting Interval(minutes) : 12
Stop-accounting packets buffering : Enabled
Retransmission times : 100
Response Timeout Interval(seconds) : 5
Username Format : with-domain
Data flow unit : Byte
Packet unit : one
------------------------------------------------------------------
Table 8: Command output
Field | Description |
|---|---|
Index | Index number of the HWTACACS scheme. |
Primary Auth Server | Primary HWTACACS authentication server. |
Primary Author Server | Primary HWTACACS authorization server. |
Primary Acct Server | Primary HWTACACS accounting server. |
Secondary Auth Server | Secondary HWTACACS authentication server. |
Secondary Author Server | Secondary HWTACACS authorization server. |
Secondary Acct Server | Secondary HWTACACS accounting server. |
Host name | Host name of the server. This field displays Not configured in the following situations:
|
IP | IP address of the server. This field displays Not configured in the following situations:
|
Port | Service port of the HWTACACS server. If no port configuration is performed, this field displays the default port number. |
State | Status of the HWTACACS server: active or blocked. |
VPN Instance | MPLS L3VPN instance to which the HWTACACS server or scheme belongs. If no VPN instance is specified for the server or scheme, this field displays Not configured. |
Single-connection | Single connection status:
|
NAS IP Address | Source IP address for outgoing HWTACACS packets. |
Server Quiet Period(minutes) | Quiet period for the primary servers, in minutes. |
Realtime Accounting Interval(minutes) | Real-time accounting interval, in minutes. |
Stop-accounting packets buffering | Whether buffering of nonresponded HWTACACS stop-accounting requests is enabled. |
Retransmission times | Maximum number of transmission attempts for individual HWTACACS stop-accounting requests. |
Response Timeout Interval(seconds) | HWTACACS server response timeout period, in seconds. |
Username Format | Format for the usernames sent to the HWTACACS server:
|
Data flow unit | Measurement unit for data flows. |
Packet unit | Measurement unit for packets. |
# Display statistics for HWTACACS scheme tac.
<Sysname> display hwtacacs scheme tac statistics
Primary authentication server : 111.8.0.244
Round trip time: 20 seconds
Request packets: 1
Login request packets: 1
Change-password request packets: 0
Request packets including plaintext passwords: 0
Request packets including ciphertext passwords: 0
Response packets: 2
Pass response packets: 1
Failure response packets: 0
Get-data response packets: 0
Get-username response packets: 0
Get-password response packets: 1
Restart response packets: 0
Error response packets: 0
Follow response packets: 0
Malformed response packets: 0
Continue packets: 1
Continue-abort packets: 0
Pending request packets: 0
Timeout packets: 0
Unknown type response packets: 0
Dropped response packets: 0
Primary authorization server :111.8.0.244
Round trip time: 1 seconds
Request packets: 1
Response packets: 1
PassAdd response packets: 1
PassReply response packets: 0
Failure response packets: 0
Error response packets: 0
Follow response packets: 0
Malformed response packets: 0
Pending request packets: 0
Timeout packets: 0
Unknown type response packets: 0
Dropped response packets: 0
Primary accounting server :111.8.0.244
Round trip time: 0 seconds
Request packets: 2
Accounting start request packets: 1
Accounting stop request packets: 1
Accounting update request packets: 0
Pending request packets: 0
Response packets: 2
Success response packets: 2
Error response packets: 0
Follow response packets: 0
Malformed response packets: 0
Timeout response packets: 0
Unknown type response packets: 0
Dropped response packets: 0
Table 9: Command output
Field | Description |
|---|---|
Primary authentication server | Primary HWTACACS authentication server. |
Primary authorization server | Primary HWTACACS authorization server. |
Primary accounting server | Primary HWTACACS accounting server. |
Secondary authentication server | Secondary HWTACACS authentication server. |
Secondary authorization server | Secondary HWTACACS authorization server. |
Secondary accounting server | Secondary HWTACACS accounting server. |
Round trip time | The time interval during which the device processed a pair of request and response. The unit is second. |
Request packets | Total number of sent request packets. |
Login request packets | Number of login request packets. |
Change-password request packets | Number of request packets for changing passwords. |
Request packets including plaintext passwords | Number of request packets that include plaintext passwords. |
Request packets including ciphertext passwords | Number of request packets that include ciphertext passwords. |
Response packets | Total number of received response packets. |
Pass response packets | Number of response packets indicating successful authentication. |
Failure response packets | Number of response packets indicating authentication or authorization failure. |
Get-data response packets | Number of response packets for obtaining user data. |
Get-username response packets | Number of response packets for obtaining usernames. |
Get-password response packets | Number of response packets for obtaining passwords. |
Restart response packets | Number of response packets for reauthentication. |
Error response packets | Number of error-type response packets. |
Follow response packets | Number of follow-type response packets. |
Malformed response packets | Number of malformed response packets. |
Continue packets | Number of sent Continue packets. |
Continue-abort packets | Number of sent Continue-abort packets. |
Pending request packets | Number of request packets waiting for a response. |
Timeout packets/Timeout response packets | Number of timeout response packets. |
Unknown type response packets | Number of unknown-type response packets. |
Dropped response packets | Number of dropped response packets. |
PassAdd response packets | Number of received PassAdd response packets. The packets indicate that all requested authorization attributes are assigned and additional authorization attributes are added. |
PassReply response packets | Number of received PassReply response packets. The device uses the specified authorization attributes in the packets to replace the requested authorization attributes. |
Accounting start request packets | Number of accounting start request packets. |
Accounting stop request packets | Number of accounting stop request packets. |
Accounting update request packets | Number of accounting update request packets. |
Success response packets | Number of accounting success response packets. |
Related commands
reset hwtacacs statistics