display access-user (all views)
Function
The display access-user command displays information about online users (including access users and administrators).
Format
display access-user [ domain domain-name | interface interface-type interface-number [ vlan vlan-id [ qinq qinq-vlan-id ] ] | ip-address ip-address [ vpn-instance vpn-instance-name ] | ipv6-address ipv6-address | access-slot slot-id | wired | wireless ] [ detail ]
display access-user username user-name [ detail ]
display access-user ssid ssid-name (Only the S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-HI, and S5720-HI support this command.)
display access-user [ mac-address mac-address | service-scheme service-scheme-name | user-id user-id ]
display access-user statistics (Only the S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-HI, and S5720-HI support this command.)
display access-user access-type { admin [ ftp | ssh | telnet | terminal | web ] | ppp } [ username user-name ]
Only the S5730-HI, S5731-H, S5731S-H, S6730-H, S6730S-H, S5732-H, S6720-HI, and S5720-HI support the wireless parameter.
Parameters
Parameter |
Description |
Value |
|---|---|---|
domain domain-name |
Displays information about users in a specified domain. |
The domain name must already exist. |
interface interface-type interface-number |
Displays information about users on a specified interface.
|
- |
vlan vlan-id [ qinq qinq-vlan-id ] |
Displays information about users in a VLAN.
In the authorized ISP VLAN scenario, you can view the user information only when the specified VLAN ID is the ISP VLAN ID. |
The values of vlan-id and qinq-vlan-id are integers that range from 1 to 4094. |
ip-address ip-address |
Displays information about the user with a specified IP address. NOTE:
When the user type is NAC or static, details about the user are displayed. When the user is in another type, brief information about the user is displayed. |
The value of ip-address is in dotted decimal notation. |
vpn-instance vpn-instance-name |
Indicates the name of the VPN instance that the specified IP address belongs to. |
The value must be an existing VPN instance name. |
ipv6-address ipv6-address |
Displays information about the user with a specified IPv6 address. |
The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X. |
mac-address mac-address |
Displays information about the user with a specified MAC address. |
The value is in H-H-H format. An H contains four hexadecimal digits. |
service-scheme service-scheme-name |
Displays information about the user with a specified service scheme. |
The service scheme must already exist. |
access-slot slot-id |
Displays information about users connecting to a specified device. |
The value range depends on the model of the device. |
ssid ssid-name |
Specifies the SSID for a service set. |
The SSID must already exist. NOTE:
SSID is supported only in the NAC unified mode. |
username user-name |
Displays information about the user with a user name. |
The user name must already exist. |
statistics |
Displays user statistics on the device.
|
The keyword statistics is supported only in the NAC unified mode. |
user-id user-id |
Displays information about sessions of a specified user. If this parameter is specified, detailed information about the user is displayed. |
The user-id must exist on the device. |
detail |
Displays detailed information about users. |
- |
access-type |
Displays information about the users using the specified authentication mode. |
- |
admin [ ftp | ssh | telnet | terminal | web ] |
Displays information about the administrators using the specified authentication mode.
|
- |
ppp |
Displays information about online users using PPP authentication. |
- |
wired |
Displays information about wired users. |
- |
wireless |
Displays information about wireless users. |
- |
Usage Guidelines
Usage Scenario
This command displays information about user sessions on the device.
Precautions
For administrators, lower-level users cannot check information about higher-level users.
If the character string of the user name contains spaces (for example, a b), you can run the display access-user username "a b" command to view online users.
If the character string of the user name contains spaces and quotation marks ("") simultaneously, you cannot use the user name to view online users. In this case, you can run the display access-user | include username command to view the user ID of the online user, and then run the display access-user user-id user-id command to view the user. Alternatively, you can run the cut access-user user-id user-id command to force the user to go offline.
When displaying VPN user entries based on user IP address, you must set the vpn-instance vpn-instance-name parameter to specify the VPN instance to which the IP address belongs.
If user-id is specified, detailed information about the specified user is displayed. If user-id is not specified, brief information about all online users is displayed, including the user ID, user name, IP address, and MAC address of each user.
Only letters, digits, and special characters can be displayed for username.
When the value of username contains special characters or characters in other languages except English, the device displays dots (.) for these characters. If there are more than three such consecutive characters, three dots (.) are displayed. Here, the special characters are the ASCII codes smaller than 32 (space) or larger than 126 (~).
When the value of username is longer than 20 characters, the device displays up to three dots (.) for the characters following 19; that is, only 22 characters are displayed.
When interface is specified, the device displays the connection information of online wired users on the interface.
When querying user information based on interfaces, MAC addresses, or VLANs, the device only displays information about 802.1X, MAC address, or Portal authentication users.
Example
# Display information about user sessions on the device.
<HUAWEI> display access-user ----------------------------------------------------------------------------------------------- UserID Username IP address MAC Status ----------------------------------------------------------------------------------------------- 1 normal@local - 001b-21c4-3b56 Success 62 005500000001 192.168.1.121 0055-0000-0001 Open 32675 fztest - 4611-97a4-0000 Success 16019 b002404 192.168.1.2 0000-c055-0102 Success ----------------------------------------------------------------------------------------------- Total: 4, printed: 4
If you specify the include or exclude parameter in the command, the values of Total and printed are still the total number of users.
# Display the user with the user ID being 1.
<HUAWEI> display access-user user-id 1 Basic: User ID : 1 User name : normal Domain-name : rds User MAC : 3039-26e0-e5a6 User IP address : 10.124.1.253 User vpn-instance : - User IPv6 address : - User access Interface : GigabitEthernet0/0/1 User vlan event : Success QinQVlan/UserVlan : 0/20 User access time : 2014/03/31 15:38:55 User accounting session ID : esap_lm000000000001245****8016032 Option82 information : - User access type : MAC HTTP User_Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows N T 5.1; Trident/4.0; aff-kingsoft-ciba; .NET4 .0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) DHCP option ID : 12 DHCP option content : [ASCII]g00141720b DHCP option ID : 55 DHCP option content : [HEX]010F03062C2E2F DHCP option ID : 60 DHCP option content : [ASCII]MSFT 5.0 Redirect ACL ID(Effective) : 3001 User Privilege : 15 Terminal Device Type : Data Terminal Dynamic ACL number(Effective) : 3100 Dynamic group index(Effective) : 10 Dynamic group name(Effective) : group10 Session Timeout : 1800(s) (local), Remaining: 1740(s) Termination Action : RE-AUTHENTICATION AAA: User authentication type : MAC authentication Current authentication method : RADIUS Current authorization method : - Current accounting method : RADIUS
# Display the user with the user ID being 62.
<HUAWEI> display access-user user-id 62 Basic: User ID : 62 User name : 005500000001 Domain-name : - User MAC : 0055-0000-0001 User IP address : 192.168.1.121 User vpn-instance : - User IPv6 address : - User access Interface : Wlan-Dbss3:152 User vlan event : Open QinQVlan/UserVlan : 0/125 User access time : 2015/07/10 11:27:12 User accounting session ID : esap_lm000000000001245****8016032 Option82 information : - User access type : None HTTP User_Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows N T 5.1; Trident/4.0; aff-kingsoft-ciba; .NET4 .0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) DHCP option ID : 12 DHCP option content : [ASCII]g00141720b DHCP option ID : 55 DHCP option content : [HEX]010F03062C2E2F DHCP option ID : 60 DHCP option content : [ASCII]MSFT 5.0 Redirect ACL ID(Effective) : 3001 User Privilege : 15 AP ID : 152 AP name : ap-152 Radio ID : 0 AP MAC : 0000-0000-0002 SSID : 57-open Online time : 23(s) AAA: User authentication type : None Current authentication method : None Current authorization method : Local Current accounting method : None
# Display the user with the user ID being 32675.
<HUAWEI> display access-user user-id 32675 Basic: User ID : 32675 User name : fztest Domain-name : fz User MAC : 4611-97a4-0000 User IP address : - User IPv6 address : - User access Interface : Eth-Trunk1 User vlan event : Success QinQVlan/UserVlan : 0/18 User access time : 2015/02/11 21:51:58 User accounting session ID : esap_lm000000000001245****8016032 Option82 information : - User access type : 802.1x Redirect ACL ID(Effective) : 3001 User Privilege : 15 AS ID : 1 AS name : test AS IP : 192.168.1.11 AS MAC : 0012-0016-4578 AS Interface : GigabitEthernet0/0/1 Terminal Device Type : Data Terminal AAA: User authentication type : 802.1x authentication Current authentication method : RADIUS Current authorization method : - Current accounting method : RADIUS
# Display the user with the user ID being 16019.
<HUAWEI> display access-user user-id 16019 Basic: User ID : 16019 User name : b002404 Domain-name : abc User MAC : 0000-c055-0102 User IP address : 192.168.1.2 User vpn-instance : - User IPv6 address : FC00:3::5689:98FF:FE01:583D User IPv6 link local address : FE80::5689:98FF:FE01:583D User access Interface : GigabitEthernet0/0/1 User vlan event : Success QinQVlan/UserVlan : 20/21 User vlan source : user request User access time : 2016/08/16 18:32:16 User accounting session ID : esap_lm000000000001245****8016032 Option82 information : - User PIR(Kbps) : 5000 User flow mapping name : zt User flow queue name : zt User access type : MAC Redirect ACL ID(Effective) : 3001 Terminal Device Type : Data Terminal User inbound data flow(Packet) : - User inbound data flow(Byte) : - User outbound data flow(Packet) : - User outbound data flow(Byte) : - DAA Inbound data flow(Packet/Byte) Tariff level 1 : -/- DAA Outbound data flow(Packet/Byte) Tariff level 1 : -/- User Lease : 600(s) ISP VLAN : 1000 ISP Interface : GigabitEthernet0/1/17 AAA: User authentication type : MAC authentication Current authentication method : RADIUS Current authorization method : - Current accounting method : None
When an Eth-Trunk contains a card that does not support a specified function, the message "The Eth-Trunk contains a card that does not support this function" is displayed behind the corresponding item.
Item |
Description |
|---|---|
Basic |
Basic information about a user. |
UserID/User ID |
Index of a user. |
Username/User name |
User name. |
Domain-name |
Authentication domain of a user. |
MAC/User MAC |
MAC address of a user. |
IP address/User IP address |
IP address of a user. |
User vpn-instance |
User VPN instance. |
User IPv6 address |
IPv6 address of a user. |
User IPv6 link local address |
IPv6 link-local address. |
User access Interface |
Access interface of a user. |
Status/User vlan event |
Whether a user joins a VLAN.
|
QinQVlan/UserVlan |
VLAN that a user belongs to.
|
User vlan source |
Source of a user VLAN.
|
User access time |
Time when a user goes online. If a time zone is configured and the daylight saving time begins, the time is displayed in the format of YYYY/MM/DD HH:MM:SS UTC±HH:MM DST. |
User accounting session ID |
ID of an accounting session. |
Option82 information |
Option 82 of a user. |
User PIR(Kbps) |
Peak Information Rate (PIR) in kbit/s. |
User flow mapping name |
Name of the user flow mapping template. |
User flow queue name |
Name of the user flow queue. |
User access type |
Access type of a user. For the related command, see local-user service-type. |
Redirect ACL ID(Effective) |
User Redirect ACL ID:
|
User Privilege |
Level of a user. |
Terminal Device Type |
Terminal device type of a user. |
HTTP User_Agent |
UA information in HTTP packets. |
DHCP option ID |
Value of a DHCP option. |
DHCP option content |
Content of a DHCP option. NOTE:
If a DHCP option contains invisible characters, it is displayed in hexadecimal format and starts with [HEX]. If a DHCP option does not contain invisible characters, it is displayed as a character string and starts with [ASCII]. |
Dynamic ACL number(Effective) |
ACL number:
NOTE:
This field is displayed only when ACL is dynamically delivered by the RADIUS server. |
Dynamic group index(Effective) |
Index of a UCL group. This option is available only in NAC unified mode. |
Dynamic group name(Effective) |
Name of a UCL group. This option is available only in NAC unified mode. |
Session Timeout |
Timeout interval of sessions.
|
Remaining |
Remaining session time. |
Termination Action |
Action taken when a session times out.
|
AP ID |
ID of the AP connected to users. |
AP name |
Name of the AP connected to users. |
Radio ID |
ID of the radio. |
AP MAC |
MAC address of the AP connected to users. |
SSID |
SSID of a STA. |
Online time |
STA online time. |
AAA |
AAA information about a user. |
User authentication type |
Authentication type of a user, which depends on the access type of the user. |
Current authentication method |
Authentication method used for a user. |
Current authorization method |
Current authorization method. |
Current accounting method |
Current accounting method. |
AS ID |
ID of the access devices in policy association network. |
AS name |
Name of the access devices in policy association network. |
AS IP |
IP address of the access devices in policy association network. |
AS MAC |
MAC address of the access devices in policy association network. |
AS Interface |
Interface of the access devices in policy association network. |
User inbound data flow(Packet) |
Data traffic (number of packets) from users to the device. |
User inbound data flow(Byte) |
Data traffic (number of bytes) from users to the device. |
User outbound data flow(Packet) |
Data traffic (number of packets) from the device to users. |
User outbound data flow(Byte) |
Data traffic (number of bytes) from the device to users. |
DAA Inbound data flow(Packet/Byte)(The Eth-Trunk contains a card that does not support this function) |
DAA incoming traffic (number of packets or bytes) (The Eth-Trunk contains a card that does not support this function). NOTE:
The device does not support this item. |
Tariff level 1 |
Tariff level. NOTE:
The device does not support this item. |
DAA Outbound data flow(Packet/Byte) |
DAA outgoing traffic (number of packets or bytes). NOTE:
The device does not support this item. |
User Lease |
User lease. |
ISP VLAN |
Authorized outbound interface VLAN. |
ISP Interface |
Authorized outbound interface. |
web-server IP address |
IP address of a Portal server. This field is displayed when the Portal or HACA protocol is used for Portal authentication. |
User flow mapping name |
Authorized flow mapping profile. |
SAC profile name |
Authorized sac profile. |
DACL group name |
Authorized DACL group name, which is delivered by the RADIUS server through the RADIUS attribute 26-82 (HW-Data-Filter). |