display aaa configuration

Function

The display aaa configuration command displays a summary of the AAA configuration.

Format

display aaa configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name	Operations
aaa-access	read

Usage Guidelines

Usage Scenario

After configuring AAA, you can run the display aaa configuration command to view the detailed configurations and resource usages of AAA. The output of this command includes such as the usages of domains, authentication schemes, accounting schemes, recording schemes, number of access users, and number of online users in each status.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

The actual command output varies according to the device. The command output here is only an example.

# For NetEngine 8000 F2A, display a summary of the AAA configuration.

<HUAWEI> display aaa configuration
-----------------------------------------------------------------------------------------------------
  AAA configuration information :
  -----------------------------------------------------------------------------------------------------
  Parse Priority                            : Domain first
  Domain Name Delimiter                     : @ 
  Domainname parse direction                : Left to right
  Domainname location                       : After-delimiter
  Realm name delimiter                      : -
  Realmname parse direction                 : Left to right
  Realmname location                        : Before-delimiter
  Domain                                    : total: 1024  used: 9     
  Authentication-scheme                     : total: 32    used: 3    
  Authorization-scheme                      : total: 32    used: 1    
  Accounting-scheme                         : total: 256   used: 2    
  Recording-scheme                          : total: 128   used: 0    
  AAA-access-user                           : total: 279552 used: 3    
  Access-user-state                         : authen: 0    author: 0    accounting: 3   
  Transition-step                           : -
  Min-Delay-time                            : -
  Max-Delay-time                            : -
  Access speed                              : -
  Offline speed                             : 256(/s)
  Account-session-id-version                : Version1
  Remote-download configuration             : 
    Remote user-group                       : disable
    Remote user-group check interval        : 10
    Remote acl                              : disable
  User no-family user-max-session           : 0
  Access-trigger lease original             : disable   

  BGP over PPPoE                            : disable   
  BGP over LNS                              : disable
  BGP over IPoE                             : disable   
  Said check-rule rule1(increase)           : 10000
  Said diag-rule(increase,reduce,rate)      : 10000,1000,30
  Said recover interval                     : 0
  Said check-rule user-number(reduce-ratio) : 50
  Said check-rule flow-speed(reduce-ratio)  : 50
  Backup event log cfg(minor,major)         : Eth-trunk(10,20)
                                              GE(10,100) 
                                              10GE(1000,10000) 
                                              100GE(1000,10000) 
  Backup event log detect cfg               : interval: 1
                                              all-count: 1 
                                              fail-count: 1 
  LNS access-limit                          : 2000
  User-group load-balance                   : Refer-service-location
  -----------------------------------------------------------------------------------------------------

# For NetEngine 8000 F1A, display a summary of the AAA configuration.

<HUAWEI> display aaa configuration
-----------------------------------------------------------------------------------------------------
  AAA configuration information :
  -----------------------------------------------------------------------------------------------------
  Parse Priority                            : Domain first
  Domain Name Delimiter                     : @ 
  Domainname parse direction                : Left to right
  Domainname location                       : After-delimiter
  Realm name delimiter                      : -
  Realmname parse direction                 : Left to right
  Realmname location                        : Before-delimiter
  Domain                                    : total: 1024  used: 9     
  Authentication-scheme                     : total: 32    used: 3    
  Authorization-scheme                      : total: 32    used: 1    
  Accounting-scheme                         : total: 256   used: 2    
  Recording-scheme                          : total: 128   used: 0    
  AAA-access-user                           : total: 279552 used: 3    
  Access-user-state                         : authen: 0    author: 0    accounting: 3   
  Transition-step                           : -
  Min-Delay-time                            : -
  Max-Delay-time                            : -
  Access speed                              : -
  Offline speed                             : 256(/s)
  Account-session-id-version                : Version1
  Remote-download configuration             : 
    Remote user-group                       : disable
    Remote user-group check interval        : 10
    Remote acl                              : disable
  User no-family user-max-session           : 0
  Access-trigger lease original             : disable   

  BGP over PPPoE                            : disable   
  BGP over LNS                              : disable
  BGP over IPoE                             : disable   
  Said check-rule rule1(increase)           : 10000
  Said diag-rule(increase,reduce,rate)      : 10000,1000,30
  Said recover interval                     : 0
  Said check-rule user-number(reduce-ratio) : 50
  Said check-rule flow-speed(reduce-ratio)  : 50
  Backup event log cfg(minor,major)         : Eth-trunk(10,20)
                                              GE(10,100) 
                                              10GE(1000,10000) 
                                              100GE(1000,10000) 
  Backup event log detect cfg               : interval: 1
                                              all-count: 1 
                                              fail-count: 1 
  LNS access-limit                          : 2000
  User-group load-balance                   : Refer-service-location
  Access user-statistics KPI switch         : enable  
  -----------------------------------------------------------------------------------------------------

**Table 1** Description of the **display aaa configuration** command output
Item	Description
AAA configuration information	Brief AAA information.
Parse Priority	Domain name parsing priority, which can be: Domain first: parses the domain name first. Realm first: parses the Realm name first.
Domain Name Delimiter	Domain name delimiter. If this parameter is not configured using the domain-name-delimiter command, the default value @ is displayed.
Domain	Statistics about domains in the system. total: the maximum number of domains that the system allows. used: the number of configured domains including the default domains.
Domainname parse direction	Domain name parsing direction, which can be: Left to right: parses the domain name from left to right. Right to left: parses the domain name from right to left. If this parameter is not configured using the domainname-parse-direction command, the default value Left to right is displayed.
Domainname location	Domain name location, which can be: After-delimiter: after the delimiter. Before-delimiter: before the delimiter. If this parameter is not configured using the domain-location command, the value After-delimiter is displayed.
Realm name delimiter	Realm name delimiter.
Realmname location	Realm name location, which can be: After-delimiter: after the delimiter. Before-delimiter: before the delimiter. If this parameter is not configured using the realm-location command, the default value Before-delimiter is displayed.
Realmname parse direction	Realm name parsing direction, which can be: Left to right: parses the Realm name from left to right. Right to left: parses the Realm name from right to left.
Authentication-scheme	Statistics about authentication schemes in the system. total: the maximum number of authentication schemes that the system allows. used: the number of configured authentication schemes including the default authentication schemes.
Authorization-scheme	Statistics about authorization schemes in the system. total: the maximum number of authorization schemes that the system allows. used: the number of configured authorization schemes including the default authorization schemes.
Accounting-scheme	Statistics about accounting schemes in the system. total: the maximum number of accounting schemes that the system allows. used: the number of configured accounting schemes including the default accounting schemes.
Recording-scheme	Statistics about recording schemes in the system. total: the maximum number of recording schemes that the system allows. used: the number of configured recording schemes including the default recording schemes.
AAA-access-user	Statistics about access users in the system. total: the maximum number of access users that the system allows. used: the number of accessed users.
Access-user-state	Statistics about the status of access users in the system. authen: the number of the users being authenticated. author: the number of the users being authorized. accounting: the number of the users being accounted (Users that have gone online have been authenticated and authorized, including accounting and non-accounting users).
Transition-step	Step of the change in the number of system users when the number of system users increases by one step, the delay of the system response to user access requests increases by a certain period. The system responds to the access requests of users that are in the same number range with the same delay. If this parameter is not configured using the access-delay step command, a hyphen (-) is displayed.
Min-Delay-time	Minimum delay of the response to an access request. If this parameter is not configured using the access-delay step command, a hyphen (-) is displayed.
Max-Delay-time	Maximum delay of the response to an access request. If this parameter is not configured using the access-delay step command, a hyphen (-) is displayed.
Access speed	User access rate that the device allows. If this parameter is not configured using the access-speed command, a hyphen (-) is displayed.
Access user-statistics KPI switch	Whether the device is enabled with the function to report the number of user login successes, the number of user login failures, and the login success rate based on domains, outer VLAN IDs, or sub-interfaces to the KPI system. This function can be configured using the access user-statistic complete-kpi enable command. If this function is not configured, this item is not displayed.
Offline speed	User offline speed, in users per second.
Account-session-id-version	Version for generating user accounting session IDs.
Remote user-group	Whether the RADIUS server is enabled to create dynamic user groups (enable or disable).
Remote user-group check interval	Interval at which the device checks whether a dynamic user group is used by online users or dynamic ACLs.
Remote acl	Whether the RADIUS server is enabled to create dynamic ACLs (enable or disable).
Access-trigger lease original	Whether to enable the system to restore the original lease's end time. By default, the system is disabled from restoring the original lease's end time. enable: The system is enabled to restore the original lease's end time. disable: The system is disabled from restoring the original lease's end time.
BGP over PPPoE	Whether BGP over PPPoE is enabled. enable: BGP over PPPoE is enabled. disable: BGP over PPPoE is disabled.
BGP over LNS	Whether BGP over LNS is enabled. enable. disable.
BGP over IPoE	Whether BGP over IPoE is enabled: enable: BGP over IPoE is enabled. disable: BGP over IPoE is disabled.
LNS access-limit	Maximum number of users that are allowed to access the LNS. The access-limit <max-number> access-type lns command has been run in the AAA view to limit the maximum number of users that are allowed to access the LNS.
Said check-rule rule1(increase)	Default login failure increment that can trigger fault detection on SAID nodes.
Said diag-rule(increase,reduce,rate)	Rule for triggering SAID fault diagnosis.
Said recover interval	Interval between two SAID fault recovery operations.
Said check-rule user-number(reduce-ratio)	User reduction rate threshold over which fault diagnosis and self-healing are triggered on SAID nodes.
Said check-rule flow-speed(reduce-ratio)	Traffic reduction rate threshold over which fault diagnosis and self-healing are triggered on SAID nodes.
Backup event log cfg(minor,major)	Minor and major alarm thresholds for the number of users during backup detections on an interface. Eth-trunk(10,20): The minor and major alarm thresholds for the number of users on an Eth-Trunk interface during backup detections are 10 and 20, respectively. GE(10,100): The minor and major alarm thresholds for the number of users on a GE interface during backup detections are 10 and 100, respectively. 10GE(1000,10000): The minor and major alarm thresholds for the number of users on a 10GE interface during backup detections are 1000 and 10000, respectively. 100GE(1000,10000): The minor and major alarm thresholds for the number of users on a 100GE interface during backup detections are 1000 and 10000, respectively.
Backup event log detect cfg	Backup detection interval and number of detections. interval: backup detection interval on an interface. all-count: total number of backup detections on an interface. fail-count: number of backup detection failures on an interface.
User-group load-balance	Whether the device is enabled to check the active/standby status of service-locations when performing the load balancing function in the scenario where multiple user groups are configured in the AAA domain and bound to a NAT instance. This field is displayed only after the load-balance user-group refer-service-location command in the AAA view.