display access-user (All views)
Function
The display access-user command displays information about users that pass AAA authentication.
Format
display access-user
display access-user [ domain domain-name | user-id user-id-value | username user-name | ip-address ip-addr | ipv6-address ipv6-addr ]
display access-user { user-id user-id-value | { ip-address ip-addr | ipv6-address ipv6-addr | ipv6-prefix ipv6-prefix } [ vpn-instance vpn-instance ] }
Parameters
| Parameter | Description | Value |
|---|---|---|
| domain domain-name |
Specifies the name of the domain to which a user belongs. |
The value is a string of 1 to 64 case-insensitive characters. |
| user-id user-id-value |
Specifies the index of an authenticated user. When userid is specified, information about the online user of the specified index is displayed regardless of the user status. |
The value ranges from 0 to 4294967295. |
| username user-name |
Specifies the name of an authenticated user. A complete user name is in the form of user name@domain name. |
The value is a string of 1 to 253 case-insensitive characters without spaces. If the value includes @, the characters before @ are the user name and the characters after @ are the domain name. If the value excludes @, the entire string is the user name and the user belongs to the default domain. A user name cannot contain two or more @s. |
| ip-address ip-addr |
Specifies an IP address, in dotted decimal notation. The format is X.X.X.X. |
The value is in dotted decimal notation. |
| ipv6-address ipv6-addr |
Specifies an IPv6 address, in the format of X:X::X:X. |
The value is a 32-digit hexadecimal number. |
| ipv6-prefix ipv6-prefix |
Specifies the address and length of an IPv6 prefix. |
The length ranges from 1 to 128. |
| vpn-instance vpn-instance |
Displays information about online user bound to the specified VPN instance. |
The value is a string of 1 to 31 case-sensitive characters. If spaces are used, the string must start and end with double quotation marks ("). |
Usage Guidelines
Usage Scenario
To monitor the information about the access users or locate the user access fault, you can run the display access-user command to view the information about all access users.
You can also view information about access users on the device by specifying the domain name, interface name, user name, and so on.- When domain is specified, the device displays a summary of the authenticated users in the specified domain. The summary of the authenticated users includes the user names, domain name, and user access indexes.
- When ip-address or ipv6-address is specified, the device displays information about all users that pass AAA authentication based on a specified IP address. The displayed information is brief, including the user index, user name, domain name, and IP address.
- When user-id is specified, the device displays the details about the user with the specified ID. The details about the user include the user access index, user name, user status (activated/deactivated), IP address, access type, user type, current authentication mode, authentication result, current authorization mode, authorization result, action flag, authentication status, and authorization status.
- When username is specified, the device displays a summary of the authenticated users with the specified user name. The summary of the authenticated users includes the user name, domain name, and user access index.
- For Layer 2 private line users, when the command for displaying brief information is run, only Layer 2 private line user information can be displayed. To view information about users in a Layer 2 private line, you can add the keyword verbose to the end of the command.
Precautions
If the command output contains "Info: No online user!", the number of queried users based on the specified parameter is 0 or the device does not support query based on the specified parameter.
Example
The actual command output varies according to the device. The command output here is only an example.
<HUAWEI> display access-user ip-address 192.168.255.229 ------------------------------------------------------------------- User access index : 32 State : Used User name : R6-02224001200000@sd2 Domain name : sd2 Backup from(IPv6) : Remote Backup from(IPv4) : Remote User access interface : Eth-Trunk22.12 User access PeVlan/CeVlan : 12/- User access slot : 1 User MAC : 00e0-fc12-3451 User IP address : 192.168.255.229 User IP netmask : 255.255.255.255 User gateway address : 192.168.1.1 User Authen IP Type : ipv4/-/- User Basic IP Type : -/-/- Server IP : 192.168.1.1 User lease : 2011-12-20 18:41:38---2011-12-23 18:41:38 Remain lease(sec) : 259200 User MSIDSN name : - EAP user : No MD5 end : No MTU : 1500 IPv6 MTU : 1500 Vpn-Instance : - User access type : IPOE User authentication type : No authentication RADIUS-server-template : sd Server-template of second acct: - Agent-Circuit-Id : - Agent-Remote-Id : - Access-line-id Information(dhcpv4 option82): - Current authen method : RADIUS authentication Authen result : Success Current author method : Idle Author result : Idle Action flag : Idle Authen state : Authed Author state : Idle Configured accounting method : RADIUS accounting Quota-out : Offline Current accounting method : RADIUS accounting Realtime-accounting-switch : Close Realtime-accounting-interval(sec) : - Realtime-accounting-send-update : No Realtime-accounting-traffic-update : No Access start time : 2011-12-20 16:47:31 Accounting start time : 2011-12-20 16:47:31 Online time (h:min:sec) : 01:54:07 Accounting state : Accounting Accounting session ID : HUAWEI030000000000004dce2aAAAAAA Idle-cut direction : Both Idle-cut-data (time,rate,idle): 0 sec, 60 kbyte/min, 0 min 0 sec Ipv4 Realtime speed : 0 kbyte/min Ipv4 Realtime speed inbound : 0 kbyte/min Ipv4 Realtime speed outbound : 0 kbyte/min Link bandwidth auto adapt : Disable UpPriority : Unchangeable DownPriority : Unchangeable Multicast-profile : - Multicast-profile-ipv6 : - Max Multicast List Number : 4 IGMP enable : Yes User-Group : - Next-hop : - Policy-route-IPV6-address : - Redirect Weburl : - If flow info contain l2-head : Yes Flow-Statistic-Up : Yes Flow-Statistic-Down : Yes Up packets number(high,low) : (0,0) Up bytes number(high,low) : (0,0) Down packets number(high,low) : (0,0) Down bytes number(high,low) : (0,0) IPV6 Up packets number(high,low) : (0,0) IPV6 Up bytes number(high,low) : (0,0) IPV6 Down packets number(high,low) : (0,0) IPV6 Down bytes number(high,low) : (0,0) Service-type : - -------------------------------------------------------------------
| Item | Description |
|---|---|
| User access index | Index number of a user. |
| User name | User name. |
| User access interface | Name of the interface through which a user accesses the. |
| User access PeVlan/CeVlan | Outer/inner VLAN tag of a QinQ packet. |
| User MAC | MAC address of a user. |
| User IP address | IP address of the user. |
| User IP netmask | Mask of the user IP address. |
| User gateway address | Gateway address of the user. |
| User Authen IP Type | Authorization type of a user. |
| User Basic IP Type | Basic IP protocol of a user. |
| User MSIDSN name | MSIDSN name of a user. |
| User access type | Access type of a user. |
| User authentication type | Authentication type of an access user. |
| User access slot | Slot ID for user access. |
| User lease | User lease. |
| Domain name | Name of the domain to which a user belongs. |
| Backup from(IPv4) | Backup mode (IPv4),the options are as follows:
|
| Backup from(IPv6) | Backup Mode (IPv6),the options are as follows: -Local: local. -Remote: remote. |
| Authen state | Authentication status. |
| Authen result | Authentication result.
|
| Server IP | IP address of the DHCPv4 server that allocates IP addresses to the user. |
| Remain lease(sec) | Remaining lease (s). |
| EAP user | EAP user. |
| MD5 end | MD5 end. The encryption algorithm used for MD5 authentication poses security risks. |
| MTU | Maximum transmission unit. |
| IPv6 MTU | IPv6 Maximum Transmission Unit. |
| Vpn-Instance | Name of a VPN instance. |
| RADIUS-server-template | Template of the RADIUS server used by a user for authentication. |
| Server-template of second acct | Server template used by a user for second accounting. |
| Agent-Circuit-Id | Specifies the agent-circuit-id (a sub-option of dhcpv4 option 82/dhcpv6 option18) value. |
| Agent-Remote-Id | Specifies the agent-remote-id (a sub-option of dhcpv4 option 82/dhcpv6 option37) value. |
| Current authen method | Authentication method used by a user. |
| Current author method | Authorization method used by a user. |
| Current accounting method | Accounting method being used by a user. |
| Author result | Authorization results. |
| Author state | Whether a user is authorized. |
| Action flag | Action flag of a user. |
| state | Status indicating whether a domain is used. |
| Configured accounting method | Accounting method configured for a user. |
| Quota-out | Policy to be adopted in case that the quota is used up. |
| Realtime-accounting-switch | Whether real-time accounting is enabled. |
| Realtime-accounting-interval(sec) | Real-time accounting interval. |
| Realtime-accounting-send-update | Whether the sends real-time accounting packets immediately after receiving an accounting reply packet. |
| Realtime-accounting-traffic-update | Whether the sends real-time accounting packets when updating traffic. |
| Access start time | Start time when the user access was started. |
| Accounting start time | Time to perform accounting for users. |
| Accounting state | Specifies an accounting state. |
| Accounting session ID | Specifies an accounting session ID. |
| Online time (h:min:sec) | Duration a user is online. |
| Idle-cut-data (time,rate,idle) | Parameters of idle cut in the current domain. |
| Ipv4 Realtime speed | Real-time traffic rate of IPv4 access users. |
| Ipv4 Realtime speed inbound | Real-time rate of traffic sent by IPv4 access users. |
| Ipv4 Realtime speed outbound | Real-time rate of traffic sent to IPv4 access users. |
| Link bandwidth auto adapt | Automatic adjustment of link bandwidth. |
| UpPriority | Priority of traffic sent by access users. |
| DownPriority | Priority of traffic sent to access users. |
| Multicast-profile | Multicast profile used by users in the current domain. |
| Multicast-profile-ipv6 | Multicast profile used by IPv6 users in the current domain. |
| Max Multicast List Number | Maximum number of multicast profiles that can be bound to a domain. |
| IGMP enable | Whether IGMP is enabled. |
| User-Group | Group to which a user belongs to. |
| Redirect Weburl | URL for the redirect web server. |
| If flow info contain l2-head | Whether a packet contains a layer 2 header. |
| Flow-Statistic-Up | Statistics about traffic sent by access users. |
| Flow-Statistic-Down | Statistics about traffic sent to access users. |
| Up packets number(high,low) | Number of packets sent by IPv4 users. The formula is as follows: Number of packets = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of packets = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| Up bytes number(high,low) | Number of bytes sent by IPv4 users. The formula is as follows: Number of bytes = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of bytes = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| Down packets number(high,low) | Number of packets sent to IPv4 users. The formula is as follows: Number of packets = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of packets = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| Down bytes number(high,low) | Number of bytes sent to IPv4 users. The formula is as follows: Number of bytes = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of bytes = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| IPV6 Up packets number(high,low) | Number of packets sent by IPv6 users. The formula is as follows: Number of packets = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of packets = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| IPV6 Up bytes number(high,low) | Number of bytes sent by IPv6 users. The formula is as follows: Number of bytes = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of bytes = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| IPV6 Down packets number(high,low) | Number of bytes sent to IPv6 users. The formula is as follows: Number of bytes = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of bytes = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| IPV6 Down bytes number(high,low) | Number of downstream multicast packets of users. The formula is as follows: Number of packets = 4294967296 x high + low. For example, if high is 1 and low is 705032704, the number of packets = 1 x 4294967296 + 705032704 = 5000000000. The maximum value of low is 4294967295. The maximum value of high is 4294967295. |
| Service-type | Type of service. |