trace access-user
Function
The trace access-user command creates service tracing objects, and specifies the location to which tracing information is output and the aging time of tracing information. Five objects can be traced at the same time.
The undo trace access-user command deletes a single object or all objects to be traced.
By default, tracing information is output to the buffer of the local memory, and the tracing time is 15 minutes.
This command is supported only on the NetEngine 8000 F1A.
Format
trace access-user object id { interface { interface-name | interface-type interface-number } | ip-address ip-address | mac-address mac-address | ce-vlan ce-vid | pe-vlan pe-vid | ipv6-address prefix-address/prefix-length | user-name username | tunnel-id tunnel-id | access-mode { pppoe | ipoe } } * [ output { file file-name [ anonymize personal-data ] | syslog-server ip-address [ bind ssl-policy ssl-policy-name ] [ anonymize personal-data ] | vty } | [ -t time-value ] | [ mode packet ] | [ flow-report ] ] *
trace access-user object id { circuit-id circuit-id | remote-id remote-id } * { exact-match | partial-match } [ output { file file-name [ anonymize personal-data ] | syslog-server ip-address [ bind ssl-policy ssl-policy-name ] [ anonymize personal-data ] | vty } | [ -t time-value ] | [ mode packet ] | [ flow-report ] ] *
undo trace access-user { object id | all }
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface interface-type interface-number |
Traces objects on a specified interface. interface-type specifies the type of an interface. interface-number specifies the number of an interface. |
- |
| ip-address ip-address |
Traces an object with a specified IP address. ip-address specifies an IP address. |
The value is in dotted decimal notation. |
| mac-address mac-address |
Traces an object with a specified MAC address. |
mac-address: specifies a MAC address, in the format of H-H-H. |
| ce-vlan ce-vid |
Traces an object with a specified CE-VLAN ID, that is, VLAN ID in the inner tag. ce-vid: specifies the CE VLAN ID. |
The value is an integer ranging from 1 to 4094. |
| pe-vlan pe-vid |
Traces an object with a specified PE-VLAN ID, that is, VLAN ID in the outer tag. pe-vid: specifies the PE VLAN ID. |
The value is an integer ranging from 1 to 4094. |
| ipv6-address prefix-address/prefix-length |
Traces an object with a specified IPv6 address or IPv6 prefix. |
ipv6-address/prefixlength: specifies an IPv6 address and the IPv6 prefix length. |
| user-name username |
Creates the trace object according to the user name. username specifies the user name. |
The value is a string of 1 to 253 characters in the format of 'username@domainname'. |
| tunnel-id tunnel-id |
Creates the L2TP trace object based on the tunnel ID. |
The value is an integer ranging from 1 to 65535. |
| access-mode |
Access mode of trace objects. |
- |
| pppoe |
Trace PPPoE users. |
- |
| ipoe |
Trace IPoE users. |
- |
| output |
Indicates the location to which tracing information is output. |
- |
| file file-name |
Indicates the output of tracing information. |
The tracing information is output to the CF card. file-name: specifies the name of the file that stores tracing information in the CF card.The value is a string of 1 to 63 characters. |
| syslog-server ip-address |
Indicates that tracing information is output to a log server. |
Specifies the IP address of a log server, in dotted decimal notation. |
| bind |
Bind. |
- |
| ssl-policy ssl-policy-name |
SSL policy name. Before binding an SSL policy, an SSL policy has been created using the ssl policy policy-name command. |
The value is a string of 1 to 23 case-sensitive characters, spaces not supported. |
| vty |
Indicates that tracing information is output to the VTY terminal. |
- |
| -t time-value |
Sets the tracing time. |
The value is an integer ranging from 0 to 60, in minutes. If the value is 0, it indicates that the object is being traced all the time. |
| mode |
Tracing mode. |
- |
| packet |
Configures the tracing mode as packet. In packet mode, only packet exchange information is displayed, and the exchange information of the internal modules is not displayed. |
By default, all information of the object being traced is displayed. |
| flow-report |
Enables traffic reporting. |
By default, disenables traffic reporting. |
| object id |
Specifies the ID of an object to be traced. |
The value is an integer ranging from 1 to 5. |
| circuit-id circuit-id |
Specifies the circuit ID of the access-line ID for user packets. |
The value is a string of 1 to 200 characters. |
| remote-id remote-id |
Specifies the remote ID of the access-line ID for user packets. |
The value is a string of 1 to 200 characters. |
| exact-match |
Sets exactly matching information for the circuit ID or remote ID of access-line ID. |
- |
| partial-match |
Sets partially matching information for the circuit ID or remote ID of access-line ID. |
- |
| all |
All objects to be traced. |
- |
Usage Guidelines
Usage Scenario
Before tracing a service, you must make sure that the service is accessed; otherwise, no tracing information is output. In addition, you need to make sure that the CPU usage on the Main Processing Unit does not exceed 70%.
Before outputting tracing information to a log server, you must make sure that the log server exists and is properly configured.Precautions
This command is used for fault diagnosis only. It consumes a great number of resources when the device is running normally and may affect services.
Recreate tracing objects after board restart or master/slave switchover.In VS mode, this command is supported only by the admin VS.
Example
<HUAWEI> system-view [~HUAWEI] trace access-user object 1 interface GigabitEthernet 0/1/0 ipv6-address 2001:db8:1::/64 output syslog-server 192.168.0.3 -t 10
<HUAWEI> system-view [~HUAWEI] trace access-user object 1 user-name huawei flow-report
<HUAWEI> system-view [~HUAWEI] trace access-user object 1 interface GigabitEthernet 0/1/0 ipv6-address 2001:db8:1::/64 output syslog-server 192.168.0.3 bind ssl-policy p1