No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fit AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
display aaa

display aaa

Function

The display aaa command displays information about normal logout, abnormal logout, and login failures.

NOTE:

Only branch APs support this command.

Format

display aaa { offline-record | abnormal-offline-record | online-fail-record } { all | reverse-order | domain domain-name | ip-address ip-address | mac-address mac-address | access-slot slot-number | time start-time end-time [ date start-date end-date ] | username user-name [ time start-time end-time [ date start-date end-date ] ] } [ brief ]

Parameters

Parameter

Description

Value

offline-record

Displays normal logout records.

-

abnormal-offline-record

Displays abnormal logout records.

-

online-fail-record

Displays login failure records.

-

all

Displays all login and logout records.

-

reverse-order

Displays the records in a sequence reverse to the sequence in which they were generated. That is, the latest records are displayed first.

-

domain domain-name

Specifies the name of a domain.

The value is a string of 1 to 64 case-insensitive characters, excluding spaces, *, ?, and ".

ip-address ip-address

Specifies an IP address.

The value is in dotted decimal notation.

mac-address mac-address

Specifies a MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 4 digits.

access-slot slot-number

Specifies the slot ID.

The value is an integer. It must be the slot ID of an operating LPU.

username user-name

Specifies a user.

The value must be an existing user.

time start-time end-time

Specifies a time range.

The format is HH:MM:SS, indicating hour:minute:second.

date start-date end-date

Specifies a date.

The format is YYYY/MM/DD. YYYY is the year, MM is the month, and DD is the day.

brief

Displays brief login and logout information.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

This command allows you to view information about user normal logouts, abnormal logouts, and login failures based on the domain name, interface, IP address, MAC address, or slot ID.

Precautions

The value of username contains letters, digits, and special characters. It supports English, Chinese, and Russian. The coding format used by the Telnet terminal must be the same as the coding format used by the user name input device. Otherwise, the user name in the language other than English may not be normally displayed.

When the value of username contains special characters or characters in other languages except English, the device displays dots (.) for these characters. If there are more than three such consecutive characters, three dots (.) are displayed. Here, the special characters are the ASCII codes smaller than 32 (space) or larger than 126 (~).

When the value of username is longer than 20 characters, the device displays up to three dots (.) for the characters following 19; that is, only 22 characters are displayed.

Example

# View information about user normal logouts in domain rds.
<Huawei> display aaa offline-record domain rds
 -------------------------------------------------------------------
  User name             : test@rds
  Domain name           : rds
  User MAC              : 0021-9746-b67c
  User access type      : 802.1x
  User access interface : GigabitEthernet1/0/2
  Qinq vlan/User vlan   : 0/1
  User IP address       : 192.168.2.2
  User IPV6 address     : -
  User ID               : 19
  User login time       : 2008/10/01 04:49:39
  User offline time     : 2008/10/01 04:59:43
  User offline reason   : EAPOL user request
  User name to server   : test@rds 
  AP ID                 : 1
  Radio ID              : 0
  AP MAC                : b001-0000-ac01
  SSID                  : ssid1
  -------------------------------------------------------------------
  Are you sure to display some information?(y/n)[y]:
# Display all unexpected user logout records.
<Huawei> display aaa abnormal-offline-record all
  ------------------------------------------------------------------------------
  User name             : cdw                                                   
  Domain name           : l2bng                                                 
  User MAC              : c825-e142-4f2b                                        
  User access type      : MAC                                                   
  User access interface : Wlan-Dbss1                                            
  Qinq vlan/User vlan   : 0/2012                                                
  User IP address       : 10.17.17.219                                          
  User IPV6 address     : -                                                     
  User ID               : 18                                                    
  User login time       : 2017/03/16 19:40:18                                   
  User offline time     : 2017/03/16 19:43:20                                   
  User offline reason   : AAA cut command                                       
  User name to server   : cdw@l2bng 
  AP ID                 : 1
  Radio ID              : 0
  AP MAC                : b001-0000-ac01
  SSID                  : ssid1
  ------------------------------------------------------------------------------
  Are you sure to display some information?(y/n)[y]:   
Table 13-1  Description of the display aaa offline-record domain command output

Item

Description

User name

User name.

Domain name

Domain of a user.

User MAC

MAC address of a user.

User access type

Access type of a user.
  • 802.1x indicates that the user accesses the network through 802.1X.
  • PPPoE indicates that the user accesses the network through PPPoE.
  • FTP indicates that the user accesses the network through FTP.
  • Telnet indicates that the user accesses the network through Telnet.
  • Terminal indicates that the user accesses the network through terminal.
  • SSH indicates that the user accesses the network through SSH.
  • HTTP indicates that the user accesses the network through HTTP.
  • Web indicates that the user accesses the network through web.

User access interface

Access interface of a user.

Qinq vlan/User vlan

VLAN that a user belongs to.
  • In QinQ application, QinQvlan indicates the outer VLAN ID and Uservlan indicates the inner VLAN ID.
  • For a common VLAN, Uservlan indicates the VLAN ID, and QinQvlan is 0.

User IP address

IP address of a user.

User IPV6 address

IPv6 address of a user.

User ID

Index of a user.

User login time

Time when a user goes online.

User offline time

Time when a user goes offline.

User offline reason

Reason why a user fails to go online or offline. The common reasons are as follows:
  • The value "EAPOL user request" indicates that an 802.1X user requests to go offline.
  • The value "PPP user request" indicates that a PPP user requests to go offline.
  • The value "Web user request" indicates that a web user requests to go offline.
  • The value "AAA cut command" indicates that a user is deleted using command line.
  • The value "Session time out" indicates that a session times out.
  • The value "Idle cut" indicates that a user is disconnected because the user does not perform any operation within a specified period.
  • The value "PPP authentication fail" indicates a PPP authentication failure.
  • The value "STA disassociation" indicates that an STA is disassociated.
  • The value "console reset or disable port" indicates that the management interface is down.
  • The value "Interface net down" indicates that an interface is down.
  • The value "User aging" indicates that user entries are aged out.
  • The value "IP address conflict" indicates that IP addresses conflict.
  • The value "Realtime accounting fail" indicates that real-time accounting fails.
  • The value "Start accounting fail" indicates that accounting fails to start.
  • The value "Radius authentication no response" indicates that the authentication server does not respond.
  • The value "Authorization data error" indicates that authorization fails.
  • The value "Radius server cut command" indicates that the RADIUS server disconnects a user.
  • The value "Authenticate fail" indicates that authentication fails.
  • The value "Failed to add FPI item(LPU)" indicates that authorization fails to be delivered to APs.
  • The value "roaming check failed" indicates that the roaming check fails.
  • The value "inconsistent STA on AC and AC during sync" indicates that user entries are not synchronized during inter-AC roaming.
  • The value "inconsistent STA on AP and AC during sync" indicates that user entries are not synchronized between AC and AP.
  • The value "WEB user synchronize fail" indicates that Portal users go offline due to a synchronization failure.
  • The value "EAPOL client timeout" indicates that the client times out to respond.
  • The value "authentication during association failed" indicates that STA authentication fails.
  • The value "STA deauthentication" indicates that the STA is deauthenticated.
  • The value "STA timed out" indicates that STA times out.
  • The value "no ack packet from the peer end" indicates that the device continuously sends packets to a user, but does not receive response.
  • The value "low RSSI" indicates that the wireless signal strength is weak.
  • The value "Layer 3 roaming disable" indicates that Layer 3 roaming is forbidden.
  • The value "roaming SSID check fail" indicates that the SSID check fails during roaming.
  • The value "Eapol client restart associate" indicates that the client reinitiates a connection.
  • The value "No authentication server configured" indicates that no authentication server is configured.
  • The value "No radius-server template bound" indicates that no RADIUS server template is bound.
  • The value "No tacacs-server template bound" indicates that no TACACS server template is bound.
  • The value "No accounting server configured" indicates that no accounting server is configured.
  • The value "Accounting server no response" indicates that the accounting server does not respond.
  • The value "EAPOL client restart associate" indicates that the 802.1X client re-triggers an association.
  • The value "SoftGRE tunnel is down" indicates that the SoftGRE tunnel is faulty.
  • The value "Failed to synchronize user entries" indicates that user entries fail to be synchronized.
  • The value "VAP configuration is deleted or changed" indicates that the VAP configuration is deleted or modified.
  • The value "The Navi-AC STA is kicked off" indicates that remote authentication users are forced to go offline.
  • The value "The PPSK account expires" indicates that the PPSK user account has expired.
  • The value "The PPSK configuration is modified" indicates that the PPSK configuration is modified.
  • The value "Exceeded the maximum number of PPSK account" indicates that the number of PPSK user accounts exceeds the upper limit.
  • The value "The local eap server is up but has no reply" indicates that the local EAP server is in Up state but does not respond.
  • The value "Local eap authentication reject" indicates that the local EAP server returns an authentication reject packet.
  • The value "Local Authentication user block" indicates that the local user is locked.
  • The value "Authorize vlan error" indicates that VLAN authorization fails.

User name to server

User name sent by the device to the server.

AP ID

ID of the AP that a wireless user associates with.

Radio ID

ID of the radio that a wireless user associates with.

AP MAC

MAC address of the AP that a wireless user associates with.

SSID

SSID that a wireless user associates with.

Translation
Download
Updated: 2019-07-18

Document ID: EDOC1100064353

Views: 158843

Downloads: 132

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next