display access-user [ domain domain-name | interface interface-type interface-number [ vlan vlan-id ] | ip-address ip-address [ vpn-instance vpn-instance-name ] | access-slot slot-id | username user-name ] [ detail ] [ slot slot-id cpu cpu-id ]
display access-user [ mac-address mac-address | user-id user-id ] [ slot slot-id cpu cpu-id ]
display access-user [ access-type { ipsec | l2tp | ppp | ssl-vpn } [ username user-name ] [ | count ] [ | [ before | after ] * number { begin | include | exclude } regular-expression ] [ slot slot-id cpu cpu-id ]
display access-user [ authentication-mode { ad | ldap | local | hwtacacs | radius | all } [ username user-name ] ] [ slot slot-id cpu cpu-id ]
display access-user [ service-scheme service-scheme-name ] [ slot slot-id cpu cpu-id ]
Parameter |
Description |
Value |
|---|---|---|
domain domain-name |
Displays information about users in a specified domain. |
The domain name must already exist. |
interface interface-type interface-number |
Displays information about users on a specified interface. |
- |
vlan vlan-id |
Displays information about users in a VLAN ID. |
The value is an integer that ranges from 1 to 4094. |
ip-address ip-address |
Displays information about the user with a specified IP address. |
The value of ip-address is in dotted decimal notation. |
vpn-instance vpn-instance-name |
Indicates the name of the VPN instance that the specified IP address belongs to. |
The VPN instance must already exist. |
username user-name |
Displays information about the user with a specified user name. |
The user name must already exist. If the user name contains spaces, you need to put the name in double quotation marks (""), for example, "user for test". |
detail |
Displays detailed information about users. |
- |
mac-address mac-address |
Displays information about the user with a specified MAC address. |
The value is in H-H-H format. An H contains four hexadecimal digits. |
user-id user-id |
Displays information about sessions of a specified user. If this parameter is specified, detailed information about the user is displayed. |
The user-id must exist on the device. |
access-type { ipsec | l2tp | ppp | ssl-vpn } |
Displays users of a specified type. |
|
| |
Using regular expressions to filter the output display information |
- |
count |
The number of rows statistical matching specified regular expression. |
- |
before |
Specifies the number of rows before a row that matches the specified regular expression. |
- |
after |
Specifies the number of rows after a row that matches the specified regular expression. |
- |
number |
Specifies the rows number to be displayed. |
The value is an integer that ranges from 1 to 999. |
begin |
Indicates information that starts with a specific regular expression. |
- |
include |
Indicates information that includes a specific regular expression. |
- |
exclude |
Indicates information that excludes a specific regular expression. |
- |
regular-expression |
Specifies a regular expression string. |
The expression is a string of 1 to 1024 characters. |
authentication-mode { ad | ldap | local | hwtacacs | radius | all } |
Terminates connections based on the authentication mode. |
|
service-scheme service-scheme-name |
Displays information about the user with a specified service scheme. |
The service scheme must already exist. |
access-slot slot-id |
Displays information about the user on a specified interface card. |
- |
slot slot-id |
Specifies the slot ID of the Service Processing Unit (SPU). |
- |
cpu cpu-id |
Specifies the CPU ID. |
- |
Usage Scenario
This command displays information about user sessions on the device.
Precautions
For administrators, lower-level users cannot check information about higher-level users.
If the character string of the user name contains spaces (for example, a b), you can run the display access-user username "a b" command to view online users.
If the character string of the user name contains spaces and quotation marks ("") simultaneously, you cannot use the user name to view online users. In this case, you can run the display access-user | include username command to view the user ID of the online user, and then run the display access-user user-id user-id command to view the user. Alternatively, you can run the cut access-user user-id user-id command to force the user to go offline.
When displaying VPN user entries based on user IP address, you must set the vpn-instance vpn-instance-name parameter to specify the VPN instance to which the IP address belongs.
If user-id is specified, detailed information about the specified user is displayed. If user-id is not specified, brief information about all online users is displayed, including the user ID, user name, IP address, and MAC address of each user.
Displaying users of a specified interface or VLAN only supports the PPP users.
Only letters, digits, and special characters can be displayed for username.
When the value of username contains special characters or characters in other languages except English, the device displays dots (.) for these characters. If there are more than three such consecutive characters, three dots (.) are displayed. Here, the special characters are the ASCII codes smaller than 32 (space) or larger than 126 (~).
When the value of username is longer than 20 characters, the device displays up to three dots (.) for the characters following 19; that is, only 22 characters are displayed.
# Display the users connected to the interface GigabitEthernet0/0/1.
<sysname> display access-user interface GigabitEthernet0/0/1 ----------------------------------------------------------------------------------------------- UserID Username IP address MAC Status ----------------------------------------------------------------------------------------------- 36 test@rds - 00e0-fc46-b67c Success -----------------------------------------------------------------------------------------------
# Display the user with the user ID being 36.
<sysname> display access-user user-id 36 Basic: User ID : 36 User name : user1 Domain-name : default User MAC : 00e0-fc46-b67c User vpn-instance : - User access time : 2015/03/20 16:06:33 User accounting session ID : sysname00000000000003****2000001 User access type : SSL VPN Terminal device type : Data Terminal Dynamic service scheme : 1 User inbound data flow(Packet) : 6,248 User inbound data flow(Byte) : 624,800 User outbound data flow(Packet) : 6,248 User outbound data flow(Byte) : 624,800 AAA: User authentication type : SSL VPN authentication Current authentication method : Local Current authorization method : Local Current accounting method : None
Item |
Description |
|---|---|
Basic |
Basic information about a user. |
UserID/User ID |
Index of a user. |
Username/User name |
User name. |
Domain-name |
Authentication domain to which the user belongs. |
MAC/User MAC |
MAC address of a user. For an SSL VPN user, the virtual MAC address is displayed, but not the MAC address of a user. |
User vpn-instance |
VPN instance to which the user belongs. |
User access time |
Time when a user goes online. |
User accounting session ID |
ID of an accounting session. |
User access type |
Access type of a user. |
Terminal device type |
Terminal device type. |
Dynamic service scheme |
The service scheme of the dynamic authorized user. |
User inbound data flow(Packet) |
Data traffic (number of packets) from users to the device. |
User inbound data flow(Byte) |
Data traffic (number of bytes) from users to the device. |
User outbound data flow(Packet) |
Data traffic (number of packets) from the device to users. |
User outbound data flow(Byte) |
Data traffic (number of bytes) from the device to users. |
AAA |
AAA information about a user. |
User authentication type |
Authentication type of a user, which depends on the access type of the user. |
Current authentication method |
Authentication method used for a user. |
Current authorization method |
Current authorization method. |
Current accounting method |
Current accounting method. |
Status |
User status. |
IP address |
IP address of a user. |