查看: 5588|回复: 1

ME60常用命令 [复制链接]

xizhao110

军衔等级：

上等兵

注册：2015-12-16 点赞数

2

电梯直达

1^# 大中小

发表于 2018-6-13 15:05:57 |只看该作者 |倒序浏览

1）查看用户在线信息
Display access-user可以查看到目前在线用户数，每个认证域中有多少用户?
[ME60]dis access-user
  ----------------------------------------------------------------------------------------------
  Total users          : 2
  Normal users : 0
  Admin users : 2
  Wait authen-ack          : 0
  Authentication finish : 2
  Accounting ready : 2
  Realtime accounting : 0
  Wait leaving-flow-query : 0
  Wait accounting-start : 0
  Wait accounting-stop : 0
  Wait authorization-client : 0
  Wait authorization-server : 0
  ----------------------------------------------------------------------------------------------
  Domain-name                      Current-User    Online-User
  ----------------------------------------------------------------------------------------------
  default0                         : 0             :0
  default1                         : 0             :0
  default_admin                   : 2             :0
  163.gd : 0             :0
  sinopec.gd                      : 0             :0
  green.gd                         : 0             :0
  iptv.gd                         : 0             :0
  --------------------------------------------------------------------------------------------------------
  The used userid table are       :
139324 139325
  --------------------------------------------------------------------------------------------------------

ME60上可以通过命令查看某一个域，某一块单板，某一个端口的用户，根据用户IP地址，MAC地址，user-id，查看用户详细信息。
[ME60]dis access-user ?
  Domain Domain
  Interface Interface
  ip-address IP address
  ipv6-address          IPV6 ADDRESS
  mac-address MAC
  slot SLOT
  user-id User id
  username User name

2）强制将用户踢下线，可以以域名、interface等为条件将用户下线（注意是在AAA模式下才可执行）
[GZ-BJL-BAS-3.M.G-aaa]cut  access-user ?
  domain       Domain
  interface    Interface
  ip-address IP address
  ip-pool    Configure IP address pool
  ipv6-address  IPV6 ADDRESS
  mac-address MAC
  prefix       Configure IPV6 prefix
  slot       SLOT
  user-id    User id
  username    User name

3）查看IP地址池信息
Display ip pool该命令可以查看到该设备上配置的IP pool的简要信息
[ME60]dis ip pool
  ------------------------------------------------------------------------------------------------
  Pool-Name    : hy-me60-iptv-pool-01
  Pool-No       : 0
  Position    : Local          Status          : Unlocked
  Gateway       : 121.34.211.254  Mask          : 255.255.255.128
  Vpn instance : --
  ------------------------------------------------------------------------------------------------
  Pool-Name    : hy-me60-pool-01
  Pool-No       : 1
  Position    : Local          Status          : Unlocked
  Gateway       : 121.34.203.1 Mask          : 255.255.255.0
  Vpn instance : --
  ------------------------------------------------------------------------------------------------
  Pool-Name    : hy-me60-leased_line-pool-01
  Pool-No       : 2
  Position    : Local          Status          : Unlocked
  Gateway       : 121.34.241.254  Mask          : 255.255.255.128
  Vpn instance : --

  IP address pool Statistic
Local    :3       Remote :0
  IP address Statistic
Total    :503
Used       :0       Free    :503
Conflicted  :0       Disable :0

Display ip pool name ***可以根据ip地址池的名字查看到该地址池的详细信息
[ME60-SZ-hy-01]dis ip pool name hy-me60-leased_line-pool-01
  Pool-Name    : hy-me60-leased_line-pool-01
  Pool-No       : 2
  Lease       : 3 Days 0 Hours 0 Minutes
  Option-Code  0 : -
  Option-Value 0 : -
  Option-Code  1 : -
  Option-Value 1 : -
  Option-Code  2 : -
  Option-Value 2 : -
  Option-Code  3 : -
  Option-Value 3 : -
  DNS-Suffix    : -
  Primary-DNS : 202.96.128.68 Secondary-DNS : 202.96.134.133
  Primary-NBNS : -             Secondary-NBNS : -
  Position    : Local          Status          : Unlocked
  Gateway       : 121.34.241.254  Mask          : 255.255.255.128
  Vpn instance : --
  -------------------------------------------------------------------------------------------------------
  ID          start          end total  used  idle conflicted disable
  --------------------------------------------------------------------------------------------------------
0  121.34.241.129  121.34.241.253 125    0 125       0    0
  --------------------------------------------------------------------------------------------------------------
  Display ip pool name *** all 可以查看到详细到每个IP地址的具体信息
  [ME60-SZ-hy-01]dis ip pool name hy-me60-leased_line-pool-01 all
  Pool-Name    : hy-me60-leased_line-pool-01
  Pool-No       : 2
  Lease       : 3 Days 0 Hours 0 Minutes
  Option-Code  0 : -
  Option-Value 0 : -
  Option-Code  1 : -
  Option-Value 1 : -
  Option-Code  2 : -
  Option-Value 2 : -
  Option-Code  3 : -
  Option-Value 3 : -
  DNS-Suffix    : -
  Primary-DNS : 202.96.128.68 Secondary-DNS : 202.96.134.133
  Primary-NBNS : -             Secondary-NBNS : -
  Position    : Local          Status          : Unlocked
  Gateway       : 121.34.241.254  Mask          : 255.255.255.128
  Vpn instance : --
  ---------------------------------------------------------------------------------------------------------------
  ID          start          end total  used  idle conflicted disable
  ---------------------------------------------------------------------------------------------------------------
0  121.34.241.129  121.34.241.253 125    0 125       0    0
  ---------------------------------------------------------------------------------------------------------------
  Section  0    :
  ---------------------------------------------------------------------------------------------------------------
  Index             IP             MAC User-ID    Lease Status
  ---------------------------------------------------------------------------------------------------------------
   0  121.34.241.129                -       -       - idle
   1  121.34.241.130                -       -       - idle
   2  121.34.241.131                -       -       - idle
   3  121.34.241.132                -       -       - idle
  ---------------------------------------------------------------------------------------------------------------

4）查看用户下线原因
display aaa offline-record可以查看到用户的下线原因
[ME60]display aaa offline-record
  -------------------------------------------------------------------
  User name       : huawei@default_admin
  User MAC          : ffff-ffff-ffff
  User access type : telnet
  User IP address : 121.34.203.194
  User ID          : 139323
  User authen state  : Authened
  User acct state : AcctIdle
  User author state  : AuthorIdle
  User acct sessionID: ME60-SZ000006553565535d324f9139323
  User login time : 2007/02/01 21:09:09
  User offline time  : 2007/02/01 21:45:59
  User offline reason: user request to offline
  -------------------------------------------------------------------
  Are you sure to show some information?(y/n)[y]:n
display aaa offline-record offline-reason 后面跟上相应的参数可以看到不同原因下线的用户信息。
  arp_detect_fail Offline reason
  idle_cut Offline reason
  ppp_echo_fail          Offline reason
  ppp_user_request          Offline reason
  realtime_acct_fail          Offline reason
  session_timeout Offline reason
  stop_acct_fail Offline reason
  user_request          Offline reason

<GZ-BJL-BAS-3.M.G>display  aaa ?
  abnormal-offline-record  Abnormal-offline-record  //异常用户下线原因，如手动CUT掉用户，非法的一些操作等。
  configuration          AAA setting
  offline-record          Offline-record
  online-fail-record    Online-fail-record    //用户上线不成功原因，如RADIUS 拒绝等。

5）查看L2TP tunnel，session
Display l2tp tunnel，display l2tp session可以查看到目前存在的l2tp通道和进程。

6）跟踪用户消息，对于单个跟踪用户使很有效的。
ME60支持跟踪用户消息，该消息中包括与Radius交互的消息以及ME60内部各个功能模块的处理消息，在出现故障的时候对用户作一个跟踪非常有效。具体配置步骤如下：
全局模式下：
[ME60]trace enable
[ME60]trace object ? //可以根据用户名，MAC地址，vlan号来跟踪
  access-mode  The access mode
  interface The interface
  ip-address The IP address
  mac-address  The MAC address
  pvc       The PVC
  user-name The user name
  user-vlan The user VLAN ID
一般情况下我们会将跟踪的用户消息写到CF卡上，跟踪用户消息的完整命令为：
trace object user-name gmcc42@gd output file cfcard:/test.txt

7）查看radius当前状态
<GZ-BJL-BAS-3.M.G>dis radius-server configuration
  RADIUS source interface       : LoopBack0
  RADIUS no response packet count : 20
  RADIUS auto recover time(Min) : 60
---------------------------------------------------------
  Server-group-name :  radius-pppoe-1
  Authentication-server:  IP:221.179.9.19 Port:1812 Weight[0] [UP]
                        Vpn: -
  Accounting-server :  IP:221.179.9.19 Port:1813 Weight[0] [UP]
                        Vpn: -
  Protocol-version    :  radius
  Shared-secret-key :  itellin
  Retransmission    :  5
  Timeout-interval(s)  :  20
  Acct-Stop-Packet Resend  :  NO
  Acct-Stop-Packet Resend-Times  :  0
---------------------------------------------------------

8）查看最大用户上线数
[GZ-BJL-BAS-3.M.G]dis most-onlineuser
Historic most online users : 10
Historic most access time : 2008/01/27 06:02:59

9）查看radius同ME60的交付包，建议操作完毕后关闭，不然业务量大时影响ME60 cpu处理

<GZ-BJL-BAS-3.M.G>terminal debugging
Info:Current terminal debugging is on

<GZ-BJL-BAS-3.M.G>terminal  monitor
Info:Current terminal monitor is on

<GZ-BJL-BAS-3.M.G>debugging radius packet

***********************************************
<GZ-BJL-BAS-3.M.G>undo debugging radius packet //关闭DEBUG
***********************************************

10）查看配置的认证方案、计费方案和域信息，必要时可在命令后加适当的参数。
<GZ-BJL-BAS-3.M.G>dis authentication-scheme                         //查看认证方案信息
  -------------------------------------------------------------------
  Authentication-scheme-name       Authentication-method
  -------------------------------------------------------------------
  default0                         None
  default1                         RADIUS
  auth-tacas-local                   HWTACACS local authentication
  auth-none                         None
  auth-radius                      RADIUS
  local                            Local
  -------------------------------------------------------------------

  Total of authen scheme: 6
<GZ-BJL-BAS-3.M.G>dis accounting-scheme                            //查看计费方案信息
  -------------------------------------------------------------------
  Accounting-scheme-name             Accounting-method
  -------------------------------------------------------------------
  default0                         None
  default1                         RADIUS
  acc-none                         None
  acc-radius                         RADIUS
  none                               None
  -------------------------------------------------------------------
  Total of accounting-scheme: 5

<GZ-BJL-BAS-3.M.G>dis domain ?                                  //根据需要查看域的信息
  name       Domain name
  type       Domain type
  vpn-instance  VPN instance
  <cr>

<GZ-BJL-BAS-3.M.G>dis domain                                  //查看所有域的信息
  -------------------------------------------------------------------------
  DomainName                      State    Access-limit Online type
  -------------------------------------------------------------------------
  default0                         Active       147456       0 Normal
  default1                         Active       147456       0 Normal
  default_admin                   Active       147456       0 Normal
  xapjcs.v.gd                      Active       147456       0 Normal
  leased_line_512k                Active       147456       0 Normal
  adsl_ip_nms                      Active       147456       8 Normal
  leased_line_1m                   Active       147456       0 Normal
  leased_line_2m                   Active       147456       0 Normal
  leased_line_3m                   Active       147456       0 Normal
  leased_line_4m                   Active       147456       0 Normal
  leased_line_5m                   Active       147456       0 Normal
  leased_line_6m                   Active       147456       0 Normal
  leased_line_7m                   Active       147456       0 Normal
  leased_line_8m                   Active       147456       0 Normal
  leased_line_9m                   Active       147456       0 Normal
  leased_line_10m                Active       147456       0 Normal
  -------------------------------------------------------------------------
  Total: 16

11）查看配置的BAS接口信息，调度模板和QOS模板信息，下述命名后均可接适当参数。
<GZ-BJL-BAS-3.M.G>dis bas-interface    //此项可以总体查看配置BAS接口信息

  ---------------------------------------------------------------------------
Interface                   BASIF-access-type       BASIF-config-state
  ---------------------------------------------------------------------------
GigabitEthernet1/0/4.408    Layer2-subscriber       Updated
GigabitEthernet1/0/4.407    Layer2-subscriber       Updated
GigabitEthernet1/0/4.406    Layer2-subscriber       Updated
GigabitEthernet1/0/4.405    Layer2-subscriber       Updated
GigabitEthernet1/0/4.404    Layer2-subscriber       Updated
GigabitEthernet1/0/4.403    Layer2-subscriber       Updated
GigabitEthernet1/0/4.402    Layer2-subscriber       Updated
GigabitEthernet1/0/4.401    Layer2-subscriber       Updated
GigabitEthernet1/0/4.400    Layer2-subscriber       Updated
GigabitEthernet1/0/4.181    Layer2-subscriber       Updated
GigabitEthernet1/0/4.180    Layer2-subscriber       Updated
GigabitEthernet1/0/4.100    Layer2-subscriber       Updated
GigabitEthernet1/0/4.50    Layer2-subscriber       Updated
GigabitEthernet2/0/4.401    Layer2-subscriber       Updated
GigabitEthernet2/0/4.400    Layer2-subscriber       Updated
GigabitEthernet2/0/4.181    Layer2-subscriber       Updated
GigabitEthernet2/0/4.180    Layer2-subscriber       Updated
GigabitEthernet2/0/4.100    Layer2-subscriber       Updated
GigabitEthernet2/0/4.50    Layer2-subscriber       Updated
  ---------------------------------------------------------------------------
  Total 19 BASIF is configured

12）如何测试BAS到RADIUS 的帐号的正确性

<GZ-BJL-BAS-3.M.G>test-aaa username@gd password radius-group ipman-radius pap  //注意选用PAP方式，默认为CHAP方式

1

1 人赞过 >

0 举报本楼

本帖有 1 个回帖，您需要登录后才能浏览登录 | 注册

返回列表

手机版|C114 ( 沪ICP备12002291号-1 )|联系我们 |网站地图

GMT+8, 2024-11-6 07:25 , Processed in 0.586638 second(s), 15 queries , Gzip On.

Discuz Licensed

		自动登录	找回密码
密码			注册