show tacacs

This chapter provides show tacacs command output tables.

show tacacs


Table 1. show tacacs Command Output Descriptions
Field Description

active session #n

Numerical identifier of an active TACACS+ session.

login username

The username of the TACACS+ user.

login tty

The physical or logical port identifier for a user login.

time of login

The date and time of the TACACS+ login.

login server priority

The specified priority of the TACACS+ server used for login.

current login status

The current login status for this user (pass/fail).

current session state

The current operational state of the TACACS+ session.

current privilege level

The CLI privilege level assigned to the user:
  • 0: Inspector (CLI only)
  • 1: Inspector (CLI and ECSEMS only)
  • 2: Inspector (FTP only)
  • 3: Inspector (CLI and FTP only)
  • 4: Inspector (CLI, FTP, and ECSEMS only)
  • 5: Operator (CLI only)
  • 6: Operator (CLI and ECSEMS only)
  • 7: Operator (FTP only)
  • 8: Operator (CLI and FTP only)
  • 9: Operator (CLI, FTP and ECSEMS only)
  • 10: Administrator (CLI only)
  • 11: Administrator (CLI and ECSEMS only)
  • 12: Administrator (FTP only)
  • 13: Administrator (CLI, FTP and Lawful Intercept only)
  • 14: Administrator (CLI, FTP and ECEMS only)
  • 15: Administrator (CLI, FTP, ECEMS and Lawful Intercept)

remote client application

The application type used by the remote client to access the ASR 5000, if known:
  • telnet
  • ssh
  • ftp
  • console
  • unknown

remote client ip address

The IP address of the remote client. If the remote client IP address cannot be determined or is unknown, this field will contain all zeros or be blank. For example, logins via the ASR 5000’s console port typically are not assigned an IP address.

last server reply status

The last known server error code returned for this user session.

Total TACACS+ sessions

The total number of TACACS+ sessions that are currently active.



show tacacs client statistics


Table 2. show tacacs client statistics Command Output Descriptions
Field Description

last login failure time

The timestamp of the most recent failed TACACS+ authentication attempt.

successful connections

The total number of successful TACACS+ connections established with the TACACS+ server.

failed connections

The total number of connection attempts with a TACACS+ server that have failed.

authentication PASS

The total number of connections established with a TACACS+ server that have passed authentication.

authentication FAIL

The total number of authentication connections attempts with a TACACS+ server that have failed.

session starts

The total number of TACACS+ session starts. A session start is defined as the point at which the TACACS+ user has passed authentication.

active sessions

The total number of active TACACS+ sessions.

authorization errors

The total number of TACACS+ authorization errors.

accounting errors

The total number of TACACS+ accounting errors.

non-TACACS+ logins

The total number of non-TACACS+ logins. Note that the system can be configured to allow TACACS+ users to continue on to use non-TACACS+ authentication services if the user fails the TACACS+ login.



show tacacs session statistics


Table 3. show tacacs session statistics Command Output Descriptions
Field Description

active session #n

A numerical identifier assigned to an active TACACS+ CLI session.

task id

The software task ID assigned by the client to identify TACACS+ accounting statistics.

task instance

The software task instance ID assigned by the ASR 5000 for each active TACACS+ session.

login username

The username assigned to this TACACS+ session.

login tty

The logical or physical port identifier assigned for a TACACS+ login.

tty connect time

The time at which the TACACS+ connection was established.

session start time

The time and date of the TACACS+ session start time, which is defined as the time at which a TACACS+ user passes TACACS+ authentication.

pre-bytes in

The total number of bytes received from the TACACS+ server before the TACACS+ user was authenticated.

pre-bytes out

The total number of bytes sent to the TACACS+ server before the TACACS+ user was authenticated.

pre-packets in

The total number of packets received from the TACACS+ server before the TACACS+ user was authenticated.

pre-packets out

The total number of packets sent to the TACACS+ server before the TACACS+ user was authenticated.

bytes in

The total number of bytes (pre- and post-authentication) received from the TACACS+ server after the TACACS+ user was authenticated.

bytes out

The total number of bytes sent (pre- and post-authentication) to the TACACS+ server after the TACACS+ user was authenticated.

packets in

The total number of packets (pre- and post-authentication) received from the TACACS+ server for this TACACS+ session.

packets out

The total number of packets (pre- and post-authentication) sent to the TACACS+ server after the TACACS+ user was authenticated.

authen start requests success

The total number of authentication start requests sent to the TACACS+ server that were successful.

authen start requests error

The total number of authentication start requests sent to the TACACS+ server that were unsuccessful, typically due to a protocol error.

authen cont requests success

The total number of authentication continue requests sent to the TACACS+ server that were successful.

authen cont requests error

The total number of authentication continue (username and/or password) requests sent to the TACACS+ server that were failed, typically due to a protocol error.

authen start/cont rep success

The number of authentication start/continue Reply messages received from the TACACS+ server that were successful.

authen start/cont rep failure

The number of authentication start/continue Reply messages received from the TACACS+ server that failed.

authen start/cont rep timeout

The number of authentication start/continue Reply messages received from the TACACS+ server that timed out.

author requests success

The number of TACACS+ authorization requests sent to the TACACS+ server that were successful.

author requests failure

The number of TACACS+ authorization requests sent to the TACACS+ server that failed.

author responses success

The number of authorization responses received from the TACACS+ server that were successful.

author responses failure

The number of authorization responses received from the TACACS+ server that failed.

author responses timeout

The number of authorization responses from the TACACS+ server that timed out.

account requests success

The number of accounting requests sent to the TACACS+ server that were successful.

account requests error

The number of accounting requests sent to the TACACS+ server that were unsuccessful, typically due to a protocol error.

account replies success

The number of accounting replies from the TACACS+ server that were successful.

account replies failure

The number of accounting replies from the TACACS+ server that failed.

account replies timeout

The number of accounting replies from the TACACS+ server that timed out.

total active TACACS+ sessions

The total number of currently active TACACS+ sessions.