Output of sh tacacs

Answered Question
Dec 22nd, 2008
User Badges:

Hi all,

i log on to switch and did

sh tacacs


Tacacs+ Server : 10.3.31.1/49

Socket opens: 40

Socket closes: 40

Socket aborts: 6

Socket errors: 0

Socket Timeouts: 0

Failed Connect Attempts: 0

Total Packets Sent: 64

Total Packets Recv: 58



Tacacs+ Server : 10.12.31.12/49

Socket opens: 0

Socket closes: 0

Socket aborts: 0

Socket errors: 0

Socket Timeouts: 0

Failed Connect Attempts: 0

Total Packets Sent: 0

Total Packets Recv: 0

What does this output mean?

Many thanks

Correct Answer by Richard Burts about 8 years 5 months ago

Mahesh


Socket is a concept that identifies a process by specifying the combination of IP address and tcp/udp port number that it uses. For more detail you might look at this link:

http://www.tcpipguide.com/free/t_TCPIPSocketsandSocketPairsProcessandConnectionIden.htm

where you would find this discussion of the term:

What this all means is that the overall identification of an application process actually uses the combination of the IP address of the host it runs on-or the network interface over which it is talking, to be more precise-and the port number which has been assigned to it. This combined address is called a socket. Sockets are specified using the following notation:


:

So, for example, if we have a Web site running on IP address 41.199.222.3, the socket corresponding to the HTTP server for that site would be 41.199.222.3:80.


There are several types of packets that can be sent depending on how you have configured aaa. If you have configured authentication for user mode then there will be packets to initiate the authentication process, request for user name, identification of user name, request for password, transmission of the password, results of authentication (PASS or FAIL). If you have configured authorization then there will be packets requesting authorization for various activities and the authoriation response from TACACS. And if you have configured accounting then there will be packets from the switch to the server with accounting data as the payload.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Richard Burts Mon, 12/22/2008 - 09:32
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mahesh


This is a very open ended question. We could probably give better answers if you could be more specific about what part of the output is not understood. But for a beginning, the output shows that the switch has 2 TACACS servers configured. The switch will use the first server each time, and if it attempts to use the first server and the server does not respond then it will attempt the second server. The output shows that the switch has not had to use the second server in the length of time that statistics have been kept (probably the time since boot of the switch). The output shows that TACACS uses TCP port 49. The output shows that the switch has sent 64 packets and has received 58 packets. The difference of 6 between sent and received is probably the 6 socket aborts.


Is there some other aspect of the output that you are asking about?


HTH


Rick



mahesh18 Mon, 12/22/2008 - 10:09
User Badges:

Hi Rick,

Many thanks for great reply.

I want to know what does socket mean here and

also which type of packets are send and receive between switch and Server

Many thanks

mahesh

Correct Answer
Richard Burts Mon, 12/22/2008 - 10:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mahesh


Socket is a concept that identifies a process by specifying the combination of IP address and tcp/udp port number that it uses. For more detail you might look at this link:

http://www.tcpipguide.com/free/t_TCPIPSocketsandSocketPairsProcessandConnectionIden.htm

where you would find this discussion of the term:

What this all means is that the overall identification of an application process actually uses the combination of the IP address of the host it runs on-or the network interface over which it is talking, to be more precise-and the port number which has been assigned to it. This combined address is called a socket. Sockets are specified using the following notation:


:

So, for example, if we have a Web site running on IP address 41.199.222.3, the socket corresponding to the HTTP server for that site would be 41.199.222.3:80.


There are several types of packets that can be sent depending on how you have configured aaa. If you have configured authentication for user mode then there will be packets to initiate the authentication process, request for user name, identification of user name, request for password, transmission of the password, results of authentication (PASS or FAIL). If you have configured authorization then there will be packets requesting authorization for various activities and the authoriation response from TACACS. And if you have configured accounting then there will be packets from the switch to the server with accounting data as the payload.


HTH


Rick

Actions

This Discussion