Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1806
Views
5
Helpful
5
Replies

Output of sh tacacs

Go to solution
mahesh18
Level 6
Level 6

‎12-22-2008 09:18 AM - edited ‎03-06-2019 03:05 AM

Hi all,

i log on to switch and did

sh tacacs

Tacacs+ Server : 10.3.31.1/49

Socket opens: 40

Socket closes: 40

Socket aborts: 6

Socket errors: 0

Socket Timeouts: 0

Failed Connect Attempts: 0

Total Packets Sent: 64

Total Packets Recv: 58

Tacacs+ Server : 10.12.31.12/49

Socket opens: 0

Socket closes: 0

Socket aborts: 0

Socket errors: 0

Socket Timeouts: 0

Failed Connect Attempts: 0

Total Packets Sent: 0

Total Packets Recv: 0

What does this output mean?

Many thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to mahesh18

‎12-22-2008 10:37 AM

Mahesh

Socket is a concept that identifies a process by specifying the combination of IP address and tcp/udp port number that it uses. For more detail you might look at this link:

http://www.tcpipguide.com/free/t_TCPIPSocketsandSocketPairsProcessandConnectionIden.htm

where you would find this discussion of the term:

What this all means is that the overall identification of an application process actually uses the combination of the IP address of the host it runs on-or the network interface over which it is talking, to be more precise-and the port number which has been assigned to it. This combined address is called a socket. Sockets are specified using the following notation:

:

So, for example, if we have a Web site running on IP address 41.199.222.3, the socket corresponding to the HTTP server for that site would be 41.199.222.3:80.

There are several types of packets that can be sent depending on how you have configured aaa. If you have configured authentication for user mode then there will be packets to initiate the authentication process, request for user name, identification of user name, request for password, transmission of the password, results of authentication (PASS or FAIL). If you have configured authorization then there will be packets requesting authorization for various activities and the authoriation response from TACACS. And if you have configured accounting then there will be packets from the switch to the server with accounting data as the payload.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎12-22-2008 09:32 AM

Mahesh

This is a very open ended question. We could probably give better answers if you could be more specific about what part of the output is not understood. But for a beginning, the output shows that the switch has 2 TACACS servers configured. The switch will use the first server each time, and if it attempts to use the first server and the server does not respond then it will attempt the second server. The output shows that the switch has not had to use the second server in the length of time that statistics have been kept (probably the time since boot of the switch). The output shows that TACACS uses TCP port 49. The output shows that the switch has sent 64 packets and has received 58 packets. The difference of 6 between sent and received is probably the 6 socket aborts.

Is there some other aspect of the output that you are asking about?

HTH

Rick

HTH

Rick

Go to solution
mahesh18
Level 6
Level 6
In response to Richard Burts

‎12-22-2008 10:09 AM

Hi Rick,

Many thanks for great reply.

I want to know what does socket mean here and

also which type of packets are send and receive between switch and Server

Many thanks

mahesh

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to mahesh18

‎12-22-2008 10:37 AM

Mahesh

Socket is a concept that identifies a process by specifying the combination of IP address and tcp/udp port number that it uses. For more detail you might look at this link:

http://www.tcpipguide.com/free/t_TCPIPSocketsandSocketPairsProcessandConnectionIden.htm

where you would find this discussion of the term:

What this all means is that the overall identification of an application process actually uses the combination of the IP address of the host it runs on-or the network interface over which it is talking, to be more precise-and the port number which has been assigned to it. This combined address is called a socket. Sockets are specified using the following notation:

:

So, for example, if we have a Web site running on IP address 41.199.222.3, the socket corresponding to the HTTP server for that site would be 41.199.222.3:80.

There are several types of packets that can be sent depending on how you have configured aaa. If you have configured authentication for user mode then there will be packets to initiate the authentication process, request for user name, identification of user name, request for password, transmission of the password, results of authentication (PASS or FAIL). If you have configured authorization then there will be packets requesting authorization for various activities and the authoriation response from TACACS. And if you have configured accounting then there will be packets from the switch to the server with accounting data as the payload.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Richard Burts

‎12-22-2008 11:09 AM

Hi Rick,

Many thanks once again

0 Helpful

Go to solution
ullasupendran
Level 1
Level 1

‎12-22-2008 09:34 AM

Hi mahesh

See the following link which will clear ur doubts abt the output.

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s5.html#wp1033909

Pls Rate if it helps

Ullas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card