ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 14
Registered: ‎04-22-2010

Question on Radius Attributes

I would like to view the attributes that are being passed from my Cisco ACS server back to the Aruba controller. I have tried show log security, but I am not seeing any attributes. Is there some way that I can do this?
Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

show log security

Please try the following before "show log security"

logging level debugging security subcat dot1x
logging level debugging security subcat aaa
logging level debugging security process authmgr
logging level debugging user subcat dot1x


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎04-22-2010

Re: Question on Radius Attributes

I enabled debugging for those and I am still not seeing the Filter-ID. Radius must not be passing it back to the controller. Thank you for your reply, I am getting closer to a figuring out my problem.
Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

What kind of server




What kind of Radius server do you have?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎04-22-2010

Re: Question on Radius Attributes

Cisco Secure ACS 5.1
Guru Elite
Posts: 20,582
Registered: ‎03-29-2007

Cisco ACS 5.1

That is unfortunate, only because ACS 5.x is so new, and so different, few people know how to configure it effectively.

Below is the output that I got from "show log security x", to give you an idea of what you should be seeing.

 Sending radius request to aruba-supersvr:10.7.1.220:1645 id:145,len:117 
Jul 13 09:51:47 :121031: |authmgr| |aaa| NAS-IP-Address: 10.69.69.16
Jul 13 09:51:47 :121031: |authmgr| |aaa| NAS-Port-Id: 0
Jul 13 09:51:47 :121031: |authmgr| |aaa| NAS-Port-Type: 19
Jul 13 09:51:47 :121031: |authmgr| |aaa| User-Name: jmcdowell
Jul 13 09:51:47 :121031: |authmgr| |aaa| Password: *****
Jul 13 09:51:47 :121031: |authmgr| |aaa| Calling-Station-Id: 209.6.3.158
Jul 13 09:51:47 :121031: |authmgr| |aaa| Called-Station-Id: 000B86619DDC
Jul 13 09:51:47 :121031: |authmgr| |aaa| Service-Type: Login-User
Jul 13 09:51:47 :121031: |authmgr| |aaa| Aruba-Essid-Name:
Jul 13 09:51:47 :121031: |authmgr| |aaa| Aruba-Location-Id: N/A
Jul 13 09:51:47 :121031: |authmgr| |aaa| Find Request: id=145, srv=10.1.1.200, fd=54
Jul 13 09:51:47 :121031: |authmgr| |aaa| Current entry: srv=10.1.1.200, fd=54
Jul 13 09:51:47 :121031: |authmgr| |aaa| Del Request: id=145, srv=10.1.1.200, fd=54
Jul 13 09:51:47 :121031: |authmgr| |aaa| Authentication Successful
Jul 13 09:51:47 :121031: |authmgr| |aaa| RADIUS RESPONSE ATTRIBUTES:
Jul 13 09:51:47 :121031: |authmgr| |aaa| Framed-Protocol: PPP
Jul 13 09:51:47 :121031: |authmgr| |aaa| Service-Type: Framed-User
Jul 13 09:51:47 :121031: |authmgr| |aaa| Class: =\315\004\376
Jul 13 09:51:47 :121031: |authmgr| |aaa| PW_RADIUS_ID: \221
Jul 13 09:51:47 :121031: |authmgr| |aaa| Rad-Length: 64
Jul 13 09:51:47 :121031: |authmgr| |aaa| PW_RADIUS_CODE: \002
Jul 13 09:51:47 :121031: |authmgr| |aaa| PW_RAD_AUTHENTICATOR: 6\007I\243\\244\221\256\270\312\355\034a\371n\317


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎04-22-2010

Re: Question on Radius Attributes


That is unfortunate, only because ACS 5.x is so new, and so different, few people know how to configure it effectively.

Below is the output that I got from "show log security x", to give you an idea of what you should be seeing.

 Sending radius request to aruba-supersvr:10.7.1.220:1645 id:145,len:117 
Jul 13 09:51:47 :121031: |authmgr| |aaa| NAS-IP-Address: 10.69.69.16
Jul 13 09:51:47 :121031: |authmgr| |aaa| NAS-Port-Id: 0
Jul 13 09:51:47 :121031: |authmgr| |aaa| NAS-Port-Type: 19
Jul 13 09:51:47 :121031: |authmgr| |aaa| User-Name: jmcdowell
Jul 13 09:51:47 :121031: |authmgr| |aaa| Password: *****
Jul 13 09:51:47 :121031: |authmgr| |aaa| Calling-Station-Id: 209.6.3.158
Jul 13 09:51:47 :121031: |authmgr| |aaa| Called-Station-Id: 000B86619DDC
Jul 13 09:51:47 :121031: |authmgr| |aaa| Service-Type: Login-User
Jul 13 09:51:47 :121031: |authmgr| |aaa| Aruba-Essid-Name:
Jul 13 09:51:47 :121031: |authmgr| |aaa| Aruba-Location-Id: N/A
Jul 13 09:51:47 :121031: |authmgr| |aaa| Find Request: id=145, srv=10.1.1.200, fd=54
Jul 13 09:51:47 :121031: |authmgr| |aaa| Current entry: srv=10.1.1.200, fd=54
Jul 13 09:51:47 :121031: |authmgr| |aaa| Del Request: id=145, srv=10.1.1.200, fd=54
Jul 13 09:51:47 :121031: |authmgr| |aaa| Authentication Successful
Jul 13 09:51:47 :121031: |authmgr| |aaa| RADIUS RESPONSE ATTRIBUTES:
Jul 13 09:51:47 :121031: |authmgr| |aaa| Framed-Protocol: PPP
Jul 13 09:51:47 :121031: |authmgr| |aaa| Service-Type: Framed-User
Jul 13 09:51:47 :121031: |authmgr| |aaa| Class: =\315\004\376
Jul 13 09:51:47 :121031: |authmgr| |aaa| PW_RADIUS_ID: \221
Jul 13 09:51:47 :121031: |authmgr| |aaa| Rad-Length: 64
Jul 13 09:51:47 :121031: |authmgr| |aaa| PW_RADIUS_CODE: \002
Jul 13 09:51:47 :121031: |authmgr| |aaa| PW_RAD_AUTHENTICATOR: 6\007I\243\\244\221\256\270\312\355\034a\371n\317



I am going to contact Cisco. Like you said, ACS 5.1 is new and I don't have a whole lot of experience with it. We are using Radius and passing it through to Active Directory, it is getting lost somewhere in that handoff. I am seeing output similar to what you have above. Here are the logs:

Jul 13 06:36:42 :121031: |authmgr| |aaa| Add Request: id=131, srv=64.89.177.11, fd=38
Jul 13 06:36:42 :121031: |authmgr| |aaa| Sending radius request to ACS:64.89.177.11:1812 id:131,len:202
Jul 13 06:36:42 :121031: |authmgr| |aaa| NAS-IP-Address: 64.89.185.156
Jul 13 06:36:42 :121031: |authmgr| |aaa| NAS-Port-Id: 0
Jul 13 06:36:42 :121031: |authmgr| |aaa| NAS-Port-Type: 19
Jul 13 06:36:42 :121031: |authmgr| |aaa| User-Name: dwilliams
Jul 13 06:36:42 :121031: |authmgr| |aaa| Calling-Station-Id: 0022697C6552
Jul 13 06:36:42 :121031: |authmgr| |aaa| Called-Station-Id: 000B86617B3C
Jul 13 06:36:42 :121031: |authmgr| |aaa| Vendor-Specific: \371\335_R\227\007>\033\366U\310\211\201\331\363p
Jul 13 06:36:42 :121031: |authmgr| |aaa| Vendor-Specific: \006
Jul 13 06:36:42 :121031: |authmgr| |aaa| Service-Type: Login-User
Jul 13 06:36:42 :121031: |authmgr| |aaa| Aruba-Essid-Name: UNCA
Jul 13 06:36:42 :121031: |authmgr| |aaa| Aruba-Location-Id: 00:1a:1e:c7:bc:d6
Jul 13 06:36:43 :121031: |authmgr| |aaa| Find Request: id=131, srv=64.89.177.11, fd=38
Jul 13 06:36:43 :121031: |authmgr| |aaa| Current entry: srv=64.89.177.11, fd=38
Jul 13 06:36:43 :121031: |authmgr| |aaa| Del Request: id=131, srv=64.89.177.11, fd=38
Jul 13 06:36:43 :121031: |authmgr| |aaa| Authentication Successful
Jul 13 06:36:43 :121031: |authmgr| |aaa| RADIUS RESPONSE ATTRIBUTES:
Jul 13 06:36:43 :121031: |authmgr| |aaa| User-Name: dwilliams
Jul 13 06:36:43 :121031: |authmgr| |aaa| Class: CACS:uncsacs/60804988/1020
Jul 13 06:36:43 :121031: |authmgr| |aaa| {Microsoft} MS-CHAP-MPPE-Keys: \364\255S\363\357\325\260Z\374\301\350\322Hf\031
Jul 13 06:36:43 :121031: |authmgr| |aaa| {Microsoft} MS-CHAP2-Success: 5E474B70142DE6BF84ED0F98F74411E9D3D9B
Jul 13 06:36:43 :121031: |authmgr| |aaa| PW_RADIUS_ID: \203
Jul 13 06:36:43 :121031: |authmgr| |aaa| Rad-Length: 150
Jul 13 06:36:43 :121031: |authmgr| |aaa| PW_RADIUS_CODE: \002
Jul 13 06:36:43 :121031: |authmgr| |aaa| PW_RAD_AUTHENTICATOR: \325\374\336W\334\034X\014\350b\2575QC'\241
Search Airheads
Showing results for 
Search instead for 
Did you mean: