Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x troubleshooting filter ID

This thread has been viewed 8 times

  • 1.  802.1x troubleshooting filter ID

    Posted Nov 06, 2013 05:47 AM

    Hi

     

    Can anyone tell me which log will show the filter id sent from a RADIUS server? If I view a user debug log I can see that the client is authenticated and is assigned a vlan via a server derived rule but I do not see the nitty gritty of which ID was sent. I need this as I am working with a separate server management team and I want to show them exactly what the controller receives.

     

    Thanks

     

    Stewart



  • 2.  RE: 802.1x troubleshooting filter ID
    Best Answer

    EMPLOYEE
    Posted Nov 06, 2013 06:00 AM

    Try this:

    config t
logging level debugging security process authmgr
logging level debugging security subcat aaa

     Then type "show log security 50" to see the results.

    Nov 6 04:59:18 :124105:  <DBUG> |authmgr|  MM: mac=70:56:81:b2:cc:15, state=5, name=employee, role=Byod-Authenticated, dev_type=OS X, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=1.
Nov 6 04:59:18 :124004:  <DBUG> |authmgr|  AUTH GSM: USER uuid(0x6), mac(70:56:81:b2:cc:15), name(employee), role(Byod-Authenticated), devtype(OS X), wired(0), auth_type(4), auth_subtype(9), encrypt_type(10), conn_port(0)
Nov 6 04:59:18 :124234:  <DBUG> |authmgr|  Tx message to Sibyte, blocking with ack, Opcode = 17, msglen = 204 action = 1
Nov 6 04:59:18 :124004:  <DBUG> |authmgr|  vlan_alloc_update (vlan_alloc.c:140): Vlan Alloc  usage ; usage=10 vlan 1
Nov 6 04:59:18 :124004:  <DBUG> |authmgr|  AUTH GSM: DELETE MAC user 70:56:81:b2:cc:15
Nov 6 04:59:18 :124090:  <DBUG> |authmgr|  Free macuser 0x0x106a620c and user 0x0x10590e8c for mac 70:56:81:b2:cc:15.
Nov 6 04:59:18 :124004:  <DBUG> |authmgr|  AUTH GSM: USER DELETE uuid(0x6)
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:76] Find Request: id=10, srv=192.168.1.32, fd=78
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:82]  Current entry: srv=192.168.1.32, fd=78
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_request.c:37] Del Request: id=10, srv=192.168.1.32, fd=78
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1029] Authentication Successful
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1031] RADIUS RESPONSE ATTRIBUTES:
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1046]  PW_RADIUS_ID: \012 
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1046]  Rad-Length: 20 
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1046]  PW_RADIUS_CODE: \005 
Nov 6 04:59:18 :121031:  <DBUG> |authmgr| |aaa| [rc_api.c:1046]  PW_RAD_AUTHENTICATOR: \246\344t\273\364\305\003\020:|\227\351j\335Hi 
Nov 6 04:59:18 :124003:  <INFO> |authmgr|  Authentication result=Authentication Successful(0), method=radius-accounting, server=cppm-192.168.1.32, user=70:56:81:b2:cc:15 
Nov 6 04:59:18 :124004:  <DBUG> |authmgr|  Auth server 'cppm-192.168.1.32' response=0

     



  • 3.  RE: 802.1x troubleshooting filter ID

    Posted Nov 06, 2013 06:35 AM

    Thanks for the quick reply. Worked great,



  • 4.  RE: 802.1x troubleshooting filter ID

    MVP
    Posted May 21, 2014 08:28 AM

    So I thought I understood the logging level stuff.. however.. it seems I don't.

    What weirds me out is that with both those commands you mentioned I do get the required output (filter-id returned).

    I figured one of those debugs should warrant the same output as well but this seems incorrect.

     

    This is what I tried to figure out exactly what command gives me the returned radius attributes. Each attempt I cleared the user-table so a new auth was triggered.

     

    configure terminal logging level debugging security process authmgr
configure terminal logging level debugging security subcat aaa 
show log security all | include  Filter-Id  
=> Filter-Id: test 

configure terminal logging level debugging security process authmgr
configure terminal no logging level debugging security subcat aaa 
show log security all | include  Filter-Id  
=> NULL

configure terminal no logging level debugging security process authmgr
configure terminal logging level debugging security subcat aaa 
show log security all | include  Filter-Id  
=> NULL

configure terminal no logging level debugging security process authmgr
configure terminal no logging level debugging security subcat aaa 
configure terminal logging level debugging security
show log security all | include  Filter-Id  
=> NULL

configure terminal no logging level debugging security process authmgr
configure terminal no logging level debugging security subcat aaa 
configure terminal no logging level debugging security
configure terminal logging level debugging security process authmgr subcat aaa
show log security all | include  Filter-Id
    => NULL

configure terminal no logging level debugging security process authmgr subcat aaa
configure terminal logging level debugging security process authmgr
configure terminal logging level debugging security subcat aaa 
show log security all | include  Filter-Id  
=> Filter-Id: test

     

     

    Not what I expected.

    So can anyone explain why I'm getting more (diferent?) output when having both logging debug levels active at the same time as apposed to the 'sum' of both used seperately?

     



  • 5.  RE: 802.1x troubleshooting filter ID

    MVP
    Posted May 28, 2014 08:31 AM

    Anyone that can explain those results?