Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎11-04-2015

On a controller, can I view the Radius attributes returned by an auth server during 802.1x auth ?

Hi all,

 

If I configure a WLAN for 802.1x security, and I configure the controller to point to a Radius server via a server group, the controller will do role derivation based on the Radius attributes returned by the Radius server.

 

I can clearly see the role selected and assigned to an authenticated use in the monitoring screens, but It doesnt show me the Radius attribute that were returned by the Radius server.  

 

If I was looking on Clearpass the Access Tracker would show me the attributes sent back.  But I want to look at the values actually received by the controller.

 

Can I do this ?  If so, how ?

 

Thanks,

 

Malcolm

Guru Elite
Posts: 8,447
Registered: ‎09-08-2010

Re: On a controller, can I view the Radius attributes returned by an auth server during 802.1x auth

You'll hve to enable debugging and then look at the security logs


logging level debugging security process authmgr
logging level debugging security subcat aaa

Show log security 25

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: On a controller, can I view the Radius attributes returned by an auth server during 802.1x auth

Yes.

You need to enable the following debug logging level

(config) # logging level debugging security process authmgr
(config) # logging level debugging security subcat aaa

show log security all

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: