#show aaa profile CPG-aaa_prof AAA Profile "CPG-aaa_prof" -------------------------- Parameter Value --------- ----- Initial role CPG-Login MAC Authentication Profile default MAC Authentication Default Role guest MAC Authentication Server Group ClearPass 802.1X Authentication Profile N/A 802.1X Authentication Default Role guest 802.1X Authentication Server Group N/A L2 Authentication Fail Through Disabled RADIUS Accounting Server Group ClearPass RADIUS Interim Accounting Enabled XML API server N/A RFC 3576 server 192.168.7.8 User derivation rules N/A Wired to Wireless Roaming Enabled SIP authentication role N/A Device Type Classification Enabled Enforce DHCP Disabled #show user ip 192.168.5.4 Name: 0022fbd027c0, IP: 192.168.5.4, MAC: 00:22:fb:d0:27:c0, Role: CPG-Login, ACL: 55/0/0, Age: 00:00:19 Authentication: No, status: started, method: , protocol: PAP, server: Role Derivation: AAA profile default role VLAN Derivation: unknown Idle timeouts: 0, Valid ARP: 0 Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0 Flags: internal=0, trusted_ap=0, l3auth=0, mba=1, vpnflags=0, u_stm_ageout=1 Flags: innerip=0, outerip=0, vpn_outer_ind:0, guest=0, download=1, wispr=0 Auth fails: 0, phy_type: a-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1 Vlan default: 99, Assigned: 0, Current: 99 vlan-how: 0 DP assigned vlan:0 Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0 Tunnel=0, SlotPort=0x2028, Port=0x10035 (tunnel 53) Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a Current Role name: CPG-Login, role-how: 10, L2-role: CPG-Login, L3-role: CPG-Login Essid: Guest, Bssid: 00:24:6c:05:a7:7d AP name/group: AP105_Main_Floor/User APs Phy-type: a-HT RadAcct sessionID:n/a RadAcct Traffic In 178/22250 Out 0/0 (0:178/0:0:0:22250,0:0/0:0:0:0) Timers: reauth 0 Profiles AAA:CPG-aaa_prof, dot1x:, mac:default CP:demo def-role:'CPG-Login' sip-role:'' via-auth-profile:'' ncfg flags udr 0, mac 1, dot1x 0, RADIUS interim accounting 1 IP Born: 1390224700 (Mon Jan 20 08:31:40 2014) Core User Born: 1390224699 (Mon Jan 20 08:31:39 2014) Upstream AP ID: 0, Downstream AP ID: 0 Device Type: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36 Session Timeout from Radius: No, Session Timeout Value:0 Address is from DHCP: no #show rights CPG-Login Derived Role = 'CPG-Login' Up BW:No Limit Down BW:No Limit L2TP Pool = default-l2tp-pool PPTP Pool = default-pptp-pool Periodic reauthentication: Disabled ACL Number = 55/0/56 Max Sessions = 65535 Captive Portal profile = demo access-list List ---------------- Position Name Type Location -------- ---- ---- -------- 1 CP-web-ACL session 2 logon-control session 3 captiveportal session CP-web-ACL ---------- Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 -------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ 1 user 192.168.7.8 svc-http permit Low 4 2 user 192.168.7.8 svc-https permit Low 4 logon-control ------------- Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 -------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ 1 user any udp 68 deny Low 4 2 any any svc-icmp permit Low 4 3 any any svc-dns permit Low 4 4 any any svc-dhcp permit Low 4 5 any any svc-natt permit Low 4 captiveportal ------------- Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 -------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ 1 user controller svc-https dst-nat 8081 Low 4 2 user any svc-http dst-nat 8080 Low 4 3 user any svc-https dst-nat 8081 Low 4 4 user any svc-http-proxy1 dst-nat 8088 Low 4 5 user any svc-http-proxy2 dst-nat 8088 Low 4 6 user any svc-http-proxy3 dst-nat 8088 Low 4 Expired Policies (due to time constraints) = 0