Debug the radius attribute sent/received to/from the authentication server on the controller

By esupport posted Jun 01, 2020 11:20 AM

  
Q:

Is it possible to see the RADIUS attributes sent/received to and from the RADIUS server during dot1x authentication using debug option on the Controller?



A:

WLAN admin can use the below debug option to see the exchange of RADIUS attributes on the Controller. This will be useful when the auth server is using RADSEC, were packets will be encrypted using TLS. Hence UDP 1812 controlpath captures taken from the Controller will not shows any of these information in the packet capture.

 

logging security process authmgr level debugging
logging security process authmgr subcat aaa level debugging
logging security process dot1x-proc level debugging
logging security process dot1x-proc subcat aaa level debugging 
logging level debugging user-debug <user mac>

 

The attributes can be seen on the "show log security" output collected at the time of authentication process. Below is the sample output. 

 

Attributes on Auth request sent to the server

 

Attributes on the radius response from the server

 

 

0 comments
2 views