Hi
I have encountered some strange client devices that doesn't trigger a MAC authentication and you can't see a MAC address on the port if authentication is enabled.
In my case it has for example been an intercom with integrated camera where the voice part of the device have one MAC address and the camera another,
But on an authenticated port the device becames totaly silent and we can't see anything on the port.
The command 'show mac-address' will display all known MAC addressen in the switch. On a CX switch the same command is 'show mac-address-table'
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Oct 10, 2024 01:37 AM
From: abir alkobi
Subject: how to: show which ports is blocked by AAA
thank you for the quick response,
but how can i get the mac address? it there a list on the switch?
i can see the same logs with no mentiong of the mac got blocked.
Original Message:
Sent: Oct 08, 2024 06:13 PM
From: ariyap
Subject: how to: show which ports is blocked by AAA
generally using "show log -r" will give you the event logs in reverse order on AOS-S switch like 2930s.
Aruba-2930F-Lab2# sh log -r
Keys: W=Warning I=Information
M=Major D=Debug E=Error
---- Reverse event Log listing: Events Since Boot ----
I 01/11/19 17:02:48 00076 ports: port 4 is now on-line
I 01/11/19 17:02:48 00435 ports: port 4 is Blocked by AAA
I 01/11/19 17:02:48 00002 vlan: DEFAULT_VLAN virtual LAN disabled
I 01/11/19 17:02:48 00001 vlan: DEFAULT_VLAN virtual LAN enabled
I 01/11/19 17:02:29 00076 ports: port 4 is now on-line
I 01/11/19 17:02:22 00435 ports: port 4 is Blocked by AAA
I 01/11/19 17:02:18 00077 ports: port 4 is now off-line
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Oct 08, 2024 01:39 PM
From: chulcher
Subject: how to: show which ports is blocked by AAA
Should be something in the log on the switch or on the RADIUS server.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 07, 2024 10:44 AM
From: abir alkobi
Subject: how to: show which ports is blocked by AAA
Hey All,
I have a switch model 2930M ver:WC.16.10.0021
each access port get this configuration:
interface 1/17
dhcp-snooping max-bindings 3
untagged vlan 1
aaa port-access authenticator
aaa port-access authenticator client-limit 3
aaa port-access mac-based
aaa port-access mac-based addr-limit 3
aaa port-access controlled-direction in
spanning-tree admin-edge-port
spanning-tree bpdu-protection
exit
i can see in the log that the port is blocked by AAA.
my question is this: i would like to get the MAC-ADDESS that got blocked.
how can i get the mac address?
when im trying to check the mac address table i cant see any info on this port.
only if i take the aaa mac-based and shut/no shut the port im able to see the mac.
does someone know how to check blocked by AAA ports?
this command: show port-access clients 1/17 detailed
gets nothing.
why?