Wireless Access

Hello,

I'm looking for a command that shows on the VMC what type of encryption (WPA, WPA2, WEP, Open...) a client is using to connect to a network profile.

 

I am aware of the command "show auth-tracebuf" which shows in the last row the encryption type, but I am searching for a command that simply shows the current security encryption client is using to stay connected to a network. Is there such a command?

 

Edit: I'm running an MM-VMC setup with two APs connected to VMC.

show dot1x supplicant-info list-all

Awesome it works. Thanks! For open, the table's empty because there's no encryption type right?

---

@Saikat wrote:

Awesome it works. Thanks! For open, the table's empty because there's no encryption type right?

---

Correct.

Have you tried the below, this will show you the ESSID which is broadcasting along with the encryption type.

 

show ap essid

To my knowledge I don't know if there is a command to view what the encryption type the client is attempting to connect/configured with

Yes, that command is helpful too if you want to show the essid's encryption type. But I was looking for a command that shows what encryption type client is using to connect to a profile and "show dot1x supplicant-info list-all" does that by showing client MAC along with the specific encryption type. Thank you for your input.

I wanted to try to clarify that this command "show dot1x supplicant-info list-all" will only show devices for dot1x SSIDs, correct?  
Is there a similar command for current devices connected to pre-shared key SSIDs?
Thank you,
John

------------------------------
John Davis
------------------------------

Original Message:
Sent: Oct 25, 2018 11:54 AM
From: Saikat Sifat
Subject: Verifying Encryption type of Client Association.

Yes, that command is helpful too if you want to show the essid's encryption type. But I was looking for a command that shows what encryption type client is using to connect to a profile and "show dot1x supplicant-info list-all" does that by showing client MAC along with the specific encryption type. Thank you for your input.

Incorrect.  It shows encryption for all types

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Feb 14, 2022 05:04 PM
From: John Davis
Subject: Verifying Encryption type of Client Association.

I wanted to try to clarify that this command "show dot1x supplicant-info list-all" will only show devices for dot1x SSIDs, correct?  
Is there a similar command for current devices connected to pre-shared key SSIDs?
Thank you,
John

------------------------------
John Davis

Original Message:
Sent: Oct 25, 2018 11:54 AM
From: Saikat Sifat
Subject: Verifying Encryption type of Client Association.

Yes, that command is helpful too if you want to show the essid's encryption type. But I was looking for a command that shows what encryption type client is using to connect to a profile and "show dot1x supplicant-info list-all" does that by showing client MAC along with the specific encryption type. Thank you for your input.

When running this command - I exported into excel and sorted by MAC address and/or by IP address.
Oddly I see similar MAC addresses (possibly MAC randomization) across multiple SSIDs with the same IP.
Of course, this cannot be an accurate list of connected devices if it shows the same device on multiple SSIDs.
I am looking for a client that connects to an SSID and show that encryption method.  I don't think I'm getting that output with this command.
This is just a sampling, showing the first two IP addresses, but this continues for all devices using TKIP.
Also, I've taken a sampling of 20 IP addresses and immediately did a "show user-table ip x.x.x.x" and shows nothing.  Also, tried "| include".  I've also done this on the master controller GUI, all WLAN clients (6.5.4.x) and do not see a client with these IP addresses.  
Any advice?

macs and ip's have been changed to protect the innocent.
ee:a0:7f:1e:29:33 10.10.97.20 PSKSSID AP ee:a0:7f:c9:e2:92 default 810 WPA-PSK-TKIP 0 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:29:31 10.10.97.20 SSID-A AP ee:a0:7f:c9:e2:92 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:29:30 10.10.97.20 SSID-X AP ee:a0:7f:c9:e2:92 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof
ee:a0:7f:1e:29:23 10.10.97.20 PSKSSID AP ee:a0:7f:c9:e2:92 default 810 WPA-PSK-TKIP 2 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:29:21 10.10.97.20 SSID-A AP ee:a0:7f:c9:e2:92 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:29:20 10.10.97.20 SSID-X AP ee:a0:7f:c9:e2:92 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof
ee:a0:7f:1e:26:93 10.10.163.35 PSKSSID AP ee:a0:7f:c9:e2:68 default 810 WPA-PSK-TKIP 1 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:26:91 10.10.163.35 SSID-A AP ee:a0:7f:c9:e2:68 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:26:90 10.10.163.35 SSID-X AP ee:a0:7f:c9:e2:68 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof
ee:a0:7f:1e:26:83 10.10.163.35 PSKSSID AP ee:a0:7f:c9:e2:68 default 810 WPA-PSK-TKIP 0 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:26:81 10.10.163.35 SSID-A AP ee:a0:7f:c9:e2:68 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:26:80 10.10.163.35 SSID-X AP ee:a0:7f:c9:e2:68 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof

------------------------------
John Davis
------------------------------

Original Message:
Sent: Feb 14, 2022 07:48 PM
From: Colin Joseph
Subject: Verifying Encryption type of Client Association.

Incorrect.  It shows encryption for all types

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Feb 14, 2022 05:04 PM
From: John Davis
Subject: Verifying Encryption type of Client Association.

I wanted to try to clarify that this command "show dot1x supplicant-info list-all" will only show devices for dot1x SSIDs, correct?  
Is there a similar command for current devices connected to pre-shared key SSIDs?
Thank you,
John

------------------------------
John Davis

Original Message:
Sent: Oct 25, 2018 11:54 AM
From: Saikat Sifat
Subject: Verifying Encryption type of Client Association.

Yes, that command is helpful too if you want to show the essid's encryption type. But I was looking for a command that shows what encryption type client is using to connect to a profile and "show dot1x supplicant-info list-all" does that by showing client MAC along with the specific encryption type. Thank you for your input.

Please state what command you are using.  You should be using "show dot1x supplicant-info list-all"

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Feb 15, 2022 10:55 AM
From: John Davis
Subject: Verifying Encryption type of Client Association.

When running this command - I exported into excel and sorted by MAC address and/or by IP address.
Oddly I see similar MAC addresses (possibly MAC randomization) across multiple SSIDs with the same IP.
Of course, this cannot be an accurate list of connected devices if it shows the same device on multiple SSIDs.
I am looking for a client that connects to an SSID and show that encryption method.  I don't think I'm getting that output with this command.
This is just a sampling, showing the first two IP addresses, but this continues for all devices using TKIP.
Also, I've taken a sampling of 20 IP addresses and immediately did a "show user-table ip x.x.x.x" and shows nothing.  Also, tried "| include".  I've also done this on the master controller GUI, all WLAN clients (6.5.4.x) and do not see a client with these IP addresses.  
Any advice?

macs and ip's have been changed to protect the innocent.
ee:a0:7f:1e:29:33 10.10.97.20 PSKSSID AP ee:a0:7f:c9:e2:92 default 810 WPA-PSK-TKIP 0 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:29:31 10.10.97.20 SSID-A AP ee:a0:7f:c9:e2:92 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:29:30 10.10.97.20 SSID-X AP ee:a0:7f:c9:e2:92 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof
ee:a0:7f:1e:29:23 10.10.97.20 PSKSSID AP ee:a0:7f:c9:e2:92 default 810 WPA-PSK-TKIP 2 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:29:21 10.10.97.20 SSID-A AP ee:a0:7f:c9:e2:92 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:29:20 10.10.97.20 SSID-X AP ee:a0:7f:c9:e2:92 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof
ee:a0:7f:1e:26:93 10.10.163.35 PSKSSID AP ee:a0:7f:c9:e2:68 default 810 WPA-PSK-TKIP 1 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:26:91 10.10.163.35 SSID-A AP ee:a0:7f:c9:e2:68 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:26:90 10.10.163.35 SSID-X AP ee:a0:7f:c9:e2:68 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof
ee:a0:7f:1e:26:83 10.10.163.35 PSKSSID AP ee:a0:7f:c9:e2:68 default 810 WPA-PSK-TKIP 0 FORWARD_TUNNEL_80211 PSKSSID-aaa_prof/PSKSSID-dot1x_prof
ee:a0:7f:1e:26:81 10.10.163.35 SSID-A AP ee:a0:7f:c9:e2:68 default 94 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-A-aaa_prof/SSID-A-dot1x_prof
ee:a0:7f:1e:26:80 10.10.163.35 SSID-X AP ee:a0:7f:c9:e2:68 default 84 WPA-TKIP 0 FORWARD_TUNNEL_80211 SSID-X-aaa_prof/SSID-X-dot1x_prof

------------------------------
John Davis

Original Message:
Sent: Feb 14, 2022 07:48 PM
From: Colin Joseph
Subject: Verifying Encryption type of Client Association.

Incorrect.  It shows encryption for all types

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Feb 14, 2022 05:04 PM
From: John Davis
Subject: Verifying Encryption type of Client Association.

I wanted to try to clarify that this command "show dot1x supplicant-info list-all" will only show devices for dot1x SSIDs, correct?  
Is there a similar command for current devices connected to pre-shared key SSIDs?
Thank you,
John

------------------------------
John Davis

Original Message:
Sent: Oct 25, 2018 11:54 AM
From: Saikat Sifat
Subject: Verifying Encryption type of Client Association.

Yes, that command is helpful too if you want to show the essid's encryption type. But I was looking for a command that shows what encryption type client is using to connect to a profile and "show dot1x supplicant-info list-all" does that by showing client MAC along with the specific encryption type. Thank you for your input.

My apologies, I was using a previously suggested command - show dot1x ap-table.
The command you have - "show dot1x supplicant-info list-all" works great.
Regards.

------------------------------
John Davis
------------------------------

Original Message:
Sent: Feb 14, 2022 07:48 PM
From: Colin Joseph
Subject: Verifying Encryption type of Client Association.

Incorrect.  It shows encryption for all types

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Feb 14, 2022 05:04 PM
From: John Davis
Subject: Verifying Encryption type of Client Association.

I wanted to try to clarify that this command "show dot1x supplicant-info list-all" will only show devices for dot1x SSIDs, correct?  
Is there a similar command for current devices connected to pre-shared key SSIDs?
Thank you,
John

------------------------------
John Davis

Original Message:
Sent: Oct 25, 2018 11:54 AM
From: Saikat Sifat
Subject: Verifying Encryption type of Client Association.

Yes, that command is helpful too if you want to show the essid's encryption type. But I was looking for a command that shows what encryption type client is using to connect to a profile and "show dot1x supplicant-info list-all" does that by showing client MAC along with the specific encryption type. Thank you for your input.