Hello,
AOS 8.10.0.5
Cluster of 10 gateways
Conductor, and standby Conductor
Although I am using the API this is really a question about the data that is accessible on the controllers.
We want to get an idea of how many dot1x clients are using WPA3 or WPA2 now that we have turned WPA3 on on eduroam (in transition mode). I wrote a script that parses the output of "show dot1x supplicant-info list-all" on each cluster member and gives us a count of WPA2/WPA3 clients, That's useful but actually we broadcast a few other dot1x SSIDs, so to get some nice accurate numbers I really want to pin down which SSID a dot1x client listed in the supplicant table is connected to.
I thought the simplest way to do that would be to take the client MAC from the dot1x output and then run "show user-table mac <mac>", which tells you the essid. But this raises some questions because sometimes there will be more than one entry in the user-table. I guess ultimately what I'm trying to establish is is there a 1to1 relationship between the dot1x client entry and one of those user-table entries (eg perhaps the most recent according to the Age column?). So given a dot1x client entry does that relate to a single, specific user-table entry for that MAC address (if there are more than one entries for that MAC in the user-table)?
More generally it would be useful to know how and why an entry ends up in the user-table. And whether it is possible for a client to have more than one entry in the dot1x supplicant-info table for the same MAC address.
I hope that makes sense.
Am open to ideas for better ways to get this data (Airwave would be one but unfortunately it currently misreports the WPA2/3 spec for some clients, we have a TAC case open for that), or if there is a better source of the info than either the dot1x supplicant-info output or usertable.
Thanks,
Guy