06-21-2007 12:12 AM - edited 03-10-2019 03:13 PM
After Authentication via switch to ACS when i check Repoert and activity i can see the user pass all the step but it does not appear or register into Logged-in Users but in other part like Passed Authentications or RADIUS Accounting i can see the deteail of user information but in Logged-in Users nothing show.
Solved! Go to Solution.
06-22-2007 07:31 AM
Hi Hamed,
That is enabled by default in Radius/Tacacs+ Accounting Logs. "NAS IP Address" field.
This is the field which tells that which Network Device has connected using the Radius server.
Regards,
Prem
06-21-2007 03:55 AM
Hi,
Logged in users reports completely depends on START/STOP packet sequence.
For the you need to have accounting configured.
As in your case, I would suppose its for Administration, so you would require,
aaa accounting exec default start-stop......
If we are using RADIUS as protocol, then you should see START/STOP details in RADIUS Accounting section.
The user will only show up in Logged in users section if ACS has only received START accounting packet.
As soon as it gets the STOP accounting packet for the same session, ACS will consider it logged out, and it wont be shown in Logged in users report.
Logged-In Users:
Regards,
Prem
06-22-2007 05:07 AM
Dear Sir
Thanks for your hellping and would you please help me to know if i want to know which ip directlly connect to RADIUS server wihich of option in the Logged in users reports should be enable i mean that if i want to add a cloumn in the RADIUS Accounting csv to shows directly which IP Address is connencted which attribut should be enable from system configuration.
Best regards
Hamed
06-22-2007 07:31 AM
Hi Hamed,
That is enabled by default in Radius/Tacacs+ Accounting Logs. "NAS IP Address" field.
This is the field which tells that which Network Device has connected using the Radius server.
Regards,
Prem
06-22-2007 11:09 AM
Hi Perm
Thanks for your kind reply as I understand by "NAS IP Address" we can see the switch IP address that we connected to RADUS server but I want to show a specific Client that connect to it via switch. For example when I connect to server by my computer I want to show my computer IP address in RADIUS Accounting CVS.
Regards
Hamed
06-22-2007 11:26 AM
Hi,
"Calling-Station-Id", but this will only appear if NAS device is sending the RADIUS IETF attribute # 31.
Regards,
Prem
06-22-2007 12:20 PM
Dear Sir
Thank you for your helping. As you mentioned by "Calling-Station-Id", we can see the IP address of client but just when NAS device is sending the RADIUS IETF attribute # 31.how can I make sure NAS device is sending that attribute, if not how can I active it. It is Considerable that now in RADIUS Accounting CVS logs I can see a switch IP address that refer to as NAS. I was looking so much to find a reference that defined attribute meaning but I could not find complete references, would please let me know your comment how I can understand the exact meaning of the attribute.
Best Regards
Hamed
06-22-2007 12:32 PM
Hi Hamed,
Though normally all devices using Radius sends this attribute (#31), if it is not being sent, then ACS wont be able to log. This was my only concern.
As for detail on Radius attribute # 31, please refer,
And RFC of RADIUS:
http://www.ietf.org/rfc/rfc2865.txt
Section "5.31. Calling-Station-Id"
Regards,
Prem
If this resolves your query, please mark this thread as solved, so that other can benefit from it.
06-25-2007 01:25 AM
Dear Sir
as you mentioned i added "Calling-Station-Id", into the report table to show me the IP addresse of client which connect to the RADIUS server but just it monitor MAC addresse of Client. i am looking for a way that it make me able to monitor the the Cilent ip adresse. would you please let me know your comment about this situation.
best regards
Hamed
06-25-2007 04:01 AM
06-25-2007 08:55 AM
Hi dear Mr. Prem
Thanks from your kind reply. I have never tested Caller-ID, but when I looked at Caller-ID.doc I saw that in that picture calling-station-id shows the IP address of a client but I do not know why in my system it shows MAC address of client that connected to the RADIUS server would you please let me know your comment and I want to know In order to active Caller-ID does it need to active other attribute.
Best regards
Hamed
06-25-2007 09:11 AM
Hi Hamed,
It depends on what you are using it for. If you are doing telnet/ssh, then you'll get the IP address. If you are doing something as PEAP, EAP-TLS i.e EAP, then you'll get MAC address.
Commands that I had on my test switch,
aaa new-model
radius-server host x.x.x.x key
aaa authentication login default group radius local
aaa accounting exec default start-stop group radius
Regards,
Prem
06-25-2007 10:35 AM
Hi dear Mr. Prem
Billion thanks for helping me. As you mentioned it is important which service I consider. I am using it for PEAP. And when I check my switch configurations just I do not defined ShareKey. I want to know in this case it is important to defined it or no. and as you know that I am using it for PEAP by Caller-ID can I see Client IP address or no. I will be happy if you let me know your comments.
Regards
Hamed
06-25-2007 11:29 AM
Hi Hamed,
I think in your configuration, you have command,
radius-server key .....
and if PEAP authentication is working you do not need to change anything.
If we are using PEAP, we'll get MAC address we wont be able to get the IP address.
Regards,
Prem
06-25-2007 05:15 PM
Hi Dear Mr. Prem
Thank you for your kind reply. As you mentioned because I use PEAP, I am not able to get client IP address just I can get MAC address. If I understand in correct way please confirm me. if I use this method for authentication in our LAN with different broadcasting route in this situation I want to know, am I able to see MAC Address of different client that connect to server from different places with different broadcasting route or no if not what is your idea about this situation.
Best Regards
Hamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide