09-04-2008 01:42 AM - edited 03-10-2019 04:04 PM
Hi, I have configured AAA & 802.1X on my wired lan using MS IAS as the radius server. I'm trying to find if it is possible to find out from the IAS log file which slot and port the client authenicated is connected to.
Is this possible?
Thks
Thomas
09-04-2008 04:04 AM
Not sure if you can get the port information. But I think you could,
try following on the device,
aaa accounting dot1x default start-stop group radius
aaa accounting network default start-stop group radius
And configure you IAS for Accounting logs accounting. And check the content of that log.
Regards,
Prem
Please rate if it helps!
09-04-2008 06:28 AM
After you enable the switch for accounting, look for the NAS-Port attribute. This is the port on the switch the host is connected to. For later revisions of switch SW, it should also send the NAS-Port-Id attribute which is a string version of the port as well.
09-04-2008 05:17 PM
thks for the reply...I've added the accounting commands to the switch but still cannot get the Nas-Port attrib, "5" right?
these are my config:
aaa new-model
aaa authentication login default line local
aaa authentication enable default enable
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting network default start-stop group radius
dot1x system-auth-control
radius-server host 168.2.1.23 auth-port 1812 acct-port 1813
radius-server attribute nas-port format c
radius-server vsa send accounting
radius-server vsa send authentication
This is the IAS log before the 2 accounting commands are added:
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,07:20:02,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,4128,168.2.1.51,6,2,12,1500,31,00-00-e2-9f-17-2a,4108,168.2.1.51,4116,9,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,25,311 1 168.2.1.23 08/27/2008 09:26:29 283,4132,Secured password (EAP-MSCHAP v2),4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4127,11,4136,1,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,07:20:02,IAS,STKDC01,25,311 1 168.2.1.23 08/27/2008 09:26:29 283,4128,168.2.1.51,4132,Secured password (EAP-MSCHAP v2),4127,11,4108,168.2.1.51,4116,9,8100,0,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,6,2,4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4120,0x015354415F4950,4136,2,4142,0
09-04-2008 05:17 PM
This is after adding the commands:
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:43:15,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,4128,168.2.1.51,6,2,12,1500,31,00-00-e2-9f-17-2a,4108,168.2.1.51,4116,9,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,4132,Secured password (EAP-MSCHAP v2),4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4127,11,4136,1,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:43:15,IAS,STKDC01,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,4128,168.2.1.51,4132,Secured password (EAP-MSCHAP v2),4127,11,4108,168.2.1.51,4116,9,8100,0,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,6,2,4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4120,0x015354415F4950,4136,2,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:43:15,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,40,1,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,45,1,44,168.2.1.51 host/PC554.sta_ipd.loc 09/05/08 07:38:30 00000001,55,09/04/2008 23:38:30,41,0,4108,168.2.1.51,4116,9,4128,168.2.1.51,4154,Use Windows authentication for all users,4136,4,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:55:44,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,40,2,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,45,1,44,168.2.1.51 host/PC554.sta_ipd.loc 09/05/08 07:38:30 00000001,46,749,55,09/04/2008 23:50:59,41,0,4108,168.2.1.51,4116,9,4128,168.2.1.51,5000,nas-rx-speed=0,5000,nas-tx-speed=0,4154,Use Windows authentication for all users,4136,4,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:56:26,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,4128,168.2.1.51,6,2,12,1500,31,00-00-e2-9f-17-2a,4108,168.2.1.51,4116,9,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,25,311 1 168.2.1.23 08/27/2008 09:26:29 316,4132,Secured password (EAP-MSCHAP v2),4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4127,11,4136,1,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:56:26,IAS,STKDC01,25,311 1 168.2.1.23 08/27/2008 09:26:29 316,4128,168.2.1.51,4132,Secured password (EAP-MSCHAP v2),4127,11,4108,168.2.1.51,4116,9,8100,0,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,6,2,4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4120,0x015354415F4950,4136,2,4142,0
168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:56:26,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,40,1,25,311 1 168.2.1.23 08/27/2008 09:26:29 316,45,1,44,168.2.1.51 host/PC554.sta_ipd.loc 09/05/08 07:51:41 00000002,55,09/04/2008 23:51:41,41,0,4108,168.2.1.51,4116,9,4128,168.2.1.51,4154,Use Windows authentication for all users,4136,4,4142,0
I'm using a 4506 with ver 12.2(18) IOS.
I need the slot / port info so that I can locate the computer....
THks
09-08-2008 03:39 PM
help anyone?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide