How to know which slot/port on the switch is the AAA/802.1 client connected

tanywt · ‎09-04-2008

Hi, I have configured AAA & 802.1X on my wired lan using MS IAS as the radius server. I'm trying to find if it is possible to find out from the IAS log file which slot and port the client authenicated is connected to.

Is this possible?

Thks

Thomas

Premdeep Banga · ‎09-04-2008

Not sure if you can get the port information. But I think you could,

try following on the device,

aaa accounting dot1x default start-stop group radius

aaa accounting network default start-stop group radius

And configure you IAS for Accounting logs accounting. And check the content of that log.

Regards,

Prem

Please rate if it helps!

jafrazie · ‎09-04-2008

After you enable the switch for accounting, look for the NAS-Port attribute. This is the port on the switch the host is connected to. For later revisions of switch SW, it should also send the NAS-Port-Id attribute which is a string version of the port as well.

tanywt · ‎09-04-2008

thks for the reply...I've added the accounting commands to the switch but still cannot get the Nas-Port attrib, "5" right?

these are my config:

aaa new-model

aaa authentication login default line local

aaa authentication enable default enable

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa accounting dot1x default start-stop group radius

aaa accounting network default start-stop group radius

dot1x system-auth-control

radius-server host 168.2.1.23 auth-port 1812 acct-port 1813

radius-server attribute nas-port format c

radius-server vsa send accounting

radius-server vsa send authentication

This is the IAS log before the 2 accounting commands are added:

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,07:20:02,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,4128,168.2.1.51,6,2,12,1500,31,00-00-e2-9f-17-2a,4108,168.2.1.51,4116,9,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,25,311 1 168.2.1.23 08/27/2008 09:26:29 283,4132,Secured password (EAP-MSCHAP v2),4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4127,11,4136,1,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,07:20:02,IAS,STKDC01,25,311 1 168.2.1.23 08/27/2008 09:26:29 283,4128,168.2.1.51,4132,Secured password (EAP-MSCHAP v2),4127,11,4108,168.2.1.51,4116,9,8100,0,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,6,2,4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4120,0x015354415F4950,4136,2,4142,0

tanywt · ‎09-04-2008

This is after adding the commands:

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:43:15,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,4128,168.2.1.51,6,2,12,1500,31,00-00-e2-9f-17-2a,4108,168.2.1.51,4116,9,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,4132,Secured password (EAP-MSCHAP v2),4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4127,11,4136,1,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:43:15,IAS,STKDC01,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,4128,168.2.1.51,4132,Secured password (EAP-MSCHAP v2),4127,11,4108,168.2.1.51,4116,9,8100,0,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,6,2,4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4120,0x015354415F4950,4136,2,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:43:15,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,40,1,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,45,1,44,168.2.1.51 host/PC554.sta_ipd.loc 09/05/08 07:38:30 00000001,55,09/04/2008 23:38:30,41,0,4108,168.2.1.51,4116,9,4128,168.2.1.51,4154,Use Windows authentication for all users,4136,4,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:55:44,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,40,2,25,311 1 168.2.1.23 08/27/2008 09:26:29 305,45,1,44,168.2.1.51 host/PC554.sta_ipd.loc 09/05/08 07:38:30 00000001,46,749,55,09/04/2008 23:50:59,41,0,4108,168.2.1.51,4116,9,4128,168.2.1.51,5000,nas-rx-speed=0,5000,nas-tx-speed=0,4154,Use Windows authentication for all users,4136,4,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:56:26,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,4128,168.2.1.51,6,2,12,1500,31,00-00-e2-9f-17-2a,4108,168.2.1.51,4116,9,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,25,311 1 168.2.1.23 08/27/2008 09:26:29 316,4132,Secured password (EAP-MSCHAP v2),4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4127,11,4136,1,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:56:26,IAS,STKDC01,25,311 1 168.2.1.23 08/27/2008 09:26:29 316,4128,168.2.1.51,4132,Secured password (EAP-MSCHAP v2),4127,11,4108,168.2.1.51,4116,9,8100,0,4155,1,4154,Use Windows authentication for all users,4129,STA_IPD\PC554$,4149,Cisco Dot1x,6,2,4130,sta_ipd.loc/ST Kinetics/KDD Computers/PC554,4120,0x015354415F4950,4136,2,4142,0

168.2.1.51,host/PC554.sta_ipd.loc,09/05/2008,08:56:26,IAS,STKDC01,4,168.2.1.51,26,0x0000000902154769676162697445746865726E6574332F3239,61,0,40,1,25,311 1 168.2.1.23 08/27/2008 09:26:29 316,45,1,44,168.2.1.51 host/PC554.sta_ipd.loc 09/05/08 07:51:41 00000002,55,09/04/2008 23:51:41,41,0,4108,168.2.1.51,4116,9,4128,168.2.1.51,4154,Use Windows authentication for all users,4136,4,4142,0

I'm using a 4506 with ver 12.2(18) IOS.

I need the slot / port info so that I can locate the computer....

THks

tanywt · ‎09-08-2008

help anyone?