ExtremeCloud IQ- Site Engine & Extreme Management Center

  • 1.  Show Failed authentication requests for management access

    Posted 11-10-2015 08:46
    Hello everybody,

    is there a way to show failed authentication requests (management access) from network devices not connected to the NAC?

    If the network device (e. g. a Switch) is connected to NAC (Switch is added to the NAC Appliance Group) and a user try to login with wrong credentials I can see a log entry in the "NAC Appliance Events" list.

    But if I configure a device to use the NAC as radius and do not add the device to the NAC Appliance Group, I can't see an attempt to authenticate on the device.

    In my opinion it would be useful to see these attempts for example to see a DOS or a wrong configured device.

    Is there a way to show these attempts in any log (Syslog, NAC Appliance Events ...)

    Thank you fore help.

    Best regards

  • 2.  RE: Show Failed authentication requests for management access

    Posted 11-13-2015 11:56
    Tim, are you stating that a switch is using the client as radius access for management only, and you want a record of failed attempts to do so?
    Yes, these are not considered End Station Events.
    However, we may be able to view them using Webview to the NAC, or viewing it's radius logs.
    But please try to confirm if this is what your asking.

  • 3.  RE: Show Failed authentication requests for management access

    Posted 11-15-2015 20:25
    Hello Mike,

    yes I am interested only in failed attempts while a management access and only for access attempts from switches not configured on NAC.

    I know that I can see a lot of informations in the debug on the NAC Webview, but I hope there is a easy access for example for hotline staff ( e. q. syslog,...).

    Best regards

  • 4.  RE: Show Failed authentication requests for management access

    Posted 11-16-2015 02:26

    Unfortunately if the switch is not configured in the NAC Mangers "Switches" tab the behavior of the system is to discard the RADIUS request. You can look in to the /var/log/radius/radius.log for the following message:

    Sun Nov 15 22:21:00 2015 : Error: Ignoring request to authentication address port 1812 from unknown client port 53955

    This would indicate there was a switch/device on the Network attempting to send RADIUS requests to the NAC appliance and are not configured as acceptable devices.

    Unfortunately since the request is not processed the NAC cannot determine what type of authentication request is, so it won't show up in the NAC appliance events, or end system events.