show multiauth on SecureStack B3

  • 0
  • 1
  • Question
  • Updated 4 years ago
How can I to know which users and IPs address are connected in the ports in the CLI on SecureStack B3 CLI? Like in the Port Usage --> columns Session ID, User Name and Ip address on Policy Manager?
On switches Cisco, I use "show authentication session interface *.* detail" for this.

Regards,

Edson Moura
Photo of Edson Moura

Edson Moura

  • 472 Points 250 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Jason Parker

Jason Parker, Employee

  • 2,918 Points 2k badge 2x thumb
show mutliauth session
Photo of Edson Moura

Edson Moura

  • 472 Points 250 badge 2x thumb
Hi Jason,

Thanks for your help, however, "show multi auth session" not show me the user name and ip address in the port with 802.1x enabled. The only information that show me are mac address and Policy name on SecureStack. Is there another command?

thanks,

Edson Moura


Photo of Jason Parker

Jason Parker, Employee

  • 2,918 Points 2k badge 2x thumb
I created a user and allowed the connection via pwa


C5K125-48P2-191-200-432(su)->show pwa session

Port     MAC               IP              User          Duration     Status  
-------- ----------------- --------------- ------------- ------------ ---------
ge.1.8   00-02-b3-65-bd-70 10.58.191.30    Ben           01:59:03     Active 

I am not in the office to get a session so I would recommend using your radius server(or NAC) to gather this information for now.

I connected (Remotely) clients with MACAuthentication
C5K125-48P2-191-200-432(su)->show macauthentication session
Port      MAC Address         Duration   Reauth Period  Reauthentications
-------   -----------------   ---------- -------------  ------------------
ge.1.10   00:01:E3:25:ED:2A   8,02:40:02 3600           disabled     
ge.1.9    00:01:E3:25:ED:C1   8,02:40:02 3600           disabled     
ge.1.12   00:01:E3:2D:66:9C   8,02:39:59 3600           disabled     
ge.1.7    00:01:E3:2D:66:A5   8,02:40:01 3600           disabled     
ge.1.7    00:02:B3:3F:8B:EC   8,02:40:02 3600           disabled     
ge.1.9    00:11:43:E1:7D:7B   8,02:40:02 3600           disabled     
ge.1.8    00:1A:E8:03:90:38   8,02:39:45 3600           disabled     
ge.1.11   00:1A:E8:27:B8:6F   8,02:40:14 3600           disabled     
ge.1.11   00:D0:B7:1E:81:64   8,02:40:14 3600           disabled     
ge.1.10   00:D0:B7:1E:93:8E   8,02:40:02 3600           disabled     
C5K125-48P2-191-200-432(su)->

I also gathered a MAC session and PWA.
C5K125-48P2-191-200-432(su)->show multiauth session        
Multiple authentication session entries
__________________________________________
Port             | ge.1.7            Station address   | 00-02-B3-3F-8B-EC
Auth status      | success           Last attempt      | SAT JUL 05 04:39:06 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | network-policy
Session timeout  | 0                 Session duration  | 8,02:41:11
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.7            Station address   | 00-01-E3-2D-66-A5
Auth status      | success           Last attempt      | SAT JUL 05 04:39:07 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:09
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.8            Station address   | 00-1A-E8-03-90-38
Auth status      | success           Last attempt      | SAT JUL 05 04:39:23 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:40:53
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.8            Station address   | 00-02-B3-65-BD-70
Auth status      | success           Last attempt      | SUN JUL 13 05:18:04 2014
Agent type       | pwa               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | mgmt=su
Session timeout  | 0                 Session duration  | 0,02:02:13
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.9            Station address   | 00-11-43-E1-7D-7B
Auth status      | success           Last attempt      | SAT JUL 05 04:39:06 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:11
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.9            Station address   | 00-01-E3-25-ED-C1
Auth status      | success           Last attempt      | SAT JUL 05 04:39:06 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:11
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.10           Station address   | 00-D0-B7-1E-93-8E
Auth status      | success           Last attempt      | SAT JUL 05 04:39:06 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:10
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.10           Station address   | 00-01-E3-25-ED-2A
Auth status      | success           Last attempt      | SAT JUL 05 04:39:06 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:10
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.11           Station address   | 00-1A-E8-27-B8-6F
Auth status      | success           Last attempt      | SAT JUL 05 04:38:54 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | Phone
Session timeout  | 0                 Session duration  | 8,02:41:22
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.11           Station address   | 00-D0-B7-1E-81-64
Auth status      | success           Last attempt      | SAT JUL 05 04:38:54 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:22
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

Port             | ge.1.12           Station address   | 00-01-E3-2D-66-9C
Auth status      | success           Last attempt      | SAT JUL 05 04:39:09 2014
Agent type       | mac               Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                 Policy name       | MAC
Session timeout  | 0                 Session duration  | 8,02:41:07
Idle timeout     | 0                 Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None


C5K125-48P2-191-200-432(su)->

I expect the following  using
Ben        Auth-Type := Local, User-Password == "Benny"
        Reply-Message = "Hello, %u",
        Filter-Id = "Enterasys:version=1:mgmt=su"

Port             | ge.1.12           Station address   | 00-01-E3-2D-66-9C
Auth status      | success           Last attempt      | SAT JUL 05 04:39:09 2014
Agent type       | dot1x <-*              Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                    Policy name       | su     <-*
Session timeout  | 0                 Session duration  | 8,02:41:07
Idle timeout     | 0                  Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | None

But if you change the policy(a lot of work) then this might work

Ben        Auth-Type := Local, User-Password == "Benny"
        Reply-Message = "Hello, %u",
        Filter-Id = "Enterasys:version=1:mgmt=BennyGoodman"


Port             | ge.1.12           Station address   | 00-01-E3-2D-66-9C
Auth status      | success           Last attempt      | SAT JUL 05 04:39:09 2014
Agent type       | dot1x <-*              Session applied   | true
Server type      | radius            VLAN-Tunnel-Attr  | none
Policy index     | 0                    Policy name       | BennyGoodman     <-*
Session timeout  | 0                 Session duration  | 8,02:41:07
Idle timeout     | 0                  Idle time         | 0,00:00:00
Termination time | Not Terminated    Terminate Action  | Non