This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

show multiauth on SecureStack B3

show multiauth on SecureStack B3

Edson_Moura
New Contributor

‎07-10-2014 05:36 PM

How can I to know which users and IPs address are connected in the ports in the CLI on SecureStack B3 CLI? Like in the Port Usage --> columns Session ID, User Name and Ip address on Policy Manager?
On switches Cisco, I use "show authentication session interface *.* detail" for this.

Regards,

Edson Moura
0 Kudos
3 REPLIES 3

Jason_Parker
Contributor

‎07-13-2014 02:29 PM

I created a user and allowed the connection via pwa

C5K125-48P2-191-200-432(su)->show pwa session

Port MAC IP User Duration Status
-------- ----------------- --------------- ------------- ------------ ---------
ge.1.8 00-02-b3-65-bd-70 10.58.191.30 Ben 01:59:03 Active

I am not in the office to get a session so I would recommend using your radius server(or NAC) to gather this information for now.

I connected (Remotely) clients with MACAuthentication
C5K125-48P2-191-200-432(su)->show macauthentication session
Port MAC Address Duration Reauth Period Reauthentications
------- ----------------- ---------- ------------- ------------------
ge.1.10 00:01:E3:25:ED:2A 8,02:40:02 3600 disabled
ge.1.9 00:01:E3:25:ED:C1 8,02:40:02 3600 disabled
ge.1.12 00:01:E3:2D:66:9C 8,02:39:59 3600 disabled
ge.1.7 00:01:E3:2D:66:A5 8,02:40:01 3600 disabled
ge.1.7 00:02:B3:3F:8B:EC 8,02:40:02 3600 disabled
ge.1.9 00:11:43:E1:7D:7B 8,02:40:02 3600 disabled
ge.1.8 00:1A:E8:03:90:38 8,02:39:45 3600 disabled
ge.1.11 00:1A:E8:27:B8:6F 8,02:40:14 3600 disabled
ge.1.11 00:D0:B7:1E:81:64 8,02:40:14 3600 disabled
ge.1.10 00:D0:B7:1E:93:8E 8,02:40:02 3600 disabled
C5K125-48P2-191-200-432(su)->

I also gathered a MAC session and PWA.
C5K125-48P2-191-200-432(su)->show multiauth session
Multiple authentication session entries
__________________________________________
Port | ge.1.7 Station address | 00-02-B3-3F-8B-EC
Auth status | success Last attempt | SAT JUL 05 04:39:06 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | network-policy
Session timeout | 0 Session duration | 8,02:41:11
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.7 Station address | 00-01-E3-2D-66-A5
Auth status | success Last attempt | SAT JUL 05 04:39:07 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:09
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.8 Station address | 00-1A-E8-03-90-38
Auth status | success Last attempt | SAT JUL 05 04:39:23 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:40:53
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.8 Station address | 00-02-B3-65-BD-70
Auth status | success Last attempt | SUN JUL 13 05:18:04 2014
Agent type | pwa Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | mgmt=su
Session timeout | 0 Session duration | 0,02:02:13
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.9 Station address | 00-11-43-E1-7D-7B
Auth status | success Last attempt | SAT JUL 05 04:39:06 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:11
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.9 Station address | 00-01-E3-25-ED-C1
Auth status | success Last attempt | SAT JUL 05 04:39:06 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:11
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.10 Station address | 00-D0-B7-1E-93-8E
Auth status | success Last attempt | SAT JUL 05 04:39:06 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:10
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.10 Station address | 00-01-E3-25-ED-2A
Auth status | success Last attempt | SAT JUL 05 04:39:06 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:10
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.11 Station address | 00-1A-E8-27-B8-6F
Auth status | success Last attempt | SAT JUL 05 04:38:54 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | Phone
Session timeout | 0 Session duration | 8,02:41:22
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.11 Station address | 00-D0-B7-1E-81-64
Auth status | success Last attempt | SAT JUL 05 04:38:54 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:22
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

Port | ge.1.12 Station address | 00-01-E3-2D-66-9C
Auth status | success Last attempt | SAT JUL 05 04:39:09 2014
Agent type | mac Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | MAC
Session timeout | 0 Session duration | 8,02:41:07
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

C5K125-48P2-191-200-432(su)->

I expect the following using
Ben Auth-Type := Local, User-Password == "Benny"
Reply-Message = "Hello, %u",
Filter-Id = "Enterasys:version=1:mgmt=su"

Port | ge.1.12 Station address | 00-01-E3-2D-66-9C
Auth status | success Last attempt | SAT JUL 05 04:39:09 2014
Agent type | dot1x <-* Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | su <-*
Session timeout | 0 Session duration | 8,02:41:07
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | None

But if you change the policy(a lot of work) then this might work

Ben Auth-Type := Local, User-Password == "Benny"
Reply-Message = "Hello, %u",
Filter-Id = "Enterasys:version=1:mgmt=BennyGoodman"

Port | ge.1.12 Station address | 00-01-E3-2D-66-9C
Auth status | success Last attempt | SAT JUL 05 04:39:09 2014
Agent type | dot1x <-* Session applied | true
Server type | radius VLAN-Tunnel-Attr | none
Policy index | 0 Policy name | BennyGoodman <-*
Session timeout | 0 Session duration | 8,02:41:07
Idle timeout | 0 Idle time | 0,00:00:00
Termination time | Not Terminated Terminate Action | Non

0 Kudos

Edson_Moura
New Contributor

‎07-11-2014 04:40 PM

Hi Jason,

Thanks for your help, however, "show multi auth session" not show me the user name and ip address in the port with 802.1x enabled. The only information that show me are mac address and Policy name on SecureStack. Is there another command?

thanks,

Edson Moura

0 Kudos

Jason_Parker
Contributor

‎07-10-2014 05:51 PM

show mutliauth session
0 Kudos
GTM-P2G8KFN