cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

288
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to check device has successfully pass authentication

Hi,

 

Radius log only can view for last 24 hours. Is there a way to check from beginning till current if the device has successfully pass authentication and session? Last 24 hours mostly show rejected due to MAB

Thanks a lot!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: How to check device has successfully pass authentication

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

View solution in original post

3 REPLIES 3
Highlighted
VIP Collaborator

Re: How to check device has successfully pass authentication

You can generate reports that will show you a greater time period: Operations->Reports->Endpoints and Users:
-Authentication Summary: with filters passed on specific time period and/or specific identity store; Then click the number of passed authentications. You can also run the same thing but filter based on specific endpoint if you wish;
-Another good one is Top N Authentication by Network Device: with filters on time period and/or identity; This one will show you passed authentications based on a specific NAD;

HTH!
Highlighted
Beginner

Re: How to check device has successfully pass authentication

Hi,

 

Thanks for the recommendation. Is this the best way to check for a given device MAC address?

 

fyi, the context visibility-> endpoints showing the device is GREY (Disconnected). I just wanted to confirm if the device has passed authentication previously. 

Highlighted
VIP Advisor

Re: How to check device has successfully pass authentication

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

View solution in original post