Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

664
Views
0
Helpful
3
Replies
getaway51
Explorer
Explorer
‎07-23-2020 12:02 AM
‎07-23-2020 12:02 AM

How to check device has successfully pass authentication

Hi,

 

Radius log only can view for last 24 hours. Is there a way to check from beginning till current if the device has successfully pass authentication and session? Last 24 hours mostly show rejected due to MAB

Thanks a lot!

0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
In response to getaway51
‎07-23-2020 08:22 AM
‎07-23-2020 08:22 AM

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

View solution in original post

0 Helpful
3 REPLIES 3
Mike.Cifelli
VIP Advocate VIP Advocate
VIP Advocate
‎07-23-2020 05:35 AM
‎07-23-2020 05:35 AM

You can generate reports that will show you a greater time period: Operations->Reports->Endpoints and Users:
-Authentication Summary: with filters passed on specific time period and/or specific identity store; Then click the number of passed authentications. You can also run the same thing but filter based on specific endpoint if you wish;
-Another good one is Top N Authentication by Network Device: with filters on time period and/or identity; This one will show you passed authentications based on a specific NAD;

HTH!
0 Helpful
getaway51
Explorer
Explorer
In response to Mike.Cifelli
‎07-23-2020 06:57 AM
‎07-23-2020 06:57 AM

Hi,

 

Thanks for the recommendation. Is this the best way to check for a given device MAC address?

 

fyi, the context visibility-> endpoints showing the device is GREY (Disconnected). I just wanted to confirm if the device has passed authentication previously. 

0 Helpful
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
In response to getaway51
‎07-23-2020 08:22 AM
‎07-23-2020 08:22 AM

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

View solution in original post

0 Helpful
Latest Contents
ISE as RADIUS server for Password + Smart Card Authenticatio...
Created by deepuvarghese1 on 04-17-2021 06:22 AM
1
10
1
10
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS... view more
Email Security - QuoVadis Root Certificate Decommission Migh...
Created by dmccabej on 03-30-2021 09:32 AM
0
0
0
0
Problem Description For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b... view more
ISE REST APIs Webinar: April 6/7, 2021
Created by thomas on 03-25-2021 07:57 PM
2
5
2
5
  Register Now Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli... view more
FMT 2.3.4 adding ASA migrations of S2S VPN in public beta
Created by William_Hansch on 03-22-2021 08:00 AM
1
10
1
10
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA: Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center VP... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 03-22-2021 04:40 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Content for Community-Ad