Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1699
Views
1
Helpful
3
Replies

How to check device has successfully pass authentication

Go to solution
getaway51
Level 2
Level 2

‎07-23-2020 12:02 AM

Hi,

 

Radius log only can view for last 24 hours. Is there a way to check from beginning till current if the device has successfully pass authentication and session? Last 24 hours mostly show rejected due to MAB

Thanks a lot!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to getaway51

‎07-23-2020 08:22 AM

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

View solution in original post

3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎07-23-2020 05:35 AM

You can generate reports that will show you a greater time period: Operations->Reports->Endpoints and Users:
-Authentication Summary: with filters passed on specific time period and/or specific identity store; Then click the number of passed authentications. You can also run the same thing but filter based on specific endpoint if you wish;
-Another good one is Top N Authentication by Network Device: with filters on time period and/or identity; This one will show you passed authentications based on a specific NAD;

HTH!
0 Helpful

Go to solution
getaway51
Level 2
Level 2
In response to Mike.Cifelli

‎07-23-2020 06:57 AM

Hi,

 

Thanks for the recommendation. Is this the best way to check for a given device MAC address?

 

fyi, the context visibility-> endpoints showing the device is GREY (Disconnected). I just wanted to confirm if the device has passed authentication previously. 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to getaway51

‎07-23-2020 08:22 AM

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

Customers Also Viewed These Support Documents