cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1401
Views
1
Helpful
3
Replies

How to check device has successfully pass authentication

getaway51
Level 2
Level 2

Hi,

 

Radius log only can view for last 24 hours. Is there a way to check from beginning till current if the device has successfully pass authentication and session? Last 24 hours mostly show rejected due to MAB

Thanks a lot!

1 Accepted Solution

Accepted Solutions

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

View solution in original post

3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni
You can generate reports that will show you a greater time period: Operations->Reports->Endpoints and Users:
-Authentication Summary: with filters passed on specific time period and/or specific identity store; Then click the number of passed authentications. You can also run the same thing but filter based on specific endpoint if you wish;
-Another good one is Top N Authentication by Network Device: with filters on time period and/or identity; This one will show you passed authentications based on a specific NAD;

HTH!

Hi,

 

Thanks for the recommendation. Is this the best way to check for a given device MAC address?

 

fyi, the context visibility-> endpoints showing the device is GREY (Disconnected). I just wanted to confirm if the device has passed authentication previously. 

My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database. 

Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications

report.JPG

 

You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date. 

Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication.  You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: