07-23-2020 12:02 AM
Hi,
Radius log only can view for last 24 hours. Is there a way to check from beginning till current if the device has successfully pass authentication and session? Last 24 hours mostly show rejected due to MAB
Thanks a lot!
Solved! Go to Solution.
07-23-2020 08:22 AM
My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database.
Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications
You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date.
Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication. You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective.
07-23-2020 05:35 AM
07-23-2020 06:57 AM
Hi,
Thanks for the recommendation. Is this the best way to check for a given device MAC address?
fyi, the context visibility-> endpoints showing the device is GREY (Disconnected). I just wanted to confirm if the device has passed authentication previously.
07-23-2020 08:22 AM
My preferred is also a report, "RADIUS Authentications", allows you to go back and easily view authentication for an endpoint up to 30 days in the past. All you need to do is filter the report on the MAC address you are looking at in the context visibility database.
Navigate to Operations > Reports > Endpoints and Users > RADIUS Authentications
You can also use the Radius Authentication Troubleshooting tool found at Operations > Troubleshoot > Diagnostic Tools > Radius Authentication Troubleshooting. Again, enter the mac address for the endpoint and adjust the date.
Last but not least, you can see if an endpoint is authenticated on the switch it was last known on. The endpoint details should list the switch and port it was last seen on for authentication. You can log in to that switch, issue a "show authentication session" and confirm if it is still connected or not from the switch perspective.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: