cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

449
Views
1
Helpful
3
Replies
Highlighted
VIP Advocate

Last 7 Days/30 Days RADIUS Auth Report Broken in 2.3?

I have suspected that the RADIUS Auth reports for 7 days and 30 days have not been showing me everything, but today I finally got a chance to play around with it more with live customer data.  I have an Excel macro that processes the CSV output and wasn't see anything other than a day ago. 

Here is what I am seeing.  If I filter by a MAC address I can see back 7 days no problem:

Capture.JPG

You can see that this MAC address is hitting my Wired MAB policy set.  If I remove the MAC address filter and filter on Wired in the Policy set column I get this:

Capture1.JPG

I know I have way more than 622 authentications in the last 7 days.   The MAC address I showed you at the start had 6 alone.  The CSV export limit is 5000 lines so I am nowhere near hitting that limit.

To further prove the point I exported the output to a local CSV sorted by MAC address and pulled out the rows that correspond to the MAC address I filtered on originally:

Capture2.JPG

Only two hits in the spreadsheet.  If I filter the spreadsheet by date/time and look at the earliest record it is from yesterday 00:02.  So to me it looks like the 7 days and 30 days reports is only showing the data from Yesterday and Today.

Is this a known bug?  Accurate reporting is crucial when we are in monitoring mode trying to identity our Catch All hits. 

3 REPLIES 3
Highlighted
Contributor

Paul-

I believe that you are seeing what is defined in your Network Access / Settings

if you go to Network Access / Settings, you will see a RADIUS tab  which  has the setting to suppress the repeated successful authentications.  "Prevents the repeated reporting of successful authentication requests within the last 24 hours that have no change in identity context, network device and authorization"

Vince

Highlighted

Vince,

That is not the cause. The setting you re referring too simply says “Only put one green record in the logs per day for same authentication types and put the rest as blue (session) records.” The blue session records don’t show up in the reports. If you look at my screen shots you can clearly see the MAC address I filtered on has all the records there for each day. But they don’t show up in the 7 day report.

Highlighted
Cisco Employee

If possible, please engage TAC and provide a copy of the operational backup.

CSCve50763 is a known issue for 2.0.1 and 2.1 but not for 2.2+.