11-19-2019 02:14 AM - edited 11-19-2019 02:22 AM
Hello everyone.
I'm trying do one thing.
I got my Radius Server - it's working good - port authorization ok, vlan assigment ok.
Anyone have got an idea how can i set port description from radius server ? it is possible ?
In Radius I added some attributes like Reply-Meddage, NAS-Port-ID, Called-Station - when port is authenticated in cisco i see this added attributes in radius log. So everything is fine - but i don't have any idea what can i do to use this attributes to set port description. Maybe i can list from cisco this radius atrributes ?
11-19-2019 02:19 AM
Hi there,
This isn't a use case I have come across before, but if you are seeing the RADIUS attributes in the switch log, then you could write an EEM script to launch when they appear. Assuming the interface name appears in the same log entry/ line it should be trivial to regex out the attributes you need and apply them to an interface description.
Can you share some the log messages?
cheers,
Seb.
11-19-2019 02:38 AM - edited 11-19-2019 02:45 AM
hello
This is my last log from test device :
Nov 19 10:58:46 2019
Packet-Type = Access-Accept
Called-Station-Id == "KameraWL"
Reply-Message = "KameraWL"
NAS-Port-Id = "KameraWL"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
Tunnel-Type:0 = VLAN
And i want to have port description "KameraWL"
11-19-2019 03:45 AM
Ah my mistake, I thought you were checking the log on the switch. The EEM script can only be actioned via the local log buffer.
If its the log buffer on the Radius server which you are parsing, then you will need to create a script to monitor the log which is run on the server itself. I am assuming you are using a Linux server? You could create a cron job which runs every minute. It would call a script which would parse the radius log looking for new entries. The new entry could be parsed and to strip out the attributes and then connect to the switch to make the change.
The only issue you have is that the Called-Station-Id has been translated. What you need is the MAC address so that you can when logged into the switch you can use that to determine which switchport the MAC address is found on.
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide