Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1380
Views
0
Helpful
3
Replies

Interface Description from DHCP

dil_szczecin1
Level 1
Level 1

‎11-19-2019 02:14 AM - edited ‎11-19-2019 02:22 AM

Hello everyone.

I'm trying do one thing. 

I got my Radius Server - it's working good - port authorization ok, vlan assigment ok. 

Anyone have got an idea how can i set port description from radius server ? it is possible ?

In Radius I added some attributes like Reply-Meddage, NAS-Port-ID, Called-Station - when port is authenticated in cisco i see this added attributes in radius log. So everything is fine - but i don't have any idea what can i do to use this attributes to set port description. Maybe i can list from cisco this radius atrributes ?

Labels:
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎11-19-2019 02:19 AM

Hi there,

This isn't a use case I have come across before, but if you are seeing the RADIUS attributes in the switch log, then you could write an EEM script to launch when they appear. Assuming the interface name appears in the same log entry/ line it should be trivial to regex out the attributes you need and apply them to an interface description.

 

Can you share some the log messages?

 

cheers,

Seb.

0 Helpful

dil_szczecin1
Level 1
Level 1
In response to Seb Rupik

‎11-19-2019 02:38 AM - edited ‎11-19-2019 02:45 AM

hello

This is my last log from test device :

 

Nov 19 10:58:46 2019
Packet-Type = Access-Accept
Called-Station-Id == "KameraWL"
Reply-Message = "KameraWL"
NAS-Port-Id = "KameraWL"
Tunnel-Medium-Type:0 = IEEE-802

Tunnel-Private-Group-Id:0 = "30"
Tunnel-Type:0 = VLAN

 

And i want to have port description "KameraWL"

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to dil_szczecin1

‎11-19-2019 03:45 AM

Ah my mistake, I thought you were checking the log on the switch. The EEM script can only be actioned via the local log buffer.

 

If its the log buffer on the Radius server which you are parsing, then you will need to create a script to monitor the log which is run on the server itself. I am assuming you are using a Linux server? You could create a cron job which runs every minute. It would call a script which would parse the radius log looking for new entries. The new entry could be parsed and to strip out the attributes and then connect to the switch to make the change.

The only issue you have is that the Called-Station-Id has been translated. What you need is the MAC address so that you can when logged into the switch you can use that to determine which switchport the MAC address is found on.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents