debug destination logging debug security no debug security port-access auth-order
Andare poi a vedere i log sul syslog server
2530:
show port-access client 1/1 detail
Reinitialize the authenticator state machine.
aaa port-access authenticator 1/1 initialize
Force a re-authentication of all attached clients on the port.
[no] aaa port-access mac-based <port-list> reauthenticate
Set the authenticator to force authorized, force unauthorized or auto state (default Auto).
aaa port-access authenticator 1/1 control [authorized|unauthorized|auto]
show authentication sessions (|history|brief) show authentication sessions interface gigabitethernet2/0/1
Per vedere su che vlan e' stato messo il device attaccato
show interface gigabitethernet2/0/1 switchport
Controllare le features di errdisable attive
show errdisable detect|recovery|flap-values
Listare le interfacce disabilitate
show interfaces | include err-disabled
Listare le porte disabilitate e che si autoriabiliteranno con il motivo della disabilitazione
show errdisable recovery
Listare le porte disabilitate e che non si autoriabiliteranno con il motivo della disabilitazione (finche' c'e' il log)
show logging | incl err-disable
user@switch> show configuration access user@switch> show dot1x interface brief user@switch> show ethernet-switching table user@switch> show dot1x interface ge-0/0/8.0 detail show dot1x authentication-failed-users show dot1x authentication-bypassed-users clear dot1x interface
You can enable trace options for the 802.1X protocol. The following set of commands enable the writing of trace logs to a file named do1x-log: content_copy zoom_out_map
user@Policy-EX4300-01# set protocols dot1x traceoptions file dot1x user@Policy-EX4300-01# set protocols dot1x traceoptions file size 5m user@Policy-EX4300-01# set protocols dot1x traceoptions flag all
Use the show log CLI command to display the contents of the trace log file. For example: content_copy zoom_out_map
user@Policy-EX4300-01> show log dot1x user@Policy-EX4300-01> show log dot1x | last 10 | refresh
You can also display the contents of the trace log file from the UNIX-level shell. For example: content_copy zoom_out_map
user@Policy-EX4300-01> start shell user@Policy-EX4300-01:RE:0% tail -f /var/log/dot1x
https://docs.microsoft.com/it-it/windows/client-management/data-collection-for-802-authentication
Acquisire i registri delle funzionalità wireless/cablati
Seguire i passaggi seguenti per raccogliere i registri wireless e cablati in Windows e Windows Server:
netsh ras set tracing * enabled netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
Client cablato, indipendentemente dalla versione
netsh ras set tracing * enabled netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
Alla fine
netsh ras set tracing * disable
To perform 802.1X authentication diagnostics on the Windows 7 supplicant:
netsh ras set tracing * enable
netsh ras set tracing * disable