Alcatel Unleashed

People,

Does anyone know if the 6850 generates SNMP traps for failed 802.1x supplicant or non supplicant authorisation ?
Great interpretation of 802.1x and how to implement but no central resource to manage or to alert on failures.
Anyhelp would be greatly appreciated as it is driving me nuts.

Thanks


Greg

hello

no snmp, but syslog message.
check to redirect swlog to syslog server.

You get message but i'm not sure if you get failed info.

you need to activate 802.1X accounting to local (so it will go in swlog and then to syslog)

As I read in last RN, auth failed for non supplicant is working

Cedric

In my opinion this should be done on the RADIUS server.

Hi gents ,

Benny win2k8 RADIUS uses the event log viewer . Does not give you failures.
The accounting only gives you a code 3 which means failure.
So .. you don't get anything . What i'm after is when something fails auth supplicant or non supplicant. It then goes into Remediation zone.
What I want to know is when something fails and goes into REMZONE.

Cedric ,

You definetely dont get failures in SYSLOG . I set this up by forwardig SYSLOG APPID for AAA , you only get successes .
BTW Cedric , what does "As I read in last RN, auth failed for non supplicant is working" mean ?

Ta

Reg


Cedric,

What does ,

hi

in last release note for 6.4.3 code, you see end of document New Software Feature.

There it is written non-spplicant accounting is now possible. And we can have auth failure info.

From RN

2. 802.1x Non-Supplicant Accounting Behavior


This feature allows the Omni Switch to enable accounting for Onex non-supplicant users. Accounting
is the action of recording what the user is attempting to do or what the user has done. The actions are
login / logout / auth failure/ and updation of client ip-address. This feature will impact only the AAA,

here output of my test so I have in code 6.4.3.737 (test code)

271=> show log swlog
Displaying file contents for '/flash/swlog2.log'
FILEID: fileName[/flash/swlog2.log], endPtr[60], configSize[500000], mode[2]
Displaying file contents for '/flash/swlog1.log'
FILEID: fileName[/flash/swlog1.log], endPtr[539], configSize[500000], mode[1]
Time Stamp Application Level Log Message
------------------------+--------------+-------+--------------------------------
TUE APR 18 21:52:07 2079 SYSTEM info Switch Logging cleared by command. File Size=1000000 bytes
TUE APR 18 21:52:12 2079 AAA info AAA logout,001AE8074C27,MAC,cause=0038,06/18,00:1a:e8:07:4c:27, 17x.xx.19.119
TUE APR 18 21:52:46 2079 AAA info AAA failure,001AE8074C27,MAC,cause=0038,06/18,00:1a:e8:07:4c:27,
TUE APR 18 21:52:56 2079 AAA info AAA update,001AE8074C27,MAC,cause=0038,06/18,00:1a:e8:07:4c:27, 17x.xx.19.119
TUE APR 18 21:53:06 2079 AAA info AAA update,001AE8074C27,MAC,cause=0038,06/18,00:1a:e8:07:4c:27, 17x.xx.19.119

271=> show microcode
Package Release Size Description
-----------------+---------------+--------+-----------------------------------
Jbase.img 6.4.3.737.R01 22157746 Alcatel-Lucent Base Software
Jadvrout.img 6.4.3.737.R01 2875938 Alcatel-Lucent Advanced Routing
Jos.img 6.4.3.737.R01 2159671 Alcatel-Lucent OS
Jeni.img 6.4.3.737.R01 6542468 Alcatel-Lucent NI software
Jsecu.img 6.4.3.737.R01 587675 Alcatel-Lucent Security Management
Jencrypt.img 6.4.3.737.R01 3437 Alcatel-Lucent Encryption Management
Jdiag.img 6.4.3.737.R01 3306446 Alcatel-Lucent Diagnostic Software
Jrelease.img 6.4.3.737.R01 3144 Alcatel-Lucent Release Info Archive


271=>

Cedric ,

Apologies for delay in reply , been on other work .

Brilliant response , just what I needed ! Will begin investigating !!


Many Thank


Gre

Hi Cedric ,

Have you any ideas when 6.4.3.737.R01 will become available ?
Can't wait to start working with the new 802.1x logs ..
Thanks


Greg

Hi

Last code is now available with this feature.

Cedric

Thanks for the update Cedric.