Cisco Cisco Identity Services Engine 1.3 Merkblatt
© 2015 思科系统公司
第
12 页
安全访问操作指南
网络接入设备
(NAD)
对
Cisco TrustSec 身份验证问题进行故障排除所需的大部分信息都可以从 ISE 本身收集。但是在某些情况下,
ISE 无法提供足够的信息来对失败的身份验证进行故障排除。因此,有必要检查 NAD 的故障排除功能。
有用的
Cisco IOS show 命令
Cisco Catalyst 交换机上其中一个最有用的 show 命令是 show authentication sessions interface。
命令输出显示指定端口的当前身份验证状态。其他有用的命令包括
命令输出显示指定端口的当前身份验证状态。其他有用的命令包括
show dot1x interface 和 show
running-config interface。
Switch#
show authentication sessions interface fastEthernet 0/1
Interface: FastEthernet0/1
MAC Address: 0016.d42e.e8ba
IP Address: 192.168.1.78
User-Name: winxp.example.com
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A8013C000006679C3F253D
Acct Session ID: 0x00000C51
Handle: 0x68000667
Runnable methods list:
Method State
dot1x Authc Success
mab Not run
Switch#
Switch#
Switch#show dot1x interface fastEthernet 0/1
Dot1x Info for FastEthernet0/1
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = MULTI_DOMAIN
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 10
Switch#
Switch#
Switch#show running-config interface fastEthernet 0/1
Building configuration...
Current configuration : 599 bytes
!
interface FastEthernet0/1
description 802.1x Enabled
switchport access vlan 2
switchport mode access