Common Session Id - Cisco Catalyst 3560-X Software Configuration Manual

Chapter 1 Configuring IEEE 802.1x Port-Based Authentication

Common Session ID

Authentication manager uses a single session ID (referred to as a common session ID) for a client no
matter which authentication method is used. This ID is used for all reporting purposes, such as the show
commands and MIBs. The session ID appears with all per-session syslog messages.
The session ID includes:
•
•
•
This example shows how the session ID appears in the output of the show authentication command. The
session ID in this example is 160000050000000B288508E5:
Switch# show authentication sessions
Interface
Fa4/0/4
This is an example of how the session ID appears in the syslog output. The session ID in this example
is also160000050000000B288508E5:
1w0d: %AUTHMGR-5-START: Starting 'mab' for client (0000.0000.0203) on Interface Fa4/0/4
AuditSessionID 160000050000000B288508E5
1w0d: %MAB-5-SUCCESS: Authentication successful for client (0000.0000.0203) on Interface
Fa4/0/4 AuditSessionID 160000050000000B288508E5
1w0d: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client
(0000.0000.0203) on Interface Fa4/0/4 AuditSessionID 160000050000000B288508E5
The session ID is used by the NAD, the AAA server, and other report-analyzing applications to identify
the client. The ID appears automatically. No configuration is required.
Device Sensor
Device Sensor uses protocols such as Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol
(LLDP), and DHCP to obtain endpoint information from network devices and make this information
available to its clients. Device Sensor has internal clients, such as the embedded Device Classifier (local
analyzer), Auto Smartports (ASP), MediaNet Service Interface (MSI)-Proxy, and EnergyWise. Device
Sensor also has an external client, Identity Services Engine (ISE), which uses RADIUS accounting to
receive and analyze endpoint data. When integrated with ISE, Device Sensor provides central policy
management and device-profiling capabilities.
Device profiling capability consists of two parts:
•
•
For more information about device profiling, see the "Configuring Endpoint Profiling Policies" chapter
in the Cisco Identity Services Engine User Guide at this URL:
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_prof_pol.html
Device Sensor represents the embedded collector functionality.
context of its internal clients and the ISE.
OL-25303-03
The IP address of the Network Access Device (NAD)
A monotonically increasing unique 32 bit integer
The session start time stamp (a 32 bit integer)
MAC Address
0000.0000.0203
Collector--Gathers endpoint data from network devices.
Analyzer--Processes the data and determines the type of device.
Method Domain Status
mab DATA Authz Success
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
Understanding IEEE 802.1x Port-Based Authentication
Session ID
160000050000000B288508E5
Figure 1-7shows Device Sensor in the
1-35