we have a wifi network with up to 300 AP's.
When we receive an intrusion, we know that certain IP address in certain date tried to connect to our network; and we want to know all the intrusion tracking: all the MAC-IP addresses tracking association during the attack.
I know this is impossible with the LMS User Tracking because it doesn't support this information from AP's.
I would like to know if is it possible from WLSE. We have it installed but I cannot find if we can track all the MAC-IP addresses association during the attack.
Use the WLSE Intrusion Detection System (IDS) tab to display intrusion detection information for devices in your network, manage IDS settings, and set up IDS notifications.
To find the switch port to which the rogue AP is connected (if it is connected), the Switch Port Location feature uses BSSIDs of the rogue APs that it hears over the air to make a heuristic guess of the rogue's Ethernet MAC address.
Here is the good link for tracking the users.