We have a 2500 controller with about 30 AP's (a few different models but mostly cleanair).
Can someone explain the difference between the various logs on the WLC and how I can get all of these logs to log to a syslog server?
The reason for the above interest in logging is that we have issues with some clients dropping off and not connecting back.
The main logs that seem to be of interest on the WLC are the; trap and messages log. But when I turn on syslog on the controller I don't get the information that I see in the trap and message logs.
I can see the particular devices that are experiencing dropouts appear in the message logs and the devices are being excluded e.g... "#APF-6-MOBILE_EXCLUDED: apf_ms.c:5906 Excluded the mobile"
What I would like to do is work out why these devices are being excluded. I can see in the trap log for the excluded devices I get these messages...
Client Authentication Failure: MACAddress:xx.xx.xx.xx.xx.xx Base Radio MAC:34:dbxx.xx.xx.xx:d0 Slot: 0 User Name: unknown Ip Address: unknown Reason:Unspecified ReasonCode: 1
So it looks like if I could get all of the logging to appear in one central place I may have a chance of getting to the bottom of what was going on, but it seems very confusing with logs being in a range of different places.
That tells me how to turn on logging for an AP. But I was more interested in understanding the difference between the different logs - e.g. message log versus trap log. And if I do turn on logging as you suggested which log am I turning on syslog for trap or message (ideally I want both).
System logging allows controllers to log their system events to up to three remote syslog servers. The controller sends a copy of each syslog message as it is logged to each syslog server configured on the controller. Being able to send the syslog messages to multiple servers ensures that the messages are not lost due to the temporary unavailability of one syslog server. Message logging allows system messages to be logged to the controller buffer or console.
You can use the controller GUI or CLI to configure system and message logging.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...