Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Locating failed wireless login attempts and which access point they're hitting

We have a cisco 5508 WLC with about 190 access points.  They use Cisco Secure ACS to authenticate Microsoft Active Directory logins.  We sometimes get non-normal accounts attempting to login to our wireless but are unable to figure out which access point they're hitting.  

When I look at the failed attempts in our Cisco Secure ACS 5.5 Radius Authentications report, I don't see an IP address, just the MAC address of the failing device.  Is their a way to configure either the WLC or the ACS box to report either the IP address or MAC address of the access point they're connecting to?

2 REPLIES
Bronze

If you look at the details of

If you look at the details of a particular authentication attempt you will see "Called-Station-ID=" which will be followed by the mac address of the radio interface of of the AP the client connected to followed by the ssid they connected to. It's in the 'Other Attributes' section.

Hope that helps.

New Member

Is this something I need to

Is this something I need to set the ACS or WLC to send?  When I go to Other attributes in the "Authentications - RADIUS - Today" report, this is all I'm currently seeing.

Other Attributes:
ACSVersion=acs-5.5.0.46-B.723 
ConfigVersionId=3 
DetailedInfo=Invalid username or password specified, Retry is  allowed
163
Views
0
Helpful
2
Replies
CreatePlease login to create content