Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Locating failed wireless login attempts and which access point they're hitting

We have a cisco 5508 WLC with about 190 access points.  They use Cisco Secure ACS to authenticate Microsoft Active Directory logins.  We sometimes get non-normal accounts attempting to login to our wireless but are unable to figure out which access point they're hitting.  

When I look at the failed attempts in our Cisco Secure ACS 5.5 Radius Authentications report, I don't see an IP address, just the MAC address of the failing device.  Is their a way to configure either the WLC or the ACS box to report either the IP address or MAC address of the access point they're connecting to?


If you look at the details of

If you look at the details of a particular authentication attempt you will see "Called-Station-ID=" which will be followed by the mac address of the radio interface of of the AP the client connected to followed by the ssid they connected to. It's in the 'Other Attributes' section.

Hope that helps.

New Member

Is this something I need to

Is this something I need to set the ACS or WLC to send?  When I go to Other attributes in the "Authentications - RADIUS - Today" report, this is all I'm currently seeing.

Other Attributes:
DetailedInfo=Invalid username or password specified, Retry is  allowed
CreatePlease login to create content