topic Re: logs for WLC; in Wireless

logs for WLC;

Audit — Tue, 19 Jul 2022 20:47:58 GMT

Hey,

My objective is to verify users on the Cisco WLC that have been give access or removed access. is there a possibility to review such actions taken through logs. can this be verified from the syslog??

Re: logs for WLC;

Rasika Nayanajith — Wed, 20 Jul 2022 00:11:29 GMT

Do you mean administrative users accessing WLC via GUI or wireless users connecting to SSID?

What WLC platform have you got?

HTH
Rasika

Re: logs for WLC;

Audit — Wed, 20 Jul 2022 08:06:48 GMT

both would be great. Again, my objective is to review such activity of user being removed or given access to the controller. Its can be admin users or wireless users. its more of a generic approach

If not can u explain the process in order to identify when a user device was added/ deleted from a Cisco wireless controller. this can be reviewed through logs or any other approach

Platform- any relevant one

Re: logs for WLC;

Rich R — Wed, 20 Jul 2022 16:36:55 GMT

Admin users can be controlled by TACACS for example using Cisco ISE which maintains the logs.

Wireless user logging will be entirely dependent on the design of your network. If your users are authenticated by radius server then radius authentication and accounting logs on your radius server (can also be ISE) can log all the user detail.

Re: logs for WLC;

Audit — Sun, 24 Jul 2022 13:50:39 GMT

Can we check similarly (through logs) for the devices connected(Mac address) to the WLC. Is there a way to identify the devices added or removed from the controller?

Re: logs for WLC;

Rich R — Mon, 25 Jul 2022 08:18:56 GMT

Radius logs can contain device MAC.

But remember that device MAC can change (private MAC addresses are becoming standard across all devices).