Showing results for 
Search instead for 
Did you mean: 

802.1x WLAN auth not showing client ip in win 2008 AD security log



I have a ongoing project configuring a cisco wlan with 802.1x, where microsoft network policy server is used for radius authentication.

Configuring the SSID on the WLC, and the 802.1x on wlc/radius server works fine, users type in their username and password on a smartphone/ipad etc and get access to the network.

The problem im facing is that I want to log the clients ip-address on the radius-server security log, so I can use cisco active directory agent to find the ip against username mapping in ironport.

The active directory agent checks the domain controllers security log to see what ip-address belongs to which user. In this scenario the user is mapped to the wlc ip, not the smartphone/ipad. The result is a lot of users mapped to the wlc ip-address, and the logs in cisco ADA/ironport is worthless.

Is there any way to configure wlc/802.1x to send the actual client ip-address to the authentication server, and not the WLC?

5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

Please configure radius accounting on the WLC to have the required logs on the NPS server.

On the WLC, make sure we have radius accounting server configured under security > AAA > radius > accounting

After that Go to WLAN, edit the WLAN > security > AAA server and enable radius accounting.

Radius accounting on NPS logs




Thank you for replying Jatin,

After enabling accounting, I can now see the client ip-address in the nps logfile.

However cisco active directory client cannot map the ip against username unless it's in the windows security event log. Im also afraid it has to be a kerberos authentication, not 802.1x for it to work.

Any suggestions how to fix this issue? Cisco ADA is in my opinion worthless not supporting 802.1x.--

I was actually reading this for your above question.


CDA can also act as a syslog server when one or more syslog clients are added. It can connect to Cisco Identity Services Engine (ISE) and Cisco Secure Access Control System (ACS) and receive syslog messages. You can check live logs to see the syslog messages received. The advantage is to integrate CDA with 802.1x deployment and support other devices that are not necessarily authenticated by Microsoft domain controller.

CDA supports ISE 1.1.x and 1.2 and ACS 5.3, and 5.4 only.

I'm also having the same dilemma, just curious what if anything you have done to get this to work?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers