Solved: Re: How to get failure log entry when wrong PSK is entered with Identity PSK?

Josh Morris · ‎03-08-2021

I am running v2.7 and have two authorization rules for iPSK. The first is for a specific group using a different key. The second rule is the default with the result being the profile with the correct PSK.

If someone enters the correct default PSK, they are allowed access and I see a live log message. If someone enters the incorrect PSK, they are denied access to the SSID but I do not see a failure log in the live logs. So what I'm wondering, is how do I organize my rules so that I get a failure log so I can know to go investigate an issue?

Greg Gibbs · ‎03-10-2021

When using PSK + RADIUS, all authentication happens locally on the WLC itself. ISE does not see this AuthC traffic and is only responsible for the Authorisation process.

You would need to look into what logging/alerting can be done on the WLC side. You might be able to send syslog events from the WLC to an external syslog server like Splunk and have it forward to any alerting/ticketing systems.

View solution in original post

Greg Gibbs · ‎03-10-2021

When using PSK + RADIUS, all authentication happens locally on the WLC itself. ISE does not see this AuthC traffic and is only responsible for the Authorisation process.

You would need to look into what logging/alerting can be done on the WLC side. You might be able to send syslog events from the WLC to an external syslog server like Splunk and have it forward to any alerting/ticketing systems.