Solved: Re: Accounting in wireless controller

Zhomart Asken · ‎05-23-2013

Hi everyone!

I have the question according to accounting of wi-fi users. Does wireless controller support accounting of all connections, sessions(duration,mac, ip address etc) that were made during a predefined ammount of time, for example one month? If controller does not, how can I achieve this?

Best wishes, Zhomart

Scott Fella · ‎05-23-2013

Nope... In order to have that information you would need Prime Infrastructure and an MSE which can store data. The WLC itself will not store all that information.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

manbaez · ‎05-23-2013

You could configur AAA inthe controller ( Chapter 6

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70.html

)

but, per say there is nothingfor that on the controller except the ones that are connected at that

particular time... You might want to have the full Boardless Network solution For Management

report. The BN solution will be WLC (Wireless LAN Controller) MSE (Mobility Service Engine)

annd PI (Prime Infrastructure) this will provide Management report on wireless devices and if

you go into release Connected Mobility Exxperience Flavor/Releases (WLC 7.4 - MSE 7.4 - PI

1.3) you could get even tracking and analitics info as well.

I hope this help with your answe... if any question or comments let me know

Thank you,
Manuel Baez
S E

View solution in original post

Scott Fella · ‎05-23-2013

Nope... In order to have that information you would need Prime Infrastructure and an MSE which can store data. The WLC itself will not store all that information.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

manbaez · ‎05-23-2013

You could configur AAA inthe controller ( Chapter 6

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70.html

)

but, per say there is nothingfor that on the controller except the ones that are connected at that

particular time... You might want to have the full Boardless Network solution For Management

report. The BN solution will be WLC (Wireless LAN Controller) MSE (Mobility Service Engine)

annd PI (Prime Infrastructure) this will provide Management report on wireless devices and if

you go into release Connected Mobility Exxperience Flavor/Releases (WLC 7.4 - MSE 7.4 - PI

1.3) you could get even tracking and analitics info as well.

I hope this help with your answe... if any question or comments let me know

Thank you,
Manuel Baez
S E

Zhomart Asken · ‎05-24-2013

In the Radius configuration part of the document you have provided it says following regarding to acconting functions:

"Accounting—The process of recording user actions and changes.

Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted."

But can it gather the information about the connected devices, like it's type, mac-address, operating system etc? It would be very useful for security reasons to monitor the guest users, who don't have their own login. And if Radius can't do that, then would be your Boardless Network solution with MSE and Prime, proposed by you earlier, be the answer for our needs?

Zhomart Asken · ‎05-23-2013

Thanks for your advices! And if controller supports AAA could we use Radius server to gather this information from controller and store it there?

Scott Fella · ‎05-24-2013

The WLC does support radius, but you would have to parse that information and also send that information to a syslog since the radius will not keep that much info. You would have to research how much data your radius server will keep before it will truncate the old data.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎05-24-2013

Maybe download PI and get an evaluation license so you can get a feel for what is does.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎05-24-2013

It will not know of the type of device. With that, you need ISE that can profile the device.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎05-24-2013

Let me explain this part.

It would be very useful for security reasons to monitor the guest users, who don't have their own login.

You should use a proxy or some sort of connect filter. Without any login, you will not get much info about a user, but you will get Mac, IP, site visited, etc. the device type will only be discovers using ISE also. So ISE might be your answer along with maybe a content filter.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***