Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
3
Helpful
7
Replies

Cisco 9800 Client session realtime deauth (8540s had enhanced traps).

ciscoritz
Level 1
Level 1

‎07-31-2024 01:45 PM - edited ‎07-31-2024 01:47 PM

Cisco 9800 Client session data realtime (8540s had enhanced traps)

is there a way on the 9800s to gather realtime client session data when deauth trap (i dont see it working when enabled in the snmp wireless traps section.)

8540s had this (but i cant find this trap on the 9800s.)
CISCO-LWAPP-DOT11-CLIENT-MIB::ciscoLwappDot11ClientDeAuthenticatedTrap

im not sure if MDT will have a way realtime to stream per deauth action.  this method but this was Very powerful in realtime data collection 

it had 
cldcClientSSID
cldcClientWlanProfileName
cldcClientDataBytesSent
cldcClientDataBytesReceived
cldcClientIPAddress
cLAPGroupVlanName
cldcClientRSSI
cldcClientSNR
cldcClientMacAddress

0 Helpful
7 Replies 7

marce1000
Hall of Fame
Hall of Fame

‎07-31-2024 11:13 PM

 

  - SNMP MIB support is limited on the 9800 w.r.t aireos ; check https://software.cisco.com/download/home/286322605/type/280775088/release/   for availability of the specific trap you mentioned

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R
VIP
VIP

‎08-04-2024 04:55 PM

It certainly supports the config:
9800(config)#trapflags client dot11 ?
assocfail Association Fail Trap
associate Association Trap
authenticate Client Moved To Run State Trap
authfail Authentication Fail Trap
deauthenticate Deauthentication Trap
disassociate Disassociation Trap

Are you saying you've configured it but the WLC doesn't send the trap? 
If so then open a TAC case and get TAC to raise a bug for it to get it fixed.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

ciscoritz
Level 1
Level 1

‎11-25-2024 08:47 AM

The problem is the deauthenticate Deauthentication Trap is there but the issue is it doesnt send the actual
CISCO-LWAPP-DOT11-CLIENT-MIB::ciscoLwappDot11ClientDeAuthenticatedTrap
with all the byte session data flows and such

0 Helpful

Rich R
VIP
VIP

‎11-25-2024 09:20 AM

As Marce pointed out above SNMP support on 9800 is very limited as it is considered to be legacy and is replaced by streaming telemetry.  Many of the MIBs and traps which were there on IOS are no longer supported at all and as you have found those that are supported may lack functionality.
For client accounting data you can use radius accounting.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

ciscoritz
Level 1
Level 1
In response to Rich R

‎11-26-2024 07:18 AM

Even with the MDT it's incorrect data as it comes in which is interesting
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎11-25-2024 02:49 PM

If they can get telemetry to work properly (and without causing the switch, router, WLC to crash), Cisco wants everyone to migrate off SNMP. 

One of the most fundamental reason why is because other NMS vendors can do SNMP ping/poll better and a lot cheaper. 

ciscoritz
Level 1
Level 1

‎01-01-2025 10:31 AM - edited ‎01-01-2025 10:34 AM

intresting enough theres not really any MDT equivalent to how the enhanced traps exit . they are semi stiched with MDT but not a good way to really get a good datapoint in the kvgpb (unless the TDL encoding

wsa-cl-event-delete-in-progress
Cisco-IOS-XE-wireless-events-oper:wsa-client-event
Cisco-IOS-XE-wireless-client-oper  /wireIess-client-oper:client-oper-data

but during that delete the MDT last update doesn't really give out the traffic stats during that session  or use traffic-stats 
if a 90sec period updat interval + delete we could match the data and somewhat i think get a picture of the stats but have to go through a few data sources to re-stitch (when your talking 20000 active clients it becomes a big set not as simple as querying API for client stats 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card