Solved: Cisco WLC - Find used mac address users

manvik · ‎07-13-2020

Using Cisco 5508 Wireless Controller. Users connect to the SSID by MAC-filtering. Over the period of years around 2000 Mac address has been added.

Currently there could be only 300 to 400 active users.

How to find list of MAC address connected or not connected in the last 3,4 months.

Rafael E · ‎07-13-2020

From Report Launch on PI you have a client session report.

You can collect for the past 3 months and check what mac addresses have been connected to that specific SSID.

Saludos,
Rafael - TAC

View solution in original post

Rafael E · ‎07-13-2020

You will not be able to find this information on the WLC. You need another system such as DNAC or PI to track this information.

Saludos,
Rafael - TAC

manvik · ‎07-13-2020

Thank you Rafael,

WLC is integrated with prime infrastructure. Any idea how to pull the data from PI?

Rafael E · ‎07-13-2020

From Report Launch on PI you have a client session report.

You can collect for the past 3 months and check what mac addresses have been connected to that specific SSID.

Saludos,
Rafael - TAC

manvik · ‎07-14-2020

Thank You Rafael,

I generated report from PI, it included all wired clients too. Anyways I have opened a TAC ticket.

Nabeel Aurangzeb · ‎12-05-2022

Dear MANVIK,

What TAC team provided you solution?? i have same problem

Scott Fella · ‎12-05-2022

There is no way to get that info from the controller itself. If you read though the post, you can use Prime Infrastructure to gather the client summary. I don’t really know what you get get out of that especially if folks turn on MAC address randomized.

-Scott
*** Please rate helpful posts ***

patoberli · ‎07-13-2020

I would switch from that system, many modern operating systems have started to randomize the WLAN mac address. Some keep it the same, once you've successfully connected, but that is not guaranteed in the future.

Rich R · ‎07-14-2020

Pat is right - iOS 14 on iPhone (currently in beta) changes the MAC address every 24 hours by default (can be disabled but user must do that manually). Other OS are likely to replicate this behaviour in future. After that MAC address as security will become meaningless and unmanageable so start preparing for that NOW (and we all know it's really not secure anyway because it's trivially easy to spoof the MAC address today). You should be using a secure method like 802.1x to authenticate your clients.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

manvik · ‎07-15-2020

Thank you rrudling,

Configurung 802.1x on every user mobile and laptops are not practical. Some other user friendly and easy-to-administer solution should come up.