Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2316
Views
15
Helpful
5
Replies

logs for WLC;

Audit
Visitor

‎07-19-2022 01:47 PM

Hey,

My objective is to verify users on the Cisco WLC that have been give access or removed access. is there a possibility to review such actions taken through logs. can this be verified from the syslog?? 

Labels:
0 Helpful
5 Replies 5

Rasika Nayanajith
VIP Alumni
VIP Alumni

‎07-19-2022 05:11 PM

Do you mean administrative users accessing WLC via GUI or wireless users connecting to SSID?

What WLC platform have you got?

HTH
Rasika

Audit
Visitor
In response to Rasika Nayanajith

‎07-20-2022 01:06 AM

both would be great. Again, my objective is to review such activity of user being removed or given access to the controller. Its can be admin users or wireless users. its more of a generic approach

If not can u explain the process in order to identify when a user device was added/ deleted from a Cisco wireless controller. this can be reviewed through logs or any other approach

Platform- any relevant one

0 Helpful

Rich R
VIP
VIP

‎07-20-2022 09:26 AM - edited ‎07-20-2022 09:36 AM

Admin users can be controlled by TACACS for example using Cisco ISE which maintains the logs.

Wireless user logging will be entirely dependent on the design of your network.  If your users are authenticated by radius server then radius authentication and accounting logs on your radius server (can also be ISE) can log all the user detail.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Audit
Visitor
In response to Rich R

‎07-24-2022 06:50 AM

Can we check similarly (through logs) for the devices connected(Mac address) to the WLC. Is there a way to identify the devices added or removed from the controller?

0 Helpful

Rich R
VIP
VIP

‎07-25-2022 01:18 AM

Radius logs can contain device MAC.

But remember that device MAC can change (private MAC addresses are becoming standard across all devices).

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card