Showing results for 
Search instead for 
Did you mean: 

SSID or AP for failed client authentication

Is there a way to see what SSID or even better, what AP a client authentication is failing on? We use a 5508 WLC with an ACS 5.8 for radius authentication and ACS reports only show the mac address for which the failed authentication on a particular user is happening but I am interested to know where that device is.

A user's account keeps getting locked out and the mac address of the device (apple device) that shows in the ACS reports is not from any of her devices so we are trying to figure out what building or location the device is in but unless that device successfully connects I don't know how to tell what AP that is coming from... Any suggestions?

Scott Fella
Hall of Fame Guru

Is there any information on the controller or ap Mac address that the ACS logs show? You are saying that a device is authenticating with credentials from a user and getting the account locked, but none of her devices are impacted? So you are thinking someone is using her credentials to try to access the network? If you have a Mac address, you can run a debug on the controller and output that to a file. If you have Prime, maybe lookup that username and see if you see the Mac address and last ap.
*** Please rate helpful posts ***

If you have Prime you can actually just search by the MAC address and you should see the history of where that MAC has been connected.
VIP Advisor

Apple devices tend to use random mac addresses for certain functions. Here you find some more information:
Typically it's not anymore used once the device has successfully connected (although I think you can still enable it in the wireless profile options of the device).
Recognize Your Peers
Content for Community-Ad