Logging wifi accesses

Discussion in 'Cisco' started by JF Mezei, Mar 29, 2010.

  1. JF Mezei

    JF Mezei Guest

    I have a 871W router with a wifi dot11 radio setup. It sIP address is
    10.0.0.1

    When a station connects, I get logs such as:

    Mar 28 06:18:14 10.0.0.1 1417: %DOT11-6-DISASSOC: Interface Dot11Radio0,
    Deauthenticating Station 0025.004d.4765 Reason: Previous authentication
    no longer valid SSID[VaxinationWiFi]

    Mar 28 06:18:16 10.0.0.1 1418: %DOT11-6-ASSOC: Interface Dot11Radio0,
    Station 0025.004d.4765 Associated SSID[VaxinationWiFi]
    AUTH_TYPE[EAP-LEAP] KEY_MGMT[WPAv2]


    However, I would like to also log the actual authentication (which
    username is being used), especially invalid authentication attempts
    (hacker trying to get in for instance).

    The router is setup with its own local radius server.

    What sort of statement do I need to add to cause a syslog message to be
    issued for both proper and improper login attempts (either at the dot11
    level, or at the radius level).

    I have
    login on-success
    login on-failure

    Those do cause syslog mkessages to be issued, but for actual logins to
    the router's CLI.


    Any hints on what to look for would be appreciated.



    Relevant bits (I think)

    aaa new-model
    !
    !
    aaa group server radius my_aaa_group
    server-private 10.0.0.1 auth-port 1812 acct-port 1813 key
    mylongandsharedpassword
    !
    aaa authentication login eap_list_name group my_aaa_group
    aaa authorization exec default local

    dot11 syslog
    !
    dot11 ssid MickeyMouse
    vlan 10
    authentication open eap eap_list_name
    authentication network-eap eap_list_name
    authentication key-management wpa optional
    guest-mode

    interface Dot11Radio0
    no ip address
    !
    encryption vlan 10 mode ciphers aes-ccm tkip wep128
    !
    broadcast-key vlan 10 change 600
    !
    !
    ssid MickeyMouse
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    station-role root
    world-mode dot11d country CA both
    !
    interface Dot11Radio0.10
    description MickeyMouse on VLAN 10
    encapsulation dot1Q 10
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 spanning-disabled
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding

    radius-server local
    nas 10.0.0.1 key 0 mylongandsharedpassword
    user clinton password lewinsky
    user obama password osama
    !
     
    JF Mezei, Mar 29, 2010
    #1
    1. Advertising

  2. JF Mezei

    JF Mezei Guest

    Aaron Leonard wrote:
    > Normally you would use AAA accounting for this; however the local
    > RADIUS server doesn't support accounting.


    OK, so basically, I have to setup a real Radius server on a server to
    get the acounting data. Will this also give me the invalid login attempts ?
     
    JF Mezei, Apr 6, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christian Roos

    logging buffered vs. logging history

    Christian Roos, Feb 5, 2006, in forum: Cisco
    Replies:
    4
    Views:
    15,330
  2. Leachim Sredna

    Something accesses the hard disk every 2 sec (longish

    Leachim Sredna, May 27, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    504
    Beans
    May 28, 2004
  3. Mike
    Replies:
    5
    Views:
    934
  4. onclejon
    Replies:
    3
    Views:
    992
    =?Utf-8?B?b3Jpb24xMg==?=
    Nov 1, 2006
  5. Replies:
    0
    Views:
    568
Loading...

Share This Page