I have a 871W router with a wifi dot11 radio setup. It sIP address is10.0.0.1
When a station connects, I get logs such as:
Mar 28 06:18:14 10.0.0.1 1417: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0025.004d.4765 Reason: Previous authentication no longer valid SSID[VaxinationWiFi]
Mar 28 06:18:16 10.0.0.1 1418: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0025.004d.4765 Associated SSID[VaxinationWiFi] AUTH_TYPE[EAP-LEAP] KEY_MGMT[WPAv2]
However, I would like to also log the actual authentication (which username is being used), especially invalid authentication attempts (hacker trying to get in for instance).
The router is setup with its own local radius server.
What sort of statement do I need to add to cause a syslog message to be issued for both proper and improper login attempts (either at the dot11 level, or at the radius level).
I have login on-success login on-failure
Those do cause syslog mkessages to be issued, but for actual logins to the router's CLI.
Any hints on what to look for would be appreciated.
Relevant bits (I think)
aaa new-model ! ! aaa group server radius my_aaa_group server-private 10.0.0.1 auth-port 1812 acct-port 1813 key mylongandsharedpassword ! aaa authentication login eap_list_name group my_aaa_group aaa authorization exec default local
dot11 syslog ! dot11 ssid MickeyMouse vlan 10 authentication open eap eap_list_name authentication network-eap eap_list_name authentication key-management wpa optional guest-mode
interface Dot11Radio0 no ip address ! encryption vlan 10 mode ciphers aes-ccm tkip wep128 ! broadcast-key vlan 10 change 600 ! ! ssid MickeyMouse ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.036.0 48.0 54.0 station-role root world-mode dot11d country CA both ! interface Dot11Radio0.10 description MickeyMouse on VLAN 10 encapsulation dot1Q 10 bridge-group 10 bridge-group 10 subscriber-loop-control bridge-group 10 spanning-disabled bridge-group 10 block-unknown-source no bridge-group 10 source-learning no bridge-group 10 unicast-flooding
radius-server local nas 10.0.0.1 key 0 mylongandsharedpassword user clinton password lewinsky user obama password osama !