Below I've copied two lines from our syslog messages file showing where our Wireless Controller (3600) reports that someone tried to connect to something and the username wasn't in the local database.
We see several of these every day for folks banging their head against the captive portal, and it doesn't concern us all that much.
In the last 10 days though, we've had 6000+ attempts on username admin. What should I look at to find out where these requests are coming from?
--Matthew
Nov 16 09:15:25 10.21.0.64 localdb[1615]: <133019> <ERRS> <000boiid-wc1 10.21.0.64> User admin was not found in the database
Nov 16 09:15:25 10.21.0.64 localdb[1615]: <133006> <ERRS> <000boiid-wc1 10.21.0.64> User admin Failed Authentication
#3600