Requirement:This is applicable for MAS and for Controllers Only
Solution:When we need to see the "show commands" that were executed from the enable mode, it would not show by default.
However, after enabling "audit-trail all", we can get to see the "show commands" that were exected as well
Configuration:In order to see the commands that were executed in both enable mode and in configuration mode, we need to enable the command "audit-trail all"
(Host) (config) #audit-trail all
(Host) (config) #
Example
(Host) #show ap database
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP
---- ----- ------- ---------- ------ ----- --------- ----------
ac:a3:1e:c5:65:5a default 214 10.17.170.249 Up 21h:27m:22s 10.17.170.227 0.0.0.0
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
i = Indoor; o = Outdoor
M = Mesh node; Y = Mesh Recovery
Total APs:5
(Host) #
(Host) #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
User Entries: 0/0
Curr/Cum Alloc:0/0 Free:0/0 Dyn:0 AllocErr:0 FreeErr:0
(Host) #show ap active
Active AP Table
---------------
Name Group IP Address 11g Clients 11g Ch/EIRP/MaxEIRP 11a Clients 11a Ch/EIRP/MaxEIRP AP Type Flags Uptime Outer IP
---- ----- ---------- ----------- ------------------- ----------- ------------------- ------- ----- ------ --------
ac:a3:1e:c5:65:5a default 10.17.170.249 0 AP:HT:11/22/22 0 AP:VHT:36+/21/21 214 a 21h:27m:35s N/A
Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2;
A = Enet1 in active/standby mode; B = Battery Boost On; C = Cellular;
D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authentication;
H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh;
N = 802.11b protection disabled; P = PPPOE; R = Remote AP;
S = AP connected as standby; X = Maintenance Mode;
a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP;
i = Provisioned as Indoor; o = Provisioned as Outdoor;
r = 802.11r Enabled
Q = DFS CAC timer running
Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.
Num APs:1
In the above example, we executed the commands,
"show ap database"
"show user-table"
"show ap active"
(Host) #show audit-trail 3
Feb 26 10:13:31 cli[3591]: USER:admin@10.20.25.36 COMMAND:<show ap database > -- command executed successfully
Feb 26 10:13:37 cli[3591]: USER:admin@10.20.25.36 COMMAND:<show user-table > -- command executed successfully
Feb 26 10:13:43 cli[3591]: USER:admin@10.20.25.36 COMMAND:<show ap active > -- command executed successfully
(Host) #
VerificationTo verify if enabled, we can check the running-config
(Host) (config) #show running-config | include audit
Building Configuration...
audit-trai all