Controller Based WLANs

This is applicable for MAS and for Controllers Only

When we need to see the "show commands" that were executed from the enable mode, it would not show by default.

However,  after enabling "audit-trail all", we can get to see the "show commands" that were exected as well

In order to see the commands that were executed in both enable mode and in configuration mode, we need to enable the command "audit-trail all" 

(Host) (config) #audit-trail all
(Host) (config) #


Example

(Host) #show ap database

AP Database
-----------
Name               Group    AP Type  IP Address     Status          Flags  Switch IP      Standby IP
----               -----    -------  ----------     ------          -----  ---------      ----------
ac:a3:1e:c5:65:5a  default  214      10.17.170.249  Up 21h:27m:22s         10.17.170.227  0.0.0.0

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
       I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
       X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
       R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
       c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
       u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
       i = Indoor; o = Outdoor
       M = Mesh node; Y = Mesh Recovery

Total APs:5

(Host) #
(Host) #show  user-table 

Users
-----
    IP           MAC       Name   Role  Age(d:h:m)  Auth  VPN link  AP name  Roaming  Essid/Bssid/Phy  Profile  Forward mode  Type  Host Name
----------  ------------  ------  ----  ----------  ----  --------  -------  -------  ---------------  -------  ------------  ----  ---------

User Entries: 0/0
Curr/Cum Alloc:0/0 Free:0/0 Dyn:0 AllocErr:0 FreeErr:0

(Host) #show  ap active 

Active AP Table
---------------
Name               Group    IP Address     11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP  AP Type  Flags  Uptime       Outer IP
----               -----    ----------     -----------  -------------------  -----------  -------------------  -------  -----  ------       --------
ac:a3:1e:c5:65:5a  default  10.17.170.249  0            AP:HT:11/22/22       0            AP:VHT:36+/21/21     214      a      21h:27m:35s  N/A

Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2;
       A = Enet1 in active/standby mode;  B = Battery Boost On; C = Cellular;
       D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authentication;
       H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh;
       N = 802.11b protection disabled; P = PPPOE; R = Remote AP;
       S = AP connected as standby; X = Maintenance Mode;
       a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP;
       i = Provisioned as Indoor; o = Provisioned as Outdoor;
       r = 802.11r Enabled
       Q = DFS CAC timer running

Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.

Num APs:1

In the above example, we executed the commands,
"show ap database"
"show user-table"
"show ap active"

(Host) #show  audit-trail 3

Feb 26 10:13:31  cli[3591]: USER:admin@10.20.25.36 COMMAND:<show ap database > -- command executed successfully
Feb 26 10:13:37  cli[3591]: USER:admin@10.20.25.36 COMMAND:<show user-table > -- command executed successfully
Feb 26 10:13:43  cli[3591]: USER:admin@10.20.25.36 COMMAND:<show ap active > -- command executed successfully 

(Host) #

To verify if enabled, we can check the running-config

(Host) (config) #show  running-config |  include  audit 
Building Configuration...
audit-trai all