...
Another requirement in the eduroam policy is that the eduroam SP is required to maintain logs of the authentication and of MAC-address to IP address bindings. LANCOM devices can satisfy both by logging events via syslog. By default, the device keeps short-term logs by logging to "127.0.0.1". The logs look like the following (prefixed with the exact timestamp, left out for readability reasons):
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5410e6ce261adf0b-9a24c808-47d84180-a3d5bee2-12f66ae45f04d1e2ba3633aa"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Associated WLAN station 64:b9:e8:a0:2e:a4 [] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="24961da4b0f9c565-1974ce99-4f504796-b516b1c9-27e3a0445045cf5fae4e8bba"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] WLAN station 64:b9:e8:a0:2e:a4 [] authenticated via 802.1x [user name is certuser-2010-001@restena.lu] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="703e2e628dfb3e7c-0a7d89bd-4e034cf6-889f9f8d-fe8c69d4244550c76df73b4d"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Key handshake with peer 64:b9:e8:a0:2e:a4 successfully completed | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5185689bb22b792e-a84ea8d7-42934919-ac728be3-8cb03550c154b4eaa5561d41"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Connected WLAN station 64:b9:e8:a0:2e:a4 [] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="145f2adb8434a776-fee2ef36-43e14796-b714a194-ab90175e01cff369870d2ba8"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv4 address for station 64:b9:e8:a0:2e:a4 []: 158.64.3.24 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a8fe852b2db315b3-9c2571c1-439e4339-8a1db9db-fc025464efb4f3f111075253"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv6 address for station 64:b9:e8:a0:2e:a4 []: 2001:0a18:0000:0403:66b9:e8ff:fea0:2ea4 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e91cdbd2169c5cba-812c2881-41124915-a671ba3b-78203d6bffecbe9961920c01"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv6 address for station 64:b9:e8:a0:2e:a4 []: fe80:0000:0000:0000:66b9:e8ff:fea0:2ea4 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7e9a19084445eaea-7115d762-4485476c-8c34a63c-4bda4b02214d71fdc1883b6c"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Disassociated WLAN station 64:b9:e8:a0:2e:a4 [] due to station request (Disassociated because sending station is leaving BSS | ]]></ac:plain-text-body></ac:structured-macro> |
As you can see, the authentication itself and all MAC -> IP binding actions are logged, both for IPv4 and IPv6.
It is required to log these notices to an external syslog server, since the syslog buffer in the device fills quickly and the information would be lost otherwise. Add your syslog server by selecting the menu item "Configuration" > "Log &Trace" > "Syslog" and make sure the box "Send information..." is checked (it is by default). Then click on "Syslog servers" and on the following page "Add".
Then enter the IP address of your syslog server, and choose the events that shall be logged. We suggest to select at least the sources
- System
- Login
- System time
- Console Login
- Connections
- Administration
and the levels
- Alert
- Error
- Warning
- Information
for a comprehensive overview of events on the device.
1. Select Configuration>Log &Trace>Syslog and check the box Send information.
2. Click Syslog clients>add.
3. Add (minimum) localhost: IP 127.0.0.1, and activate all sources:
The logs that are collected with the localhost setting will show up under
Expert Configuration>Status>TCP-IP>Syslog.
...