11-30-2023
05:02 AM
- last edited on
11-30-2023
07:43 AM
by
rupeshah
Hello team,
Colleagues and I have encountered a problem which we need to solve. We are currently receiving events from cisco WLC 9800-L 17.6.4 in a format for example: "...wncd: Username entry (xxx) joined with ssid (wlanxxx) for device with MAC xxxx.xxxx.xxxx". These are fine, but we would need to implement 'Device Type' of the devices connected. Although the Device Type can be displayed on the WLC GUI or the CLI, we could not find any way how to implement Device Type information into logs sent to syslog/SIEM as we need to work rules/playbook on them further. Is there any way how to send these logs?
Thank you so much for your response.
Matt
11-30-2023 06:25 AM
Check policy profiles
Global state of device classification it must be enable
Also from wireless global
Enable the device classification
MHM
11-30-2023 01:32 PM
If the authentication is 802.1x then you could use the RADIUS server to do it as well
12-03-2023 08:45 AM - edited 12-03-2023 08:46 AM
^^^ @Haydn Andrews's answer.
What you're trying to do is not a syslog function and the syslog messages are built into IOS-XE, they're not configurable. If you were desperate you might write a custom EEM script to create you own custom EEM syslog but that would be a dreadful hack. The correct way to do it would be using 802.1x with ISE and the WLC NAC functionality.
https://community.cisco.com/t5/security-knowledge-base/ise-and-catalyst-9800-series-integration-guide/ta-p/3753060
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.html
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215661-in-depth-look-into-client-profiling-on-9.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide