Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2515
Views
0
Helpful
1
Replies

WLC authorisation logs

voval
Level 1
Level 1

‎02-08-2017 12:25 PM - edited ‎07-05-2021 06:31 AM

Hi,

Im working currently with WLC 2504 running version 8.0.110.0. I configure new SSID that working with RADIUS.

I want to map user-id to IP on my firewall (Paloalto). I found few documents (https://live.paloaltonetworks.com/t5/Integration-Articles/Use-Syslog-Receiver-to-Integrate-with-Cisco-Wireless-Controller/ta-p/52824) describing how to do it with SNMP traps that converting it to syslog and forwarding to firewall, i have to admit that i dont like the idea to have another server in the middle.

I found that its possible to run the following commands in order to generate a syslog:

config logging syslog facility client authentication

config logging syslog facility client associate

After running the commands i can see the logs

WLC_NAME: *Dot1x_NW_MsgTask_2: Feb 08 14:38:49.791: #APF-3-AUTHENTICATION_TRAP: apf_80211.c:15520 Client Authenticated: MACAddress:18:65:90:48:e0:3a Base Radio MAC:0c:68:03:2c:fc:d0 Slot:1 User Name:MYUSERNAME Ip Address:192.168.237.101 SSID:MYSSID

I configured to send it to Paloalto but i cant configure the receiver correctly. (based on this article: https://live.paloaltonetworks.com/t5/Integration-Articles/Use-Syslog-Receiver-to-Integrate-with-Cisco-Wireless-Controller/ta-p/52824)

I wonder if someone ever did it and it worked? Any help will be appreciated 

Labels:
0 Helpful
1 Reply 1

PERI_Admin
Level 1
Level 1

‎09-13-2019 05:14 AM

I know that your question is two years old but we did a similar setup the last weeks. So let me point out how it's working for us. We use PAN-OS 8.1.9.

 

The following command on WLC is everything you need:

 

logging syslog facility client associate enable

After that configure Palo Alto firewall as syslog server on WLC.

 

On Palo Alto firewall you should create a Syslog Parse Profile with the following entries:

Palo_Alto_Parse.png

 

Basically that's everything you need to get it running.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card