WLC authorisation logs

voval · ‎02-08-2017

Hi,

Im working currently with WLC 2504 running version 8.0.110.0. I configure new SSID that working with RADIUS.

I want to map user-id to IP on my firewall (Paloalto). I found few documents (https://live.paloaltonetworks.com/t5/Integration-Articles/Use-Syslog-Receiver-to-Integrate-with-Cisco-Wireless-Controller/ta-p/52824) describing how to do it with SNMP traps that converting it to syslog and forwarding to firewall, i have to admit that i dont like the idea to have another server in the middle.

I found that its possible to run the following commands in order to generate a syslog:

config logging syslog facility client authentication

config logging syslog facility client associate

After running the commands i can see the logs

WLC_NAME: *Dot1x_NW_MsgTask_2: Feb 08 14:38:49.791: #APF-3-AUTHENTICATION_TRAP: apf_80211.c:15520 Client Authenticated: MACAddress:18:65:90:48:e0:3a Base Radio MAC:0c:68:03:2c:fc:d0 Slot:1 User Name:MYUSERNAME Ip Address:192.168.237.101 SSID:MYSSID

I configured to send it to Paloalto but i cant configure the receiver correctly. (based on this article: https://live.paloaltonetworks.com/t5/Integration-Articles/Use-Syslog-Receiver-to-Integrate-with-Cisco-Wireless-Controller/ta-p/52824)

I wonder if someone ever did it and it worked? Any help will be appreciated

PERI_Admin · ‎09-13-2019

I know that your question is two years old but we did a similar setup the last weeks. So let me point out how it's working for us. We use PAN-OS 8.1.9.

The following command on WLC is everything you need:

logging syslog facility client associate enable

After that configure Palo Alto firewall as syslog server on WLC.

On Palo Alto firewall you should create a Syslog Parse Profile with the following entries:

Basically that's everything you need to get it running.