Problem of Authenticating users on Cisco WLC integrated with Palo alto

Reply
Highlighted
L1 Bithead

Problem of Authenticating users on Cisco WLC integrated with Palo alto

dear all,

we have integrated our Cisco Wireless Controller with Palo alto Firewall, the problem is that some people, authenticated successfully on the network, but the username still not appeares on Palo alto, although i can found them on the WLC, this happening with few users, not all

Regards,

L2 Linker

Re: Problem of Authenticating users on Cisco WLC integrated with Palo alto

Hi

Can you explain more, how you are authenticating user on the WLC.

Are you using 802.1x?

L1 Bithead

Re: Problem of Authenticating users on Cisco WLC integrated with Palo alto

yes exactly, and i am creating Trap receivers which send all traps to kiwi syslog and the kiwi syslog is sending the firewall.

L2 Linker

Re: Problem of Authenticating users on Cisco WLC integrated with Palo alto

its depend of the Cisco WLC version.

Version 8.0 sends Traps with OID enterprise=1.3.6.1.4.1.9.9.599.0.4

Username prefix: 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=

cldcClientIPAddress.0=

for cisco wlc 7

enterprise=1.3.6.1.4.1.9.9.599.0.4

cldcClientUsername.0=

cldcClientIPAddress.0=

try PAN agent as well to parse UserID and IP address.

Same data can be fetch from Radius.

Note: Cisco generate different OIDs for authentication (I am not expert on Cisco WLC).

L1 Bithead

Re: Problem of Authenticating users on Cisco WLC integrated with Palo alto

this is the same configuration on PA

Untitled.jpg

L5 Sessionator

Re: Problem of Authenticating users on Cisco WLC integrated with Palo alto

Hi,

Check the following documnets

https://live.paloaltonetworks.com/docs/DOC-6727

HOWTO: User-IP Mapping from Cisco WLC RADIUS Accounting Massage

You have to check the sys log messages and based on the messages. You have to select three vaules

1> Event String

2>Username Prefix

3>Address Prefix

These values tells to firewall that an authentication event starts from <Event string value> and the username can be fetched from <Username Prefix> and the IP address of the user is <Address Prefix>.

For example

2013-03-20 12:56:53 local4.notice Aruba-Local3 authmgr[1568]: <522008> <NOTI> <Aruba-Local3 10.200.10.10>  User Authentication Successful: username=ilija MAC=78:f5:fd:dd:ff:90 IP=10.200.27.67


Every authentication event have one string common that is "User Authentication Successful". Now the Username is "ilija" and the IP address is "10.200.27.67". We have to guide the PA firewall such that firewall can get the desired information.


Rate the helpful answer.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!