This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Getting User-ID when using 802.1x Wireless

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Getting User-ID when using 802.1x Wireless

PaulBarrington
L0 Member

‎09-20-2013 04:52 AM

Hi,

I was wondering if any of you chaps and/or chapesses have come across a problem getting the correct User-ID information when using wireless authentication.

The problem I have is that I have a Palo Alto firewall that happily uses the User-ID Agent from AD/Security Event log to get User-ID information about wired connections to their network.  The customer also has an Aruba wireless network using 802.1x authentication via an NPS service backed off to their Windows AD.  Because the authentication request appears to come from the Aruba Wireless Switch, via an NPS server on the network, the information recorded in the Security event log has the relevant user with the IP address of the wireless switch.  The client device hasn't been granted any wireless network rights until it is authenticated, not even access to the DHCP server, and therefore doesn't have a IP address.

Once the client is authenticated, it is issued an IP address, which doesn't match the one in the event log and therefore the Palo Alot doesn't tie this IP address to this user.

Any assistance on this would be grateful.

0 Likes Likes
1 REPLY 1

UhMayYeah
L5 Sessionator

‎09-20-2013 05:32 AM

Following solutions would be helpful in this scenario :

1> Scripting solution for User ID working with Microsoft IAS/NPS

2> The following Doc talks about Radius and User-ID integration in the environments using 802.1x devices and wireless access points and controllers.

A script can be configured to run on the Syslog server that will extract the user and IP information from the message, format it correctly for the UID-API, and then send it to the API agent.

UserID API integration using Syslog

Also check :https://live.paloaltonetworks.com/thread/7239

  • 6710 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks