Palo Alto User-ID and Cisco Wireless LAN controller (WLC) configuration (with SNMP traps)

2. Install CentOS 7

First step, you need to download the last CentOS 7 minimal ISO file and create a virtual machine (specs can be tiny, only snmptrapd and rsyslog will run):
https://www.centos.org/download/

I know that a lot of network and security administrators hate system task, so I will be nice and give you a step by step guide to prepare CentOS 7. 🤓

  • On the pre-install screen, choose “Install CentOS 7”, then press Enter

paloalto-userid_cisco-wlc00007

  • On the first Installation screen, choose the appropriate language and press “Continue”

paloalto-userid_cisco-wlc00008

 

2.1 Configure the keyboard

  • At the top left of the Installation Summary, choose “Keyboard”
  • Click the “+” and search for your keyboard and click “Add”
  • Remove the English keyboard if not needed
  • Click “Done” at the top left when your keyboard is configured and tested

paloalto-userid_cisco-wlc00016

2.2 Configure the network

  • Next, choose “Network & Host Name” at the bottom
  • Click the “Configure” button

paloalto-userid_cisco-wlc00010

  • Choose the “General” tab
    • Select “Automatically connect to this network when it is available”

paloalto-userid_cisco-wlc00011

  • Go to the “IPv4 Settings”
    • Change the method to “Manual” and configure the IP address clicking the “Add” button
    • Enter your DNS servers separated by a comma
    • Enter your search domain
    • Control your settings and click save

paloalto-userid_cisco-wlc00012

  • If your settings are correct, the “Host name” field will be filled by the correct hostname using a reverse lookup
    • If not, control your DNS entry for this virtual machine and your network settings

paloalto-userid_cisco-wlc00013

  • Click “Done” at the top left when your network seems to be operational

2.3 Configure the date and time

  • Next, click on the “Date & Time” menu at the top left
  • Choose the appropriate time zone and edit the settings at the right of the option the enable the Network Time

paloalto-userid_cisco-wlc00015

 

  • Wait for all servers become with a green status and then click “OK”

paloalto-userid_cisco-wlc00014

  • Now you can set the “Network Time” option “ON”
  • Click “Done” at the top left when your Date & Time seems to be operational

2.4 Configure the storage

  • Select the “Installation destination” option
  • Check the box “I will configure partitioning” and then click the “Done” button at top left
    • A new window appears where you can choose to configure the storage

paloalto-userid_cisco-wlc00018

  • Click on “Click here to create them automatically” to edit the storage settings

paloalto-userid_cisco-wlc00019

  • First, if you choose a drive bigger than 50GB, you can safely remove the “home” partition. Not really relevant in our installation only to pass SNMP traps to Syslog messages. If your drive is smaller the home partition wasn’t created automatically.
  • If you’re not an LVM expert, it’s better to change the minimal settings here. My recommendations are :
    • Change the swap partition to a minimal of 4GB
    • Change the volume group and logical volume names to something more comprehensive :
      • vg_group1
        • lv_swap
        • lv_root

paloalto-userid_cisco-wlc00001

  • When you’ve done these basic LVM configurations, you can click “Done” at the top left
  • Accept the changes to format the drive

2.5 Start the installation

  • Verify that you’ve not missed a step and control your settings
  • Click on the “Begin Installation” to … start the installation
  • During the installation process, you need to set the “root” password.
    • Click on “Root Password”
    • Enter a password, confirm it and then click “Done” at the top left

paloalto-userid_cisco-wlc00002

  • When the installation is finished, you can reboot and access your server through SSH

2.6 Final steps

  • Update your system
yum update
  • Install the VMware Tools (if you’re using VMware)
yum install open-vm-tools
  • Reboot
reboot

Leave a Reply

Your email address will not be published. Required fields are marked *

*