4. Configure SNMP
- Start by installing the needed binaries for receiving the SNMP traps from the Cisco Wireless LAN Controller (net-snmp-utils can be used to debug):
yum install net-snmp net-snmp-utils
- Edit the configuration of the SNMP trap daemon and allow all incoming connections (you can fine tune this setup if you want, but in our case I don’t think that’s really useful):
vi /etc/snmp/snmptrapd.conf
- And add this at the end of the file:
disableAuthorization yes
- Save and exit vi
- Allow the firewall to receive SNMP traps from your Cisco Wireless LAN Controller:
firewall-cmd --zone=public --add-port=162/udp --permanent
firewall-cmd --reload
⚠️ Please note that we are using the default zone “public” and this design can be enhanced, but is not a part of this post.
- Control that your UDP port was added correctly and permanently to the configuration:
firewall-cmd --zone=public --list-all
- Start the snmptrapd service and enable it at boot time:
systemctl start snmptrapd systemctl enable snmptrapd
- If your setup is ready and working, the Cisco Wireless LAN Controller will fill your log with a lot of authentification messages. You can control that messages arrive by checking the file /var/log/messages:
tail -f /var/log/messages
⚠️ If no messages appear in this log, you need to double check your settings before continuing the next steps.
Thanks for this great article. Did you already have time to create your new article avoiding the CentOS server?
Didn’t plan a new article ;-). On the WLC you only need to enable the logging syslog facility client associate option, and on the Palo Alto side you need to create a new Syslog receiver for User-ID.