Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Cisco Wireless LAN Controllers

The JSA DSM for Cisco Wireless LAN Controllers collects events that are forwarded from Cisco Wireless LAN Controller devices by using Syslog or SNMPv2.

If you collect events from Cisco Wireless LAN Controllers, select the best collection method for your configuration. The Cisco Wireless LAN Controller DSM for JSA supports both syslog and SNMPv2 events. However, syslog provides all available Cisco Wireless LAN Controller events, whereas SNMPv2 sends only a limited set of security events to JSA.

Configuring Syslog for Cisco Wireless LAN Controller

You can configure the Cisco Wireless LAN Controller to forward syslog events to JSA.

  1. Log in to your Cisco Wireless LAN Controller interface.

  2. Click the Management tab.

  3. From the menu, select Logs >Config.

  4. In the Syslog Server IP Address field, type the IP address of your JSA console.

  5. Click Add.

  6. From the Syslog Level list, select a logging level.

    The Information logging level allows the collection of all Cisco Wireless LAN Controller events above the Debug logging level.

  7. From the Syslog Facility list, select a facility level.

  8. Click Apply.

  9. Click Save Configuration.

You are now ready to configure a syslog log source for Cisco Wireless LAN Controller.

Syslog Log Source Parameters for Cisco Wireless LAN Controllers

If JSA does not automatically detect the log source, add a Cisco Wireless LAN Controllers log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Cisco Wireless LAN Controllers:

Table 1: Syslog Log Source Parameters for the Cisco Wireless LAN Controller DSM

Parameter

Value

Log Source type

Cisco Wireless LAN Controllers

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco Wireless LAN Controller.

Enabled

Select the Enabled check box to enable the log source. By default, the check box is selected.

Credibility

From the list, select the credibility of the log source. The range is 0 - 10. The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

Target Event Collector

From the list, select the Target Event Collector to use as the target for the log source.

Coalescing Events

Select this check box to enable the log source to coalesce (bundle) events.

Automatically discovered log sources use the default value that is configured in the Coalescing Events drop-down list in the JSA Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source that you can override the default value by configuring this check box for each log source. For more information on settings, see the Juniper Secure Analytics Administration Guide.

Incoming Event Payload

From the list, select the incoming payload encoder for parsing and storing the logs.

Store Event Payload

Select this check box to enable or disable JSA from storing the event payload.

Automatically discovered log sources use the default value from the Store Event Payload drop-down list in the JSA Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source that you can override the default value by configuring this check box for each log source.

Configuring SNMPv2 for Cisco Wireless LAN Controller

SNMP event collection for Cisco Wireless LAN Controllers allows the capture of events for JSA

The following events are collected:

  • SNMP Config Event

  • bsn Authentication Errors

  • LWAPP Key Decryption Errors

  1. Log in to your Cisco Wireless LAN Controller interface.

  2. Click the Management tab.

  3. From the menu, select SNMP >Communities.

    You can use the one of the default communities that are created or create a new community.

  4. Click New.

  5. In the Community Name field, type the name of the community for your device.

  6. In the IP Address field, type the IP address of JSA.

    The IP address and IP mask that you specify is the address from which your Cisco Wireless LAN Controller accepts SNMP requests. You can treat these values as an access list for SNMP requests.

  7. In the IP Mask field, type a subnet mask.

  8. From the Access Mode list, select Read Only or Read/Write.

  9. From the Status list, select Enable.

  10. Click Save Configuration to save your changes.

You are now ready to create a SNMPv2 trap receiver.

Configuring a Trap Receiver for Cisco Wireless LAN Controller

Trap receivers that are configured on Cisco Wireless LAN Controllers define where the device can send SNMP trap messages.

To configure a trap receiver on your Cisco Wireless LAN Controller, take the following steps:

  1. Click the Management tab.

  2. From the menu, select SNMP >Trap Receivers.

  3. In the Trap Receiver Name field, type a name for your trap receiver.

  4. In the IP Address field, type the IP address of JSA.

    The IP address you specify is the address to which your Cisco Wireless LAN Controller sends SNMP messages. If you plan to configure this log source on an Event Collector, you want to specify the Event Collector appliance IP address.

  5. From the Status list, select Enable.

  6. Click Apply to commit your changes.

  7. Click Save Configuration to save your settings.

You are now ready to create a SNMPv2 log source in JSA.

SNMPv2 Log Source Parameters for Cisco Wireless LAN Controllers

If JSA does not automatically detect the log source, add a Cisco Wireless LAN Controller log source on the JSA Console by using the SNMPv2 protocol.

The following table describes the parameters that require specific values to collect SNMPv2 events from Cisco Wireless LAN Controllers:

Table 2: SNMPv2 Log Source Parameters for the Cisco Wireless LAN Controller DSM

Parameter

Value

Log Source type

Cisco Wireless LAN Controllers

Protocol Configuration

SNMPv2

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your Cisco Wireless LAN Controller.

Community

Type the SNMP community name that is needed to access the system that contains the SNMP events. The default is Public.

Include OIDs in Event Payload

Select the Include OIDs in Event Payload check box.

This option allows the SNMP event payload to be constructed by using name-value pairs instead of the standard event payload format. OIDs in the event payload are needed to process SNMPv2 or SNMPv3 events from certain DSMs.

Enabled

Select the Enabled check box to enable the log source. By default, the check box is selected.

Credibility

From the list, select the credibility of the log source. The range is 0 - 10. The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

Target Event Collector

From the list, select the Target Event Collector to use as the target for the log source.

Coalescing Events

Select this check box to enable the log source to coalesce (bundle) events.

Automatically discovered log sources use the default value that is configured in the Coalescing Events drop-down in the JSA Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source, you can override the default value by configuring this check box for each log source. For more information on settings, see the Juniper Secure Analytics Administration Guide.

Store Event Payload

Select this check box to enable or disable JSA from storing the event payload.

Automatically discovered log sources use the default value from the Store Event Payload drop-down in the JSA Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source, you can override the default value by configuring this check box for each log source.