Troubleshooting User-ID
User-ID is the mechanism used to match a user by their username to an Internet Protocol (IP) address they are using on their mobile device, laptop, kiosk, or any other device or appliance they may be able to log on to. Additionally, by mapping a person by their username, membership to certain groups can be used to allow or block the user's access to resources.
There are many ways to map users to an IP address and there are many ways mapping may fail or behave unexpectedly. Luckily, troubleshooting is usually a case of deduction.
Users are not being mapped
The first thing we should verify when troubleshooting User-ID issues is that user-to-IP mappings actually exist. We can check for existing mappings with the following command:
reaper@PANgurus> show user ip-user-mapping all IP Vsys From User IdleTimeout(s) MaxTimeout(s) -- ----- ---- ---- -------------- ------------- Total: 0 users
There are several reasons why mapping may...