Okay. Our AAA server is external and WLC is configured for 802.1x (EAP-TTLS). We are using Palo Alto as Firewall along with access control.
Once the AAA server has authenticated the user, it categories the users in certain access categories (in Access-Accept). But these categories have to be applied to Palo Alto which is being controlled by an entity (say X, which is kind of access controller).
Now because Access-Accept reaches WLC and not X, how to configure the firewall from X based on RADIUS server response?
[e.g imagine X is clearpass].