Authentication In Mobile IP
Dear all
I start learning about Mobile IP( read the RFC 3344) and some related RFC documents. Now i have a concern question, Hope that you clear a canal of obstruction because it makes me getting mad.
As i know about Mobile IP like this:
+The Foreign Agent send advertisement messege periodically (ICMP)
+When the Mobile Node moves to a new place, It will receive the advertisement messege and send the Registration request. The registration request uses the IP of Mobile node ( in case of located- care-of address ) or NAI ( in case of co-located care-of address) to authentication mobile node with Home agent.
There are some security problems here:
+ Replay Attacks: can be resisted by using identifier field in Registration request message
+ Modify the Packet : can be resisted by using the checksum and HMAC-MD5 to guarantee the packet integration
But i am a little bit confused with man-in-the-middle attack. I supposed that someone capture the registration request packet and he know the authention property (IP of mobile node or NAI) , after that he can use this authentication to use the service?
I'm thinking of the below scenario:
Mobile Node : The digest message A = HMAC-MD5(IP, identifier, Secret key) and after that it sends to the Home Agent
Home Agent : Computer the digest messge B = HMAC-MD5(IP, Identifier ,Secrect key' ) ( the IP, Identifier from the registration message ) and it stores the secret key
We compare The digest message A (in registration message ) with the digest messge B . It will be ok if 2 of digest message are equal.
In this case, We consider 3 authentioncation scenario: Mobile Node -- Home Agent , Mobile Node - Foreign Agent and Foreign Agent -- Home Agent
How can we authenticate Mobile Node - Foreign Agent ?
Please help me, I do appreciate your help.
Hi Marc!
Thank you for your answer!
I enable only Basic Auth for my Internal Network, but still no auth window for mobile browsers.
If I enable only Basic authentication, my Windows Users asked to prompt their credentials in their Browsers. So, I enable Basic with Integrated.
Maybe I'm doing something wrong?
Similar Messages
-
Authentication using Mobile Service
I added mobile service to my mvc web project using nuget(1.3.1).I also registered mobile service in azure portal and linked with facebook.Now my problem is that when i tried loginasync method ,it asking for token and provider name and i could not get the
extension method(Microsoft.WindowsAzure.Mobile.Ext ) where it asks for only provider name? Is this an issue with nuget? Also I would like to know from where we get the token?Take a look at the sample on
how to add authentication to mobile services app.
Abdulwahab Suleiman -
Certificate based authentication for mobile
We are looking at deploying mobile applications to our mobile BYOD estate. One of the ideas we're looking at is using user certificates pushed to the devices as a form of authentication in addition to the PIN the users will need to enter. The certificates
would be pushed to the devices when they enroll.
We can spin up a Windows 2008 Server PKI to generate the certs. The idea is:
i. User downloads an app from our corporate app store
ii. As part of the enrollment process, they will contact a server named MobileAppSvr1 that will request a certificate on their behalf from the internal PKI.
iii. The certificate will be created which binds the public key to the username
iv. The certificate is pushed to the device via MobileAppSvr1
v. Whenever the user wishes to launch the app again, then they are requested to enter a password and MobileAppSvr1 would also check the cert hasn't been revoked for that user.
Some questions:
a) I understand the certificate is digitally signed by our CA. Does this mean the user's device has to trust the CA or MobileAppSvr1?
b) Where does the Private Key come into play here? Does any decryption need to be done at all?
c) Do we need any s/w on the mobile device to decrypt anything?
d) Would the above solution (steps i to v) work theoretically?Hi,
I apologize for my mistakes in the previous reply.
When Certificate Services work in conjunction with
CryptoAPI, after a client generated a request for a new certificate, the request is first sent from the requesting program to CryptoAPI.
Then, CryptoAPI provides the proper data to a
cryptographic service provider (CSP) that is installed on your computer or on a device that is accessible to your computer.
After that, the CSP
will generate a key pair. The public key is sent to the certification authority (CA), along with the certificate-requester information, while the private key is stored in the requester’s protected certificate store
(no sending), and CryptoAPI will manage the private key for all cryptography operations.
Here are some related articles below for your references:
Microsoft CryptoAPI and Cryptographic Service Providers
http://technet.microsoft.com/en-us/library/cc962093.aspx
Cryptographic Service Providers
http://technet.microsoft.com/en-us/library/cc731248.aspx
Installing New Cryptographic Service Providers
http://blogs.technet.com/b/industry_insiders/archive/2007/04/03/installing-new-cryptographic-service-providers.aspx
Have a nice day!
Amy -
User Authentication in Mobile Access
Greetings, community!
Does anyone try to allow mobile users access to Internet through TMG 2010?
We have Radius server who authenticates users mobile devices and gives them access to our Wi-Fi Network.
Users mobile devices get IP from TMG Internal Network Range. Web-Proxy Authentication for Internal Network is set to Integrated.
So, if user try to use Mobile Browser to serf Internet, TMG deny him because Web-Access Rule require Authentication.
1. Is it possible to make User Mobile Browser authenticate on TMG? Why it does not take wpad 252 option from DHCP?
2. Is it possible to make something like TMG Authentication Form Page to allow user enter his login and password every time when he opens his browser?Hi Marc!
Thank you for your answer!
I enable only Basic Auth for my Internal Network, but still no auth window for mobile browsers.
If I enable only Basic authentication, my Windows Users asked to prompt their credentials in their Browsers. So, I enable Basic with Integrated.
Maybe I'm doing something wrong? -
Iron Port Transparent Authentication of Mobile Devices
Hello,
I have an IronPort S170 WSA running 7.5.0-833 and AD Agent (v1.0.0.32.1-build-598) installed on a Windows 2008 R2 server. Transparent authentication of Windows devices is working fine, users login to their domain devices and are showing up in the cache on the server and reports within the WSA.
I want to authenticate wireless devices such as iPads and Android phones transparently, I have configured Network Policy Server (NPS) on the Windows 2008 R2 server that has the AD Agent installed (NPS ports have been changed to 7777 and 7778 to avoid breaking the existing transparent authentication) using PEAP-MSHCHAPv2 authentication. I have updated the group policy configuration so that the NPS server generates Audit Success messages when the users logs successfully but since the 802.1x authentication happens before the user gets an IP address they are no good.
The NPS logs the MAC address of the connecting device as the Called-Station-ID and the DHCP server also logs the MAC address to IP address mapping I was hoping that the AD Agent would be put that together. Has anyone had a similar issue and found a way to resolve it?
Thanks.Hey if you get anywhere with this I would LOVE to know how to do it.
Currently we have to put DHCP reservations in our DHCP server so that each handheld gets the same IP address all the time.
Then there is a seperate policy in our S160 that has all of those IP addresses listed. Its a little more of a pain to manage and in the event you wanted to do any kind of tracking, you have to do a little investigation work rather than being able to search by active directory user account name. -
Authentication Prompt on Mobile Devices
On my public facing SharePoint 2013 site, I have anonymous authentication enabled, however mobile devices are prompted to authenticate credentials when they visit the site.
All non-mobile devices the site without receiving the authentication prompt, regardless of the browser it uses. Mobile Browser view is deactivated.
I did trace the connection through Fiddler and it looks as though I am getting 3 401 errors when the mobile browser tries to load the page. These errors are triggered when the browser tries to access a css and 2 js files. When I traced the connection
from a pc, I received 404 not found errors when the browser tries to access these files. I'm trying to find where those files are located at, to check to see if they are there or if permissions to that folder/files is the issue, but am still trying to get
an understanding of where the files are stored (I'm still a SharePoint newbie). Based on the info from Fiddler, they are stored at /ui/1.10.4/jquery-ui.js HTTP/1.1, however I don't see that folder in the site contents and structure when I search the site settings
of the SharePoint page.
Lastly, mobile devices had been able to access the page fine for several months, however several server updates and patches were applied to our SharePoint environment recently, which coincided with this issue starting.
Thank you for any insight you might be able to give!Hi,
According to your description, it continues to prompt for authentication When Windows users tries to connect from mobile devices.
For your issue:
Close all instances of your browser, restart your browser.
If you use apple products with ios8. The problem is Safari.
It works fine under ios8 when using Chrome.
You can change windows authentication to basic authentication.
For more information about Troubleshooting HTTP 401 errors in IIS, refer to the article:
http://msdynamicswiki.com/2014/04/24/troubleshooting-http-401-errors-in-iis/
Besides, here is a similar post, you can have a look at:
https://social.technet.microsoft.com/Forums/en-US/34895295-452b-4a89-b59f-6791e485edb2/user-authentication-in-mobile-access?forum=Forefrontedgegeneral
Best Regards,
Lisa Chen
Lisa Chen
TechNet Community Support -
802.1X EAP-PEAP Authentication issue
Hi Experts,
I am experiencing an issue where the authentication process for two of my Wireless networks prompts the user to enter their credentials at least two times before letting them onto the network.
The networks in question are set up identically, here is an overview:
Layer 2 security is WPA & WPA2
WPA - TKIP
WPA2 - AES
Auth Key Management is 802.1X
Radius Servers are microsoft Windows 2008 Network Policy Service (Used to be IAS) - All users are in Active Directory and IAS policy allows access absed on AD group.
This has all worked fine previously and still works fine if you enter the username/password combo at least twice on the initial profile setup. (For info, once the wireless profile is setup, you do not get prompted for credentials again, so this issue is ony during intial setup)
We have recently added another WLAN that uses web auth, pointing to a RADIUS server to. In order to get this going, we changed the "Web Radius Authentication" setting to "CHAP" from "PAP" under the Controller . General config.
This is the only change I can think of that could possibly be relevant.
Would anyone be able to shed any light on why I would be prompted to authenticate twice? Affected clients are Windows 7 and Mac OSX at the mo.
Debugs as follows:
*Oct 11 16:12:10.237: 00:23:12:08:25:28 Adding mobile on LWAPP AP 00:13:5f:fb:0f:40(0)
*Oct 11 16:12:10.237: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 23) in 5 seconds
*Oct 11 16:12:10.237: 00:23:12:08:25:28 apfProcessProbeReq (apf_80211.c:4598) Changing state for mobile 00:23:12:08:25:28 on AP 00:13:5f:fb:0f:40 from Idle to Probe
*Oct 11 16:12:10.237: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:10.238: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:10.247: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:10.247: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:10.247: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:10.388: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.076: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.076: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.076: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.077: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.086: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.086: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.228: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.229: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:11.239: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.296: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.305: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.306: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.306: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.317: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.448: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.449: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.458: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.459: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.600: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:14.610: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.715: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.715: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.715: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.725: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.725: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.725: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.868: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:16.878: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:17.031: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:19.927: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:19.934: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:19.938: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:19.938: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:20.080: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:20.080: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:20.090: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:20.233: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:20.243: 00:23:12:08:25:28 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Oct 11 16:12:24.941: 00:23:12:08:25:28 apfMsExpireCallback (apf_ms.c:417) Expiring Mobile!
*Oct 11 16:12:24.941: 00:23:12:08:25:28 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:13:5f:fb:0f:40]
*Oct 11 16:12:24.941: 00:23:12:08:25:28 Deleting mobile on AP 00:13:5f:fb:0f:40(0)
*Oct 11 16:12:25.219: 00:23:12:08:25:28 Adding mobile on LWAPP AP 00:11:5c:14:6d:d0(0)
*Oct 11 16:12:25.219: 00:23:12:08:25:28 Reassociation received from mobile on AP 00:11:5c:14:6d:d0
*Oct 11 16:12:25.219: 00:23:12:08:25:28 STA - rates (8): 139 150 24 36 48 72 96 108 0 0 0 0 0 0 0 0
*Oct 11 16:12:25.219: 00:23:12:08:25:28 STA - rates (10): 139 150 24 36 48 72 96 108 12 18 0 0 0 0 0 0
*Oct 11 16:12:25.219: 00:23:12:08:25:28 Processing RSN IE type 48, length 20 for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.219: 00:23:12:08:25:28 Received RSN IE with 0 PMKIDs from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 START (0) Initializing policy
*Oct 11 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*Oct 11 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*Oct 11 16:12:25.219: 00:23:12:08:25:28 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:11:5c:14:6d:d0 vapId 4 apVapId 4
*Oct 11 16:12:25.220: 00:23:12:08:25:28 apfPemAddUser2 (apf_policy.c:208) Changing state for mobile 00:23:12:08:25:28 on AP 00:11:5c:14:6d:d0 from Idle to Associated
*Oct 11 16:12:25.220: 00:23:12:08:25:28 Stopping deletion of Mobile Station: (callerId: 48)
*Oct 11 16:12:25.220: 00:23:12:08:25:28 Sending Assoc Response to station on BSSID 00:11:5c:14:6d:d0 (status 0)
*Oct 11 16:12:25.220: 00:23:12:08:25:28 apfProcessAssocReq (apf_80211.c:4310) Changing state for mobile 00:23:12:08:25:28 on AP 00:11:5c:14:6d:d0 from Associated to Associated
*Oct 11 16:12:25.223: 00:23:12:08:25:28 Disable re-auth, use PMK lifetime.
*Oct 11 16:12:25.223: 00:23:12:08:25:28 Station 00:23:12:08:25:28 setting dot1x reauth timeout = 7200
*Oct 11 16:12:25.223: 00:23:12:08:25:28 dot1x - moving mobile 00:23:12:08:25:28 into Connecting state
*Oct 11 16:12:25.223: 00:23:12:08:25:28 Sending EAP-Request/Identity to mobile 00:23:12:08:25:28 (EAP Id 1)
*Oct 11 16:12:25.243: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.243: 00:23:12:08:25:28 Received Identity Response (count=1) from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.243: 00:23:12:08:25:28 EAP State update from Connecting to Authenticating for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.243: 00:23:12:08:25:28 dot1x - moving mobile 00:23:12:08:25:28 into Authenticating state
*Oct 11 16:12:25.243: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.250: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.250: 00:23:12:08:25:28 Entering Backend Auth Req state (id=2) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.251: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 2)
*Oct 11 16:12:25.260: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.262: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 2, EAP Type 25)
*Oct 11 16:12:25.262: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.265: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.265: 00:23:12:08:25:28 Entering Backend Auth Req state (id=3) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.265: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 3)
*Oct 11 16:12:25.269: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.269: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 3, EAP Type 25)
*Oct 11 16:12:25.269: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.270: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.271: 00:23:12:08:25:28 Entering Backend Auth Req state (id=4) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.271: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 4)
*Oct 11 16:12:25.274: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.274: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 4, EAP Type 25)
*Oct 11 16:12:25.274: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.275: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.275: 00:23:12:08:25:28 Entering Backend Auth Req state (id=5) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.275: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 5)
*Oct 11 16:12:25.285: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.286: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 5, EAP Type 25)
*Oct 11 16:12:25.286: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.292: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.292: 00:23:12:08:25:28 Entering Backend Auth Req state (id=6) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.292: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 6)
*Oct 11 16:12:25.318: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.318: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 6, EAP Type 25)
*Oct 11 16:12:25.318: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.320: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.320: 00:23:12:08:25:28 Entering Backend Auth Req state (id=7) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.320: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 7)
*Oct 11 16:12:25.321: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:12:25.323: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 7, EAP Type 25)
*Oct 11 16:12:25.323: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.326: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.326: 00:23:12:08:25:28 Entering Backend Auth Req state (id=8) for mobile 00:23:12:08:25:28
*Oct 11 16:12:25.326: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 8)
At this point, the username and password dialog pops up again.
If credentials are not entered, the following timeout message pops up....
*Oct 11 16:12:53.973: 00:23:12:08:25:28 802.1x 'timeoutEvt' Timer expired for station 00:23:12:08:25:28
If the credentials are re-entered the it continues:
*Oct 11 16:12:53.975: 00:23:12:08:25:28 Retransmit 1 of EAP-Request (length 79) for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.093: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:13:01.093: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 8, EAP Type 25)
*Oct 11 16:13:01.094: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.098: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.098: 00:23:12:08:25:28 Entering Backend Auth Req state (id=9) for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.098: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 9)
*Oct 11 16:13:01.102: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:13:01.102: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 9, EAP Type 25)
*Oct 11 16:13:01.102: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.106: 00:23:12:08:25:28 Processing Access-Challenge for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.106: 00:23:12:08:25:28 Entering Backend Auth Req state (id=10) for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.106: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 10)
*Oct 11 16:13:01.108: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
*Oct 11 16:13:01.108: 00:23:12:08:25:28 Received EAP Response from mobile 00:23:12:08:25:28 (EAP Id 10, EAP Type 25)
*Oct 11 16:13:01.108: 00:23:12:08:25:28 Entering Backend Auth Response state for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.113: 00:23:12:08:25:28 Processing Access-Accept for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.113: 00:23:12:08:25:28 Setting re-auth timeout to 7200 seconds, got from WLAN config.
*Oct 11 16:13:01.113: 00:23:12:08:25:28 Station 00:23:12:08:25:28 setting dot1x reauth timeout = 7200
*Oct 11 16:13:01.113: 00:23:12:08:25:28 Creating a PKC PMKID Cache entry for station 00:23:12:08:25:28 (RSN 2)
*Oct 11 16:13:01.113: 00:23:12:08:25:28 Adding BSSID 00:11:5c:14:6d:d3 to PMKID cache for station 00:23:12:08:25:28
*Oct 11 16:13:01.113: New PMKID: (16)
*Oct 11 16:13:01.113: [0000] 15 9e 3d 61 e3 94 bb 82 2b 6f 7e 05 74 49 81 52
*Oct 11 16:13:01.113: 00:23:12:08:25:28 Disabling re-auth since PMK lifetime can take care of same.
*Oct 11 16:13:01.116: 00:23:12:08:25:28 PMK sent to mobility group
*Oct 11 16:13:01.116: 00:23:12:08:25:28 Sending EAP-Success to mobile 00:23:12:08:25:28 (EAP Id 10)
*Oct 11 16:13:01.116: Including PMKID in M1 (16)
*Oct 11 16:13:01.116: [0000] 15 9e 3d 61 e3 94 bb 82 2b 6f 7e 05 74 49 81 52
*Oct 11 16:13:01.116: 00:23:12:08:25:28 Starting key exchange to mobile 00:23:12:08:25:28, data packets will be dropped
*Oct 11 16:13:01.116: 00:23:12:08:25:28 Sending EAPOL-Key Message to mobile 00:23:12:08:25:28
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Oct 11 16:13:01.116: 00:23:12:08:25:28 Entering Backend Auth Success state (id=10) for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.116: 00:23:12:08:25:28 Received Auth Success while in Authenticating state for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.116: 00:23:12:08:25:28 dot1x - moving mobile 00:23:12:08:25:28 into Authenticated state
*Oct 11 16:13:01.996: 00:23:12:08:25:28 802.1x 'timeoutEvt' Timer expired for station 00:23:12:08:25:28
*Oct 11 16:13:01.997: 00:23:12:08:25:28 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.999: 00:23:12:08:25:28 Received EAPOL-Key from mobile 00:23:12:08:25:28
*Oct 11 16:13:01.999: 00:23:12:08:25:28 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:23:12:08:25:28
*Oct 11 16:13:01.999: 00:23:12:08:25:28 Received EAPOL-key in PTK_START state (message 2) from mobile 00:23:12:08:25:28
*Oct 11 16:13:01.999: 00:23:12:08:25:28 Stopping retransmission timer for mobile 00:23:12:08:25:28
*Oct 11 16:13:02.000: 00:23:12:08:25:28 Sending EAPOL-Key Message to mobile 00:23:12:08:25:28
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.02
*Oct 11 16:13:02.002: 00:23:12:08:25:28 Received EAPOL-Key from mobile 00:23:12:08:25:28
*Oct 11 16:13:02.002: 00:23:12:08:25:28 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:23:12:08:25:28
*Oct 11 16:13:02.002: 00:23:12:08:25:28 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:23:12:08:25:28
*Oct 11 16:13:02.002: 00:23:12:08:25:28 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Oct 11 16:13:02.004: 00:23:12:08:25:28 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:11:5c:14:6d:d0 vapId 4 apVapId 4
*Oct 11 16:13:02.004: 00:23:12:08:25:28 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Oct 11 16:13:02.006: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4391, Adding TMP rule
*Oct 11 16:13:02.007: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:11:5c:14:6d:d0, slot 0, interface = 29, QOS = 0
ACL Id = 255, Jumbo F
*Oct 11 16:13:02.007: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*Oct 11 16:13:02.007: 00:23:12:08:25:28 Stopping retransmission timer for mobile 00:23:12:08:25:28
*Oct 11 16:13:02.010: 00:23:12:08:25:28 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*Oct 11 16:13:02.010: 00:23:12:08:25:28 Sent an XID frame
*Oct 11 16:13:02.283: 00:23:12:08:25:28 DHCP received op BOOTREQUEST (1) (len 308, port 29, encap 0xec03)
*Oct 11 16:13:02.283: 00:23:12:08:25:28 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*Oct 11 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*Oct 11 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4072, Adding TMP rule
*Oct 11 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:11:5c:14:6d:d0, slot 0, interface = 29, QOS = 0
ACL Id = 255, Jumb
*Oct 11 16:13:03.906: 00:23:12:08:25:28 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*Oct 11 16:13:03.909: 00:23:12:08:25:28 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*Oct 11 16:13:03.909: 00:23:12:08:25:28 Sent an XID frame
*Oct 11 16:13:04.879: 00:23:12:08:25:28 DHCP received op BOOTREQUEST (1) (len 308, port 29, encap 0xec03)
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP selected relay 1 - 172.19.0.50 (local address 172.23.24.2, gateway 172.23.24.1, VLAN 110, port 29)
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP transmitting DHCP REQUEST (3)
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), secs: 4, flags: 0
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP chaddr: 00:23:12:08:25:28
*Oct 11 16:13:04.880: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Oct 11 16:13:04.881: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 172.23.24.2
*Oct 11 16:13:04.881: 00:23:12:08:25:28 DHCP requested ip: 172.23.26.53
*Oct 11 16:13:04.881: 00:23:12:08:25:28 DHCP sending REQUEST to 172.23.24.1 (len 350, port 29, vlan 110)
*Oct 11 16:13:04.881: 00:23:12:08:25:28 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 172.23.24.2 VLAN: 110
*Oct 11 16:13:04.881: 00:23:12:08:25:28 DHCP selected relay 2 - 172.19.0.51 (local address 172.23.24.2, gateway 172.23.24.1, VLAN 110, port 29)
*Oct 11 16:13:04.881: 00:23:12:08:25:28 DHCP transmitting DHCP REQUEST (3)
*Oct 11 16:13:04.883: 00:23:12:08:25:28 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*Oct 11 16:13:04.883: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), secs: 4, flags: 0
*Oct 11 16:13:04.883: 00:23:12:08:25:28 DHCP chaddr: 00:23:12:08:25:28
*Oct 11 16:13:04.883: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Oct 11 16:13:04.883: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 172.23.24.2
*Oct 11 16:13:04.883: 00:23:12:08:25:28 DHCP requested ip: 172.23.26.53
*Oct 11 16:13:04.885: 00:23:12:08:25:28 DHCP sending REQUEST to 172.23.24.1 (len 350, port 29, vlan 110)
*Oct 11 16:13:04.890: 00:23:12:08:25:28 DHCP received op BOOTREPLY (2) (len 327, port 29, encap 0xec00)
*Oct 11 16:13:04.890: 00:23:12:08:25:28 DHCP setting server from ACK (server 172.19.0.50, yiaddr 172.23.26.53)
*Oct 11 16:13:04.890: 00:23:12:08:25:28 172.23.26.53 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*Oct 11 16:13:04.890: 00:23:12:08:25:28 172.23.26.53 RUN (20) Reached PLUMBFASTPATH: from line 4856
*Oct 11 16:13:04.891: 00:23:12:08:25:28 172.23.26.53 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 00:11:5c:14:6d:d0, slot 0, interface = 29, QOS = 0
ACL Id = 255, Jumbo Frames = N
*Oct 11 16:13:04.891: 00:23:12:08:25:28 172.23.26.53 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*Oct 11 16:13:04.891: 00:23:12:08:25:28 Assigning Address 172.23.26.53 to mobile
*Oct 11 16:13:04.891: 00:23:12:08:25:28 DHCP sending REPLY to STA (len 430, port 29, vlan 0)
*Oct 11 16:13:04.892: 00:23:12:08:25:28 DHCP transmitting DHCP ACK (5)
*Oct 11 16:13:04.892: 00:23:12:08:25:28 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Oct 11 16:13:04.892: 00:23:12:08:25:28 DHCP xid: 0x53839a5f (1401133663), secs: 0, flags: 0
*Oct 11 16:13:04.892: 00:23:12:08:25:28 DHCP chaddr: 00:23:12:08:25:28
*Oct 11 16:13:04.892: 00:23:12:08:25:28 DHCP ciaddr: 0.0.0.0, yiaddr: 172.23.26.53
*Oct 11 16:13:04.894: 00:23:12:08:25:28 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Oct 11 16:13:04.894: 00:23:12:08:25:28 DHCP server id: 1.1.1.1 rcvd server id: 172.19.0.50
*Oct 11 16:13:04.898: 00:23:12:08:25:28 172.23.26.53 Added NPU entry of type 1, dtlFlags 0x0
*Oct 11 16:13:04.900: 00:23:12:08:25:28 Sending a gratuitous ARP for 172.23.26.53, VLAN Id 110
*Oct 11 16:13:04.907: 00:23:12:08:25:28 DHCP received op BOOTREPLY (2) (len 327, port 29, encap 0xec00)
*Oct 11 16:13:04.907: 00:23:12:08:25:28 DHCP dropping ACK from 172.19.0.51 (yiaddr: 172.23.26.53)
At this point, the client is connected and everything is working.Hi,
It looks like some issue on the client side...
Thelogs presented here are not related with the Web Auth WLAN and it has no impact on the behavior you are seeing.
Looking at the logs:
*Oct 11 16:12:25.326: 00:23:12:08:25:28 Sending EAP Request from AAA to mobile 00:23:12:08:25:28 (EAP Id 8)
At this point, the username and password dialog pops up again.
If credentials are not entered, the following timeout message pops up....
*Oct 11 16:12:53.973: 00:23:12:08:25:28 802.1x 'timeoutEvt' Timer expired for station 00:23:12:08:25:28
If the credentials are re-entered the it continues:
*Oct 11 16:12:53.975: 00:23:12:08:25:28 Retransmit 1 of EAP-Request (length 79) for mobile 00:23:12:08:25:28
*Oct 11 16:13:01.093: 00:23:12:08:25:28 Received EAPOL EAPPKT from mobile 00:23:12:08:25:28
===================
This logs show exactly what you describe...
The AAA sends an EAP request asking for the credentials.
The login pops up and the EAP timeout starts decrementing.
If the user does not enter credentials, it will expire and another EAP Request is sent.
If you let the EAP timeout it is expected that you enter credentials twice, if by the time you press enter, the timeout has already expired.
As you say, if you have a profile configured, this should not happen and the authentication should be smooth.
HTH,
Tiago -
Hi All,
I have a SP2013 environment which authenticate users using ADFS 2.0 via Windows AD. We have two separate clients, Portal and Mobile. Portal users Passive Federation where as Mobile client uses Active Authentication with usernamemixed endpoint in ADFS.
I have an AD property which stores Unicode characters. In Active Authentication via Mobile, for a user who has a Unicode value in the AD property, I can get the SAML token successfully from ADFS.
Ex : <saml:AttributeValue>español</saml:AttributeValue>
However, when I post this SAML token to SharePoint _trust endpoint, I'm getting an error "500 Internal Server error". However for the same user, if I change the AD property value from "español" to "English" then I can get the FedAuth
cookie successfully from the _trust endpoint.
Also, for the same user, If I logged in via Portal which uses Passive Federation, then it's working fine.
Really appreciate your thoughts on this.
SupunHi Supun,
As you mentioned, the issue only happens in Active authentication. Would you please let me know which mobile client your users are using for the Active authentication, is it a custom one? Please be noted if you use a mobile browser, the authentication will
also be Passive.
In Passive mode authentication, STS also uses POST to pass the security token to the relaying party. I'd like to know what kind of tool you are using to post a SAML token to SharePoint endpoint as impersonation of an Active authentication. Since the Active
authentication flow is quite complex, I also suggest you to check the event log in your ADFS server, and try to find more information about the issue.
Thanks,
Reken Liu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
EAP-TLS authentication failure
We've been struggling with this problem for weeks without a solution yet. Maybe someone can help us.
Note: some information below has been redacted and the IP addresses are not the original ones. They have been changed to fictional IP addresses but they have been adjusted to reflect an equivalent situation.
This situation is as follows:
WLAN infrastructure with:
1 x
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
AIR-WLC2112-K9 (IP address = 10.10.10.10)
8 x
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
AIR-LAP1142N-E-K9
Data for the WLC:
Product Version.................................. 6.0.199.4
RTOS Version..................................... 6.0.199.4
Bootloader Version.............................. 4.0.191.0
Emergency Image Version................... 6.0.199.4
The WLC is connected to a switch, Cisco Catalyst model WS-C3750X-24, sw version 12.2(53)SE2.
The idea is to have the clients/supplicants (Windows XP), who have a valid certificate, authenticate against a RADIUS server. The authentication is configured as 802.1x over EAP-TLS.
The RADIUS server is a Windows 2003 Server with IAS (IP address = 15.15.15.15). This server is accessed via a WAN link. We don't manage this server.
The problem: no wireless client (Windows XP) is able to go past the initial authentication.
I should add that the WLC and the APs were working perfectly and clients were connecting correctly to them. However this setup was moved to a new building and, since then, nothing has worked. I must add that the configuration on the WLC and APs has not changed, since the network configuration (IP subnets, etc) was migrated from the previous building to this new one. But something has changed: the WAN router (connected to the Internet and with a VPN established to the corporate network) and the LAN equipment (switches), which are all brand new.
On the RADIUS side we find these error messages:
Fully-Qualified-User-Name = XXXXXXXXXXXX/XXXX/XXXXX/XXXX/XXXXX (it shows the correct information)
NAS-IP-Address = 10.10.10.10
NAS-Identifier = XX-002_WLAN
Called-Station-Identifier = f0-25-72-70-65-xx:WLAN-XX
Calling-Station-Identifier = 00-1c-bf-7b-08-xx
Client-Friendly-Name = xxxxxxx_10.10.10.10
Client-IP-Address = 10.10.10.10
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 2
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless LAN Access
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
On the WLC side, the error messages are:
TRAP log:
RADIUS server 15.15.15.15:1812 failed to respond to request (ID 42) for client 00:27:10:a3:1b:xx / user 'unknown'
SYSLOG:
Jan 06 10:16:35 10.10.10.10 XX-002_WLAN: *Jan 06 10:16:32.709: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2872 Max EAP identity request retries (3) exceeded for client 00:19:d2:02:76:xx
Jan 06 10:17:05 10.10.10.10 PT-002_WLAN: *Jan 06 10:17:02.960: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client 00:19:d2:02:76:xx
Jan 06 10:17:05 10.10.10.10 PT-002_WLAN: *Jan 06 10:17:02.961: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2872 Max EAP identity request retries (3) exceeded for client 00:19:d2:02:76:xx
Jan 06 10:17:36 10.10.10.10 PT-002_WLAN: *Jan 06 10:17:34.110: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client 00:19:d2:02:76:xx
Jan 06 10:17:36 10.10.10.10 PT-002_WLAN: *Jan 06 10:17:34.110: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2872 Max EAP identity request retries (3) exceeded for client 00:19:d2:02:76:xx
WLC Debug:
*Jan 07 19:31:42.708: 58:94:6b:15:f5:d0 Station 58:94:6b:15:f5:d0 setting dot1x reauth timeout = 1800
*Jan 07 19:31:42.708: 58:94:6b:15:f5:d0 dot1x - moving mobile 58:94:6b:15:f5:d0 into Connecting state
*Jan 07 19:31:42.708: 58:94:6b:15:f5:d0 Sending EAP-Request/Identity to mobile 58:94:6b:15:f5:d0 (EAP Id 1)
*Jan 07 19:31:42.708: 58:94:6b:15:f5:d0 Received EAPOL START from mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.709: 58:94:6b:15:f5:d0 dot1x - moving mobile 58:94:6b:15:f5:d0 into Connecting state
*Jan 07 19:31:42.709: 58:94:6b:15:f5:d0 Sending EAP-Request/Identity to mobile 58:94:6b:15:f5:d0 (EAP Id 2)
*Jan 07 19:31:42.710: 58:94:6b:15:f5:d0 Received EAPOL EAPPKT from mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.710: 58:94:6b:15:f5:d0 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.711: 58:94:6b:15:f5:d0 Received EAPOL EAPPKT from mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.711: 58:94:6b:15:f5:d0 Received Identity Response (count=2) from mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.711: 58:94:6b:15:f5:d0 EAP State update from Connecting to Authenticating for mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.711: 58:94:6b:15:f5:d0 dot1x - moving mobile 58:94:6b:15:f5:d0 into Authenticating state
*Jan 07 19:31:42.711: 58:94:6b:15:f5:d0 Entering Backend Auth Response state for mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.711: AuthenticationRequest: 0xd1bc104
*Jan 07 19:31:42.711: Callback.....................................0x87e1870
*Jan 07 19:31:42.712: protocolType.................................0x00140001
*Jan 07 19:31:42.712: proxyState...................................58:94:6B:15:F5:D0-9B:00
*Jan 07 19:31:42.712: Packet contains 12 AVPs (not shown)
*Jan 07 19:31:42.712: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*Jan 07 19:31:42.712: 58:94:6b:15:f5:d0 Successful transmission of Authentication Packet (id 231) to 15.15.15.15:1812, proxy state 58:94:6b:15:f5:d0-00:00
*Jan 07 19:31:42.788: 58:94:6b:15:f5:d0 Access-Challenge received from RADIUS server 15.15.15.15 for mobile 58:94:6b:15:f5:d0 receiveId = 155
*Jan 07 19:31:42.788: AuthorizationResponse: 0xa345700
*Jan 07 19:31:42.788: structureSize................................145
*Jan 07 19:31:42.788: resultCode...................................255
*Jan 07 19:31:42.788: protocolUsed.................................0x00000001
*Jan 07 19:31:42.788: proxyState...................................58:94:6B:15:F5:D0-9B:00
*Jan 07 19:31:42.788: Packet contains 4 AVPs (not shown)
*Jan 07 19:31:42.788: 58:94:6b:15:f5:d0 Processing Access-Challenge for mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.788: 58:94:6b:15:f5:d0 Entering Backend Auth Req state (id=3) for mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.788: 58:94:6b:15:f5:d0 Sending EAP Request from AAA to mobile 58:94:6b:15:f5:d0 (EAP Id 3)
*Jan 07 19:31:42.805: 58:94:6b:15:f5:d0 Received EAPOL EAPPKT from mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.805: 58:94:6b:15:f5:d0 Received EAP Response from mobile 58:94:6b:15:f5:d0 (EAP Id 3, EAP Type 13)
*Jan 07 19:31:42.806: 58:94:6b:15:f5:d0 Entering Backend Auth Response state for mobile 58:94:6b:15:f5:d0
*Jan 07 19:31:42.806: AuthenticationRequest: 0xd1bc104
*Jan 07 19:31:42.806: Callback.....................................0x87e1870
*Jan 07 19:31:42.806: protocolType.................................0x00140001
*Jan 07 19:31:42.807: proxyState...................................58:94:6B:15:F5:D0-9B:01
*Jan 07 19:31:42.807: Packet contains 13 AVPs (not shown)
*Jan 07 19:31:42.807: apfVapRadiusInfoGet: WLAN(1) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*Jan 07 19:31:42.807: 58:94:6b:15:f5:d0 Successful transmission of Authentication Packet (id 232) to 15.15.15.15:1812, proxy state 58:94:6b:15:f5:d0-00:00
*Jan 07 19:31:52.531: 58:94:6b:15:f5:d0 Successful transmission of Authentication Packet (id 228) to 15.15.15.15:1812, proxy state 58:94:6b:15:f5:d0-00:00 ..
*Jan 07 19:31:52.808: 58:94:6b:15:f5:d0 Successful transmission of Authentication Packet (id 232) to 15.15.15.15:1812, proxy state 58:94:6b:15:f5:d0-00:00
*Jan 07 19:32:02.531: 58:94:6b:15:f5:d0 Successful transmission of Authentication Packet (id 228) to 15.15.15.15:1812, proxy state 58:94:6b:15:f5:d0-00:00
*Jan 07 19:32:02.808: 58:94:6b:15:f5:d0 Successful transmission of Authentication Packet (id 232) to 15.15.15.15:1812, proxy state 58:94:6b:15:f5:d0-00:00
*Jan 07 19:32:12.532: 58:94:6b:15:f5:d0 Max retransmission of Access-Request (id 228) to 15.15.15.15 reached for mobile 58:94:6b:15:f5:d0
*Jan 07 19:32:12.532: 58:94:6b:15:f5:d0 [Error] Client requested no retries for mobile 58:94:6B:15:F5:D0
*Jan 07 19:32:12.533: 58:94:6b:15:f5:d0 Returning AAA Error 'Timeout' (-5) for mobile 58:94:6b:15:f5:d0
*Jan 07 19:32:12.533: AuthorizationResponse: 0xb99ff864
Finally, we've also done some packet sniffing, using Wireshark and Commview. These appear to suggest that something is wrong with one of the packets and this leads to the authentication process to fail and restart again and again:
******************** WIRESHARK CAPTURE ********************
No. Time Source Destination Protocol Info
1 0.000000 10.10.10.10 15.15.15.15 RADIUS Access-Request(1) (id=125, l=280)
Frame 1: 322 bytes on wire (2576 bits), 322 bytes captured (2576 bits)
Ethernet II, Src: Cisco_62:63:00 (f8:66:f2:62:63:00), Dst: Cisco_55:20:41 (1c:df:0f:55:20:41)
Internet Protocol, Src: 10.10.10.10 (10.10.10.10), Dst: 15.15.15.15 (15.15.15.15)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 308
Identification: 0x501f (20511)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x4aee [correct]
Source: 10.10.10.10 (10.10.10.10)
Destination: 15.15.15.15 (15.15.15.15)
User Datagram Protocol, Src Port: filenet-rpc (32769), Dst Port: radius (1812)
Source port: filenet-rpc (32769)
Destination port: radius (1812)
Length: 288
Checksum: 0xe8e0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x7d (125)
Length: 280
Authenticator: 79b2f31c7e67d6fdaa7e15f362ecb025
Attribute Value Pairs
AVP: l=27 t=User-Name(1): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (username is correct!!!)
AVP: l=19 t=Calling-Station-Id(31): 00-21-6a-29-80-xx
AVP: l=27 t=Called-Station-Id(30): f0-25-72-70-65-c0:WLAN-XX
AVP: l=6 t=NAS-Port(5): 2
AVP: l=6 t=NAS-IP-Address(4): 10.10.10.10
AVP: l=13 t=NAS-Identifier(32): XX-002_WLAN
AVP: l=12 t=Vendor-Specific(26) v=Airespace(14179)
AVP: l=6 t=Service-Type(6): Framed(2)
AVP: l=6 t=Framed-MTU(12): 1300
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
AVP: l=89 t=EAP-Message(79) Last Segment[1]
EAP fragment
Extensible Authentication Protocol
Code: Response (2)
Id: 3
Length: 87
Type: EAP-TLS [RFC5216] [Aboba] (13)
Flags(0x80): Length
Length: 77
Secure Socket Layer
AVP: l=25 t=State(24): 1d68036a000001370001828b38990000000318a3088c00
AVP: l=18 t=Message-Authenticator(80): 9fe1bfac02df3293ae2f8efc95de2d5d
No. Time Source Destination Protocol Info
2 0.060373 15.15.15.15 10.10.10.10 IP Fragmented IP protocol (proto=UDP 0x11, off=0, ID=2935) [Reassembled in #3]
Frame 2: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Cisco_55:20:41 (1c:df:0f:55:20:41), Dst: Cisco_62:63:00 (f8:66:f2:62:63:00)
Internet Protocol, Src: 15.15.15.15 (15.15.15.15), Dst: 10.10.10.10 (10.10.10.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x2935 (10549)
Flags: 0x01 (More Fragments)
Fragment offset: 0
Time to live: 122
Protocol: UDP (17)
Header checksum: 0x58e0 [correct]
Source: 15.15.15.15 (15.15.15.15)
Destination: 10.10.10.10 (10.10.10.10)
Reassembled IP in frame: 3
Data (24 bytes)
0000 07 14 80 01 05 69 e8 f5 0b 7d 05 61 6c 83 00 ae .....i...}.al...
0010 d0 75 05 c3 56 29 a7 b1 .u..V)..
No. Time Source Destination Protocol Info
3 0.060671 15.15.15.15 10.10.10.10 RADIUS Access-challenge(11) (id=125, l=1377)
Frame 3: 1395 bytes on wire (11160 bits), 1395 bytes captured (11160 bits)
Ethernet II, Src: Cisco_55:20:41 (1c:df:0f:55:20:41), Dst: Cisco_62:63:00 (f8:66:f2:62:63:00)
Internet Protocol, Src: 15.15.15.15 (15.15.15.15), Dst: 10.10.10.10 (10.10.10.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1381
Identification: 0x2935 (10549)
Flags: 0x00
Fragment offset: 24
Time to live: 122
Protocol: UDP (17)
Header checksum: 0x73a4 [correct]
Source: 15.15.15.15 (15.15.15.15)
Destination: 10.10.10.10 (10.10.10.10)
[IP Fragments (1385 bytes): #2(24), #3(1361)]
User Datagram Protocol, Src Port: radius (1812), Dst Port: filenet-rpc (32769)
Source port: radius (1812)
Destination port: filenet-rpc (32769)
Length: 1385
Checksum: 0xe8f5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Radius Protocol
Code: Access-challenge (11)
Packet identifier: 0x7d (125)
Length: 1377
Authenticator: 6c8300aed07505c35629a7b14de483be
Attribute Value Pairs
AVP: l=6 t=Session-Timeout(27): 30
Session-Timeout: 30
AVP: l=255 t=EAP-Message(79) Segment[1]
EAP fragment
AVP: l=255 t=EAP-Message(79) Segment[2]
EAP fragment
AVP: l=255 t=EAP-Message(79) Segment[3]
EAP fragment
AVP: l=255 t=EAP-Message(79) Segment[4]
EAP fragment
AVP: l=255 t=EAP-Message(79) Segment[5]
EAP fragment
AVP: l=33 t=EAP-Message(79) Last Segment[6]
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 4
Length: 1296
Type: EAP-TLS [RFC5216] [Aboba] (13)
Flags(0xC0): Length More
Length: 8184
Secure Socket Layer
[Malformed Packet: SSL]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Message: Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
******************** COMMVIEW CAPTURE ******************
Packet #6, Direction: Pass-through, Time:11:27:35,251292, Size: 323
Ethernet II
Destination MAC: 1C:DF:0F:55:20:xx
Source MAC: F8:66:F2:62:63:xx
Ethertype: 0x0800 (2048) - IP
IP
IP version: 0x04 (4)
Header length: 0x05 (5) - 20 bytes
Differentiated Services Field: 0x00 (0)
Differentiated Services Code Point: 000000 - Default
ECN-ECT: 0
ECN-CE: 0
Total length: 0x0135 (309)
ID: 0x2B26 (11046)
Flags
Don't fragment bit: 1 - Don't fragment
More fragments bit: 0 - Last fragment
Fragment offset: 0x0000 (0)
Time to live: 0x40 (64)
Protocol: 0x11 (17) - UDP
Checksum: 0x6FE6 (28646) - correct
Source IP: 161.86.66.49
Destination IP: 15.15.15.15
IP Options: None
UDP
Source port: 32769
Destination port: 1812
Length: 0x0121 (289)
Checksum: 0x5824 (22564) - correct
Radius
Code: 0x01 (1) - Access-Request
Identifier: 0x8D (141)
Packet Length: 0x0119 (281)
Authenticator: 60 4E A6 58 A8 88 A2 33 4E 56 D0 E9 3B E0 62 18
Attributes
Attribute
Type: 0x01 (1) - User-Name
Length: 0x1A (26)
Username: XXXXXXXXXXXXXXXXXXXXXXX (username is correct!!!)
Attribute
Type: 0x1F (31) - Calling-Station-Id
Length: 0x11 (17)
Calling id: 58-94-6b-15-5f-xx
Attribute
Type: 0x1E (30) - Called-Station-Id
Length: 0x19 (25)
Called id: f0-25-72-70-65-c0:WLAN-XX
Attribute
Type: 0x05 (5) - NAS-Port
Length: 0x04 (4)
Port: 0x00000002 (2)
Attribute
Type: 0x04 (4) - NAS-IP-Address
Length: 0x04 (4)
Address: 10.10.10.10
Attribute
Type: 0x20 (32) - NAS-Identifier
Length: 0x0B (11)
NAS identifier: XX-002_WLAN
Attribute
Type: 0x1A (26) - Vendor-Specific
Length: 0x0A (10)
Vendor id: 0x00003763 (14179)
Vendor specific:
Attribute
Type: 0x06 (6) - Service-Type
Length: 0x04 (4)
Service type: 0x00000002 (2) - Framed
Attribute
Type: 0x0C (12) - Framed-MTU
Length: 0x04 (4)
Framed MTU: 0x00000514 (1300)
Attribute
Type: 0x3D (61) - NAS-Port-Type
Length: 0x04 (4)
NAS port type: 0x00000013 (19) - Wireless - IEEE 802.11
Attribute
Type: 0x4F (79) - EAP-Message
Length: 0x57 (87)
EAP-Message
Attribute
Type: 0x18 (24) - State
Length: 0x17 (23)
State: 1F 38 04 12 00 00 01 37 00 01 82 8B 38 99 00 00 00 03 18 A6 82 B7 00
Attribute
Type: 0x50 (80) - Message-Authenticator
Length: 0x10 (16)
Message-Authenticator: 4F 13 92 9C 10 29 C5 3A B9 AE 92 CA 74 11 6C B5
Packet #28, Direction: Pass-through, Time:11:27:36,523743, Size: 62
Ethernet II
Destination MAC: F8:66:F2:62:63:xx
Source MAC: 1C:DF:0F:55:20:xx
Ethertype: 0x0800 (2048) - IP
IP
IP version: 0x04 (4)
Header length: 0x05 (5) - 20 bytes
Differentiated Services Field: 0x00 (0)
Differentiated Services Code Point: 000000 - Default
ECN-ECT: 0
ECN-CE: 0
Total length: 0x002C (44)
ID: 0x4896 (18582)
Flags
Don't fragment bit: 0 - May fragment
More fragments bit: 1 - More fragments
Fragment offset: 0x0000 (0)
Time to live: 0x7A (122)
Protocol: 0x11 (17) - UDP
Checksum: 0x397F (14719) - correct
Source IP: 15.15.15.15
Destination IP: 10.10.10.10
IP Options: None
UDP
Source port: 1812
Destination port: 32769
Length: 0x0569 (1385)
Checksum: 0x2FE4 (12260) - incorrectHi,
We spent many hours trying to solve this problem.
Our setup:
Cisco wireless setup, using windows NPS for 802.1x authentication.
Certificate base auth, with an internal PKI sending out client machine certs, and also the server cert.
Auth was failing with "reason code 22, The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server."
It turned out to be a GPO setting on the server, that was enforcing key protection.
There is this note on the below technet article:
Requiring the use of strong private key protection and user prompting on all new and imported keys will disable some applications, such as Encrypting File System (EFS) and wireless (802.1X) authentication that cannot display UI. For more information, see article 320828 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=115037).
http://technet.microsoft.com/en-us/library/cc725621(v=WS.10).aspx
Hopefully this helps someone out, if you have the same annoying error. -
802.1x authentication fail when trying to implement 802.11N
Hello, I'm trying to deploy 802.11N along with 802.1X and IAS.
Controller comunciates with Radius server (IAS) and this lives in a ESX host along with the Domain controller. Somehow users are not able to authenticate.
WLC: AIR-CT550 - IP 10.152.36.5
IAS: 10.204.34.35
Domain controller: 10.204.35.149
Testing client MAC: 24:77:03:dc:c6:10
Check these logs:
*Jan 29 19:11:45.816: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:45.842: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:45.844: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:50.691: 24:77:03:dc:c6:10 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
*Jan 29 19:11:50.692: 24:77:03:dc:c6:10 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [0c:27:24:4e:62:10]
*Jan 29 19:11:50.692: 24:77:03:dc:c6:10 Deleting mobile on AP 0c:27:24:4e:62:10(0)
*Jan 29 19:11:51.727: 24:77:03:dc:c6:10 Adding mobile on LWAPP AP 50:17:ff:df:08:70(1)
*Jan 29 19:11:51.727: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 23) in 5 seconds
*Jan 29 19:11:51.727: 24:77:03:dc:c6:10 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile 24:77:03:dc:c6:10 on AP 50:17:ff:df:08:70 from Idle to Probe
*Jan 29 19:11:51.729: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.742: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.743: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.758: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.758: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.773: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.774: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.943: 24:77:03:dc:c6:10 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Association received from mobile on AP 50:17:ff:de:45:90
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Applying site-specific IPv6 override for station 24:77:03:dc:c6:10 - vapId 3, site 'default-group', interface 'enterprise wireless 3rd floor'
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Applying IPv6 Interface Policy for station 24:77:03:dc:c6:10 - vlan 603, interface id 11, interface 'enterprise wireless 3rd floor'
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Processing RSN IE type 48, length 22 for mobile 24:77:03:dc:c6:10
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Received RSN IE with 0 PMKIDs from mobile 24:77:03:dc:c6:10
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [50:17:ff:df:08:70]
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Updated location for station old AP 50:17:ff:df:08:70-1, new AP 50:17:ff:de:45:90-1
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 0.0.0.0 START (0) Initializing policy
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 50:17:ff:de:45:90 vapId 3 apVapId 3
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 apfPemAddUser2 (apf_policy.c:213) Changing state for mobile 24:77:03:dc:c6:10 on AP 50:17:ff:de:45:90 from Probe to Associated
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Stopping deletion of Mobile Station: (callerId: 48)
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 Sending Assoc Response to station on BSSID 50:17:ff:de:45:90 (status 0) Vap Id 3 Slot 1
*Jan 29 19:11:51.945: 24:77:03:dc:c6:10 apfProcessAssocReq (apf_80211.c:4389) Changing state for mobile 24:77:03:dc:c6:10 on AP 50:17:ff:de:45:90 from Associated to Associated
*Jan 29 19:11:51.947: 24:77:03:dc:c6:10 Station 24:77:03:dc:c6:10 setting dot1x reauth timeout = 0
*Jan 29 19:11:51.947: 24:77:03:dc:c6:10 Stopping reauth timeout for 24:77:03:dc:c6:10
*Jan 29 19:11:51.947: 24:77:03:dc:c6:10 dot1x - moving mobile 24:77:03:dc:c6:10 into Connecting state
*Jan 29 19:11:51.947: 24:77:03:dc:c6:10 Sending EAP-Request/Identity to mobile 24:77:03:dc:c6:10 (EAP Id 1)
*Jan 29 19:11:51.974: 24:77:03:dc:c6:10 Received EAPOL START from mobile 24:77:03:dc:c6:10
*Jan 29 19:11:51.974: 24:77:03:dc:c6:10 dot1x - moving mobile 24:77:03:dc:c6:10 into Connecting state
*Jan 29 19:11:51.974: 24:77:03:dc:c6:10 Sending EAP-Request/Identity to mobile 24:77:03:dc:c6:10 (EAP Id 2)
*Jan 29 19:11:52.006: 24:77:03:dc:c6:10 Received EAPOL EAPPKT from mobile 24:77:03:dc:c6:10
*Jan 29 19:11:52.006: 24:77:03:dc:c6:10 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 24:77:03:dc:c6:10
*Jan 29 19:11:52.030: 24:77:03:dc:c6:10 Received EAPOL EAPPKT from mobile 24:77:03:dc:c6:10
*Jan 29 19:11:52.030: 24:77:03:dc:c6:10 Username entry (NA\a-Gregg.Davis) created for mobile
*Jan 29 19:11:52.030: 24:77:03:dc:c6:10 Received Identity Response (count=2) from mobile 24:77:03:dc:c6:10
*Jan 29 19:11:52.030: 24:77:03:dc:c6:10 EAP State update from Connecting to Authenticating for mobile 24:77:03:dc:c6:10
*Jan 29 19:11:52.030: 24:77:03:dc:c6:10 dot1x - moving mobile 24:77:03:dc:c6:10 into Authenticating state
*Jan 29 19:11:52.030: 24:77:03:dc:c6:10 Entering Backend Auth Response state for mobile 24:77:03:dc:c6:10
*Jan 29 19:11:52.031: apfVapRadiusInfoGet: WLAN(3) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*Jan 29 19:11:52.031: 24:77:03:dc:c6:10 Successful transmission of Authentication Packet (id 62) to 10.204.34.35:1812, proxy state 24:77:03:dc:c6:10-00:00
*Jan 29 19:11:52.051: ****Enter processIncomingMessages: response code=11
*Jan 29 19:11:52.051: Received a RADIUS message from unknown server 10.204.35.149 port 1812
*Jan 29 19:11:54.032: 24:77:03:dc:c6:10 Successful transmission of Authentication Packet (id 62) to 10.204.34.35:1812, proxy state 24:77:03:dc:c6:10-00:00
*Jan 29 19:11:54.049: ****Enter processIncomingMessages: response code=11
*Jan 29 19:11:54.049: Received a RADIUS message from unknown server 10.204.35.149 port 1812
*Jan 29 19:11:56.032: 24:77:03:dc:c6:10 Successful transmission of Authentication Packet (id 62) to 10.204.34.35:1812, proxy state 24:77:03:dc:c6:10-00:00
*Jan 29 19:11:56.048: ****Enter processIncomingMessages: response code=11
*Jan 29 19:11:56.048: Received a RADIUS message from unknown server 10.204.35.149 port 1812
Any idea of what could be the problem?
Thanks.Hi Francisco,
*Jan 29 19:11:52.031: 24:77:03:dc:c6:10 Successful transmission of Authentication Packet (id 62) to 10.204.34.35:1812, proxy state 24:77:03:dc:c6:10-00:00
*Jan 29 19:11:52.051: ****Enter processIncomingMessages: response code=11*Jan 29 19:11:52.051: Received a RADIUS message from unknown server 10.204.35.149 port 1812
*Jan 29 19:11:54.032: 24:77:03:dc:c6:10 Successful transmission of Authentication Packet (id 62) to 10.204.34.35:1812, proxy state 24:77:03:dc:c6:10-00:00
*Jan 29 19:11:54.049: ****Enter processIncomingMessages: response code=11*Jan 29 19:11:54.049: Received a RADIUS message from unknown server 10.204.35.149 port 1812
These message indicate there is some issue with RADIUS communication. Looks like WLC send RADIUS packets to IAS, but it does not get any response. Instead it getting RADIUS response from DC.
Pls check this communication
HTH
Rasika
**** Pls rate all useful resposnes ***** -
Cannot change GroupWise User Name in GW Mobility Service 2.0
Hi,
In GW Mobility Service 2.0 I can no longer change the "GroupWise User Name" value, which I need for the the address book selection. I need to change it, because we use AD authentication. This sets the username value to CNAME, which is different from our logon names (sAMAccountName). I can only change the "Mobility User Name""now. In 1.2.5.299, I was able to change it.
As a result, I'm unable to add new users to the system. Anyone know how to fix this?
IwanOriginally Posted by dzanre
iwan wrote:
> I don't add users via the web interface. I add them to an AD user group, at
> which point they are automatically added to the system. Once they are added, I
> change the name and sync them. I've added over 100 users like this in the
> previous version. I don't know why it does not work anymore. It does allow me
> to change the "Mobility User Name".
This has actually long been an issue, and I had failures even with 1.2.5. I
think you got lucky. This is a known problem with using LDAP groups for adding
users.
Also, you say that you were using AD groups, and this is definitely not
supported. eDirectory is the only supported LDAP server for Mobility and that
has always been the case.
So, I'm afraid that if this was working before, it was totally by accident.
Danita
Novell Knowledge Partner
GroupWise Mobility Service 2.0 Guide - Caledonia Guide to the GroupWise Mobility Service 2.0
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
Hi,
I'm sorry to hear that. I've been using it with AD as an LDAP source for quite some time without any issues. I still use it for authentication to the web interface itself. It would still work if I could just modify the "GroupWise User Name", like I could in the previous version. It doesn't seem logical to allow changing the "Mobility User Name" and not the "GroupWise User Name".
I am adding users through the web interface now and abandoned adding them via the LDAP group option (still use AD auth on the devices). I don't want to use eDir as I'm trying to move away from it. Every system within our company authenticates using AD. I only have eDir for GroupWise and with the next version of GW coming up and fully supporting AD, I can finally go to a single Directory.
When I migrate to GW 2014, will I be able to select GroupWise for authentication in Mobility Service and have the POA use AD authentication? Effectively giving Mobility Service AD authentication through GW? If so, the only thing that would not work is adding users via a group (if eDir is not used anymore).
Iwan -
Authenticated Bind succeeds but "This server is not responding"
Hey everyone,
I have a "from scratch" magic triangle setup. AD has 2 DC's in a domain named domain.priv, 1 Lion (10.7.4) OD server successfully bound to AD and authentication is working flawlessly and fast! There are a handful of clients running SL which have mobile homes. There are also a handful of Lion clients with mobile homes. DNS is running on AD.
Here's the rub. I can bind the SL clients to AD and OD just fine. I do an authenticated bind to OD so that it creates the computer record. On the Lion clients I bind them to AD without a problem and OD without and error message however once I bind Directory Utility has a red light stating "This server is not responding". Search paths are correct, pinging works the server works. Because authentication and mobile homes are working I think it's fairly safe to assume DNS is setup properly.
For clarification, I have a script that does the binding but I promise I've tried every available option in dsconfigldap without success. I've obviously tried using the GUI as well with no luck. I've tried turning on SSL and no SSL. I've tried enabling other security options without success as well. A work around I have found for the Lion clients was first do an authenticated bind to create the computer record and add it to appropriate computer groups then unbind the client and rebind UNauthenticated. Binding without authentication works perfectly and the client never loses contact with the OD server.
The reason I am posting this problem is because I am finally getting around to adding a secondary OD server for replication. I do not have the option to do an unauthenticated bind with OS Server and I have not found a way to successfully setup a replica without binding first, obviously.
I will post log files as needed but I have not found anything that is out of the ordinary except for:
9/20/12 7:34:16.560 PM servermgrd: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
9/20/12 7:34:16.562 PM servermgrd: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
9/20/12 7:34:16.564 PM servermgrd: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
9/20/12 7:34:16.567 PM servermgrd: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
It goes on like that...
Also, IPv6 is not setup on the AD DNS servers. Not sure that matters but I figured I should put it out there.
Any help or ideas of where to look would be greatly appreciated! Thanks!
Nick.I ended up opening a ticket with Apple and the cause has been identified and even a "fix"!
Turns out that I skipped a vital step prior to binding to AD or setting up the OD Master; preparing the server to connect to another directory.
It's necessary to go to Server Admin, select Open Directory, Settings, then Change. Select "Connect to another directory" and then continue. After that the normal steps should be taken; Connect to AD with Directory Utility and then Create Open Directory Master with Server Admin.
Since I have a test enviroment that consists of 1 week old backups of the AD Domain Controllers and OD Master I decided to destroy the current OD and start over and testing this out. Guess what? Everything works as it should. Bount a couple of Lion clients, tested management, and even created a replica with the GUI!
Here's the rub...
In order to keep my current environment in tact (computers and computer groups) I exported all of the computers and computer groups from WGM prior to destroying the Open Directory Master. Once I completed setting everything up and created a new Directory Master I reimported the archive. With this method all currently I was back to square one. SL clients were bound, I could unbind and re-authenticaed bind with no problems. Lion clients however, had the same issue, could not bind with authentication. Fail.
I also tried exporting the computers and computer groups from WGM prior to destroying the Master. Set everything back up, imported the computers and computer groups. Nice part is that new binds both SL and Lion work wonderfully. However, any machines that were already bound don't work. I assume this is because even though the Kerberos realm has the same name, there has to be some differences in hash or whatever else Kerberos is using for encryption. There are log entries telling me about all the computers trying to connect that the server can't find in it's database.
Where to go from here?
Not sure. How do I find out what is broken in the Archive? I know that 10.7 took out the option of -merge in slapconfig which may or may not have worked here. Knowing what the "Connect to another directory" option in Server Admin is doing would help out greatly. Not knowing why that simple step does changes everything is deflating to say the least.
I should be talking to an Apple Engineer tomorrow. I will post back.
Nick. -
Windows mobile wireless connectivity issues
Hi all,
In our wireless network , windows mobiles 8.0 are not able to connect . The SSID is using WPA2/AES encryption with 802.1x auth. The remaining clients are able to connect to the network and working fine. Even from windows phone 8.1 , I am able to connect to the network. The only difference I am seeing between these two mobiles are supplicant. In WP 8.1 i am able to choose the PEAP/MSCHAPv2 with no server validation options.
In WP 8.0 , it is directly asking for UN/PWD.the WLC is 2504 with 7.2.103.0 code.
The debug is below for 8.0 mobile
isco Controller) >*apfReceiveTask: Jun 11 12:01:51.076: ec:f3:5b:13:fe:5c Deleting mobile on AP 1c:e6:c7:84:7a:20(0)
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Adding mobile on LWAPP AP 1c:e6:c7:85:25:b0(0)
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Association received from mobile on AP 1c:e6:c7:85:25:b0
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Applying site-specific Local Bridging override for station ec:f3:5b:13:fe:5c - vapId 3, site 'default-group', interface 'corp_byod'
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Applying Local Bridging Interface Policy for station ec:f3:5b:13:fe:5c - vlan 252, interface id 14, interface 'corp_byod'
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c STA - rates (8): 130 132 139 12 18 150 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Processing RSN IE type 48, length 20 for mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Received RSN IE with 0 PMKIDs from mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Setting active key cache index 8 ---> 8
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c unsetting PmkIdValidatedByAp
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 1c:e6:c7:85:25:b0 vapId 3 apVapId 3for this client
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c Not Using WMM Compliance code qosCap 00
*apfMsConnTask_5: Jun 11 12:09:50.218: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 1c:e6:c7:85:25:b0 vapId 3 apVapId 3
*apfMsConnTask_5: Jun 11 12:09:50.219: ec:f3:5b:13:fe:5c apfMsAssoStateInc
*apfMsConnTask_5: Jun 11 12:09:50.219: ec:f3:5b:13:fe:5c apfPemAddUser2 (apf_policy.c:268) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Idle to Associated
*apfMsConnTask_5: Jun 11 12:09:50.219: ec:f3:5b:13:fe:5c Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_5: Jun 11 12:09:50.219: ec:f3:5b:13:fe:5c Sending Assoc Response to station on BSSID 1c:e6:c7:85:25:b0 (status 0) ApVapId 3 Slot 0
*apfMsConnTask_5: Jun 11 12:09:50.219: ec:f3:5b:13:fe:5c apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Associated to Associated
*dot1xMsgTask: Jun 11 12:09:50.223: ec:f3:5b:13:fe:5c Station ec:f3:5b:13:fe:5c setting dot1x reauth timeout = 1800
*dot1xMsgTask: Jun 11 12:09:50.223: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*dot1xMsgTask: Jun 11 12:09:50.223: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 1)
*Dot1x_NW_MsgTask_4: Jun 11 12:09:50.288: ec:f3:5b:13:fe:5c Received EAPOL START from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:09:50.288: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*Dot1x_NW_MsgTask_4: Jun 11 12:09:50.288: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 2)
*osapiBsnTimer: Jun 11 12:10:20.288: ec:f3:5b:13:fe:5c 802.1x 'txWhen' Timer expired for station ec:f3:5b:13:fe:5c and for message = M0
*dot1xMsgTask: Jun 11 12:10:20.288: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*dot1xMsgTask: Jun 11 12:10:20.288: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 3)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.812: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.812: ec:f3:5b:13:fe:5c Received Identity Response (count=3) from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.812: ec:f3:5b:13:fe:5c Reached Max EAP-Identity Request retries (3) for STA ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.813: ec:f3:5b:13:fe:5c Sent Deauthenticate to mobile on BSSID 1c:e6:c7:85:25:b0 slot 0(caller 1x_auth_pae.c:3117)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.813: ec:f3:5b:13:fe:5c Scheduling deletion of Mobile Station: (callerId: 6) in 10 seconds
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.813: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Disconnected state
*Dot1x_NW_MsgTask_4: Jun 11 12:10:22.813: ec:f3:5b:13:fe:5c Not sending EAP-Failure for STA ec:f3:5b:13:fe:5c
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c Association received from mobile on AP 1c:e6:c7:84:7a:20
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c Applying site-specific Local Bridging override for station ec:f3:5b:13:fe:5c - vapId 3, site 'default-group', interface 'corp_byod'
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c Applying Local Bridging Interface Policy for station ec:f3:5b:13:fe:5c - vlan 252, interface id 14, interface 'corp_byod'
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c Processing RSN IE type 48, length 20 for mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c Received RSN IE with 0 PMKIDs from mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Jun 11 12:10:23.334: ec:f3:5b:13:fe:5c unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [1c:e6:c7:85:25:b0]
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c Updated location for station old AP 1c:e6:c7:85:25:b0-0, new AP 1c:e6:c7:84:7a:20-0
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 1c:e6:c7:84:7a:20 vapId 3 apVapId 3for this client
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c Not Using WMM Compliance code qosCap 00
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 1c:e6:c7:84:7a:20 vapId 3 apVapId 3
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c apfPemAddUser2 (apf_policy.c:268) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:84:7a:20 from Associated to Associated
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c Sending Assoc Response to station on BSSID 1c:e6:c7:84:7a:20 (status 0) ApVapId 3 Slot 0
*apfMsConnTask_3: Jun 11 12:10:23.335: ec:f3:5b:13:fe:5c apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:84:7a:20 from Associated to Associated
*dot1xMsgTask: Jun 11 12:10:23.340: ec:f3:5b:13:fe:5c Station ec:f3:5b:13:fe:5c setting dot1x reauth timeout = 1800
*dot1xMsgTask: Jun 11 12:10:23.340: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*dot1xMsgTask: Jun 11 12:10:23.340: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 1)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:23.397: ec:f3:5b:13:fe:5c Received EAPOL START from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:23.397: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*Dot1x_NW_MsgTask_4: Jun 11 12:10:23.397: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 2)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.762: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.763: ec:f3:5b:13:fe:5c Received Identity Response (count=2) from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.763: ec:f3:5b:13:fe:5c EAP State update from Connecting to Authenticating for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.763: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Authenticating state
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.763: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.769: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.769: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=3) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.769: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 3)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.793: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.793: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.793: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.796: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.796: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=4) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.796: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 4)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.817: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.817: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.817: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.820: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.820: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=5) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.820: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 5)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.839: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.839: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.839: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.845: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.845: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=6) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.845: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.864: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.864: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 6, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.864: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.867: ec:f3:5b:13:fe:5c Processing Access-Reject for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.867: ec:f3:5b:13:fe:5c Removing PMK cache due to EAP-Failure for mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.867: ec:f3:5b:13:fe:5c Sending EAP-Failure to mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.868: ec:f3:5b:13:fe:5c Entering Backend Auth Failure state (id=6) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.868: ec:f3:5b:13:fe:5c Setting quiet timer for 5 seconds for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:32.868: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Unknown state
*osapiBsnTimer: Jun 11 12:10:37.687: ec:f3:5b:13:fe:5c 802.1x 'quiteWhile' Timer expired for station ec:f3:5b:13:fe:5c and for message = M0
*dot1xMsgTask: Jun 11 12:10:37.688: ec:f3:5b:13:fe:5c quiet timer completed for mobile ec:f3:5b:13:fe:5c
*dot1xMsgTask: Jun 11 12:10:37.688: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*dot1xMsgTask: Jun 11 12:10:37.688: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 8)
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Association received from mobile on AP 1c:e6:c7:85:25:b0
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Applying site-specific Local Bridging override for station ec:f3:5b:13:fe:5c - vapId 3, site 'default-group', interface 'corp_byod'
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Applying Local Bridging Interface Policy for station ec:f3:5b:13:fe:5c - vlan 252, interface id 14, interface 'corp_byod'
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Processing RSN IE type 48, length 20 for mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Received RSN IE with 0 PMKIDs from mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Setting active key cache index 8 ---> 8
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c unsetting PmkIdValidatedByAp
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [1c:e6:c7:84:7a:20]
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Updated location for station old AP 1c:e6:c7:84:7a:20-0, new AP 1c:e6:c7:85:25:b0-0
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 1c:e6:c7:85:25:b0 vapId 3 apVapId 3for this client
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Not Using WMM Compliance code qosCap 00
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 1c:e6:c7:85:25:b0 vapId 3 apVapId 3
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c apfPemAddUser2 (apf_policy.c:268) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Associated to Associated
*apfMsConnTask_5: Jun 11 12:10:56.984: ec:f3:5b:13:fe:5c Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_5: Jun 11 12:10:56.985: ec:f3:5b:13:fe:5c Sending Assoc Response to station on BSSID 1c:e6:c7:85:25:b0 (status 0) ApVapId 3 Slot 0
*apfMsConnTask_5: Jun 11 12:10:56.985: ec:f3:5b:13:fe:5c apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Associated to Associated
*dot1xMsgTask: Jun 11 12:10:56.989: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*dot1xMsgTask: Jun 11 12:10:56.989: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 1)
*Dot1x_NW_MsgTask_4: Jun 11 12:10:57.140: ec:f3:5b:13:fe:5c Received EAPOL START from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:10:57.140: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*Dot1x_NW_MsgTask_4: Jun 11 12:10:57.140: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 2)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.765: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.765: ec:f3:5b:13:fe:5c Received Identity Response (count=2) from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.765: ec:f3:5b:13:fe:5c EAP State update from Connecting to Authenticating for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.765: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Authenticating state
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.765: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.769: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.769: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=3) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.769: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 3)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.795: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.796: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.796: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.806: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.806: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=4) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.806: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 4)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.883: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.883: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.883: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.886: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.886: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=5) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.887: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 5)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.901: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.901: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.901: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.909: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.909: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=6) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.909: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.925: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.925: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 6, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.925: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.928: ec:f3:5b:13:fe:5c Processing Access-Reject for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.928: ec:f3:5b:13:fe:5c Removing PMK cache due to EAP-Failure for mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.928: ec:f3:5b:13:fe:5c Sending EAP-Failure to mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.929: ec:f3:5b:13:fe:5c Entering Backend Auth Failure state (id=6) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.929: ec:f3:5b:13:fe:5c Setting quiet timer for 5 seconds for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:21.929: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Unknown state
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Association received from mobile on AP 1c:e6:c7:85:25:b0
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Applying site-specific Local Bridging override for station ec:f3:5b:13:fe:5c - vapId 3, site 'default-group', interface 'corp_byod'
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Applying Local Bridging Interface Policy for station ec:f3:5b:13:fe:5c - vlan 252, interface id 14, interface 'corp_byod'
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c STA - rates (8): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c STA - rates (12): 130 132 139 12 18 150 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Processing RSN IE type 48, length 20 for mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Received RSN IE with 0 PMKIDs from mobile ec:f3:5b:13:fe:5c
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Setting active key cache index 8 ---> 8
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c unsetting PmkIdValidatedByAp
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 1c:e6:c7:85:25:b0 vapId 3 apVapId 3for this client
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Not Using WMM Compliance code qosCap 00
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 1c:e6:c7:85:25:b0 vapId 3 apVapId 3
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c apfPemAddUser2 (apf_policy.c:268) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Associated to Associated
*apfMsConnTask_5: Jun 11 12:11:23.073: ec:f3:5b:13:fe:5c Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_5: Jun 11 12:11:23.074: ec:f3:5b:13:fe:5c Sending Assoc Response to station on BSSID 1c:e6:c7:85:25:b0 (status 0) ApVapId 3 Slot 0
*apfMsConnTask_5: Jun 11 12:11:23.074: ec:f3:5b:13:fe:5c apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Associated to Associated
*dot1xMsgTask: Jun 11 12:11:23.077: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*dot1xMsgTask: Jun 11 12:11:23.078: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 1)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:23.134: ec:f3:5b:13:fe:5c Received EAPOL START from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:23.134: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Connecting state
*Dot1x_NW_MsgTask_4: Jun 11 12:11:23.134: ec:f3:5b:13:fe:5c Sending EAP-Request/Identity to mobile ec:f3:5b:13:fe:5c (EAP Id 2)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.120: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.120: ec:f3:5b:13:fe:5c Received Identity Response (count=2) from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.120: ec:f3:5b:13:fe:5c EAP State update from Connecting to Authenticating for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.120: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Authenticating state
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.120: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.123: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.123: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=3) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.123: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 3)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.133: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.133: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.133: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.136: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.136: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=4) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.136: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 4)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.319: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.319: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.319: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.321: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.321: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=5) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.321: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 5)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.338: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.338: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.338: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.347: ec:f3:5b:13:fe:5c Processing Access-Challenge for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.347: ec:f3:5b:13:fe:5c Entering Backend Auth Req state (id=6) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.347: ec:f3:5b:13:fe:5c Sending EAP Request from AAA to mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.361: ec:f3:5b:13:fe:5c Received EAPOL EAPPKT from mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.361: ec:f3:5b:13:fe:5c Received EAP Response from mobile ec:f3:5b:13:fe:5c (EAP Id 6, EAP Type 25)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.361: ec:f3:5b:13:fe:5c Entering Backend Auth Response state for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.365: ec:f3:5b:13:fe:5c Processing Access-Reject for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.365: ec:f3:5b:13:fe:5c Removing PMK cache due to EAP-Failure for mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.365: ec:f3:5b:13:fe:5c Sending EAP-Failure to mobile ec:f3:5b:13:fe:5c (EAP Id 6)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.365: ec:f3:5b:13:fe:5c Entering Backend Auth Failure state (id=6) for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.365: ec:f3:5b:13:fe:5c apfBlacklistMobileStationEntry2 (apf_ms.c:4864) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Associated to Exclusion-list (1)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.365: ec:f3:5b:13:fe:5c Scheduling deletion of Mobile Station: (callerId: 44) in 10 seconds
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.366: ec:f3:5b:13:fe:5c 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.366: ec:f3:5b:13:fe:5c 0.0.0.0 START (0) Reached FAILURE: from line 4442
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.366: ec:f3:5b:13:fe:5c Scheduling deletion of Mobile Station: (callerId: 9) in 10 seconds
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.366: ec:f3:5b:13:fe:5c Max AAA failure for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.366: ec:f3:5b:13:fe:5c Setting quiet timer for 5 seconds for mobile ec:f3:5b:13:fe:5c
*Dot1x_NW_MsgTask_4: Jun 11 12:11:37.366: ec:f3:5b:13:fe:5c dot1x - moving mobile ec:f3:5b:13:fe:5c into Unknown state
*osapiBsnTimer: Jun 11 12:11:42.287: ec:f3:5b:13:fe:5c 802.1x 'quiteWhile' Timer expired for station ec:f3:5b:13:fe:5c and for message = M0
*osapiBsnTimer: Jun 11 12:11:47.288: ec:f3:5b:13:fe:5c apfMsExpireCallback (apf_ms.c:589) Expiring Mobile!
*apfReceiveTask: Jun 11 12:11:47.289: ec:f3:5b:13:fe:5c Scheduling deletion of Mobile Station: (callerId: 46) in 60 seconds
*apfReceiveTask: Jun 11 12:11:47.289: ec:f3:5b:13:fe:5c apfMsExpireMobileStation (apf_ms.c:5708) Changing state for mobile ec:f3:5b:13:fe:5c on AP 1c:e6:c7:85:25:b0 from Exclusion-list (1) to Exclusion-list (2)
*apfReceiveTask: Jun 11 12:11:47.289: ec:f3:5b:13:fe:5c pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Jun 11 12:11:47.289: ec:f3:5b:13:fe:5c 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [1c:e6:c7:85:25:b0]
Kindly give your opinions on this.
BR//
VijayHi Najaf,
We have tried the same credentials only .
Level Date and Time Source Event ID Task Category
Information 5/19/2014 6:58:50 PM Microsoft-Windows-Security-Auditing 6273 Network Policy Server "Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: xxxxxx
Account Domain: xxxxxxx
Fully Qualified Account Name: xxxxxxx
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 1c-e6-c7-xx-xx-xx:HM_BYOD
Calling Station Identifier: 4c-7f-62-xx-xx-xx
NAS:
NAS IPv4 Address: 10.x.x.x
NAS IPv6 Address: -
NAS Identifier: WLC
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 1
RADIUS Client:
Client Friendly Name: Wireless
Client IP Address: 10.x.x.x
Authentication Details:
Connection Request Policy Name: xxxxxxxxx
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: xxxxxxxxx
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Regards,
Vijay -
Problem with roamingin in VoIP SSID...
Hi guys,
My client has a WLC 5508 with a two dosens of 1262s. I set SSID for the VoIP but when the client roams there is a loss of packest. The client is using Cisco phones. Any help will be appreciated.
Pete
(Cisco Controller) >show wlan 144
WLAN Identifier.................................. 144
Profile Name..................................... VoIP_Network
Network Name (SSID).............................. Inside_144
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 10
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 144_v
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Platinum
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-Air mode....................... Enabled
FT Over-The-Ds mode........................ Enabled
GTK Randomization.......................... Enabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >debug client 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:02:25.463: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Processing WPA IE type 221, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*pemReceiveTask: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 0)
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Initiating WPA PSK to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Force Auth state
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Skipping EAP-Success to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.015: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.015: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b2:b1:10, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Key exchange done, data packets from mobile 2c:54:2d:ea:d4:0e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*spamApTask5: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Sent EAPOL-Key M5 for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Processing WPA IE type 221, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*pemReceiveTask: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 0)
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Initiating WPA PSK to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Force Auth state
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Skipping EAP-Success to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.423: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b2:b1:10, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Key exchange done, data packets from mobile 2c:54:2d:ea:d4:0e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*spamApTask5: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Sent EAPOL-Key M5 for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*emWeb: Nov 30 17:03:46.162: Configuring IPv6 ACL for WLAN:144, aclName passed is NULL
*apfReceiveTask: Nov 30 17:03:46.173: 2c:54:2d:ea:d4:0e apfSendDisAssocMsgDebug (apf_80211.c:2162) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Disassociated
*apfReceiveTask: Nov 30 17:03:46.178: 2c:54:2d:ea:d4:0e Sent Disassociate to mobile on AP 34:bd:c8:b2:b1:10-0 (reason 1, caller apf_ms.c:5558)
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e Sent Deauthenticate to mobile on BSSID 34:bd:c8:b2:b1:10 slot 0(caller apf_ms.c:5678)
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsAssoStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsExpireMobileStation (apf_ms.c:5716) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Disassociated to Idle
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Deleted mobile LWAPP rule on AP [34:bd:c8:b2:b1:10]
*pemReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e Deleting mobile on AP 34:bd:c8:b2:b1:10(0)Hi guys and Saravanan thank for the ideas....
the qualituy is getting better, not satisfactory for the customer though...
I have upgraded the firware as advised to 1.4.3 - I forgot to mention I have 7925g wifi phonee
I set the 802.1x + cckm with eap-fast and WPA2 and definately the quality of the calls got a huge improvement but still not enough. What can be the reason for the confinuing problems during roaming?
Guys, is it possible to set the CCKM without ACS (or WDS - i think that was the second option)
here is some output:
(Cisco Controller) show>wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... test_wifi_144
Network Name (SSID).............................. test144
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1
Exclusionlist.................................... Disabled
Session Timeout.................................. 65535 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 144_v
--More-- or (q)uit
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Platinum
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Required
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... ap-cac-limit
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 2
DTIM period for 802.11b radio.................... 2
Radius Servers
--More-- or (q)uit
Authentication................................ 172.16.106.53 1645
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-Air mode....................... Enabled
FT Over-The-Ds mode........................ Enabled
--More-- or (q)uit
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More-- or (q)uit
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
(Cisco Controller) >debug client 2C542DEAD40E
*apfMsConnTask_3: Dec 07 13:55:49.522: 2c:54:2d:ea:d4:0e Adding mobile on LWAPP AP 34:bd:c8:b3:d9:f0(0)
*apfMsConnTask_3: Dec 07 13:55:49.522: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfMsAssoStateInc
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Idle to Associated
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b3:d9:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Connecting state
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Sending EAP-Request/Identity to mobile 2c:54:2d:ea:d4:0e (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Received Identity Response (count=1) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e EAP State update from Connecting to Authenticating for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=85) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 1 ===> 85 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 85)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 85, EAP Type 3)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=86) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 86)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 86, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=87) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 87)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 87, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=89) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 87 ===> 89 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 89)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 89, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 90, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.702: 2c:54:2d:ea:d4:0e Processing Access-Accept for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Username entry (test960) created for mobile, length = 253
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Username entry (test960) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting re-auth timeout to 65535 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Adding BSSID 34:bd:c8:b3:d9:f0 to PMKID cache at index 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: [0000] ab 8f b5 75 ad c5 8e af 50 0d ce 4a f1 7b 16 9e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e CCKM: Create a global PMK cache entry
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Sending EAP-Success to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: [0000] ab 8f b5 75 ad c5 8e af 50 0d ce 4a f1 7b 16 9e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Entering Backend Auth Success state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Received Auth Success while in Authenticating state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.704: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e CCKM: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: CCKM: Sending CCKM PMK (Version_1) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: CCKM: Sending CCKM PMK (Version_2) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5253, Adding TMP rule
*Dot1x_NW_MsgTask_: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*apfReceiveTask: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4891, Adding TMP rule
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255,
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e Sent an XID frame
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e Sent an XID frame
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ARPing for 10.123.200.1 (SPA 10.123.200.15, vlanId 144)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - 172.16.100.122 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ARPing for 10.123.200.1 (SPA 10.123.200.15, vlanId 144)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 374, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - 172.16.100.122 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 374, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP setting server from OFFER (server 172.16.100.121, yiaddr 10.123.201.4)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REPLY to STA (len 430, port 1, vlan 0)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP OFFER (2)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP server id: 1.1.1.1 rcvd server id: 172.16.100.121
*DHCP Socket Task: Dec 07 13:55:52.514: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.514: 2c:54:2d:ea:d4:0e DHCP dropping OFFER from 172.16.100.122 (yiaddr 10.123.205.33)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 172.16.100.121, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP server id: 172.16.100.121 rcvd server id: 1.1.1.1
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 382, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 172.16.100.121, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - NONE
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e Static IP client associated to interface 144_v which can support client subnet.
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e 10.123.201.4 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5776
*DHCP Soc: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e Assigning Address 10.123.201.4 to mobile
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP success event for client. Clearing dhcp failure count for interface 144_v.
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP sending REPLY to STA (len 430, port 1, vlan 0)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP ACK (5)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e DHCP server id: 1.1.1.1 rcvd server id: 172.16.100.121
*pemReceiveTask: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x10
*pemReceiveTask: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e Sending a gratuitous ARP for 10.123.201.4, VLAN Id 144
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Removing BSSID 34:bd:c8:b3:d9:f0 from PMKID cache of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b3:d9:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Connecting state
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e Sending EAP-Request/Identity to mobile 2c:54:2d:ea:d4:0e (EAP Id 1)
*pemReceiveTask: Dec 07 13:57:01.513: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Received Identity Response (count=1) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e EAP State update from Connecting to Authenticating for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=86) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 1 ===> 86 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 86)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 86, EAP Type 3)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=87) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 87)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 87, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=88) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 88)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 88, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 88 ===> 90 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 90, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=91) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 91)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 91, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Processing Access-Accept for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Setting re-auth timeout to 65535 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Adding BSSID 34:bd:c8:b3:d9:f0 to PMKID cache at index 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: [0000] 16 bf c0 3e 07 00 79 b1 51 ca d3 47 44 69 1b a1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e CCKM: Create a global PMK cache entry
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Sending EAP-Success to mobile 2c:54:2d:ea:d4:0e (EAP Id 91)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: [0000] 16 bf c0 3e 07 00 79 b1 51 ca d3 47 44 69 1b a1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Entering Backend Auth Success state (id=91) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Received Auth Success while in Authenticating state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e CCKM: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: CCKM: Sending CCKM PMK (Version_1) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: CCKM: Sending CCKM PMK (Version_2) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e CCKM: Received REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Reassociation received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Removing BSSID 34:bd:c8:b3:d9:f0 from PMKID cache of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Processing REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: using HMAC SHA1 to compute MIC
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Received a valid REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e CCKM: Initializing PMK cache entry with a new PTK
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2) on BSSID 34:bd:c8:b3:d9:f0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e CCKM: using HMAC SHA1 to compute MIC
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Including CCKM Response IE (length 54) in Assoc Resp to mobile
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 202) ApVapId 1 Slot 0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 22) in 3 seconds
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_3: Dec 07 13:57:04.926: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_3: Dec 07 13:57:04.926: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20) -
User not able to connect to the WIreless
We are facing the issue with a client he is getting the Ip but we are not able to ping even it fails to get the lenk test from the WLC.AP is registered to the Centralised WLC and other users are able to get the access with out any problem .Below are the loggs i got for the user .
debug client 1c:65:9d:a4:ea:b6
(Cisco Controller) >*DHCP Socket Task: Dec 05 09:47:07.361: 8c:70:5a:c6:86:28 DHCP received op BOOTREPLY (2) (len 330,vlan 0, port 13, encap 0xec03)
*emWeb: Dec 06 08:20:19.255: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:20:19.256: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:20:19.259: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
(Cisco Controller) >debug client 1c:65:9d:a4:ea:b6
(Cisco Controller) >*apfMsConnTask_6: Dec 06 08:21:19.495: 1c:65:9d:a4:ea:b6 Association received from mobile on BSSID 20:37:06:7c:53:a0
*apfMsConnTask_6: Dec 06 08:21:19.498: 1c:65:9d:a4:ea:b6 Global 200 Clients are allowed to AP radio
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Max Client Trap Threshold: 0 cur: 18
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Re-applying interface policy for client
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 In processSsidIE:4619 setting Central switched to FALSE
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Applying site-specific Local Bridging override for station 1c:65:9d:a4:ea:b6 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Applying Local Bridging Interface Policy for station 1c:65:9d:a4:ea:b6 - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 STA - rates (8): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 STA - rates (12): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Processing RSN IE type 48, length 20 for mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Received RSN IE with 0 PMKIDs from mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Found an cache entry for BSSID 20:37:06:7c:53:a0 in PMKID cache at index 0 of station 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Removing BSSID 20:37:06:7c:53:a0 from PMKID cache of station 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Resetting MSCB PMK Cache Entry 0 for station 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Setting active key cache index 0 ---> 8
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 unsetting PmkIdValidatedByAp
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 apfMsRunStateDec
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 apfMs1xStateDec
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 START (0) Initializing policy
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) DHCP required on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1for this client
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 apfPemAddUser2:session timeout forstation 1c:65:9d:a4:ea:b6 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 Sending Assoc Response to station on BSSID 20:37:06:7c:53:a0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 apfProcessAssocReq (apf_80211.c:7957) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*apfMsConnTask_6: Dec 06 08:21:19.510: 1c:65:9d:a4:ea:b6 Updating AID for REAP AP Client 20:37:06:7c:53:a0 - AID ===> 7
*dot1xMsgTask: Dec 06 08:21:19.511: 1c:65:9d:a4:ea:b6 Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 06 08:21:19.511: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Connecting state
*dot1xMsgTask: Dec 06 08:21:19.511: 1c:65:9d:a4:ea:b6 Sending EAP-Request/Identity to mobile 1c:65:9d:a4:ea:b6 (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.010: 1c:65:9d:a4:ea:b6 Received EAPOL START from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.010: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Connecting state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.010: 1c:65:9d:a4:ea:b6 Sending EAP-Request/Identity to mobile 1c:65:9d:a4:ea:b6 (EAP Id 2)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 Received Identity Response (count=2) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 EAP State update from Connecting to Authenticating for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=160) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 WARNING: updated EAP-Identifier 2 ===> 160 for STA 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 160)
*apfMsConnTask_6: Dec 06 08:21:20.031: 1c:65:9d:a4:ea:b6 Association received from mobile on BSSID 20:37:06:7c:53:a0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Global 200 Clients are allowed to AP radio
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Max Client Trap Threshold: 0 cur: 19
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Re-applying interface policy for client
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 In processSsidIE:4619 setting Central switched to FALSE
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Applying site-specific Local Bridging override for station 1c:65:9d:a4:ea:b6 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Applying Local Bridging Interface Policy for station 1c:65:9d:a4:ea:b6 - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 STA - rates (8): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 STA - rates (12): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Processing RSN IE type 48, length 20 for mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Received RSN IE with 0 PMKIDs from mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Setting active key cache index 8 ---> 8
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 unsetting PmkIdValidatedByAp
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Initializing policy
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) DHCP required on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1for this client
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 apfPemAddUser2:session timeout forstation 1c:65:9d:a4:ea:b6 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Sending Assoc Response to station on BSSID 20:37:06:7c:53:a0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 apfProcessAssocReq (apf_80211.c:7957) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 160, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*dot1xMsgTask: Dec 06 08:21:20.038: 1c:65:9d:a4:ea:b6 Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 06 08:21:20.038: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Connecting state
*dot1xMsgTask: Dec 06 08:21:20.038: 1c:65:9d:a4:ea:b6 Sending EAP-Request/Identity to mobile 1c:65:9d:a4:ea:b6 (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 Received Identity Response (count=1) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 EAP State update from Connecting to Authenticating for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=161) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 WARNING: updated EAP-Identifier 1 ===> 161 for STA 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 161)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.063: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.063: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 161, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.064: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.068: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.068: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=162) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.068: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 162)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.083: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.083: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 162, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.083: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.087: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.087: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=163) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.087: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 163)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.111: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.111: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 163, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.111: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.166: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.167: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=164) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.167: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 164)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.173: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.173: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 164, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.173: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.179: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.179: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=165) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.179: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 165)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.184: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.184: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 165, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.184: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.189: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.189: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=166) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.189: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 166)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.200: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.200: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 166, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.200: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.204: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.204: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=167) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.204: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 167)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.216: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.216: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 167, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.216: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.718: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.718: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=168) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.718: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 168)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.725: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.725: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 168, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.725: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.731: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.731: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=169) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.731: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 169)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.738: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.738: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 169, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.738: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.746: 1c:65:9d:a4:ea:b6 Processing Access-Accept for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.746: 1c:65:9d:a4:ea:b6 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.746: 1c:65:9d:a4:ea:b6 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Setting re-auth timeout to 0 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Station 1c:65:9d:a4:ea:b6 setting dot1x reauth timeout = 0
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Stopping reauth timeout for 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Creating a PKC PMKID Cache entry for station 1c:65:9d:a4:ea:b6 (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Resetting MSCB PMK Cache Entry 0 for station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Adding BSSID 20:37:06:7c:53:a0 to PMKID cache at index 0 for station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: [0000] 8a 3e dc 82 7b 6b ce 00 72 ac 5d be 2a 12 ab a6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 PMK sent to mobility group
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Sending EAP-Success to mobile 1c:65:9d:a4:ea:b6 (EAP Id 169)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Found an cache entry for BSSID 20:37:06:7c:53:a0 in PMKID cache at index 0 of station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Found an cache entry for BSSID 20:37:06:7c:53:a0 in PMKID cache at index 0 of station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: [0000] 8a 3e dc 82 7b 6b ce 00 72 ac 5d be 2a 12 ab a6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Starting key exchange to mobile 1c:65:9d:a4:ea:b6, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Sending EAPOL-Key Message to mobile 1c:65:9d:a4:ea:b6
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.749: 1c:65:9d:a4:ea:b6 Entering Backend Auth Success state (id=169) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.749: 1c:65:9d:a4:ea:b6 Received Auth Success while in Authenticating state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.749: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Received EAPOL-Key from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Received EAPOL-key in PTK_START state (message 2) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 PMK: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Stopping retransmission timer for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.767: 1c:65:9d:a4:ea:b6 Sending EAPOL-Key Message to mobile 1c:65:9d:a4:ea:b6
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.773: 1c:65:9d:a4:ea:b6 Received EAPOL-Key from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.773: 1c:65:9d:a4:ea:b6 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.773: 1c:65:9d:a4:ea:b6 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 Stopping retransmission timer for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 L2AUTHCOMPLETE (4) DHCP required on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1 flex-acl-name:
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Reached PLUMBFASTPATH: from line 6233
*DHCP Socket Task: Dec 06 08:21:20.796: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.800: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.800: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*DHCP Socket Task: Dec 06 08:21:20.816: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.817: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.817: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*DHCP Socket Task: Dec 06 08:21:24.515: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.517: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.517: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*DHCP Socket Task: Dec 06 08:21:24.520: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.520: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.520: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*emWeb: Dec 06 08:21:52.267: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:21:52.270: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
(Cisco Controller) >undebug
Incorrect usage. Use the '?' or <TAB> key to list commands.
(Cisco Controller) >*emWeb: Dec 06 08:21:52.272: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:23:25.462: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:23:25.463: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:23:25.464: 1c:65:9d:a4:ea:b6 Central Switch = FALSEPlease upgrade the WLC
Maybe you are looking for
-
PSE-10 how do I import and copy from external hard drive into organizer
Can I import and copy from external hard drive into organizer? Under Get Photos, I select import from folders/files but after browsing to the external hard drive the copy option is disabled/greyed out. I there a method to import and copy?
-
Hi All, I have a Interface like RFC-XI-JDBC and triggering the RFC in SAP system i am getting the error like "<b>alternativeServiceIdentifier: party/service from channel configuration are not equal to party/service from lookup of alternative</b>".
-
Sub node does not exist error in web dynpro.
Hello Experts, I have Faced following Run time Error in Webdynpro. "Subnode ZALV21.ALV_TABLE does not exist " I done External Mapping Neatly In controller Usage.Even Though I faced this Runtime Error. Kindly Reply me ASAP. Regards, Ameya Karadkhed
-
Hey guys, I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rej
-
I restored my IPad Mini with an earlier backup in error
I restored my IPad Mini with an earlier backup in error, while trying to get my music to sync. Now ICloud has an old email address and asks for a password I have forgotten. My Itunes and Apstore has the correct Apple ID, how do I change the email a