Cannot authenticate Radius via WLC
Trying to configure RADIUS client on Server 2012 using a 5508 series WLC. Getting the following debug on the WLC:
(Cisco Controller) >*dot1xMsgTask: Dec 13 12:43:19.695: 74:e5:43:5d:48:78 Not sending EAP-Failure for STA 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Association received from mobile on BSSID 0c:68:03:b8:60:47
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 9
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Deleting client immediately since WLAN has changed
*apfMsConnTask_7: Dec 13 12:43:25.523: 74:e5:43:5d:48:78 Scheduling deletion of Mobile Station: (callerId: 50) in 1 seconds
*Dot1x_NW_MsgTask_0: Dec 13 12:43:25.550: 74:e5:43:5d:48:78 Ignoring any event(1), since client is marked for deletion
*osapiBsnTimer: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5827) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Disassociated
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsAssoStateDec
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5959) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Disassociated to Idle
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [0c:68:03:b8:60:40]
*apfReceiveTask: Dec 13 12:43:26.494: 74:e5:43:5d:48:78 Deleting mobile on AP 0c:68:03:b8:60:40(0)
*apfMsConnTask_7: Dec 13 12:43:31.820: 74:e5:43:5d:48:78 Adding mobile on LWAPP AP 0c:68:03:d7:c7:90(0)
*apfMsConnTask_7: Dec 13 12:43:31.820: 74:e5:43:5d:48:78 Reassociation received from mobile on BSSID 0c:68:03:d7:c7:97
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 3
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Re-applying interface policy for client
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 In processSsidIE:4210 setting Central switched to TRUE
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 In processSsidIE:4213 apVapId = 8 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Applying site-specific Local Bridging override for station 74:e5:43:5d:48:78 - vapId 8, site 'default-group', interface 'management'
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Applying Local Bridging Interface Policy for station 74:e5:43:5d:48:78 - vlan 219, interface id 0, interface 'management'
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Processing RSN IE type 48, length 20 for mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Received RSN IE with 0 PMKIDs from mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Dec 13 12:43:31.821: 74:e5:43:5d:48:78 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 0c:68:03:d7:c7:90 vapId 8 apVapId 8 flex-acl-name:
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfMsAssoStateInc
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Idle to Associated
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfPemAddUser2:session timeout forstation 74:e5:43:5d:48:78 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Sending Assoc Response to station on BSSID 0c:68:03:d7:c7:97 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Associated to Associated
*apfMsConnTask_7: Dec 13 12:43:31.822: 74:e5:43:5d:48:78 Updating AID for REAP AP Client 0c:68:03:d7:c7:90 - AID ===> 3
*dot1xMsgTask: Dec 13 12:43:31.825: 74:e5:43:5d:48:78 Station 74:e5:43:5d:48:78 setting dot1x reauth timeout = 1800
*dot1xMsgTask: Dec 13 12:43:31.825: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*dot1xMsgTask: Dec 13 12:43:31.825: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:31.831: 74:e5:43:5d:48:78 Received EAPOL START from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:31.831: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*Dot1x_NW_MsgTask_0: Dec 13 12:43:31.831: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 Received Identity Response (count=2) from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 EAP State update from Connecting to Authenticating for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Authenticating state
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.346: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.350: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.350: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=3) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.350: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.358: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.358: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.358: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.360: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.360: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=4) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.360: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.514: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.514: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.514: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.516: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.516: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=5) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:37.516: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 5)
*apfMsConnTask_7: Dec 13 12:43:42.724: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.724: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:42.725: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.725: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:42.726: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.726: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:42.727: 74:e5:43:5d:48:78 Association received from mobile on BSSID 0c:68:03:d7:c7:90
*apfMsConnTask_7: Dec 13 12:43:42.727: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 4
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Deleting client immediately since WLAN has changed
*apfMsConnTask_7: Dec 13 12:43:42.728: 74:e5:43:5d:48:78 Scheduling deletion of Mobile Station: (callerId: 50) in 1 seconds
*apfMsConnTask_7: Dec 13 12:43:42.731: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956622, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:43:42.731: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:42.744: 74:e5:43:5d:48:78 Ignoring any event(1), since client is marked for deletion
*osapiBsnTimer: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsExpireCallback (apf_ms.c:615) Expiring Mobile!
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5827) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Associated to Disassociated
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsAssoStateDec
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 apfMsExpireMobileStation (apf_ms.c:5959) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:d7:c7:90 from Disassociated to Idle
*apfReceiveTask: Dec 13 12:43:43.694: 74:e5:43:5d:48:78 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Dec 13 12:43:43.695: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [0c:68:03:d7:c7:90]
*apfReceiveTask: Dec 13 12:43:43.695: 74:e5:43:5d:48:78 Deleting mobile on AP 0c:68:03:d7:c7:90(0)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Adding mobile on LWAPP AP 0c:68:03:b8:60:40(0)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Reassociation received from mobile on BSSID 0c:68:03:b8:60:40
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 9
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Re-applying interface policy for client
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 In processSsidIE:4210 setting Central switched to TRUE
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 In processSsidIE:4213 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Applying site-specific Local Bridging override for station 74:e5:43:5d:48:78 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 Applying Local Bridging Interface Policy for station 74:e5:43:5d:48:78 - vlan 219, interface id 0, interface 'management'
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:49.065: 74:e5:43:5d:48:78 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Processing RSN IE type 48, length 20 for mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Received RSN IE with 0 PMKIDs from mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 0c:68:03:b8:60:40 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfMsAssoStateInc
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Idle to Associated
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfPemAddUser2:session timeout forstation 74:e5:43:5d:48:78 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 Sending Assoc Response to station on BSSID 0c:68:03:b8:60:40 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_7: Dec 13 12:43:49.066: 74:e5:43:5d:48:78 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Associated
*apfMsConnTask_7: Dec 13 12:43:49.067: 74:e5:43:5d:48:78 Updating AID for REAP AP Client 0c:68:03:b8:60:40 - AID ===> 1
*dot1xMsgTask: Dec 13 12:43:49.068: 74:e5:43:5d:48:78 Station 74:e5:43:5d:48:78 setting dot1x reauth timeout = 1800
*dot1xMsgTask: Dec 13 12:43:49.068: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*dot1xMsgTask: Dec 13 12:43:49.068: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:49.075: 74:e5:43:5d:48:78 Received EAPOL START from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:49.076: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
debug client 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:49.076: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 Received Identity Response (count=2) from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 EAP State update from Connecting to Authenticating for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Authenticating state
*Dot1x_NW_MsgTask_0: Dec 13 12:43:58.993: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.000: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.000: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=3) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.000: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.007: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.007: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.007: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.010: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.010: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=4) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.010: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.038: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.038: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 4, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.038: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.040: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.040: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=5) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.040: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 5)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.069: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.070: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.070: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.071: 74:e5:43:5d:48:78 Processing Access-Challenge for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.071: 74:e5:43:5d:48:78 Entering Backend Auth Req state (id=6) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.071: 74:e5:43:5d:48:78 Sending EAP Request from AAA to mobile 74:e5:43:5d:48:78 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.125: 74:e5:43:5d:48:78 Received EAPOL EAPPKT from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.125: 74:e5:43:5d:48:78 Received EAP Response from mobile 74:e5:43:5d:48:78 (EAP Id 6, EAP Type 25)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.125: 74:e5:43:5d:48:78 Entering Backend Auth Response state for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Processing Access-Reject for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Removing PMK cache due to EAP-Failure for mobile 74:e5:43:5d:48:78 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Sending EAP-Failure to mobile 74:e5:43:5d:48:78 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Entering Backend Auth Failure state (id=6) for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 Setting quiet timer for 5 seconds for mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:43:59.128: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Unknown state
*apfMsConnTask_7: Dec 13 12:44:00.651: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956640, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:44:00.651: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.659: 74:e5:43:5d:48:78 Client stats update: Time now in sec 1386956640, Last Acct Msg Sent at 0 sec
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Requested to send acct interim update request msg to APF task for client 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Association received from mobile on BSSID 0c:68:03:b8:60:40
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Max Client Trap Threshold: 0 cur: 10
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Dec 13 12:44:00.660: 74:e5:43:5d:48:78 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 219
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Re-applying interface policy for client
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2246)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 In processSsidIE:4210 setting Central switched to TRUE
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 In processSsidIE:4213 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Applying site-specific Local Bridging override for station 74:e5:43:5d:48:78 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Applying Local Bridging Interface Policy for station 74:e5:43:5d:48:78 - vlan 219, interface id 0, interface 'management'
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Processing RSN IE type 48, length 20 for mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Received RSN IE with 0 PMKIDs from mobile 74:e5:43:5d:48:78
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Dec 13 12:44:00.661: 74:e5:43:5d:48:78 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 0c:68:03:b8:60:40 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 apfPemAddUser2 (apf_policy.c:276) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Associated
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 apfPemAddUser2:session timeout forstation 74:e5:43:5d:48:78 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 Sending Assoc Response to station on BSSID 0c:68:03:b8:60:40 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_7: Dec 13 12:44:00.662: 74:e5:43:5d:48:78 apfProcessAssocReq (apf_80211.c:7399) Changing state for mobile 74:e5:43:5d:48:78 on AP 0c:68:03:b8:60:40 from Associated to Associated
*dot1xMsgTask: Dec 13 12:44:00.664: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*dot1xMsgTask: Dec 13 12:44:00.664: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Dec 13 12:44:00.677: 74:e5:43:5d:48:78 Received EAPOL START from mobile 74:e5:43:5d:48:78
*Dot1x_NW_MsgTask_0: Dec 13 12:44:00.677: 74:e5:43:5d:48:78 dot1x - moving mobile 74:e5:43:5d:48:78 into Connecting state
*Dot1x_NW_MsgTask_0: Dec 13 12:44:00.677: 74:e5:43:5d:48:78 Sending EAP-Request/Identity to mobile 74:e5:43:5d:48:78 (EAP Id 2)
I setup wireshark to capture on all interfaces and am getting absolutely 0 packet data when I attempt to authenticate as well.
Thanks in advance,
-B
Thanks for the reply Scott...so sorry for the spammy post!
The radius server where the client is deployed is not displaying any sort of logs in any of the NPS log files.
Show WLAN 1 is as follows:
WLAN Identifier.................................. 1
Profile Name..................................... GHI
Network Name (SSID).............................. GHI
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Enabled
DHCP ......................................... Enabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... GHI_WLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
--More-- or (q)uit
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Drop
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 172.18.0.44 1812
Accounting.................................... Global Servers
Interim Update............................. 600 Seconds
Dynamic Interface............................. Enabled
Dynamic Interface Priority.................... wlan
--More-- or (q)uit
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Hope this helps and thanks again!
/r
B
Similar Messages
-
Cannot ping IAS RADIUS from WLC 2504
I'm having some weird issues where I cannot ping from the WLC to the IAS RADIUS server. All of my clients cannot connect, but from the switch, router, RADIUS server, and hard wired clients, I can ping to the WLC and RADIUS server. The only thing that cannot ping the RADIUS server is the WLC itself. Nothing in the FW is blocking connectivity. Any ideas?
(Cisco Controller) >show radius summ
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Disabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ none
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr
1 NM 10.10.50.63 1645 Enabled 5 Enabled Disabled - none/unknown/group-0/0 none/none
2 NM 10.10.50.130 1645 Enabled 5 Enabled Disabled - none/unknown/group-0/0 none/none
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr
1 N 10.10.50.63 1646 Enabled 5 N/A Disabled - none/unknown/group-0/0 none/none
2 N 10.10.50.130 1646 Enabled 5 N/A Disabled - none/unknown/group-0/0 none/noneIt's in the arp cache through the default router
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:df:5b:c0
IP Address....................................... 10.30.72.250
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.30.72.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.10.10.65
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
(Cisco Controller) >show arp switch
Number of arp entries................................ 19
MAC Address IP Address Port VLAN Type
50:57:A8:D6:DE:C0 10.10.19.1 1 5 Host
50:57:A8:D6:DE:C0 10.10.20.138 1 5 Host
50:57:A8:D6:DE:C0 10.10.50.63 1 5 Host
64:00:F1:08:A0:D0 10.30.72.1 1 0 Host
50:57:A8:9E:B5:CD 10.30.72.40 1 0 Host
50:57:A8:A1:7B:C5 10.30.72.44 1 0 Host
50:57:A8:9E:99:78 10.30.72.48 1 0 Host
50:57:A8:3B:66:E3 10.30.72.49 1 0 Host
00:07:7D:43:23:DA 10.30.72.58 1 0 Host
50:57:A8:9E:B6:1D 10.30.72.59 1 0 Host
50:57:A8:9E:95:C5 10.30.72.60 1 0 Host
50:57:A8:A1:7C:0D 10.30.72.61 1 0 Host
00:07:7D:65:36:DD 10.30.72.62 1 0 Host
50:57:A8:44:57:0C 10.30.72.63 1 0 Host
50:57:A8:CA:CC:01 10.30.72.64 1 0 Host -
SEEBURGER AS2: AS2 Adapter failure - Cannot authenticate the user
Hello,
All was working fine but now I got these errors in an AS2 scenario. Sending a message via AS2. Also we don't receive any messages via AS2 anymore. This is the error when sending a message:
Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
MP: Exception caught with cause javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
Exception caught by adapter framework: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user
Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure.
Please advice, many thanks!
ErikAre you using the "Use Authentication" option in the communication channel? If yes, then ensure that the user provided is correct and is not locked. Also recheck the authentication certificate settings.
Regards,
Prateek -
Suddenly my N95 stopped connecting with PS Suite via bluetooth. When trying to restart it I got the message that my phone could not be authenticated!!!???
Bluetooth is working fine with other devices, PC suite is working fine through USB and trying to remove PC suite and installig the latest version currently available does not solve the problem. Please advise!!!
Regards,
JohanI have the same problem. My E51 connects with Bluetooth just fine to other devices like headset but when I try to connect to PC suite, it says 'cannot authenticate the phone'. I can connect the phone to my PC with my IBM supplied 'bluetooth places' but it connects for just a few seconds and then the phone disconnects it. The PC reports that the phone has connected and then disconnected and I can also see if from the phone (the little connection icon) that it is disconnecting so fast. Cable and IR work fine. Only the problem with BT. This has happened with the PC Suite that was delivered with the phone and also with the latest version. here's my setup info:
PC Connectivity Solution:
Version 8.15.0.0
Nokia Connectivity Cable Driver:
Version 6.86.11.0
Operating system:
Microsoft Windows XP 32-bit Edition, Service Pack 2
Language: English
Language for non-Unicode programs: English
Detected Internet browsers:
- Microsoft Internet Explorer 7.0
- Mozilla Firefox 2.0 (Default browser)
Detected Bluetooth stacks:
- Microsoft (Version: 5.1.2600, Build: 2180)
- Broadcomm (Version: 3.0.1, Build: 912)
When I try to connect with PC suite it say I have WIDICOM Buletooth stack which will try to connect but the Microsoft stack will not work because it says I am missing drivers (I have yet to find out where I get them).
Anyone know how to fix this?
Rgds,
RDWirr -
Cannot authenticate bluetooth connection
any help would be appreciated... got a 5310 phone 1 week n' several days ago... i tried connecting my phone to my pc using a bluetooth dongle v2.0... its a bluetooth device connected to the pc via usb... neway, phone and pc is paired but i cannot authenticate... a message "cannot authenticate phone" appears... pls help i am not really familiar about the "deeper" terms in computer but are familiar with the basic ones...
thanks a lot!Sorry mate, i did get your PM but i haven't got a clue.
Apologies.
Grayburn @ www.nokiausers.net & www.dailymobile.se....come say Hello!!!
If you appreciate ANY help from a member,then show it by clicking on the Blue Star button, cheers -
ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
Can anyone point me to a technical explanation of why this is true?
All I have found so far is one small note in a help file and something that might be related under EAP-FAST explanation.
I have posed this question to our Cisco account team but no response yet.
Just need to have a good explanation when explaining to mgmt why we need to have a special setup for WLAN users.Hmmm....you should be getting more than that from debug radius and debug aaa authen if your AP is truly attempting EAP authentication. The debugs I generally use for this are 'debug aaa authen', 'debug radius', and 'debug dot11 aaa dot1x all' coupled with gathering the detailed support logs from ACS. A warning about 'debug dot11 aaa dot1x all'....it is VERY verbose and cryptic if you don't have alot of experience looking at it so it may be best to open up a TAC case. With these debugs turned on, you should see an EAPOL logon show up from the client (usually says 'received EAPOL packet...') and then a request for identity from the switch and a response from the client with a username and password. Then a series of RADIUS challenge/response packets will be passed which consists of the server cert being passed to the client for validation and then the client sending the username and password to the server. Then you will finally get an access-reject or access-accept packet from the RADIUS server. The failed and passed attempts logs in ACS can also provide good info as to what the source of the failure may be. Do you get any passed or failed attempts for these authentications?
-
Cannot authenticate the phone : brand new 6085
I have just bought a brand new 6085 and wish to connect via Bluetooth to my laprop ( full details below) . Depsite having a perfect working BlueTooth set up prior to installing PC Suite , I continually get the
'Cannot authenticate the phone'
error message after I have entered the passkey on the phone.
I have spent about 6 hours checking all aspects of BT , which is otherwise working fine.
What is going on? If I can't get a solution promptly, sadly this phone , which in theory is ideal for my needs, is going back to the shop.
Thanks for your help,
Operating system:
Microsoft Windows XP
Build 2600
Service Pack 2
Language: English
Language for non-Unicode programs: English
Locale: English
Input language: English
Nokia PC Suite:
Version 6.84.10.4
Language: English
Connectivity Cable Drivers:
Version 6.84.4.0
PC Connectivity Solution:
Version 7.22.7.1
Microsoft Outlook:
Version 11.0
Build 8118
Bluetooth stacks:
WIDCOMM Bluetooth stack
Version 5.0.1
Build 1200
Microsoft Bluetooth stack
Version 5.1.2600
Build 2180Cannot authenticate the phone same stupid problem (with settings). please help
-
"Cannot Authenticate the Phone" with IBM T60 and N...
Hello!
I've been reading through the various posts on the "cannot authenticate the phone" -issue, yet after uninstalling & installing BT stack & PC Suite various times my problem still persists. I've also followed every single piece of instruction I've found on uninstalling Microsoft BT stack, yet PC Suite still reports that it is available.
I can connect from my laptop to the dial-up networking service on the phone, and I am able to connect from the phone to the headset service on my laptop, so BT stack & pairing works ok; I am also able to synchronise the phone via IR => problem must be somewhere in the PC Suite's bluetooth sections.
Is there any flags to enable debugging level logs in PC Suite? I would SOOO MUCH like to see what the hell goes wrong in there.
Or is there *any* way of getting this to work??
Getting pretty tired with this..
Rgrds,
sakuvee.
Operating system:
Microsoft Windows XP
Build 2600
Service Pack 2
Language: English (United States)
Language for non-Unicode programs: English (United States)
Locale: English (United States)
Input language: Finnish
Nokia PC Suite:
Version 6.81.13.0
Language: English
Connectivity Cable Drivers:
Version 6.81.1.2
Microsoft Outlook:
Version 11.0
Build 8010
Bluetooth stacks:
Microsoft Bluetooth stack
Version 5.1.2600.2180
WIDCOMM Bluetooth stack
Version 5.0.1
Build 3200
BT device: Thinkpad Bluetooth with Enhanced Data Rate
BT firmware: Broadcom 2.1.92.108, HCI 2.0 206C, LMP 2.0 415C
BT driver: Broadcom, 1.8.2006, 5.0.1.3200
Phone: V 3.0617.0.6, 03-05-2006, RM-92, Nokia N80 (03)
---Message Edited by sakuvee on 19-Oct-2006
02:46 PMOK - here's what I did to FINALLY get it working:
1) Uninstall PC Suite (from Add Remove Programs)
2) Uninstall Nokia Connectivity Solution
3) Remove C:\Documents and Settings\[uid]\Application Data\Nokia, ...\\Application Data\[uid]\PC Suite, ...\All Users\Application Data\PC Suite, C:\Program Files\Common Files\Nokia, C:\Program Files\Nokia. Basically all Nokia directories left behind by Nokia uninstallers.
4) Restart machine
5) Run PC Suite Cleaner (all options one at a time, except the diagnostics, don't restart although it recommends to do so)
6) Restart machine
7) Manually clean all typelibs, activex-objects, device-ids and other registry entries linking to or containing Nokia related stuff from registry using regedit.exe
8) Restart machine
9) Install PC Suite
10) Unpair phone (from laptop and from phone)
11) Run Get Connected Wizard -
My wife and I share the same email address but have separate IPhones. We would like to have each phone individually on "find friends" but cannot do it via email route. How is it done?
make seperate appleID's if you wish to be frinds or if you wish to facetime video chat and if you wish to not recieve the samme imessage msg's unless you turn it off
you can still set both your iphones to use an email address even if both have different appleId's
the appleID is a handle not a link to an email address -
Hello,
Often, the Firefox app will close, but the underlying Windows process will not and cannot be stopped via Task Manager. When this happens, Firefox can no longer be used...the system must be rebooted. This happens especially when many apps are running but even though there are plenty of memory resources available.
I have tried to find if something is using Firefox in the background, but have no way to know what that would be.
Their are no apparent viruses detected.
Firefox is version v5.0 and occurred in earlier release.
System is Windows 7 (64bit).well, it's not the same hardware and it's a bit different.
I managed to pass that stage somehow but I still have a problem
I don't use the built-in creator tool that comes with Spyrus as it doesn't know how to append a pre-staged media that was created by SCCM that should apply the Windows file system to a second partition and the WinPE to the first partition.
I managed to do everything. my only problem is that the WTGCreator that comes with SCCM 2012 R2 creates the 350MB partition with FAT32 file system.
when I boot from the device I get the WinPE, I can choose a task sequence and then it fails when trying to apply the wim file. the error tells me that the 350MB partition is FAT32 which is not supported (even though it chooses the second partition, which
is all the rest of the disk space)
what I did was adding another task that converts the 32 Fat partition to an NTFS partition and then the process continues and finishes successfully! but that's a workaround.
I'm trying to make this process as smooth as possible without having additional steps
Tamir Levy -
Creative Cloud Teams member cannot log in via Desktop app
Weird problem I have. Our company have 9 seat teams account, and one of our users cannot log in via the desktop app and use apps. Have worked just fine for the last year until today.
He has the old Application Manager installed as well as he had upgraded from older apps, and we are renewing our yearly subscription these days. Could any of that be the problem. Odd thing is, he is the only team member that has this problem.
He can log in to his account on the web just fine.Creative Cloud Help | Manage your Creative Cloud for teams membership may help
-
I cannot purchase item via Clash of clan Purchase for Clash of clan game, the message is “Your Purchase Could Not Be Completed”
If you also got a message to contact iTunes Support then you can do so via this link and ask them why the message is appearing (we are fellow users here on these forums, we won't know why) : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption
-
Local item 0010 L cannot be deleted via ALE
Hi,
I am trying to delete an line item from Sales Order BOM through BOMORD01 Idoc. When I process an IDoc, I am getting a message "Local item 0010 L cannot be deleted via ALE" in log (SLG1). Could you please tell me how to correct this error?
Thanks in advance.
Regards,
Balaji Viswanath.I customized IDOC_INPUT_BOMORD function module and setting memory id flg_ale = space.
Regards,
Balaji Viswanath. -
Samba Users Cannot Authenticate?
I just want to start this thread by saying samba makes me want to kill myself. I love it so much, that it makes me want to rip my heart out and feed it to stray dogs every time I need to write a new configuration. Because I truly hate configuring it. Ok, with that steam having been blown off, let's jump into the problem I've been chasing for hours.
My users cannot login to samba shares. Simple as dirt. Every single time I access the shares as a user, I am prompted for my password, I enter my password, and the prompt immediately asks me again, as if I've entered the wrong password.
Heading off the obvious: Yes, I've added samba users with pdbedit -a -u [username]. The unix permissions on the folder I am trying to access as a samba user are 755, and I am trying to access the folder as its owner. My server smb.conf is included below.
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
netbios name = ArchServ
name resolve order = bcast host lmhosts wins
server string = ""
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
use client driver = yes
map to guest = Bad User
local master = yes
preferred master = yes
os level = 65
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False
security = share
#username map = /etc/samba/smbusers
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[Home - user1]
comment = Deyla's Home folder
path = /home/user1
create mask = 0755
guest ok = yes
browsable = yes
write list = user1
public = yes
[Home - user2]
comment = James' Home folder
path = /home/user2
create mask = 0755
guest ok = yes
browsable = yes
write list = user2
public = yes
[Transmission Home]
comment = Torrent downloads
path = /home/transmission
create mask = 0775
guest ok = yes
browsable = yes
write list = user1 user2
public = yes
They work flawlessly as guest shares, and I have no problem gaining access... but when I try to log into a share as a user, the user will absolutely not authenticate, and it is the most frustrating, puzzling enigma to me. I formerly had this very samba configuration on an Ubuntu file server, and had no problems with the share behaving exactly as I wanted it to. I cannot for the life of me figure out why my users cannot authenticate.
Please help! Any and all tips are appreciated! Thank you in advance!Thanks to Swerdina over at the OpenSUSE forums, I was able to solve my samba issue (thread). In a nutshell, my problem was the last active line in my [global] stanza, which was set to "security = share". By setting this global setting to "security = user" it fixed my problem and now allows me to invoke my shares with user privileges if I so choose to. Hopefully this helps someone who may have had a similar problem.
-
I'm trying to sign my messages between client & webservice using X509 certificates. I've created a keystore and imported:
privatekey1, certificate1(public key) and trustedCertAuthority that published certificates.
I've configured webservice & client to use that keystore and privatekey1 to sign request/response, but web service keeps throwing following exception:
javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User EMAILADDRESS=[email protected], CN=testUser, ... does not exist in our system
How can I configure web service to find that certificate?
Thnx for help.Yes, I did. I found the problem..
I had also checked to Authenticate with X509 certificate... and obviously I should somehow set the Securtiy provider, although, I don't know how (but it's not so important right now).
But I do have another question - how can I use private key & public key in certificate X509 to encrypt messages. In the sample you mentioned, it's written that there shoud be separate key for signature & encryption, but I have separate keystores for client (with client private key & server public certificate) and for server (with server private key & client certificate). But I can't get it to work... It seems to me that in that case signature key alias at service should be the same as key needed to decrypt the message?
Am i missing something again?
Thanks.
Maybe you are looking for
-
How to launch many instances of Sun Java ME Platform SDK 3.0 emulator ?
Hi all, I want to launch two instances of the emulator , how to achieve that ? Thank you very much indeed
-
Hi iam getting the alv grid data in excel format but iam facing one problem
hi iam getting the alv grid data in excel format but iam facing one problem , i.e., i want it read only but iam getting it in edit mode i use layout default in excel iam getting in xl directly but in edit mode but i need it in read only mode what i
-
Unlocking multiple folders within Iphoto Library folder
I just bought ILife 06 and the pics in iphoto will not upgrade because Im assuming some of the pics within the folders in the Iphoto Library are locked. I transferred a lot of these pics from a cd rom and apparently files transferred in such a way ar
-
I am getting the message error when trying to run the labwindowa/CVI adapters for debug
See attachments for error message and teststand settings. I am running testand 4.0.1 It was working before and suddenly it crash and then I am getting that error message every time Regards Attachments: ErrorLoadCallback.jpg 32 KB ErrorLoadCallback2.
-
These are some of the features you get with this toolbar:How It Works Install & Earn Earn $1.00 for installing the Toolbar Search The Web & Earn Cash Earn $.01 for every qualified search*, maximum of five per day. Toolbar Features Paid Email® Alerts