Changing to Lwapp
I am working on changing My ap1231's to Lwapp and ran into an issue. The upgrade of the 1231 works great, but when it goes to create the CSV file, it's empty. When I see the message that tells me to 'save' the CSV file, I clicked on 'config' and that was empty as well.
I'm wondering or trying to figure out why the CSV file is empty...
Any ideas or help?
Jeff
Since I was feeling lucky, and that 1st one worked I tried a second. It followed the doc more closely and I got up to actually entering the CSV cert into the WCS for my controllers..BUT, it never joined getting these messages:
Mar 1 00:00:05.529: %LINK-3-UPDOWN: Interface FastEthernet0, changed state top
*Mar 1 00:00:06.529: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherp
*Mar 1 00:00:23.624: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:23.656: SSC Load Current Size crypto_mykey 116, offset 5014, Save4
*Mar 1 00:00:32.272: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned 3
*Mar 1 00:00:44.991: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar 19 13:28:32.006: LWAPP_CLIENT_ERROR_DEBUG:
*Mar 19 13:28:32.007: peer certificate verification failed
*Mar 19 13:28:32.007: LWAPP_CLIENT_ERROR_DEBUG: spamDecodeJoinReply : Certificad
*Mar 19 13:28:32.007: LWAPP_CLIENT_ERROR_DEBUG: Unable to decode join reply
*Mar 19 13:28:36.803: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not re
*Mar 19 13:28:36.803: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses.
*Mar 19 13:28:36.975: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload R.
*Mar 19 13:28:36.975: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
After this it reboots. So I'm not sure where the cert is going wrong here. I've read through the doc and can't find a possible solution.
Any ideas?
Jeff
Similar Messages
-
Changing from LWAPP to autonomous
I have a 1130AG access point in LWAPP mode with no controller. How can change it to an autonomous mode if I dont have access to a wireless controller.
Yes. Follow the link below and use the guide "Using a TFTP Server to Return to a Previous Release"
http://www.cisco.com/en/US/customer/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
Please don't forget to rate our posts. Thanks. -
My customer is using WLC4400(4.0.179.11) and LAP1130(12.3jx1). Before converting IOS to LWAPP, the WLAN service is not problem.
But after changing to LWAPP based,the customer is complain about disconnecting problem.
Intel centrino and other vendor's wlan cards are dropping, cisco wlan cards are no problem.
After all we have to fall back to IOS version. Is there any Bug report about WLC4400?There are some issues with the Intel adapters. I would try downloading the latest driver version to see if that helps. You can navigate to the Intel support page and view the documented disconnect issues.
-Mark -
Hi All
Can anyone give me a definitive answer to this question please?
If you are using a pair of wireless LAN controllers configured with primary and secondary controllers for the access points and the primary controller fails - do the access points reboot before associating to the secondary controller. I can't see why they would need to but documentation suggests they do.
Additionally, has anyone significantly reduced the failover time? If so, what is the lowest practical failover time. I know the actual failover time can be reduced to 3 seconds but I think that is likely to cause other problems.
Thanks guys.
Regards
RogerAs far I know, In this case the AP does not reboot, only changes its lwapp status to discovery and begins with the discovery proccess.
You can see in the AP if it is restarted; when it places registered in the second WLC, Wireless tab and select the AP affected; normaly in the first tab you can see bottom right the AP up time and the AP association time; if this AP has rebooted this value will close to 00:00.
Normaly I set the Ap heartbeat timeout to 5 seconds, I don´t know if is the best value and my failover time is bigger than your, I don´t know how critical are your network, but a prefer a higher heartbeat timeout to avoid unnecessary AP changes that spend more time.
Best Regards. -
Using an AIR-LAP 1024N as a TEST AP
Hi,
as the subjects states I would like to use the abovementioned AP as a test AP for wireless surveys. I want to do this without the need for using a switch to stop the unit rebooting.
I believe that I need to enable thick mode? or would that be Autonomous mode - which would require me to change from LWAPP - IOS?
What is the best way for me to configure the AP so that it broadcasts the given SSID and not continually reboot?
Thanks in Advance
JezCould you please let me know the script for enabling Autonomous mode?
I followed your instructions here
https://supportforums.cisco.com/thread/2060925
But found that I got some errors on some of the lines below
Ap(config)#int fa 0
Invalid input detected at '^' marker.
Ap(config-if)ip address
AP44d3.cab0.7ad3(config)#no shut
Invalid input detected at '^' marker.
Thanks in advance
Jez -
I haven't installed or priced a wireless system in a while and now cant find pricing for the WLSE. What replaced it for 6 AP control. They are getting 7921 IP Phones for this setup and I would like to use te WLSE for seamless roaming.
Hi Todd,
The WLSE has not been completly "End of Life" although I think its safe to say that Cisco is really promoting the change to LWAPP. They even have a migration path from the WLSE to WCS in place. There are many Autonomous AP's that can be converted to LWAPP as well. You probably want to look into one of smaller versions of the WLC (Wireless Lan Contoller) Have a look;
CiscoWorks Wireless LAN Solution Engine (WLSE)
End-of-Life and End-of-Sale Notices
From this doc;
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_eol_notices_list.html
WLSE 2.11 End of Support April 19, 2010 (So if WLSE 2.13 has not yet been EOL then it is safe to say it will be sometime sooner rather than later)
CiscoWorks WLSE Migration to Cisco WCS
http://www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_bulletin0900aecd804b4635.html
Conversion of a WLSE Autonomous Deployment to a WCS Controller Deployment
http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b71db.html
Customers that have purchased the CiscoWorks WLSE are encouraged to transition to the Cisco WCS and the Cisco Unified Wireless Network. Customers can use the CiscoWorks WLSE to Cisco WCS conversion CDs (Cisco WCS SKU Family WCS-WLSE-UPG-K9) to convert an existing CiscoWorks WLSE (Model 1130-19 and 1133) to operate as a Cisco WCS server.
From this good doc;
Guidelines and Tools for Migrating to the Cisco Unified Wireless Network
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd804f1a23.shtml
Here are some good WLC (Wireless Lan Contoller docs);
Understanding the Lightweight Access Point Protocol (LWAPP)
http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd802c18ee.shtml
Deploying Cisco 440X Series Wireless LAN Controllers
http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a00806cfa96.html
Cisco Wireless LAN Controller Configuration Guide, Release 4.0
http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_book09186a00806b0077.html
WLC Video
http://www.cisco.com/en/US/products/ps6366/index.html
Lightweight Access Point FAQ
http://www.cisco.com/en/US/products/ps6306/products_qanda_item09186a00806a4da3.shtml
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
Hope this helps!Take care,
Rob -
LWAPP error and change status to Discovery
Hello,
I have a LWAPP AP keep on up and down.
The following is error message I got from the log.
%LWAPP-3-CLIENTERRORLOG: Retransmission count for packet exceeded max(ECHO_REQUE
ST, 1)
%LWAPP-3-CLIENTERRORLOG: GOING BACK TO DISCOVER MODE
%WIDS-6-DISABLED: IDS Signature is removed and disabled.
%LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
COW1242-05#The regulatory domain is correct the time and date is synced with NTP and is correct this is a new LAP.
These are the errors I'm getting
%LWAPP-5-CHANGED: LWAPP changed state to CFG
%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failure
%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message
%LWAPP-5-CHANGED: LWAPP changed state to DOWN
%LWAPP-3-CLIENTEVENTLOG: AP has joined controller WiSM-D5-B
%LWAPP-3-CLIENTERRORLOG: Retransmission count for packet exceeded max(ECHO_REQUEST
, 1)
%LWAPP-3-CLIENTERRORLOG: GOING BACK TO DISCOVER MODE
%LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
%LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
%CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source -
LWAPP changes state to discovery
i have just reset my AP and connect with controller i m getting following error not able to connect with AP or cant access user mode and preveliged mode
%LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve CISCO-LWAPP-CONTROLLER.cisco.com
Translating "CISCO-LWAPP-CONTROLLER.cisco.com"...domain server (10.1.1.20)
how can i resolve it
thanks in advanceHi,
the recommended way is:
- Set up an DHCP Pool for your Lightweight APs
- Provide the IP address of an DNS Server and the corresponding domain name through this DHCP Pool
- Add an entry in your DNS Server which resolves the name "CISCO-LWAPP-CONTROLLER" to your WLC's IP address
That way, your AP gets an IP adress and the IP address of your DNS Server. When it tries to resolve "CISCO-LWAPP-CONTROLLER" it gets the IP address of your WLC and joins it.
Or you follow the manual way, like leolaohoo described it.
Greets,
Sebastian -
How to change the Default Password on AP1131AG
Hi all :
I tried to change the default password Cisco to other by command line but the password cannot work out.
The command line I used are as below :
AP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
AP(config)#enable pass
AP(config)#enable password 4dMINO123 ?
LINE <cr>
AP(config)#enable password 4dMINO123
AP(config)#exit
AP#wr
*Mar 1 04:39:23.902: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
[OK]
AP#exit
This still cannot cahnge. Below I do again below commands :
AP(config)#enable secret
% Incomplete command.
AP(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
AP(config)#enable secret 5
% Incomplete command.
AP(config)#enable secret 5 ?
LINE The ENCRYPTED 'enable' secret string
AP(config)#enable secret 5 LINE
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
AP(config)#enable secret LINE
AP(config)#exit
AP#
*Mar 1 04:40:53.021: %SYS-5-CONFIG_I: Configured from console by console
AP#
AP#exit
After that when I access with >en again as below with correct password of 4dMINO123 and it always fails as below :
Can anybody help to provide correct way of changing the default password of Cisco to another password? Many thanks!
AP con0 is now available
Press RETURN to get started.
AP>en
Password:
Password:
Password:
% Bad secrets
AP>en 0
AP>en 5
% No password set
AP>en 15
Password:
Password:
% Password: timeout expired!
Password:
% Bad secrets
AP>
AP>
AP>en
Password:
Password:
Password:
% Bad secrets
thanks and best regards,
tangsuanHi, I have even the worst problem,
that seems probably to to be never asked on Internet. After quick learning how to reset this creapy device, I can't get by no means the enable password in default config for this box, having read everywhere from Cisco guide through community pages to Google pages.. NOWHERE.
Question is : what else except Cisco, cisco, root, password... can solve this stupid issue?!? I expect some guru from responsible AP BU to answer this with definite answer, or someone from Cisco having mercy with me to contact such guy(s).
Here is my desperate situation :
Nothing from this page helped :
http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_password_recovery09186a00800949d0.shtml#reset_ap_newer
Situation after hard reset:
Xmodem file system is available.
flashfs[0]: 26 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 6879232
flashfs[0]: Bytes available: 9119744
flashfs[0]: flashfs fsck took 43 seconds.
Base ethernet MAC Address: 00:22:55:9f:fc:a0
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
button pressed for 1 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
Loading "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx"...#########################################################################################################################################################################
File "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1130 Software (C1130-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:38 by alnguyen
Image text-base: 0x00003000, data-base: 0x0035E440
Initializing flashfs...
flashfs[1]: 26 files, 8 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 6879232
flashfs[1]: Bytes available: 9119744
flashfs[1]: flashfs fsck took 6 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
cisco AIR-LAP1131AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ1238Q0HK
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 3.0.51.0
1 FastEthernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:22:55:9F:FC:A0
Part Number : 73-8962-14
PCA Assembly Number : 800-24818-13
PCA Revision Number : A0
PCB Serial Number : FOC12354426
Top Assembly Part Number : 800-29144-03
Top Assembly Serial Number : FCZ1238Q0HK
Top Revision Number : A0
Product/Model Number : AIR-LAP1131AG-E-K9
Press RETURN to get started!
*Mar 1 00:00:08.354: %CDP_PD-4-POWER_OK: Full power - AC_ADAPDOWN: Line protocol on Interface FastEthernet0, changed state to up
Press>en
Password:
Password:
Password:
*Mar 1 00:00:27.393: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
% Bad secrets
Press>en
Password:
Password:
Password:
% Bad secrets
Press>
*Mar 1 00:00:36.530: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.1.2, mask 255.255.255.0, hostname Press
Press>en
Password:
Password:
Press>sho ver
Cisco IOS Software, C1130 Software (C1130-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:38 by alnguyen
ROM: Bootstrap program is C1130 boot loader
BOOTLDR: C1130 Boot Loader (C1130-BOOT-M) Version 12.3(8)JEA, RELEASE SOFTWARE (fc2)
Press uptime is 17 minutes
System returned to ROM by power-on
System image file is "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx"
cisco AIR-LAP1131AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ1238Q0HK
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 3.0.51.0
1 FastEthernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:22:55:9F:FC:A0
Part Number : 73-8962-14
PCA Assembly Number : 800-24818-13
PCA Revision Number : A0
PCB Serial Number : FOC12354426
Top Assembly Part Number : 800-29144-03
Top Assembly Serial Number : FCZ1238Q0HK
Top Revision Number : A0
Product/Model Number : AIR-LAP1131AG-E-K9
Configuration register is 0xF
Press> -
Clients disconnect because of Capabilites change
Hi all,
recently we migrated AIR-LAP1131AG APs from a 4402 WLC running 4.1.185.0 release to a 5508 running 7.6.130.0. After we did that some clients constantly disconnected and reconnected. I strongly assume it has something to do with the additional features that were introduced between the releases.
During debugging I saw that after the client entered the RUN state that it got disconnected with the following error:
*spamApTask0: Mar 31 01:57:27.649: xx:xx:xx:xx:xx:xx Association Failed on REAP AP BSSID yy:yy:yy:yy:yy:yy (slot 0), status 1 0 Capabilities changed
Here is the whole debug output (X is the client, Y is the AP, Z are other APs for the group key)
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx Adding mobile on LWAPP AP yy:yy:yy:yy:yy:yy(0)
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx Association received from mobile on BSSID yy:yy:yy:yy:yy:yy
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx Global 200 Clients are allowed to AP radio
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx Max Client Trap Threshold: 0 cur: 0
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx override for default ap group, marking intgrp NULL
*apfMsConnTask_3: Mar 31 01:57:17.623: xx:xx:xx:xx:xx:xx Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Re-applying interface policy for client
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Applying site-specific Local Bridging override for station xx:xx:xx:xx:xx:xx - vapId 5, site 'default-group', interface 'irglbxv'
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Applying Local Bridging Interface Policy for station xx:xx:xx:xx:xx:xx - vlan 14, interface id 14, interface 'irglbxv'
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx STA - rates (4): 2 4 11 22 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Processing RSN IE type 48, length 20 for mobile xx:xx:xx:xx:xx:xx
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Updating AID for REAP AP Client yy:yy:yy:yy:yy:yy - AID ===> 1
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Encryption policy is set to 0x80000001
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Central switch is FALSE
*apfMsConnTask_3: Mar 31 01:57:17.624: xx:xx:xx:xx:xx:xx Sending Local Switch flag = 1
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx 0.0.0.0 8021X_REQD (3) DHCP required on AP yy:yy:yy:yy:yy:yy vapId 5 apVapId 5for this client
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx Not Using WMM Compliance code qosCap 00
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP yy:yy:yy:yy:yy:yy vapId 5 apVapId 5 flex-acl-name:
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx apfMsAssoStateInc
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx apfPemAddUser2 (apf_policy.c:333) Changing state for mobile xx:xx:xx:xx:xx:xx on AP yy:yy:yy:yy:yy:yy from Idle to Associated
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx apfPemAddUser2:session timeout forstation xx:xx:xx:xx:xx:xx - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx Sending Assoc Response to station on BSSID zz:zz:zz:zz:zz:zz (status 0) ApVapId 5 Slot 0
*apfMsConnTask_3: Mar 31 01:57:17.625: xx:xx:xx:xx:xx:xx apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile xx:xx:xx:xx:xx:xx on AP yy:yy:yy:yy:yy:yy from Associated to Associated
*spamApTask0: Mar 31 01:57:17.708: xx:xx:xx:xx:xx:xx Sent 1x initiate message to multi thread task for mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.708: xx:xx:xx:xx:xx:xx Creating a PKC PMKID Cache entry for station xx:xx:xx:xx:xx:xx (RSN 2)
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Resetting MSCB PMK Cache Entry 0 for station xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Adding BSSID yy:yy:yy:yy:yy:yy to PMKID cache at index 0 for station xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: New PMKID: (16)
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: [0000] 95 e5 c8 10 ba cc 57 e5 1d 4c ab ae c3 eb 0c f5
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Initiating RSN PSK to mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx EAP-PARAM Debug - eap-params for Wlan-Id :5 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx dot1x - moving mobile xx:xx:xx:xx:xx:xx into Force Auth state
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Skipping EAP-Success to mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx EAPOL Header:
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Found an cache entry for BSSID yy:yy:yy:yy:yy:yy in PMKID cache at index 0 of station xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Found an cache entry for BSSID yy:yy:yy:yy:yy:yy in PMKID cache at index 0 of station xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: [0000] 95 e5 c8 10 ba cc 57 e5 1d 4c ab ae c3 eb 0c f5
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Starting key exchange to mobile xx:xx:xx:xx:xx:xx, data packets will be dropped
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Sending EAPOL-Key Message to mobile zz:zz:zz:zz:zz:zz
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Sending EAPOL-Key Message to mobile zz:zz:zz:zz:zz:zz
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx Allocating EAP Pkt for retransmission to mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.709: xx:xx:xx:xx:xx:xx mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:01 mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.710: xx:xx:xx:xx:xx:xx mscb->apfMsBssid = yy:yy:yy:yy:yy:yy mscb->apfMsAddress = xx:xx:xx:xx:xx:xx mscb->apfMsApVapId = 5
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.710: xx:xx:xx:xx:xx:xx dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = 171969037
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.710: xx:xx:xx:xx:xx:xx mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 173667675 mscb->apfMsLwappLradPort = 23341
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx Received EAPOL-Key from mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx Received EAPOL-key in PTK_START state (message 2) from mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx Stopping retransmission timer for mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx EAPOL Header:
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx Sending EAPOL-Key Message to mobile zz:zz:zz:zz:zz:zz
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx Sending EAPOL-Key Message to mobile zz:zz:zz:zz:zz:zz
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx Reusing allocated memory for EAP Pkt for retransmission to mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:01 mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.792: xx:xx:xx:xx:xx:xx mscb->apfMsBssid = yy:yy:yy:yy:yy:yy mscb->apfMsAddress = xx:xx:xx:xx:xx:xx mscb->apfMsApVapId = 5
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.793: xx:xx:xx:xx:xx:xx dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = 171969037
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.793: xx:xx:xx:xx:xx:xx mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 173667675 mscb->apfMsLwappLradPort = 23341
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.897: xx:xx:xx:xx:xx:xx Received EAPOL-Key from mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.897: xx:xx:xx:xx:xx:xx Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.897: xx:xx:xx:xx:xx:xx Stopping retransmission timer for mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.897: xx:xx:xx:xx:xx:xx Freeing EAP Retransmit Bufer for mobile xx:xx:xx:xx:xx:xx
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.897: xx:xx:xx:xx:xx:xx apfMs1xStateInc
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.897: xx:xx:xx:xx:xx:xx 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx Central switch is FALSE
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx Sending the Central Auth Info
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx Central Auth Info Allocated PMKLen = 32
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx PMK: pmkActiveIndex = 0
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 apfMsEapType = 0
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx Sending Local Switch flag = 0
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP yy:yy:yy:yy:yy:yy vapId 5 apVapId 5for this client
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP yy:yy:yy:yy:yy:yy vapId 5 apVapId 5 flex-acl-name:
*spamApTask0: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 pmkLen = 32
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6178, Adding TMP rule
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP yy:yy:yy:yy:yy:yy, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 14, Local Bridging intf id = 14
*Dot1x_NW_MsgTask_7: Mar 31 01:57:17.898: xx:xx:xx:xx:xx:xx 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Mar 31 01:57:17.900: xx:xx:xx:xx:xx:xx 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*apfOrphanSocketTask: Mar 31 01:57:18.904: xx:xx:xx:xx:xx:xx Orphan Packet from STA - IP 10.89.246.63
*apfOrphanSocketTask: Mar 31 01:57:18.904: xx:xx:xx:xx:xx:xx apfMsRunStateInc
*apfOrphanSocketTask: Mar 31 01:57:18.904: xx:xx:xx:xx:xx:xx 10.89.246.63 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
*apfOrphanSocketTask: Mar 31 01:57:18.904: xx:xx:xx:xx:xx:xx Assigning Address 10.89.246.63 to mobile
*pemReceiveTask: Mar 31 01:57:18.905: xx:xx:xx:xx:xx:xx 10.89.246.63 Removed NPU entry.
*dot1xMsgTask: Mar 31 01:57:19.863: GTK Rotation Kicked in for AP: zz:zz:zz:zz:zz:zz SlotId = 0 - (0x3ff07bf8)
*dot1xMsgTask: Mar 31 01:57:19.863: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 1
*dot1xMsgTask: Mar 31 01:57:19.863: GTK rotation for zz:zz:zz:zz:zz:zz
*dot1xMsgTask: Mar 31 01:57:19.863: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:19.863: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 2
*dot1xMsgTask: Mar 31 01:57:19.863: GTK rotation for zz:zz:zz:zz:zz:zz
*dot1xMsgTask: Mar 31 01:57:19.864: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:19.864: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 3
*dot1xMsgTask: Mar 31 01:57:19.864: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:19.864: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 4
*dot1xMsgTask: Mar 31 01:57:19.864: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:19.864: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 5
*dot1xMsgTask: Mar 31 01:57:19.865: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*mmMaListen: Mar 31 01:57:20.863: xx:xx:xx:xx:xx:xx 10.89.246.63 RUN (20) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*mmMaListen: Mar 31 01:57:20.863: xx:xx:xx:xx:xx:xx 10.89.246.63 RUN (20) Reached PLUMBFASTPATH: from line 5850
*dot1xMsgTask: Mar 31 01:57:21.263: GTK Rotation Kicked in for AP: zz:zz:zz:zz:zz:zz SlotId = 0 - (0x3ff07bf8)
*dot1xMsgTask: Mar 31 01:57:21.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 1
*dot1xMsgTask: Mar 31 01:57:21.263: GTK rotation for zz:zz:zz:zz:zz:zz
*dot1xMsgTask: Mar 31 01:57:21.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:21.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 2
*dot1xMsgTask: Mar 31 01:57:21.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:21.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 3
*dot1xMsgTask: Mar 31 01:57:21.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:21.264: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 4
*dot1xMsgTask: Mar 31 01:57:21.264: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:21.264: Generated a new group key for AP zz:zz:zz:zz:zz:zz(0) - vap 5
*dot1xMsgTask: Mar 31 01:57:21.264: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*spamApTask0: Mar 31 01:57:27.649: xx:xx:xx:xx:xx:xx Association Failed on REAP AP BSSID yy:yy:yy:yy:yy:yy (slot 0), status 1 0 Capabilities changed
*spamApTask0: Mar 31 01:57:27.649: xx:xx:xx:xx:xx:xx apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 8, reasonCode 1
*spamApTask0: Mar 31 01:57:27.649: xx:xx:xx:xx:xx:xx Scheduling deletion of Mobile Station: (callerId: 30) in 1 seconds
*osapiBsnTimer: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx apfMsExpireMobileStation (apf_ms.c:6655) Changing state for mobile xx:xx:xx:xx:xx:xx on AP yy:yy:yy:yy:yy:yy from Associated to Disassociated
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Sent Deauthenticate to mobile on BSSID yy:yy:yy:yy:yy:yy slot 0(caller apf_ms.c:6749)
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Found an cache entry for BSSID yy:yy:yy:yy:yy:yy in PMKID cache at index 0 of station xx:xx:xx:xx:xx:xx
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Removing BSSID yy:yy:yy:yy:yy:yy from PMKID cache of station xx:xx:xx:xx:xx:xx
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Resetting MSCB PMK Cache Entry 0 for station xx:xx:xx:xx:xx:xx
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Setting active key cache index 0 ---> 8
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx Global PMK Cache deletion failed.
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx apfMsAssoStateDec
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx apfMsExpireMobileStation (apf_ms.c:6787) Changing state for mobile xx:xx:xx:xx:xx:xx on AP yy:yy:yy:yy:yy:yy from Disassociated to Idle
*apfReceiveTask: Mar 31 01:57:28.463: xx:xx:xx:xx:xx:xx pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Mar 31 01:57:28.464: xx:xx:xx:xx:xx:xx 10.89.246.63 START (0) Deleted mobile LWAPP rule on AP [yy:yy:yy:yy:yy:yy]
*apfReceiveTask: Mar 31 01:57:28.464: xx:xx:xx:xx:xx:xx Deleting mobile on AP yy:yy:yy:yy:yy:yy(0)
*dot1xMsgTask: Mar 31 01:57:30.263: GTK Rotation Kicked in for AP: zz:zz:zz:zz:zz:zz SlotId = 1 - (0x3ff07bf8)
*dot1xMsgTask: Mar 31 01:57:30.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(1) - vap 1
*dot1xMsgTask: Mar 31 01:57:30.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:30.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(1) - vap 2
*dot1xMsgTask: Mar 31 01:57:30.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:30.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(1) - vap 3
*dot1xMsgTask: Mar 31 01:57:30.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:30.263: Generated a new group key for AP zz:zz:zz:zz:zz:zz(1) - vap 4
*dot1xMsgTask: Mar 31 01:57:30.263: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
*dot1xMsgTask: Mar 31 01:57:30.264: Generated a new group key for AP zz:zz:zz:zz:zz:zz(1) - vap 5
*dot1xMsgTask: Mar 31 01:57:30.264: Sending of M5 for zz:zz:zz:zz:zz:zz is Skipped, rc = 1
Here is the configuration of the SSID on the 4402 and 5508 for comparison.
4402
WLAN Identifier.................................. 2
Profile Name..................................... xxxxx
Network Name (SSID).............................. xxxxx
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Interface........................................ xxxxxx
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Radio Policy..................................... All
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Auto Anchor................................... Disabled
Cranite Passthru.............................. Disabled
Fortress Passthru............................. Disabled
H-REAP Local Switching........................ Disabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
5508
WLAN Identifier.................................. 5
Profile Name..................................... xxxxx
Network Name (SSID).............................. xxxxx
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 3
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... xxxxxxxx
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ xxxxxxxx
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
PMIPv6 MAG Profile........................... Unconfigured
PMIPv6 Default Realm......................... Unconfigured
PMIPv6 NAI Type.............................. Hexadecimal
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Does anybody have an idea where else I could look at?
Regards,
PatrickI thought the same that those devices simply are too old. However I would like to know what causes this capabilities change. We want to get rid of the old H/W, but at the moment it looks as if we would need to revert back to the 4402 in order to get those things working again.
I have not enough information, but those devices are some kind of handhelds. Their MAC OUI belongs to Newport Electronics.
Regards,
Patrick -
Intel and Cisco LWAPP - Sucess at last
I work for a large healthcare system that has a very large LWAPP deployment. We utilize the network for laptops, 7920 IP phones, and the new 7921 phones. We have HP laptops with Intel wireless cards. We have both the HP 6120 and 6320 laptops with the Intel 2915 and 3945 Intel wireless abg clients. There has always been a beacon interoperability problem between these intel clients and lwapp. This has been a huge issue that neither Intel nor Cisco has wanted to deal with.
The problem has finally been resolved with LWAPP code release 4.1.185.0. I upgraded my 4404-100 controllers to 4.1.185.0 to fix some possible arp issues I was seeing on our new Cisco 7921 phones. Not only did it resolve the arp problem, all my Intel problems went away.
It was interesting because I did the upgrade the night before I had HP and Intel engineers onsite to troubleshoot the interoperability issues - we were giving them one more chance to resolve the issue before we were probably going to switch to a different laptop and wireless card that had a proven record for working with LWAPP - like Thinkpad with atheros.
When the engineers arrived, the problem could not be reproduced - constant drops off the network and wild roaming (we have a very dense AP deployment (1232 & 1242 APs).
We recretaed the problem by downgrading a controller to 4.1.171.
I am extermely happy that we finally found a code to support the laptops and is also still compatabile with our 7921 phones. We have about 200 7921 phones we are deploying on 802.11a. We plan on keeping the data on b/g.
I am posting this just in case other people have similar issues.We upgraded the WLC to 4.1.185 and we changed the power settings on the Intel card from the default to MAX.
Do a right click on your PC--->Properties---Hardware--->Device Manager--->Intel Wireless--->Properties--->Power Management.
Here is the straight talk from the Intel site:
If the wireless access point (AP) or broadband wireless router does not properly support the PSP feature, intermittent loss of wireless connection, inability to initiate a wireless connection, or poor wireless connection data performance could result. The symptoms may be more pronounced when on battery power.
Cause:
In a mobile environment, power save polling mode is a feature for extended battery life for mobile stations. The capability requires coordination between the AP/router and the laptop's wireless adapter for proper operations. Intel has discovered the feature may not be implemented correctly or completely in some wireless access points or wireless gateway devices.
Solution:
Contact the AP/router vendor for updated software or firmware that corrects the problem.
As a temporary workaround, manually set the wireless adapter to CAM (continually aware mode), which disables the PSP capability. To do this, in either Intel? PROSet/Wireless Software or the Network Control Panel Applet (NCPA), in the power management section, uncheck the DEFAULT / AUTO selection and set the slider for HIGHEST / MAXIMUM PERFORMANCE.
Notes:
To ensure the adapter is set to CAM - if the slider is already at the HIGHEST / MAXIMUM PERFORMANCE setting, move the slider to another setting and then back to HIGHEST / MAXIMUM PERFORMANCE.
Hope this helps. -
Hello everyone!
I have a controller of the 5508 series and Ap 1602.
Ap manage to obtain IP addresses from the DHCP server that is the 5508 controller.
but the Rev fail to register, please I really vesoin help.
Below are some show:
1. AP: sh version
AP0006.f6d5.ea9c#sh version
Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:52 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
AP0006.f6d5.ea9c uptime is 38 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602E-E-K9 (PowerPC) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FGL1709Z6PC
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:06:F6:D5:EA:9C
Part Number : 73-14508-04
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC17020MTR
Top Assembly Part Number : 800-38553-01
Top Assembly Serial Number : FGL1709Z6PC
Top Revision Number : A0
Product/Model Number : AIR-CAP1602E-E-K9
Configuration register is 0xF
2. AP: sh ip interface brief
Interface IP-Address OK? Method Status Protocol
BVI1 unassigned YES DHCP up up
GigabitEthernet0 unassigned NO unset up up
GigabitEthernet0.1 unassigned YES unset up up
3. AP: sh inventory
---nothing---
4. WLC: sh sysinfo
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.101.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... WLC-EEML
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.10.10.1
Last Reset....................................... Software reset
System Up Time................................... 1 days 1 hrs 13 mins 37 secs
System Timezone Location.........................
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
--More-- or (q)uit
External Temperature............................. +25 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ E0:2F:6D:5D:7D:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
5. WLC: sh time
Time............................................. Fri Jan 3 12:21:37 2014
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 86400
Index NTP Key Index NTP Server NTP Msg Auth Status
also, I'm in africa but
I can not change the country or the time zone
thank you in advance for your helpHi,
By CLI:
Before change the country code on wlc , You must disable
WLC > config 802.11a disable network
WLC >config 802.11b disable network
WLC >config country SA (...or wtever country u are in)
And then enable both network again.
WLC >config 802.11a enable network
WLC >config 802.11b enable network
By GUI:
First disable both network 802.11a and 802.11b
Follow these steps to disable the 802.11a and 802.11b/g networks as follows:
a. Choose Wireless> 802.11a/n > Network.
b. Unselect the 802.11a Network Status check box.
c. Click Apply to commit your changes.
d. Choose Wireless > 802.11b/g/n > Network.
e. Unselect the 802.11b/g Network Status check box.
f. Click Apply to commit your changes.
Change country code on WLC now:
Choose Wireless > Country
after changing the country code please enable both networks(802.11a and 802.11b)
Hope it helps.
Regards
Dont forget to rate helpful posts. -
Can't change LWAP association to different Controller
I have a customer with LWAPs that are associated to a specific controller. They want to change the controller it's associated to, but it keeps returning to the original controller. They've tried assigning the Primary controller via WCS/WiSM, resetting the AP to default config, then resetting the LWAP.....the LWAP still associates with original controller.
A new LWAP out of the box goes to the correct controller with no problem. So, there is still something in the previously assigned controller to an LWAP that is not being cleared. Can someone tell how we can do this?
Any help would be appreciated.Hi Richard,
Sorry about that :(
You could try these two methods;
Configuring Static Parameters to Register the Access Point to a Controller
Using the password that the controller sent to the access point, enter into EXEC mode on the access point console. When the access point is running LWAPP or a recovery IOS image, you can configure the static IP address on the access point, the IP address on the controller, the access point hostname, and the default gateway IP address by entering these commands:
â¢ï¿¼lwapp ap ip address ip-addr subnet-mask
â¢ï¿¼lwapp ap controller ip address ip-addr
â¢ï¿¼lwapp ap hostname ap-hostname
â¢ï¿¼lwapp ap ip default-gateway ip-addr
The access point with a recovery IOS image uses the static controller IP address to register to the specified controller and download the current LWAPP image. After the access point successfully registers to the controller, it receives configurations from the controller. The access point static hostname and the IP address of the controller are deleted from the access point configuration file. However, the access point static IP address and the netmask and the default gateway IP address are not deleted.
When the access point is running a recovery IOS image, the commands to configure the static IP address on the access point, the IP address on the controller, the access point hostname, and the default gateway IP address are always enabled.
These commands are disabled in the following cases:
â¢ï¿¼When the access point is running an LWAPP image.
â¢ï¿¼When the access point has an LWAPP configuration file in NVRAM.
â¢ï¿¼When the access point is in REGISTERED state with the controller.
The access point console displays the following error message if you enter any of these commands when they are disabled:
"ERROR!!! Command is disabled."
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp173579
Using Master Controller Mode;
http://www.cisco.com/en/US/docs/wireless/access_point/1130/installation/guide/113h_f.html
But I think you will like the ideas here better (from Lynne, Dan and Richard);
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&topicID=.ee6e8b8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbefcec
Hope this helps!
Rob -
Error Cisco 892f-w Wireless driver lwapp and capwap controller
Hello, greetings to cisco support community, I write to ask for help for my router, I have trouble lifting the wireless network, I hope you can help me thanks.
Upon entering cli ap: I have this error:
*Jul 3 22:33:04.951: %CAPWAP-3-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Jul 3 22:33:14.959: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
*Jul 3 22:33:15.083: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
d DHCP address 10.10.10.4, mask 255.255.255.248, hostname AP6400.f1cf.6738
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (8.8.8.8)
Translating "CISCO-LWAPP-CONTROLLER"...domain server (8.8.8.8)
*Jul 3 22:33:18.959: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
HCP.
*Jul 3 22:33:19.083: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Jul 3 22:33:19.207: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLL
ER
Here is my configuration
Natural#SHOW RUNNing-config
Building configuration...
Current configuration : 5681 bytes
! Last configuration change at 19:56:22 UTC Wed Oct 16 2013 by juanrifle
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Natural
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki trustpoint TP-self-signed-634714217
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634714217
revocation-check none
rsakeypair TP-self-signed-634714217
crypto pki certificate chain TP-self-signed-634714217
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 36333437 31343231 37301E17 0D313331 30313131 38343833
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3633 34373134
32313730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
E814BC99 A2374C6C C52A0828 7D8D2215 5220B891 63F3CB16 C03D6F00 F3ECF2E9
BE71FB32 9D1388FA 608C3267 3105F7E9 4A0FADDB C3031255 2054BF5D 971D4B0F
AD5914F8 8D7E9CF3 FBDDD586 63C8D981 3C32F53F E43CE93F 20930CFA 9F6055E7
810AF11D D8CBF7EA D6D5B680 B9AA465C EA9D533B A8E39059 6401101F D81939C9
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014A1 4A274F69 1972E173 6F458E3E 67212F22 A21F3F30 1D060355
1D0E0416 0414A14A 274F6919 72E1736F 458E3E67 212F22A2 1F3F300D 06092A86
4886F70D 01010505 00038181 006B165B E1CABC78 F125A399 A8DB860B 7A134E69
A342D73A A5215D08 E675406C 318E1877 EFCBB5E8 747291F3 6D39D0CD DD38FE96
E4829127 A2BB4F47 CF1BA9A1 43631C0B BE5932A7 BDE1EAEB 98F832AC 83EAB223
141BB6A0 3ECD607B 8E126FDC 5AC8AD12 28F8DB6A 9742994B 063610C6 D5144944
8A129632 AC689172 1B108332 44
quit
ip cef
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.145
ip dhcp excluded-address 10.10.10.153
ip dhcp excluded-address 10.10.10.1 10.10.10.2
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 8.8.8.8 200.87.100.10
lease 0 2
ip dhcp pool ccp
dns-server 8.8.8.8 200.87.100.10
ip dhcp pool Oficina wireless pool
import all
network 10.10.10.144 255.255.255.248
default-router 10.10.10.145
dns-server 8.8.8.8 200.87.100.10
ip dhcp pool guest pool
import all
network 10.10.10.152 255.255.255.248
default-router 10.10.10.153
dns-server 8.8.8.8 200.87.100.10
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO892FW-A-K9 sn FTX172783RH
username ******** privilege 15 password 0 ******
username ******** privilege 15 secret 4 df2cx1EOReyOFTzHQGHyju0MCCMPPDggzToRobK46
vI
redundancy
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
interface FastEthernet0
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
no ip address
interface FastEthernet5
no ip address
interface FastEthernet6
no ip address
interface FastEthernet7
no ip address
interface FastEthernet8
description modem adsl
ip address dhcp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk allowed vlan 1-3,1002-1005
switchport mode trunk
no ip address
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Vlan2
description wireless oficina
ip address 10.10.10.145 255.255.255.248
ip nat inside
ip virtual-reassembly in
interface Vlan3
description wireless guest
ip address 10.10.10.153 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export destination 10.10.10.5 2055
ip nat inside source list 110 interface FastEthernet8 overload
ip sla auto discovery
access-list 10 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 remark wireless guest Restriction
access-list 120 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
access-list 120 permit ip 10.10.10.152 0.0.0.7 any
access-list 120 deny ip 10.10.10.152 0.0.0.7 0.0.0.0 255.255.255.0
access-list 120 deny ip 10.10.10.152 0.0.0.7 172.16.0.0 0.15.255.255
access-list 120 deny ip 10.10.10.152 0.0.0.7 192.168.0.0 0.0.255.255
no cdp run
control-plane
mgcp profile default
line con 0
login local
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
end
Natural#Hi Andrew,
LAP always download the image run on a WLC (in this case 3850). So no point upgrade LAP independantly as it will always sync with image run on the controller it joins.
In this case you can upgrade 3850 to 3.3.2 (which is the latest image as of today) if you are not already running that code
HTH
Rasika
**** Pls rate all useful resposnes **** -
Hello,
I have an issue where I cannot get clients to change SSID. I have two SSID, one WPA2 secure, one open guest. The secure is locally switched via Flexconnect and the guest is centrally switched. Both of them work. I have been able to test this and both work as intended. The problem is that once you connect to one of them, either secure or guest, you cannot then change to the other. The only way to change is to delete the dhcp entry from the scope and then do it.
Fast SSID change is enabled. I also have debug client output from when the client fails when you try to switch which I will include below. I also pulled some wireshark captures and those show me that the DHCP ack packets are trying to give the client the ip address from the incorrect/previous scope. So basically it's like FAST SSID change is not working and the client is never being disassociated properly??
I am totally stumped and even though the client will most likely not be switched between SSID that often I would still like to know the solution.
Cisco 5508 running 7.2.110.0
Cisco 3502 LWAPP
windows server 2008 dhcp server
DHCP Socket Task: Dec 07 09:37:23.023: a4:d1:d2:14:fc:51 DHCP successfully bridged packet to DS
*apfMsConnTask_0: Dec 07 09:39:35.149: a4:d1:d2:14:fc:51 Association received from mobile on AP 18:33:9d:5e:c8:70
*apfMsConnTask_0: Dec 07 09:39:35.149: a4:d1:d2:14:fc:51 0.0.0.0 WEBAUTH_REQD (8) Changing IPv4 ACL 'Guest - Internet Only' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1709)
*apfMsConnTask_0: Dec 07 09:39:35.149: a4:d1:d2:14:fc:51 0.0.0.0 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 Applying site-specific Local Bridging override for station a4:d1:d2:14:fc:51 - vapId 3, site 'VanBuren', interface 'wireless guest'
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 Applying Local Bridging Interface Policy for station a4:d1:d2:14:fc:51 - vlan 50, interface id 11, interface 'wireless guest'
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 Applying site-specific override for station a4:d1:d2:14:fc:51 - vapId 3, site 'VanBuren', interface 'wireless guest'
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 0.0.0.0 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'Guest - Internet Only' (ACL ID 0) --- (caller apf_policy.c:1795)
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 0.0.0.0 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1876)
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_0: Dec 07 09:39:35.150: a4:d1:d2:14:fc:51 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 apfMs1xStateDec
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 WEBAUTH_REQD (8) Change state to START (0) last state WEBAUTH_REQD (8)
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state WEBAUTH_REQD (8)
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state WEBAUTH_REQD (8)
*pemReceiveTask: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 Removed NPU entry.
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 18:33:9d:5e:c8:70 vapId 3 apVapId 2for this client
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 18:33:9d:5e:c8:70 vapId 3 apVapId 2 flex-acl-name:
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state WEBAUTH_REQD (8)
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) pemApfAddMobileStation2 3124, Adding TMP rule
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:5e:c8:70, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255, IP
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 50, Local Bridging intf id = 11
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) pemApfAddMobileStation2 3268, Adding TMP rule
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:5e:c8:70, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255,
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 50, Local Bridging intf id = 11
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 apfPemAddUser2 (apf_policy.c:270) Changing state for mobile a4:d1:d2:14:fc:51 on AP 18:33:9d:5e:c8:70 from Associated to Associated
*apfMsConnTask_0: Dec 07 09:39:35.151: a4:d1:d2:14:fc:51 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Dec 07 09:39:35.152: a4:d1:d2:14:fc:51 Sending Assoc Response to station on BSSID 18:33:9d:5e:c8:70 (status 0) ApVapId 2 Slot 1
*apfMsConnTask_0: Dec 07 09:39:35.152: a4:d1:d2:14:fc:51 apfProcessAssocReq (apf_80211.c:6309) Changing state for mobile a4:d1:d2:14:fc:51 on AP 18:33:9d:5e:c8:70 from Associated to Associated
*pemReceiveTask: Dec 07 09:39:35.152: a4:d1:d2:14:fc:51 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 09:39:35.152: a4:d1:d2:14:fc:51 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP processing DHCP REQUEST (3)
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP xid: 0xbdc7df36 (3183992630), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP chaddr: a4:d1:d2:14:fc:51
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP requested ip: 10.2.4.42
*DHCP Socket Task: Dec 07 09:39:35.178: a4:d1:d2:14:fc:51 DHCP successfully bridged packet to DS
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP processing DHCP REQUEST (3)
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP xid: 0xbdc7df36 (3183992630), secs: 2, flags: 0
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP chaddr: a4:d1:d2:14:fc:51
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP requested ip: 10.2.4.42
*DHCP Socket Task: Dec 07 09:39:36.972: a4:d1:d2:14:fc:51 DHCP successfully bridged packet to DS
*DHCP Socket Task: Dec 07 09:39:39.351: a4:d1:d2:14:fc:51 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 07 09:39:39.351: a4:d1:d2:14:fc:51 DHCP processing DHCP REQUEST (3)
*DHCP Socket Task: Dec 07 09:39:39.351: a4:d1:d2:14:fc:51 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 09:39:39.351: a4:d1:d2:14:fc:51 DHCP xid: 0xbdc7df36 (3183992630), secs: 4, flags: 0
*DHCP Socket Task: Dec 07 09:39:39.351: a4:d1:d2:14:fc:51 DHCP chaddr: a4:d1:d2:14:fc:51
*DHCP Socket Task: Dec 07 09:39:39.351: a4:d1:d2:14:fc:51 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 09:39:39.352: a4:d1:d2:14:fc:51 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 09:39:39.352: a4:d1:d2:14:fc:51 DHCP requested ip: 10.2.4.42
*DHCP Socket Task: Dec 07 09:39:39.352: a4:d1:d2:14:fc:51 DHCP successfully bridged packet to DS
*DHCP Socket Task: Dec 07 09:39:39.352: a4:d1:d2:14:fc:51 Failed to get response for 3 dhcp attempts from client.Total DHCP failed count for the interface wireless guest : 10External windows 2008 dhcp server. The ip-helper on the L3 interface is working because it will pull dhcp just fine as long as it is the first SSID you connect with. Once you have the an address from dhcp and try to change it keeps wanting to give me that same address even though my L3 interfaces for the two SSIDs are on two separate vlans each with a separate scope (vlan 31 and vlan 50). Although each vlan uses the same dhcp server but that does not matter since I have two different scopes setup. One for each subnet.
Maybe you are looking for
-
Hi all, I am wondering for quite some time now, if it's possible to have SAP PI in a cloud. When looking at cloud computing the biggest issue is security. One of the main things I could not solve in theory is: Segregated data and Own Identity. When w
-
Setting value for attribute 'PO_NUMBER_SOLD' using setter method
Hi Experts, I need to set the value of a screen field according to some condition. I am using setter method of this attribute to set the value but it is not getting changed. I have written following code in DO_PREPARE_OUTPUT method of implementation
-
The report five tables of PS modules.PROJ,PRPS,HRP1001 ZPRACTICE and ZLEAVE i have the selextion screen with project,STart date and end date and practice. I want to get the report o/p in such a mannner that 1.Based on Project allocated with these dat
-
Are CR and LF actually critical in some places?
I have two PDF files that are identical except that one has an odd mix of CR, CR-LF, and LF for line breaks, and the other uses CR-LF exclusively (and has the stream lengths, object offsets, etc. adjusted accordingly). Acrobat (Professional 8 ) is pe
-
Mac outlook 2011 users with Exchange 2013 cu5
Hi all, I had a strange issue that came up after I reconfigured our receive connector in exch2013. I have Exch2013 with Cu5 and a 2010 sp3. In order to fight spam I needed to reconfigure a new connector that's a bit locked down compared to the def