Cisco ISE Anyconnect Profile editor

I want to wired user's authenticate from ISE device and to use authentication protocol EAP_FAST. In PC need to install Cisco Anyconnect Profile Editor.
where and how i get anyconnect profile editor.
Thanks.

It's one of the packages listed in the AnyConnect download location.
Go here and click on Download Software.

Similar Messages

Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.

Hi to all,
I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID. The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
Error: Resource not found.
Resource: /guestportal/
Does anyone have any ideas why the portal is doing this?
Thanks
Paul

Hello,
As you are not able to get the guest portal, then you need to assure the following things:-
1) Ensure that the two Cisco av-pairs that are configured on the authorization profile should exactly match the example below. (Note: Do not replace the "IP" with the actual Cisco ISE IP address.)
–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also defined on the access switch)
2) Ensure that the URL redirection portion of the ACL have been applied to the session by entering the show epm session ip command on the switch. (Where the session IP is the IP address that is passed to the client machine by the DHCP server.)
Admission feature : DOT1X
AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
URL Redirect ACL : ACL-WEBAUTH-REDIRECT
URL Redirect :
https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
0000A45A2444BFC2&action=cpp
3) Ensure that the preposture assessment DACL that is enforced from the Cisco ISE authorization profile contains the following command lines:
remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8906 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
deny ip any any
Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on the switch as follows:
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host 80.0.80.2
permit ip any any
5) Ensure that the http and https servers are running on the switch:
ip http server
ip http secure-server
6) Ensure that, if the client machine employs any kind of personal firewall, it is disabled.
7) Ensure that the client machine browser is not configured to use any proxies.
8) Verify connectivity between the client machine and the Cisco ISE IP address.
9) If Cisco ISE is deployed in a distributed environment, make sure that the client machines are aware of the Policy Service ISE node FQDN.
10) Ensure that the Cisco ISE FQDN is resolved and reachable from the client machine.
11) Or you need to do re-image again.

Cisco ISE 1.2.1 deplyomet issue with Anyconnect and Profiling

Hi All,
We are running cisco ise box in 1.2.1 version wherein I am facing below issue while deployment. We are having two ISE boxes where One box act as Primary Admin,Secondary MNT and Policy Service and Second Box act as Secondary Admin,Primary MNT and Policy Service
1) Profiling of Endpoints - HP Laster jet printer 55XX series and scanner profiling are not happing in Cisco ISE 1.2.1 wherein I have enabled below probes in ISE for profiling
RADIUS Probe
SNMP Probe SNMP Trap HTTP Prob and DNS
2) Any-connect issue - We are using any-connect supplicant 3.0.11042 for wired and wireless user profile in windows 7 enterprises 32 bit machine
- Yellow mark issue -  Once authentication , posturing completed we are getting yellow mark on network drive but still we are able to connect to network
- Network Map Drive issue -  Once authentication , posturing completed we are getting red cross mark on Network map drive and if we double click on that drive then its get accessible and red mark turns in to green.
For that we have already allowed Ip level access to all domain in before logon dacl ( Machine authentication )
That would be really great if any one can help me on the same.
Thanks & Regards
Pranav

Hi Pablo ,
Please find below solutions
Yellow mark issue - - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet. This Service is by default disabled on Windows XP and Widows 8.X operating system. This is only enabled by default on Windows 7 and Windows Vista operating system.
Network Map Drive issue   - Create logon script and deploy it using group policy. Script will check full network connectivity and then map network drives
Regards
Pranav

ADSM AnyConnect Client Profile Editor will not close...

When I fire up ADSM and go into the AnyConnect Client Profile Editor It will not let me close the Editor.
If I go it and jsut hit cancel, or OK, or the X, nothing happens. The only way to exit is to Close down Java.
I've run ADSM on a few machines all with the same results.
ADSM Version 6.3(4)
Thanks

I Upgraded to ADSM 7.1(2)
This resolved my issue.

Cisco ISE windows workstation endpoint profiling

Hi all,
i am configuring cisco ISE to autenticate wireless clients using 802.1x . AP's are all lightweight managed by a cisco 5508 WLC . I would like to discriminate users accessing that wlan using mobile phones or tablet from users connecting using windows workstations. ISE profiles all mobile devices in the right way, iphones and ipad are profiled as apple devices and even MAC OSX devices are profiled correctly. The problem is that all windows workstation are profiled as unknown devices.In ISE i'm using windows workstation default profile configuration.
what can i check to make windows workstation profile working correctly?
Thanks in advance.
Regards

i noticed that default profile for microsoft workstations uses dhcp probe to profile devices, so i solved the issue adding in our core switch, to the vlan interface used to tag dot1x wireless lan, ise ip address as ip helper-address. I don't know if that is the best solution or there's something i can do on WLC to avoid adding ip helper-address on vlan interface but this worked for me.
Thanks to all for helping me.
Regards

Cisco ISE profiling - Split Corporate/Guest access

Hello all,
I currently deploying a Cisco ISE for my wireless network and I would like to split my WLAN in two different "authorization profile" : Guest and Corporate.
For the moment, I use my active Directory to authenticate users and profiling to authorize device with the hostname. I would like to classify by domain name with DHCP probe but I can't because there is alway a DHCP message response with the domain name given by the DHCP server, do you have a solution to separate device with domain name or with other attributes ?
Thanks in advance for your answer!

Thanks for your answer salodh,
I've already done two authorization profiles (Guest and corporate) based on rule using Active Directory and profiling condition but I would more profiling conditions (not only hostname) to split clearly corporate and guest devices.

Cisco ise profiling -lldp med information

Hi All
We got few IP phones which uses lldp MED information to sent its system descriptions, type etc to the switch. These lldp med information can be seen in the Cisco switch, but when ISE does profiling using the snmpquery probe for these endpoints only limited lldp information is shown (lldp cache capability etc)
Do we have to update any lldp -MIB in ise or has anyone come across this issue?
Thanks
G

The list of all lldp-MIB by ISE is here
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_mib.html#84224

Cisco's AnyConnect Network Access Manager (NAM)

Hi dears,
I configurate EAP_FAST in Cisco ISE and want wired users authenticate from ISE. I install Network Access Manager Profile Editor and Cisco Anyconnect Security Mobility Client on PC. I configure Network Access Manager when i want to save as that I did not see the . \newConfigFiles folder. Then I did that: Organize’, ‘Folder and Search Options’, ‘Show hidden files, folders, and drives. but in this case i did see the network access manager folder.
I need a to install Cisco’s AnyConnect Network Access Manager (NAM) on PC. HOW I get this soft? I have a smartnet for ISE.
Which email address(to cisco) i must be write to get this soft?
Thanks.

You can download the Network Access Manager module from CCO. This link should work if you have a CCO account.
http://software.cisco.com/download/release.html?mdfid=283000185&softwareid=282364313&release=3.1.05160&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rs
The file name will be similar to anyconnect-win-3.1.05160-pre-deploy-k9.iso. Just unzip the ISO with 7zip or Winrar and you will see the NAM msi file anyconnect-nam-win-3.1.05149-k9.msi.

Cisco ISE - Posturing of a Linux Endpoint - Is it possible?

We have a customer who wants to implement Cisco ISE and one of their requests is to posture Linux endpoints in addition to Windows endpoints.
They have a set of system checks that they perform on Linux machines (catered towards RedHat) which they would like to be performed by ISE.
From what I know prior to researching for this request was that the NAC agent is only compatible with endpoints running Windows or Mac OSX.
Digging around, Linux endpoints are postured with a 'default-posture' status and thus an accompanying authorization profile must be set for 'default-posture'. I can't seem to find how to perform file checks, service checks, etc. on a Linux endpoint. Are these type of checks possible with Cisco ISE posture assessment on a Linux endpoint?
One item that I found is to use the Host Scan package within the AnyConnect Posture module on a Linux endpoint.
I see this as defeating the purpose of centralizing posturing on the ISE since the AnyConnect and ASA will be doing the posture checking.
Any thoughts? Thanks in advance.

Hello Alberto, posture assessment is not yet supported with ISE/AnyConnect. For more info check out the posture section in the ISE 1.3 Admin Guide:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html
Thank you for rating helpful posts!

Remote Access VPN posturing with Cisco ISE 1.1.1

Hi all,
we would like to start using our ISE for Remote VPN access.
We have run a proof of concept with the ISE & IPEP with a Cisco ASA5505. We got the authentication working however posturing of the client did not work.
That was a few months ago and so I was wondering whether any design document is available specifically around Using the Cisco ISE for Authenticating & Posturing Remote Access VPN clients.
I understand that version 9 of the ASA code is supposed to eliminate the need for Inline Posture, does anyone know whether this will also allow posturing too?
We do intend to by Cisco ASR's aswell, but I am sceptical of this as i do not know how many VPN licenses you get out of the box. The ASA's we have allow up to 5000 IPSec VPNs without having to purchase any licensing. What I do not want to do is to switch to SSL VPNs as this again will increase cost.
I know ISR's are support NADs but what about ASRs? There is no mention.
Any advise will be appreciated!
Mario

OK, I have come accross the Cisco Validated design for BYOD and in there it has a section about Authenticating VPNs.
thats great... however it does not mention using the Inline posture node. Does anyone know if there is a limitation using Inline Posture and SSL VPNs...?
essentially my requirements are
2-factor authentication VPN using a Certificate & RSA Token
Posturing of the VPN endpoint.
Ideally i would like to use IPSec VPNs as i have licenses already for these on my ASAs. But if it will only work with SSL & AnyConnect, then so be it.
Can anyone help?
Mario

Cisco ISE 1.2 and AD Group

Hello,
I have Cisco ISE installed on my EXSi server for my test pilot. I have added several AD groups to ISE as well.
I have created an Authorization policy condition, which is WIRELESS_DOT1X_USERS (see screenshot)
Basically, I just duplicated the default Wireless_802.1X and added Network Access:EapAuthentication, Equals, EAP-TLS.
My problem is, I was unable to join the wireless network if I added my AD group to the Authorization policy (see screenshot). The user that I have is a member of WLAN-USERS. If I removed the AD group from the Authorization policy, the use is able to join the wireless network.
I attached the ISE logs screenshot as well. I checked the ISE, AD/NPS, WLC, laptop time and date, and they are all in synched.
I also have the WLC added as NPS client on my network.
I checked the AD log and what I found was the WLCs local management user trying to authenticate. It is supposed to be my wireless user credential not the WLC.
This is the log that I got from the AD/NPS
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:                              NULL SID
Account Name:                              admin
Account Domain:                              AAENG
Fully Qualified Account Name:          AAENG\admin
Client Machine:
Security ID:                              NULL SID
Account Name:                              -
Fully Qualified Account Name:          -
OS-Version:                              -
Called Station Identifier:                    -
Calling Station Identifier:                    -
NAS:
NAS IPv4 Address:                    172.28.255.42
NAS IPv6 Address:                    -
NAS Identifier:                              RK3W5508-01
NAS Port-Type:                              -
NAS Port:                              -
RADIUS Client:
Client Friendly Name:                    RK3W5508-01
Client IP Address:                              172.28.255.42
Authentication Details:
Connection Request Policy Name:          Use Windows authentication for all users
Network Policy Name:                    -
Authentication Provider:                    Windows
Authentication Server:                    WIN-RSTMIMB7F45.aaeng.local
Authentication Type:                    PAP
EAP Type:                              -
Account Session Identifier:                    -
Logging Results:                              Accounting information was written to the local log file.
Reason Code:                              16
Reason:                                        Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

Thank you Tarik,
I got my AD group working. What I did, I checked the user's certificate that is installed on the laptop then modified the ISE certificate authentication profile to "Subject Alternative Name". I had the ISE set to common name when I was having an issue.
I forgot to mentioned that I have to servers in my ISE test pilot. I have AD with NPS, and CA. These servers are Windows 2008 R2.
I am a little confuse about the attribute in certificate template you have mentioned. Is that located at Certificate Authority/server-name/Certificate Templates/Users? I am not sure where to look for that attribute on the CA server.

Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
ciscoISE/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
ciscoISE/admin(config)# snmp-server
Ciscoacs/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
Ciscoacs/admin(config)# snmp-server

No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

Cisco ISE 1.2 - BYOD Guest Access Error with Certificate

Hi all !
I'm running on Cisco ISE 1.2. I'm trying to setup BYOD (dual SSID).
Here's a walkthrough of what's happening:
1. I connect to open SSID, enter username/password and register MAC
2. I download WinSPwizard, get trust root CA but WinSPwizard error
This is spwprofilelog
[Wed Oct 01 11:27:17 2014] Installed [pvgas-DC-CA, hash: d0 ad c2 1e 19 b0 8b 61 8a 2d 81 88 da 8a a2 ca
da d3 ab e8
] as rootCA
[Wed Oct 01 11:27:17 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Wed Oct 01 11:27:17 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
[Wed Oct 01 11:27:17 2014] HttpWrapper::SendScepRequest - Retrying: [1] time, after: [4] secs , Error: [2]
[Wed Oct 01 11:27:21 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Wed Oct 01 11:27:21 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
[Wed Oct 01 11:27:21 2014] HttpWrapper::SendScepRequest - Retrying: [2] time, after: [4] secs , Error: [2]
[Wed Oct 01 11:27:25 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Wed Oct 01 11:27:25 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
[Wed Oct 01 11:27:25 2014] HttpWrapper::SendScepRequest - Retrying: [3] time, after: [4] secs , Error: [2]
[Wed Oct 01 11:27:29 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Wed Oct 01 11:27:29 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
[Wed Oct 01 11:27:29 2014] Failed to get certificate from server - Error: [2]
[Wed Oct 01 11:27:29 2014] Failed to generate scep request. Error code:
[Wed Oct 01 11:27:29 2014] ApplyCert - End...
[Wed Oct 01 11:27:29 2014] Failed to configure the device.
[Wed Oct 01 11:27:29 2014] ApplyProfile - End...
[Wed Oct 01 11:27:32 2014] Cleaning up profile xml: success
This is SCEP RA profiles
Other Cert
ACL On WLC
and policy
Please help me fix error.
Thanks.

you could create an ISE local user with a GUEST membership and provided you have your ISE password policy set so that it doesn't expire accounts, etc it would be a "permanent" guest account. we do something similiar. sponsors make temporary accounts while long-term or test guest accounts are created in the ise local identity store as guests and are processed the same way. you just have to ensure that the internal user store is part of your guest identity source sequence.

Cisco ISE Guest Portal - DNS Issue - External Zone

Hello,
I have a customer that has the following sceanrio :
In a wireless deployment and a Cisco ISE 1.1.3 deployment with CWA, when the wireless guest receives the redictect URL from ISE (URL to access the ISE Guest Portal), this URL is based on the ISE DNS name, not on its IP address; so, the PC can't resolve this via DNS name since there is no DNS in the External zone (for guets) or by using the ISP DNS servers addresses provided by the DHCP server, and, so, it can't access the Guest Portal at all ;
I know that in trying to manually code the IP address - this does not work (ie in the CWA Authorization profile, the equivalent URL redirect via the CISCO av-pair as follows :
cisco-av-pair=url-redirect=https://10.10.10.10:8443/guestportal/gateway?sessionId=sessionIdValue&action=cwa, )
since the sessionIdValue variable is not replaced by its real value when sent to the wireless client)
My question is : Has this issue been addressed in version Cisco ISE 1.2 - has anyone tried it if has been addressed? If not in Cisco 1.2 - does anyone know iof this feature will become available?
Thank-you in advance for your replies.
Robert C.

Robert,
Manual assignment has been made available in ISE 1.2 release.
M.

Cisco ISE 1.2 & Cisco WLC 5508 v7.6

Hi all,
we are planning to upgrade our WLC to 7.6 to fix a bug with FlexConnect Client ACLs but I have just seen on the Cisco ISE Compatibility table that the it only recommends up to v7.5 of the WLC 5508...
Cisco have told me to steer clear of 7.5 as it is in a defferred status, so does anyone know, or have running in a lab or production, ISE1.2 with a 5508 WLC v7.6 NAD ?
I would much rather know of any issues people are experiencing before hand than to have to go through a software upgrade and then rollback.
Thanks all
Mario De Rosa

Hi Neno,
right I have this almost working now.
I have simplified the setup. I am not going to do any client provisioning at the moment.
So I can connect to the corporate SSID using EAP-TLS and I can successfully push the branch data VLAN upon successful authorisation.
Now I am trying to introduce the posture element & per user ACLs.
I have defined the redirect ACL & Flex ACL on the vWLC however the NAC agent will not pop-up. The client is in the right VLAN and the redirect ACL seems to be getting applied as the client does get an IP through DHCP. However, the client cannot ping the ISE or access the guest portal when I open the browser.
DNS resolution seems to be working fine.
VLAN220 is my datacentre VLAN which the Management Interface on the controller is plugged in to.
VLAN10 is the branch DATA VLAN.
below is some output to give you some more details...
(Cisco Controller) >show client detail 00:24:d6:97:b3:be
Client MAC Address............................... 00:24:d6:97:b3:be
Client Username ................................. [email protected]
AP MAC Address................................... 18:33:9d:f0:21:80
AP Name.......................................... test-flex-ap
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 18:33:9d:f0:21:81
Connected For ................................... 128 secs
Channel.......................................... 6
IP Address....................................... 10.130.130.120
Gateway Address.................................. 10.130.130.1
Netmask.......................................... 255.255.255.0
IPv6 Address..................................... fe80::f524:1910:69f0:9482
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... 4
Client E2E version............................... 1
--More-- or (q)uit
Re-Authentication Timeout........................ 1651
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... OFF
Current Rate..................................... m13
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
............................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ No
Policy Manager State............................. POSTURE_REQD
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ POSTURE_REDIRECT_ACL
AAA Override ACL Applied Status.................. Yes
--More-- or (q)uit
AAA Override Flex ACL Name....................... POSTURE_REDIRECT_ACL
AAA Override Flex ACL Applied Status............. Yes
AAA URL redirect................................. https://pdc-ise-man01.kier.group:8443/guestportal/gateway?sessionId=c8dc800a00000005b3e7e953&action=cpp
Audit Session ID................................. c8dc800a00000005b3e7e953
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Yes
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... EAP-TLS
FlexConnect Data Switching....................... Local
--More-- or (q)uit
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 220
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 33698
Number of Bytes Sent....................... 19397
Total Number of Bytes Sent................. 19397
--More-- or (q)uit
Total Number of Bytes Recv................. 33698
Number of Bytes Sent (last 90s)............ 19397
Number of Bytes Recv (last 90s)............ 33698
Number of Packets Received................. 283
Number of Packets Sent..................... 147
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 53
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 2
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -42 dBm
Signal to Noise Ratio...................... 41 dB
Client Rate Limiting Statistics:
--More-- or (q)uit
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
test-flex-ap(slot 0)
antenna0: 14 secs ago.................... -51 dBm
antenna1: 14 secs ago.................... -37 dBm
test-flex-ap(slot 1)
antenna0: 14 secs ago.................... -51 dBm
antenna1: 14 secs ago.................... -54 dBm
--More-- or (q)uit
DNS Server details:
DNS server IP ............................. 10.0.17.31
DNS server IP ............................. 10.0.17.43
Assisted Roaming Prediction List details:
Client Dhcp Required: False
Allowed (URL)IP Addresses
(Cisco Controller) >
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Demo1x
Network Name (SSID).............................. Demo1x
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Enabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
--More-- or (q)uit
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... mario-test-flex-vwlc
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
--More-- or (q)uit
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
--More-- or (q)uit
Radius Servers
Authentication................................ 10.0.16.111 1812
Accounting.................................... 10.131.16.111 1813
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
--More-- or (q)uit
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
--More-- or (q)uit
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Disabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
--More-- or (q)uit
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
Priority Policy Name
(Cisco Controller) >
when debugging the client during redirect, this is the output and I cannot spot anything wrong here...
(Cisco Controller) >*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Adding mobile on LWAPP AP 18:33:9d:f0:21:80(1)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Association received from mobile on BSSID 18:33:9d:f0:21:8e
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Max Client Trap Threshold: 0 cur: 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Re-applying interface policy for client
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying site-specific Local Bridging override for station 00:24:d6:97:b3:be - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Local Bridging Interface Policy for station 00:24:d6:97:b3:be - vlan 220, interface id 0, interface 'management'
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Processing RSN IE type 48, length 22 for mobile 00:24:d6:97:b3:be
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Received RSN IE with 0 PMKIDs from mobile 00:24:d6:97:b3:be
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Updating AID for REAP AP Client 18:33:9d:f0:21:80 - AID ===> 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Central switch is FALSE
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfMsAssoStateInc
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Idle to Associated
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2:session timeout forstation 00:24:d6:97:b3:be - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Sending Assoc Response to station on BSSID 18:33:9d:f0:21:8e (status 0) ApVapId 2 Slot 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Associated to Associated
*spamApTask6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sent 1x initiate message to multi thread task for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Connecting state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sending EAP-Request/Identity to mobile 00:24:d6:97:b3:be (EAP Id 1)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received Identity Response (count=1) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Resetting reauth count 1 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be EAP State update from Connecting to Authenticating for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticating state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=214) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be WARNING: updated EAP-Identifier 1 ===> 214 for STA 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 214)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Allocating EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 214, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=215) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 215)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 215, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=216) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 216)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 216, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=217) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 217)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 217, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=218) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 218)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 218, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=219) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 219)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 219, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=220) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 220)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 220, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=221) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 221)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 221, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=222) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 222)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 222, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=223) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 223)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 223, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=224) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 224)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 224, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=225) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 225)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 225, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Processing Access-Accept for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created for mobile, length = 253
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 220
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Re-applying interface policy for client
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 1 on mobile
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Inserting AAA Override struct for mobile
MAC: 00:24:d6:97:b3:be, source 4
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Creating a PKC PMKID Cache entry for station 00:24:d6:97:b3:be (RSN 2)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting MSCB PMK Cache Entry 0 for station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Adding BSSID 18:33:9d:f0:21:8e to PMKID cache at index 0 for station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Client in Posture Reqd state. PMK cache not updated.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAP-Success to mobile 00:24:d6:97:b3:be (EAP Id 225)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Freeing AAACB from Dot1xCB as AAA auth is done for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be EAPOL Header:
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Starting key exchange to mobile 00:24:d6:97:b3:be, data packets will be dropped
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Entering Backend Auth Success state (id=225) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Received Auth Success while in Authenticating state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticated state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-key in PTK_START state (message 2) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be PMK: Sending cache add
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be EAPOL Header:
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Freeing EAP Retransmit Bufer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central switch is FALSE
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Sending the Central Auth Info
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central Auth Info Allocated PMKLen = 32
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be PMK: pmkActiveIndex = 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 apfMsEapType = 13
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:POSTURE_REDIRECT_ACL
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6166, Adding TMP rule
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5761, Adding TMP rule
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 pmkLen = 32
*DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 325,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP setting server from ACK (server 10.0.17.85, yiaddr 10.130.130.120)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 DHCP_REQD (7) Change state to WEBAUTH_REQD (8) last state DHCP_REQD (7)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) pemAdvanceState2 6671, Adding TMP rule
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Replacing Fast Path rule
type = Airespace AP Client - ACL passthru
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 A
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 1, IPv6 ACL ID 255, L2 ACL ID 255)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Plumbing web-auth redirect rule due to user logout
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Assigning Address 10.130.130.120 to mobile
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
*pemReceiveTask: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 Added NPU entry of type 2, dtlFlags 0x0
*IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Pushing IPv6 Vlan Intf ID 0: fe80:0000:0000:0000:f524:1910:69f0:9482 , and MAC: 00:24:D6:97:B3:BE , Binding to Data Plane. SUCCESS !! dhcpv6bitmap 0
*IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Link Local address fe80::f524:1910:69f0:9482 updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
*DHCP Socket Task: Aug 12 10:58:28.581: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 10:58:28.589: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:00:07.959: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:00:07.967: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:01:59.153: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
Can you see any obvious reason why the NAC agent wont pop up?
Thanks
Mario

Cisco ISE Anyconnect Profile editor

Similar Messages

Maybe you are looking for