DHCP/ARP issue in WLC

We have an issue where the client PCs are not receiving IP address from DHCP though they get authenticated.  Clients with static IP address don't have any issue.  I get the below DHCP error message from the logs,
%DHCP-4-INVALID_VLANID_ARP: dhcp_proxy.c:1035 ARP table stores invalid vlan id 0, for the IP Addr 0x85. Expected vlan id for this ip address is 174616833
And in the ARP table, I see an invalid arp entry for the gateway IP address for a particular VLAN.
00:0D:BC:2B:76:BF   10.104.113.1     2      0      Host
While this MAC address should be learned from port 1 and in VLAN 133, it shows as port 2 and VLAN 0.  The ARP entry gets corrected itself when I flush the ARP cache or if I do a ping to the IP from WLC.
Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
kwe-wireless                     1    133      10.104.113.2    Dynamic No     No
WLC Model - 4402
OS Version - 5.1.151.0

Well just for information purpose, the v5.x is the worst code version out there. Since you have 4400's, I would upgrade to v7.0.x. Makes ire your AP's are compatible by looking at this list.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Sent from Cisco Technical Support iPhone App

Similar Messages

  • WLC 5508 Internal DHCP server issues

    Hi,
    I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
    The setup is as follows:
    - I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
    - I have an LWAP connected to the WLC in HREAP mode.
    - WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
    - Only one scope for Guest Interface is setup on the WLC. 
    Problems:
    1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
    unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
    2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
    3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.  
    ************Output from the Controller********************
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.0.116.0
    Bootloader Version............................... 1.0.1
    Field Recovery Image Version..................... 6.0.182.0
    Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
    Build Type....................................... DATA + WPS + LDPE
    (Cisco Controller) >show interface summary
    Interface Name                   Port Vlan Id  IP Address         Type        Ap Mgr        Gu                                                                            
    est
    guest                                        1    301      10.255.255.30    Dynamic   No              No                                                                            
    management                          1    100      172.17.1.30        Static          Yes            No                                                          
    service-port                              N/A  N/A      192.168.0.1       Static         No               No                                                                            
    virtual                                        N/A   N/A      10.0.0.1              Static         No               No                                                                            
    (Cisco Controller) >show wlan summary
    Number of WLANs.................................. 4
    WLAN ID  WLAN Profile Name / SSID               Status    Interface Name
    1        LAN                                    Enabled   management
    2        Internet                               Enabled   management
    3        Managment Assets          Enabled   management
    4        Guest                                  Enabled   guest
    (Cisco Controller) >show dhcp detailed guest
    Scope: guest
    Enabled.......................................... Yes
    Lease Time....................................... 86400 (1 day )
    Pool Start....................................... 10.255.255.31
    Pool End......................................... 10.255.255.254
    Network.......................................... 10.255.255.0
    Netmask.......................................... 255.255.255.0
    Default Routers.................................. 10.255.255.1  0.0.0.0  0.0.0.0
    DNS Domain.......................................
    DNS.............................................. 8.8.8.8  8.8.4.4  0.0.0.0
    Netbios Name Servers............................. 0.0.0.0  0.0.0.0  0.0.0.0
    (Cisco Controller) >show interface detailed management
    Interface Name................................... management
    MAC Address...................................... e8:b7:48:9b:84:20
    IP Address....................................... 172.17.1.30
    IP Netmask....................................... 255.255.255.0
    IP Gateway....................................... 172.17.1.1
    External NAT IP State............................ Disabled
    External NAT IP Address.......................... 0.0.0.0
    VLAN............................................. 100
    Quarantine-vlan.................................. 0
    Active Physical Port............................. 1
    Primary Physical Port............................ 1
    Backup Physical Port............................. Unconfigured
    Primary DHCP Server.............................. 172.30.50.1
    Secondary DHCP Server............................ Unconfigured
    DHCP Option 82................................... Disabled
    ACL.............................................. Unconfigured
    AP Manager....................................... Yes
    Guest Interface.................................. No
    L2 Multicast..................................... Enabled
    (Cisco Controller) >show interface detailed guest
    Interface Name................................... guest
    MAC Address...................................... e8:b7:48:9b:84:24
    IP Address....................................... 10.255.255.30
    IP Netmask....................................... 255.255.255.0
    IP Gateway....................................... 10.255.255.1
    External NAT IP State............................ Disabled
    External NAT IP Address.......................... 0.0.0.0
    VLAN............................................. 301
    Quarantine-vlan.................................. 0
    Active Physical Port............................. 1
    Primary Physical Port............................ 1
    Backup Physical Port............................. Unconfigured
    Primary DHCP Server.............................. Unconfigured
    Secondary DHCP Server............................ Unconfigured
    DHCP Option 82................................... Disabled
    ACL.............................................. Unconfigured
    AP Manager....................................... No
    Guest Interface.................................. No
    L2 Multicast..................................... Enabled
    (Cisco Controller) >show dhcp leases
           MAC                IP         Lease Time Remaining
    00:21:6a:9c:03:04    10.255.255.46    23 hours 52 minutes 42 seconds        <<<<<<< lease remains even when the client is disconnected.
    *********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
    (Cisco Controller) >show client detail 00:21:6a:9c:03:04
    Client MAC Address............................... 00:21:6a:9c:03:04
    Client Username ................................. N/A
    AP MAC Address................................... a0:cf:5b:00:49:c0
    AP Name.......................................... mel
    Client State..................................... Associated
    Client NAC OOB State............................. Access
    Wireless LAN Id.................................. 2                 <<<<<<<<   'Internet' SSID
    BSSID............................................ a0:cf:5b:00:49:ce
    Connected For ................................... 319 secs
    Channel.......................................... 36
    IP Address....................................... 10.255.255.46      <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
    Association Id................................... 1
    Authentication Algorithm......................... Open System
    Reason Code...................................... 1
    Status Code...................................... 0
    Session Timeout.................................. 1800
    Client CCX version............................... 4
    Client E2E version............................... 1
    QoS Level........................................ Silver
    802.1P Priority Tag.............................. disabled
    WMM Support...................................... Enabled
    Power Save....................................... OFF
    Mobility State................................... Local
    Mobility Move Count.............................. 0
    Security Policy Completed........................ Yes
    Policy Manager State............................. RUN
    Policy Manager Rule Created...................... Yes
    ACL Name......................................... none
    ACL Applied Status............................... Unavailable
    Policy Type...................................... N/A
    Encryption Cipher................................ None
    Management Frame Protection...................... No
    EAP Type......................................... Unknown
    H-REAP Data Switching............................ Central       <<<<<<<<<
    H-REAP Authentication............................ Central       <<<<<<<<<<
    Interface........................................ management
    VLAN............................................. 100           <<<<<<<<<<< right Vlan
    Quarantine VLAN.................................. 0
    Access VLAN...................................... 100

    Hi All,
    I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
    DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
    *DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
    Thanks,
    Raj Sandhu

  • Internet DHCP/DNS issues with WRT1900ac

    I've had a WRT1900ac now for about 2 weeks and the problems seem to be escalating.  Need help.  And yes, I've already read dozens of threads about these issues and nothing seems to be working.
    Most of the problems seem to be centered around this DHCP/DNS issue that so many have been reporting.
    First, the symptoms:
    Galaxy S4 phones when connected via wifi have some apps that don't update (facebook and google play)
    Some computers (both Win 7) will connect to the network just fine, both wired and wireless - but won't be able to get to the internet
    I've spent the last 2-3 days of my life reading forums and trying all sorts of things to get this to work properly (like my old router) and I'm still stuck.  Some things I've tried:
    Firmware is up-to-date (latest version: 1.1.8.164461)
    Manually assigned static DNS in router config settings (connectivity -> local network) to various combinations including the router address, 8.8.8.8, 8.8.4.4, 75.75.75.75, 75.75.76.76 (I have comcast), OpenDNS addresses, etc.  I read that the router address is not needed, so I stopped including it.
    I manually assigned IPs and DNS on the Galaxy S4 phones and that seemed to work... but also seems unnecessary.
    I've reserved DHCP addresses on the computers in question, that didn't seem to work, I also manually set DNS on one of the comupters (can't on the other... long story/not my computer) and that worked for a while and then stopped working.
    The only way to get one of the computers on the internet now is to turn on the guest network (even though the computer is hard wired to the router), connect, and then the wired network works.  No clue why this is, but my guess is that it needs the guest network for DNS, then it fails back over to the wired network.  Once that happens, I can actually turn off the wifi on the computer and everything works great... until I reboot.  Key point: I can't change any settings on that box other than entering in SSID/passphrase info for the wireless connection.  I can connect to the regular (non-Guest) wifi just fine - I just can't ever get to the internet.
    I've tried massaging DHCP settings on the router until I'm blue in the face - Static DNS, reserving DHCP addresses, hell I even put one of the computers in the DMZ to see if that would work and it still can't connect to the internet (it's worth noting that with my old router, Linksys WRT310N, the setup was literally plug-and-play - no hassle with any of this).
    I've tried countless router reboots, factory resets, turning off my modem and router for 2+ minutes, and nothing is working.
    I even read somewhere that if you modify your DHCP settings at all that the WRT1900ac stops doing DNS properly and breaks, so I even tried several "hard" factory resets and used all the default DHCP/DNS settings.  And it worked... for a few hours.
    Seriously, I'm at my wit's end.  I'm out a lot of money on this thing and it's been one headache after another.  Please help.

    I think for most people its a bad idea to hold out that hope, lol. It seems like a great piece of hardware but if you really need a router and don't want to have to 'play' with it, its probably not a good choice. I have an EA6900 that I am very happy with but it has the same restrictions as far as DNS and I really hate the idea that I am forced to use the smartwifi portal. I would really like for them to give me a choice of the old gui or the new one and let ME decide. Lots of routers to choose from out there now and new ones seem to be coming out all the time so do some reading and see if something suits you better. Good luck!

  • ARP issue on Cisco Switch

    Hello everyone
    We are having some strange arp issues in one vlan. Suddenly, some devices (not all of them) from vlan 1 are not able to ping vlan 2. Interface vlans are located on different switches and I have to manually clear arp in vlan 1 to make computers ping each other between vlans.
    We have set arp timeout command in vlan 1 but it does not help until I manually clear it
    What can be the reason?
    Thank you

    Hmm, have you:
    1. Configured Root guard on all of your root bridge's ports?
    2. Confirmed that ports set at portfast have pbduguard enabled
    3. Use show and debug commands to make sure that TCNs are not happening for the affected VLANs
    4. What model switches do you have and what is the version of code are they are running
    Thank you for rating helpful posts!

  • DHCP issues in WLC

    Hi all ,
    We are using 5508 WLC with 7.4.100.0 version and AP's are 3600 .we have configured internal DHCP lease for the clients . We have one SSID with  802.1x auth WPA2/AES encryption .
    The problem is some 35 of our laptop is not getting IP address  oftenly from WLC .Remainig clients are getting IP with no problem .Any bug on this?
    Thanks,
    Regards,
    TS.

    Hi Vijay,
    You are running on the very first release of 7.4 code & that came with lots of bugs. So it is highly recommended to upgrade your WLC software to either 7.4.110.0(7.4MR1) or 7.4.111.x (7.4MR2 pre-release) available through TAC
    https://supportforums.cisco.com/docs/DOC-37334
    I am sure your issue will get fixed by one of this upgrade.
    Also make sure your WLC FUS also get upgraded to 1.7.0.0 if it is not already in that version.
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/fus_rn_1_7_0_0.html
    HTH
    Rasika
    ***** Pls rate all useful responses *****

  • Cisco WLC DHCP upgrade issues

    Hi,
    I've discovered an issue with our WLC 4400 series controllers when we do firmware upgrades (recently moved to 6.0.199) it seems to reset the dhcp server on the controller but the Access points still retain their old IP until the lease runs out (48hrs). This means that any AP's requesting a new lease often get an IP conflict for the first 48hrs after the upgrade and we experienced areas where AP's wouldnt connect.
    Is this a common issue and is there anyway to get the AP's to request a new address from the controller?
    thanks,
    Matt

    Hi Matt,
    When you do a WLC upgrade, a WLC reboot is required, this results in the DHCP lease table getting restarted as well.
    Solution:
    1-Setup an external DHCP Server to overcome this.
    2- Restart the access points, so they request a new IP address.
    This is mentioned on WLC release notes 6.0.199.0 that you are running, it is for clients, for the rule still applies:
    Link
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn6_0_199.html#wp581125
    Internal DHCP Server
    When clients use the controller's internal DHCP server, IP addresses are  not preserved across reboots. As a result, multiple clients can be  assigned the same IP address. To resolve any IP address conflicts,  clients must release their existing IP address and request a new one.
    The same also applies on newer releases such as 6.0.199.4 and 7.0.
    Have a good day.
    Serge

  • WLC DHCP & VLAN issue

    Hello,
    I configured on my WLC 5508 a new Interface & VLAN . The WLC act as DHCP Proxy.
    I enabled also Flex Connect local switching . Then I removed on my Switch under the
    VLAN settings the IP helper because as I know the WLC act as  IP helper.
    What is still not clear for me is where I have to insert the DHCP server adress
    on my WLC controller. Must I insert the DHCP server IP under my management Interface
    or where I have to enter the DHCP server IP.
    I tested this with the new VLAN interface and added the DHCP server IP but without success.
    Thanks for help.
    Regards

    Hi,
    I addedd an IP helper under the L3 configuration without success. Same, WLAN clients don´t get an IP .
    I configured following:
    add a new VLAN into the switch with layer 3 and addedd IP helper on the L3 switch.
    add the VLAN into the WLC controller wth a new SSID and Interface for this VLAN.
    Enabled Flex Connect under the SSID.
    Done a test with a wired client direct on a switch without problems.
    If I try to connect over the WLAN then the client don´t get an IP.
    Regards

  • WLC 2100 and DHCP strange issue.

    Hi,
       i have this scenario: 1 WLC 2100 and two LW AP 3500 connected. If the access points are connected via external switch evrything works well - AP and Clients get IP address from external DHCP and this is ok but when im connecting AP 3500 directly to one of ports on WLC i need to chceck in controller web Controller -> Advanced -> DHCP -> Enable DHCP proxy - after that AP get IP addres and clients get too but ip is assigned from external dhcp but the gateway is set as controller IP address (!!!) so clients not works. I want to configure access points connected directly do WLC.
    I have small setup and i have configured all in the one vlan - management dla users are in the same vlan.
    And the second is - for what usage is internal DHCP server - and how to use it?

    When "Enable DHCP Proxy" is not enabled tha LW AP 3500 cannot get IP address if it is connected directly to LWC... when i add this option then on both LW AP 3500 - one connected to WLC and second directly to switch give me DHCP address from external DHCP but gateway sets as LWC management IP.
    I made test - connected client witout "Enable DHCP Proxy":
    Client IP 192.168.1.201 (correct in dhcp server logs), default GW 192.168.1.1 (correct gateway for this DHCP) correct dnses and in windws ipconfig i see "Server DHCP 192.168.1.1" all is correct.
    Disconnected client and clicked "Enable DHCP Proxy":
    Client IP 192.168.1.201 (correct in dhcp server logs), default GW  192.168.1.252 incorrect gateway - ip of WLC management interface) correct dnses and in windws  ipconfig i see "Server DHCP 1.1.1.1" that shows that WLC modified DHCP packets... but what it try to set default GW as WLC?
    WLC data:
    Software Version
    7.0.98.0
    I can attach screenshots and any other configutation if you need.

  • WLC dhcp scope issue

    Hi,
    We are facing this problem
    we are using guest SSID with captive portal authentication.
    We are using below step to conect to network
    1) User will click on guest SSID & get IP from DHCP scope
    2) User will open google.com & then it will redirect to authentication page - we need to provide userid/pass & then we will able to access internet
    Problem
    Assume user only do Step -1 , Then My dhcp scope is utilizing
    How can we restrict the same to 'geneuine' user, any option/workaround ?
    br/subhojit

    I have to agree with e. Shortening theeaae will help.
    But the kny way to keep people off the WLAN would be to use a PSK so that only authorized users can get on.
    HTH
    Steve

  • Can I use ASA to be a DHCP Server use in WLC wireless Client

    I want to use ASA to be a DHCP Server for Wireless Client not it can't.
    I check the debug log in WLC, I confirm the WLC have send the request to ASA.
    In the ASA, it don't have any hits in the rule when the WLC send the DHCP relay request.
    I have try don't use dhcp relay in WLC but don't success. Anybody have the same case with me? And Is the ASA can't support DHCP relay agent to request to get the IP Addr.
    P.S. In the Network Design limitation so I can't use WLC to be DHCP Server.
    Equipment:
    ASA5510
    WLC4402
    How can I fix it.
    Thank you very much

    The issue is that the ASA doesn't accept DHCP requests from a relay agent, only broadcast DHCP requests. In the 4.2 version for the controllers there is now an option so you can change the way the controller forwards DHCP requests so that it is sent as a broadcast and not from a relay agent.

  • Device issue with WLC (excluded client)

    I have a single client that is having issues staying connected to my WLC running code 7.0.220.0
    Here are the debugs, it just keeps on looping:
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Adding mobile on LWAPP AP 10:8c:cf:78:93:80(0)
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfMsAssoStateInc
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Idle to Associated
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:06.355:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:06.355: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:06.355:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:07.362: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:07.362: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:08.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:08.361: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:09.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:09.362: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 0
    *dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.955: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:12.956:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:12.956: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:12.956:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:13.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:13.965: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:14.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:14.962: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:15.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:15.965: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 1
    *dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:19.494:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:19.494: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:19.494:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:20.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:20.561: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:21.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:21.561: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:22.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:22.562: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 2
    *dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
    *dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 57) in 10 seconds
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *apfMsConnTask_0: Jul 18 10:41:26.116: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
    *apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: New PMKID: (16)
    *dot1xMsgTask: Jul 18 10:41:26.120:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:26.120: Including PMKID in M1  (16)
    *dot1xMsgTask: Jul 18 10:41:26.120:      [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
    *dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
                                  state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
    *osapiBsnTimer: Jul 18 10:41:27.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:27.162: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:28.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:28.162: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
    *osapiBsnTimer: Jul 18 10:41:29.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 3
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Blacklisting (if enabled) mobile 00:40:96:b8:78:7a
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a apfBlacklistMobileStationEntry2 (apf_ms.c:4294) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Exclusion-list (1)
    *dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 44) in 10 seconds
    *dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
    *dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 START (0) Reached FAILURE: from line 4025
    *dot1xMsgTask: Jul 18 10:41:29.164: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 9) in 10 seconds
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState:      START
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 8
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy CCX LOCP 5
    *apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
    *osapiBsnTimer: Jul 18 10:41:39.165: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station:  (callerId: 46) in 60 seconds
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a apfMsExpireMobileStation (apf_ms.c:5131) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Exclusion-list (1) to Exclusion-list (2)
    *apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [10:8c:cf:78:93:80]
    *apfMsConnTask_0: Jul 18 10:41:51.799: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:52.313: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:53.316: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:54.320: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:55.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:41:56.326: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:41:59.292: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:41:59.339: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:00.342: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:01.346: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:02.349: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_6: Jul 18 10:42:03.352: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Received Idle-Timeout from AP 10:8c:cf:78:93:80, slot 0 for STA 00:40:96:b8:78:7a
    *spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Ignoring delete request from AP due to mobile in exclusion list or marked for deletion already
    *apfMsConnTask_0: Jul 18 10:42:08.127: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:08.370: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:09.373: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:10.377: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:11.380: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_0: Jul 18 10:42:12.383: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:27.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:28.438: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:29.441: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:30.445: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_5: Jul 18 10:42:31.448: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:36.045: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:36.467: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:37.470: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *apfMsConnTask_4: Jul 18 10:42:38.474: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
    *osapiBsnTimer: Jul 18 10:42:39.169: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
    *apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a apfMsAssoStateDec
    *apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a Deleting mobile on AP 10:8c:cf:78:93:80(0)
    Can anyone tell me why this is happening?
    Thank You

    Auth succeeded from AAA server side but there is a problem with 4-way handshake. It is obvious the problem is with the client because it does not reply the message 2 of the handshake.
    What is this client?
    Try upgrading the driver or the firmware. That sort it out.
    Sent from Cisco Technical Support iPad App

  • AP Fall back issue for WLC

    Hi,
    i have two WLC 4402 with same ios 4.2.99.0
    & configured fail over based on below link
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c5
    AP failover occurred but the fall back option like primary WLC comes up it does not register with primary all the ap still in secondary. I enable Fall back option also as per the document.
    could you guide me how i can troubleshoot this issue..
    Thanks..

    hi,
    the meaning is the secondary WLC is not realsing the IP's for client eventhough the SSId match with extract DHCP scope. DHCP scope is not overlap...
    Important.
    Primary box is new one with 4.2.99 but the old box had 4.1.x b4 the failover the old box was working & released the DHCP scope for the client. Once we upgraded the old box with 4.2.99 (Failover we need to have both the box with same version) even it is not releasing the DHCP scope if i used as standalone device also.
    My doubt is
    1. New box if i used as a stand alone it is releasing the DHCP scope for the client
    2. Both the new & old box has the same configuration
    3. If i used old box as a stand alone device why it is not releasing the DHCP scope (with the same IOS & configuration working perfectly on new box)
    4. This issue occured after upgrade the IOS on old box.
    Can anyone help me out at earliest.
    Thanks

  • Wireless 4404 poison arp issue

    I have configured a wireless LAN controller and am having issues with clients obtaining an IP address via DHCP.
    The access points (1131AG) pickup an IP address from the DHCP server without a problem, the clients connect to the wireless network ok, but fail to get and IP address assigned, the error on the wireless controller is as follows
    "Jul 02 10:01:17.036 dtl_net.c:1191 DTL-1-ARP_POISON_DETECTED: STA [00:19:d2:b2:0d:fa, 0.0.0.0] ARP (op 1) received with invalid SPA 172.17.7.4/TPA 172.17.7.1"
    Can some one tell me anything about this error ?
    Any help would be greatly appreciated

    The WLAN is marked as DHCP required, so the controller will flag the connection stating that it received an ARP request when it should have received a DHCP request.

  • DHCP relay issues - WLC4400 series

    Hi all,
    I'm experiencing some strange problems with my WLC 4400 – and hope you guys can give me a hand.
    There is an issue while connecting a WLAN Client to the WLC for the first time. I pinpointed the source of the problem to the dhcp, but I wondering why this happens…
    As stated above – the issue occurs only during the first time registration of a WLAN client with the WLC. If I do another registration right after the failed connection attempt, the session is established and I can start working in my network environment.
    Because we use 802.1x authentication, my first idea was that there is an issue – but the authentication process completes successfully.
    Another debug for the dhcp process showed an issue during the initial registration process. I'll paste an extract of the NOT working connection attempt below (DHCP DISCOVER msg and DHCP OFFER msg passed successfully – I'll focus on the DHCP REQUEST msg):
    ###### Extract one ######
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProxy: Received packet: Client 00:21:6a:00:35:9c
                            DHCP Op: BOOTREQUEST(1), IP len: 303, switchport: 29, encap: 0xec03
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option len, including the magic cookie = 67
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: received DHCP REQUEST msg
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 61, len 7
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: requested ip = 10.64.153.66
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: server id = 1.1.1.1
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 12, len 12
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: vendor class id = MSFT 5.0 (len 8)
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 55, len 12
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpParseOptions: options end, len 67, actual 67
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProxy: dhcp request, client: 00:21:6a:00:35:9c:
                            dhcp op: 1, port: 29, encap 0xec03, old mscb port number: 29
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c Determing relay for 00:21:6a:00:35:9c
                                                                                                            dhcpServer: 10.49.143.8, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c Relay settings for 00:21:6a:00:35:9c
                                                                                                            Local Address: 0.0.0.0, DHCP Server: 10.49.143.8,
                            Gateway Addr: 10.64.153.1, VLAN: 0, port: 29
    Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProcessPacket return an error,chaddr: 00:21:6a:00:35:9c
    The process stops working after the last line above. The client reports connection successfully, but no IP address was assigned to the client. A second connection attempt was successful (again – I'll focus on the dhcp REQUEST msg – ignoring DISCOVER, OFFER and ACK msg):
                            DHCP Op: BOOTREQUEST(1), IP len: 303, switchport: 29, encap: 0xec03
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option len, including the magic cookie = 67
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: received DHCP REQUEST msg
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 61, len 7
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: requested ip = 10.64.153.66
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: server id = 1.1.1.1
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 12, len 12
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: vendor class id = MSFT 5.0 (len 8)
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 55, len 12
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcpParseOptions: options end, len 67, actual 67
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcpProxy: dhcp request, client: 00:21:6a:00:35:9c:
                            dhcp op: 1, port: 29, encap 0xec03, old mscb port number: 29
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c Determing relay for 00:21:6a:00:35:9c
                                                                                                            dhcpServer: 10.49.143.8, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 10.64.153.6  VLAN: 300
    Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c Relay settings for 00:21:6a:00:35:9c
                                                                                                            Local Address: 10.64.153.6, DHCP Server: 10.49.143.8,
    The major difference seems to be in line 16:
    Not Working:
                            dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0
    Working:
                            dhcpGateway: 0.0.0.0, dhcpRelay: 10.64.153.6  VLAN: 300
    For me it seems that the WLC is not able to forward this request to the appropriate dhcp server.
    Does anyone of you have an idea, why this happens? And why does this happen only during the first time login of every client? Or am I misinterpreting the debug output?!
    Thx a lot in advance!
    Cheers
    Martin

    Hi,
    thx for your comment so far.
    I did some additional troubleshooting yesterday and I guess I fixed the problem. The management interface was configured with two dhcp server IPs (0.0.0.0 and 1.1.1.1).
    Within the Cisco documentation it is stated that the dhcp relay proxy feature uses a virtual IP 1.1.1.1.
    0.0.0.0    seems to be used for the internal communication.
    When I changed the dhcp address (primary & secondary) to IP 1.1.1.1 the problem was solved. We tested it yesterday evening and this morning.
    My assumption is that the virtual 1.1.1.1 IP is mandatory to match the dhcp responses to the proxy relaying feature. Or the WLC uses the DHCP addresses on the management interface to forward the traffic to the appropriate feature (where 1.1.1.1 triggers the proxy feature and 0.0.0.0 is used to forward the traffic to the internal dhcp service). But this is just a guesswork – I do not know the Cisco WLAN good enough to provide a valuable explanation.
    Cheers
    Martin

  • DHCP bad_address issue

    Hi,
    In our organization we are facing issue in DHCP "bad_address" . Which is affecting only for MAC BOOK AIR laptops. Keep on IP is getting changed.
    When we check in DHCP server that particular IP showing has "bad_address".
    so please suggest us to resolve this issue.
    Thanks,

    Hi,
    DHCP Duplicate IP Detection is marking the IP address as Bad_Address when the response is "host unreachable".
    Try to turn off ARP cache on the intermediate devices, such as router. Besides, multi DHCP servers or duplicated scope may also cause similar problem.
    Best Regards,
    Eve Wang
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Maybe you are looking for

  • Error msg: Current user does not have privileges to perform product Activation

    I am running Adobe Photoshop CS 8.0 on Windows Home Vista platform. I keep getting this error message when I try to open Photoshop: Current user does not have privileges to perform product activation. Run this application from a user account with adm

  • How to replicate data from MS SQL Server  to Oracle

    Hi, Can someone please help me on how to replicate data from MS SQL Server to Oracle 8i database.

  • Paste table to specific spot on canvas

    I routinely move grades from an application that I use for scoring their clickers, into my numbers spreadsheet for their grades. I export from the other application as a CSV file and then open that in numbers. After I have performed a few quick edits

  • Change screen resolution in mobile clients

    Hi, Is there a way to define resolution in RDP mobile clients (wp,android,ios) when connecting to an RDP server? It seems mobile clients connect with their native (max) resolution to the server, but most of the time it makes no sense. Full HD and 4K,

  • New update....asking me to save repeatedly

    My computer just automatically updated to Adobe Reader version 10.1.2. I want to print a PDF file. Adobe wants me to save the file first, no problem. I save the file and tell it to print, Adobe wants me to save the file again. Over and over again. Ve