Dot11 interface is shutdown
Hi,
My 3502i suddently shutdown it's Radio interface and when I connect to it, I cans ee that the interface is shutdown. So tryign to enable it but the "configure terminal" command is not available. Is there any hidden command to go the priveledge mode?
interface Dot11Radio0
no ip route-cache
shutdown
antenna gain 0
beamform ofdm
mbssid
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 m5-2 m6-2 m7-2 m11-2 m12-2 m13-2 m14-2 m15-2
power local -1
power client local
packet retries 64 drop-packet
no cdp enable
interface Dot11Radio1
no ip route-cache
shutdown
antenna gain 0
beamform ofdm
mbssid
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 12.4(25e)JA, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Fri 27-Jan-12 21:51 by prod_rel_team
ROM: Bootstrap program is C3500 boot loader
BOOTLDR: C3500 Boot Loader (AP3G1-BOOT-M) Version 12.4(23c)JA5, RELEASE SOFTWARE (fc1)
thanks
Hi,
Not the interface but the radio interface on this AP so I just replace it with a new one (good thing we have a spare).
*Dec 16 23:26:42.159: %SYS-3-CPUHOG: Task is running for (11010)msecs, more than (2000)msecs (0/0),process = Dot11 driver.
-Traceback= 0x3A8328 0x3A3318 0x58C268 0x58C1A4 0x58D408 0x58D93C 0x58D9CC 0x5F7178 0x59D550 0x5AA238 0x2A20D0
*Dec 16 23:26:43.732: %SYS-3-CPUHOG: Task is running for (12583)msecs, more than (2000)msecs (0/0),process = Dot11 driver.
-Traceback= 0x3A8340 0x3A8324 0x58C268 0x58C1A4 0x58D408 0x58D93C 0x58D9CC 0x5F7178 0x59D550 0x5AA238 0x2A20D0
*Dec 16 23:26:44.270: %SYS-3-CPUYLD: Task ran for (13120)msecs, more than (2000)msecs (0/0),process = Dot11 driver
*Dec 16 23:26:44.273: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Dec 16 23:26:44.289: %CLEANAIR-6-STATE: Slot 0 down
*Dec 16 23:26:44.930: ERROR: wait 3 failed
*Dec 16 23:26:44.930: Radio reset failed: wait 3
*Dec 16 23:26:44.930: PCIe reset radio 0, bus 1
*Dec 16 23:26:45.037: PCIEx: Initialization count 0 ERROR port [0] bad vc0=0
Then the radio are now gone after the reboot/reset;
*Dec 17 03:26:45.037.786: the Slot 0 has no radio
*Dec 17 03:26:45.037.786: the Slot 1 has no radio
So check via console, seems like a hardware issue.
Rgds
Similar Messages
-
871W dot11 interface as a receiver?
Hello,
I have a 871W with advanced IP services image.
What I have is a non-Cisco router which is connected to the internet and has a wireless.
What I want to do is set up the 871W radio interface to receive the signal from my other router (Internet) and route it(or NAT it) to the FE and WAN ports. I think this function is called something like a wireless bridge, but I am not sure.
Is it even possible to configure the radio like that? To be a receiver and send the signal to the wired ports? And how can I do this configuration?
Any help is greatly appreciated.
Thanks!
KalinHow about if I set up the radio as a Universal Wireless Client? 871W has that mode, but I wander if in this mode I can reroute the traffic received on the radio interface to the LAN and WAN interfaces and how?
If anyone has done something like that please share.
Thanks -
Interface in shutdown, Link-LED stays on.
I shutted down the GigabitEthernet-I/F on a cisco3845-router. The Link-LED stay on. Shouldn`t the Link-LED went off when the Interface is Administratly down?
The other side off the Cable is connected to a Catalyst. Does anybody have a expaination for this behavior?Are you using the CLI to issue the command? The reason I ask is I have had instances where issuing the command via a GUI did not acutally apply the command.
This is rather peculiar... -
Cisco1941W error massage "%DOT11-7-AUTH_FAILED: Station 0011.f596.eecb Authentication failed"
I am using Cisco1941W.
When I connect CliantPC to Wireless(1941W) I got bellow massage from 1941AP.
"%DOT11-7-AUTH_FAILED: Station 0011.f596.eecb Authentication failed"
And I couldn't ping from my PC to AP and Router.
Its possible communication from AP to Router.
I show 1941AP configration.
Could you find wrong?
By the way, my PC connected to AP by 108Mbps.
But my PC supported only 802.11a/b/g .
My PC use Static IP Address and use TEST-2 ssid.
I couldn't find error from my PC.
(start)
hostname TEST
enable secret test
aaa new-model
aaa group server radius rad_eap
server 10.73.12.2 auth-port 1645 acct-port 1646
aaa session-id common
dot11 syslog
dot11 ssid TEST-1
vlan 100
authentication open eap eap_methods
authentication key-management wpa
mbssid guest-mode
dot11 ssid TEST-2
vlan 200
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii testtesttesttesttest
dot11 aaa csid ietf
username Cisco password 7 05280F1C2243
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
no shut
encryption vlan 100 mode ciphers aes-ccm
encryption vlan 200 mode ciphers aes-ccm
ssid TEST-1
ssid TEST-2
mbssid
antenna gain 0
station-role root
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
no shut
encryption vlan 100 mode ciphers aes-ccm
encryption vlan 200 mode ciphers aes-ccm
ssid TEST-1
ssid TEST-2
antenna gain 0
no dfs band block
channel 5180
station-role root
interface Dot11Radio1.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
no ip route-cache
bridge-group 5
no bridge-group 5 source-learning
bridge-group 5 spanning-disabled
no shut
interface GigabitEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface BVI1
ip address 10.73.12.7 255.255.255.0
no ip route-cache
ip default-gateway 10.73.12.1
ip http server
no ip http secure-server
radius-server deadtime 1440
bridge 1 route ip
(end)
I guess errer massage is telling Radio Frequency error.
I tried to change configuration "speed".
But still get error massage and I couldn't ping from my PC.Thanks, leolaohoo.
> My PC use Static IP Address and use TEST-2 ssid.
so I use TEST-2.
in this case, ignore TEST-1.
I just paste real configuration.
I tried to connect again.
But still I can't ping from PC to AP.
I use other PC.
I configured bellow.
-interface dot11Radio0
-speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
It was same resault.
Is cisco1941w broken?
I'd like to know one more.
I configured bellow, but I couldn't use 802.11a.
-interface dot11Radio0
-shutdown
how to use 802.11a(5GHz)? -
ASA 5505 getting dchp from the outside interface
Hi, i have this configuration on on the Asa client
: Savedz
: Written by enable_15 at 13:39:22.779 UTC Thu Aug 15 2013
ASA Version 8.2(5)
hostname Lakewood
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.100.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 172.100.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 172.100.2.50-172.100.2.125 inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
this asa client is getting dhcp from another asa on another location, the asa on the other side cannot ping devices on the client side
this is the server asa
ASA Version 8.2(1)
name 50.66.169.176 OutsideWorld
name 172.100.2.0 Lakewood
interface Vlan1
nameif inside
security-level 100
ip address 172.100.1.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 50.66.202 255.255.255.248
interface Vlan3
shutdown
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
what type of configuration is this?
how can i get both sides to ping eachother and allow all the trafic?
thanks in advance.
Hi, i have this configuration on on the Asa client
: Savedz
: Written by enable_15 at 13:39:22.779 UTC Thu Aug 15 2013
ASA Version 8.2(5)
hostname Lakewood
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.100.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 172.100.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 172.100.2.50-172.100.2.125 inside
dhcpd auto_config outside interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
this asa client is getting dhcp from another asa on another location, the asa on the other side cannot ping devices on the client side
this is the server asa
ASA Version 8.2(1)
name 50.66.169.176 OutsideWorld
name 172.100.2.0 Lakewood
interface Vlan1
nameif inside
security-level 100
ip address 172.100.1.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 50.66.202 255.255.255.248
interface Vlan3
shutdown
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
what type of configuration is this?
how can i get both sides to ping eachother and allow all the trafic?
thanks in advance.Do you have a diagram of yourt setup and a more detailed description what you want to do?
The public interface of your main ASA looks like you are connecting to the internet. In that case, the IP address for the client has to come from the ISP and not from your main ASA. -
EEM interface errors not matching
I have the event applet configured below. I test by changing the controller time-slots to 1-15 instead of 1-24 in order to generate errors on my Serial0/1/0:0 interface. Errors are generated, but the eem applet does not match even though the errors are incrementing. I've turned on all suggested eem debugging and it shows 0 matches while I can see that the interface is incrementing the errors that should be triggering the actions from the eem.
configuration:
event manager applet multiple_if
event tag if_1 interface name Serial0/1/0:0 parameter input_errors_crc entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_2 interface name Serial0/1/0:0 parameter input_errors entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_3 interface name Serial0/1/0:0 parameter input_errors_frame entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_4 interface name Serial0/1/0:0 parameter input_errors_overrun entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_5 interface name Serial0/1/0:0 parameter output_errors entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_6 interface name Serial0/1/0:0 parameter output_errors_underrun entry-op ge entry-val 2 entry-type increment poll-interval 60
trigger
action 100 cli command "enable"
action 200 cli command "config t"
action 300 cli command "int Serial0/1/0:0"
action 400 cli command "description script worked!"
action 500 syslog msg "CRC failure leased line $_interface_name"
action 600 mail server "$_mail_smtp" to "$_mail_rcpt" from "$_info_routername@$_mail_domain" subject "ALERT: Serial Interface $id shutdown due to excessive interface error rate" body "\n$_syslog_msg"
action 999 end
debug ouput:
Jun 20 14:20:48 EDT: fh_fd_syslog_event_match: num_matches = 0
Jun 20 14:20:48 EDT: fh_fd_data_syslog: num_matches = 0
Jun 20 14:20:48 EDT: fh_fd_syslog_event_match: num_matches = 0
Jun 20 14:20:48 EDT: fh_fd_data_syslog: num_matches = 0
Jun 20 14:21:00 EDT: fh_fd_timer_process_async
Jun 20 14:21:00 EDT: cron_tick: num_matches 0
Jun 20 14:21:22 EDT: %HSRP-5-STATECHANGE: FastEthernet0/0.4 Grp 4 state Standby -> Active
Jun 20 14:21:22 EDT: fh_fd_syslog_event_match: num_matches = 0
Jun 20 14:21:22 EDT: fh_fd_data_syslog: num_matches = 0
Jun 20 14:22:00 EDT: fh_fd_timer_process_async
Jun 20 14:22:00 EDT: cron_tick: num_matches 0
Jun 20 14:23:00 EDT: fh_fd_timer_process_async
Jun 20 14:23:00 EDT: cron_tick: num_matches 0
Jun 20 14:24:00 EDT: fh_fd_timer_process_async
Jun 20 14:24:00 EDT: cron_tick: num_matches 0
output showing interface errors:
csc-lab01#sh int s0/1/0:0
Serial0/1/0:0 is up, line protocol is up
Hardware is GT96K Serial
Internet address is x.x.x.x/30
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Listen: CDPCP
Open: IPCP, loopback not set
Keepalive set (10 sec)
CRC checking enabled
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 02:44:23
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/0 (size/max total/drops)
30 second input rate 2000 bits/sec, 3 packets/sec
30 second output rate 2000 bits/sec, 2 packets/sec
9139 packets input, 1049231 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
224 input errors, 224 CRC, 117 frame, 95 overrun, 0 ignored, 81 abort
10737 packets output, 1511507 bytes, 0 underruns
0 output errors, 0 collisions, 15 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flagsA few other things I noticed. Try this:
event manager applet multiple_if
event tag if_1 interface name Serial0/1/0:0 parameter input_errors_crc entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_2 interface name Serial0/1/0:0 parameter input_errors entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_3 interface name Serial0/1/0:0 parameter input_errors_frame entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_4 interface name Serial0/1/0:0 parameter input_errors_overrun entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_5 interface name Serial0/1/0:0 parameter output_errors entry-op ge entry-val 2 entry-type increment poll-interval 60
event tag if_6 interface name Serial0/1/0:0 parameter output_errors_underrun entry-op ge entry-val 2 entry-type increment poll-interval 60
trigger occurs 1
correlate event if_1 or event if_2 or event if_3 or event if_4 or event if_4 or event if_5 or event if_6
action 100 cli command "enable"
action 200 cli command "config t"
action 300 cli command "int Serial0/1/0:0"
action 400 cli command "description script worked!"
action 401 set syslog_msg "CRC failure leased line $_interface_name"
action 500 syslog msg "$syslog_msg"
action 501 info type routername
action 600 mail server "$_mail_smtp" to "$_mail_rcpt" from "$_info_routername@$_mail_domain" subject "ALERT: Serial Interface $_interface_name shutdown due to excessive interface error rate" body "\n$syslog_msg" -
How can I put wireless and ethernet interfaces together?
I have a 877w router, and I'm trying to configure a wireless network.
I have an RFC1483 bridged ADSL, so I have ATM0.1 in a bridge group, and I then defined a BVI1 interface.
However, after configuring the wireless interface, I noticed that my laptop gets the IP address from the provider, as if wireless had precedence over the BVI interface. Putting the Dot11 interface in a separate bridge under VLAN1 doesn't seem to help either. I tried to put everything in the same bridge, but fast ethernet interfaces don't support bridging (how does the BVI work then, I wonder).
What should I do? Should I use two separate VLANs? I wouldn't like to do that. Any help appreciated. Thank youHey, thank you, that did it.
So I should have followed more the article. I guess I just don't understand how BVI works. From the article I thought that the BVIs were on the same level, that is, all of them right behind the ATM interface. I was also thinking that one BVI could bridge more VLANs. Now my next mission is to understand why I was wrong on both points.
Guys, thank you for the help. Now I'll try to undertand better what I just did :-) -
Aironet C1140 - Radio Interface Keeps in Reset State
Hello,
Recently we noticed that one of our C1142 access points has a radio interface (actually is only happening with the one working in BG, so its dot11radio 0) which is entering in reset state and doesn't leave that state. I've seen an older thread about similar (or equal?) issue but was on a different AP model (C1240 if I remember correctly).
The radio interface controller information displays in the end a reset code:
Last radio reset code: 06
Radio resets - total:1 retries:0 failed:0
Code/Count: 06/00001
Although I was not able to find any information about this reset code in Cisco documents (maybe someone knows where I find it?).
If I try to restart the interface via "shutdown" configuration command it doesn't fix the problem, the workaround that I know of is only by "reload"ing the whole accesspoint.
Of course while in reset state no client can associate to this interface....
Did anyone had similar problem? is there any documented BUG related to this?
Thanks for your time,
Jean-François Mousinho
PS: firmware version is 12.4(21a)JA1.version information:
Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(21a)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 16-Sep-09 18:09 by prod_rel_team
ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(18a)JA3, RELEASE SOFTWARE (fc1)
TS_Piso8_SulEsq uptime is 3 days, 1 hour, 16 minutes
System returned to ROM by reload
System restarted at 10:47:38 Z Tue Sep 14 2010
System image file is "flash:/c1140-k9w7-mx.124-21a.JA1/c1140-k9w7-mx.124-21a.JA1"
This product contains cryptographic features and is subject to United...
cisco AIR-AP1142N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32768K bytes of memory.
Processor board ID FCZ1426W04V
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from reload
1 Gigabit Ethernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: C8:4C:75:AE:8A:CC
Part Number : 73-11451-08
PCA Assembly Number : 800-30554-06
PCA Revision Number : A0
PCB Serial Number : FOC14233KEB
Top Assembly Part Number : 800-31273-04
Top Assembly Serial Number : FCZ1426W04V
Top Revision Number : A0
Product/Model Number : AIR-AP1142N-E-K9
Configuration register is 0xF
TS_Piso8_SulEsq#sh inventory
NAME: "AP1140", DESCR: "Cisco Aironet 1140 Series (IEEE 802.11n) Access Point"
PID: AIR-AP1142N-E-K9 , VID: V03, SN: FCZ1426W04V
Country is Portugal.
Thanks for your time.
Jean-François Mousinho -
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
Hello,
On a 4402 wireless controller (7.0.220.0) with LAP1242AG-E-K9 and LAP1252AG-E-K9 access points I receive lots of messages like this:
Dec 9 12:55:16 ap-a1 1466: AP:001a.2f58.d4d6: *Dec 9 11:55:16.174: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
Dec 9 12:55:17 ap-a1 1467: AP:001a.2f58.d4d6: *Dec 9 11:55:16.211: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
what is a little bit annoying, in particular for voice communications.
Is there a way to get more information from any logs or is there a similar problem discussion anywhere on this forum?
Thanks.Hi Konstantin,
Unfortunately I do not think we have the radio status codes published, but I'll comment on them here:
Status 51: Reset on transmit completion. I'm not 100%, but I think this means the radio was supposed to reset (due to another reason) but had data to transmit, so it completed TX and then reset.
Status 52: Reset on completion of multicast packets. Similar to above, just with multicast traffic being queued up.
Status 37: Generic interface reset (up/down), often seen during bootup or on configuration changes.
Status 54: Radio interface was shutdown -- either configured by the user or perhaps part of the boot process.
Status 67: Reset after changing hostname on the AP. This also would occur on bootup once the config is loaded.
Status 71: Reset to update radio status on WLC. Also usually done upon AP joining the WLC after bootup.
-Pat -
SFE2000P - Interface reset on DHCP renew?
As anyone experienced this problem:
Im running POE for Cisco 504G phones with a PC attached to the LAN switch port on the phone. DHCP is being served through a Cisco 1800 series router.
It seems that the interface will shutdown and come right back on at DHCP renewal obviously resetting the phone and causing the PC client to disconnect. The only reason I noticed this is because it is right at the same time the lease is expiring. Both the phone and the PC are on the same VLAN.
Thanks
DomenickHi Domenick,
The question in my mind, is how would a lease renewal on a phone going to cause the port to go down. I'm not sure what you mean by .16, but if it is port number 16 no, should be no problem, it's not a special port.
I'm guessing that the SFE2000P is not in stacking mode or Layer 3 mode (checked via telnet or console).
By the sound of the error log when the link goes down and up again, sure sounds like the phone is going down and up.
You have an option to see what the phone is doing by sysloging information from the phone to a syslog server, such as the kiwi-syslog daemon.
Sure sounds like the phone is dropping and not the switch port, I may be wrong, a syslog of what's happening with the spa504G might be useful.
I have attached the admin guide that shows how to set up the unit for local or remote syslog server and sending debug messages to the syslog server. This might be informative, but it sure sounds like you should open a call with the Small Business Support center as well.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
regards Dave -
ASA5512-X Setup using Management Interface
I have a brand new ASA5512-X running 8.6.1, and am trying to do an initial setup using the Quick Start Guide that came with it. However, the Management Interface is not working. I have a PC connected and set to use DHCP, but the port is not active.
I connected a console cable and can see in the config that the interface is shutdown. So I set it to active, and the port is now active, but is not giving out a DHCP address as the guide says it should.
I would like to use the ASDM Startup Wizard to configure this device, so how do I get it to work the way the instructions say it should?
Thanks!Hello,
Try by console cable to use the commad:
config factory-default
and in case you don't have this:
ssl encryption des-sha1
It should get your ASDM working.
Let me know how this works for you.
Regards -
Router interface up connected to switch interface down - but router status = up.
Hi all,
My router R2 fa0/0 and fa0/1 are connected to 2 L3 switches on their fa0/2 ports respectively.
I have shutdown all interfaces on the L3 switches. but on my router, i still see
R2#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.3.1 YES manual up down
FastEthernet0/1 192.168.4.1 YES manual up down
======================================================================
I would have thought if i have shutdown the switches interfaces, the respective interfaces on the Router would be down too.
Is it not the case ?
Regards,
NoobHi KOH SZE JIE,
This is normal behavior; If you have an interface UP; the line protocol may go up and down. But the Status (of the interface) will not change unless you make a configuration change.
Please see below a breakdown of your "show ip int brief"
Method
is set to 'Manual' This means you manually configured the interface from the CLI.
Status
is 'UP' This means the interface is up. Basically this means you did a "no shutdown" on the port.
There are three modes here
Down - The interface is shutdown (Default on most routers)
Administratively down - You have gone under the interface and issued a "shutdown"
UP - You have issued a "No shutdown" on the interface.
Protocol
Down - This means a routing protocol is not active on the interface. This makes sense as you have shutdown the remote end(in your case your L3 switch.
I hope this helps.
Kind Regards,
Liam
*** EDIT ***
After a bit of digging, I found the following Cisco document; this explains the entire show command more concisely then I could :)
http://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/command/reference/cpt93_cr/cpt93_cr_chapter_01110.html -
Shared Interfaces in a user context
Hello Cisco-ers,
I created 2 user contexts recently to two of my company's departments. I allocated a shared outside interface and separate unique inside interfaces to them both. Both contexts are working perfect after i issued the "mac-address auto" command in the sys. space. Before this command, both contexts didn't work at all. Now i need someone to explain to me, why the contexts didn't use the NAT entries as a method for identifying which context should the outside interface's classifier place the traffic.
ThanksThx for the reply.
The situation here is the appliance shares an interface across multiple contexts. Because of this, the same MAC address is used. As already known, there are 2 methods the appliance use to solve the issue of identifying to which context it should place a user's traffic on. First method, using NAT entries and Second method, using unique MAC addresses.
Now, the first method didn't work and i have no idea why (see the config.). NAT entries are also unique just as MAC addresses i wonder why the appliance didn't use this method and forced me to use the second method.
Check the below config.
System Space:
ciscoasa# sh run
: Saved
ASA Version 8.4(2)
hostname ciscoasa
domain-name test.com
enable password 8Ry2YjIyt7RRXU24 encrypted
no mac-address auto
interface GigabitEthernet0
interface GigabitEthernet1
interface GigabitEthernet2
interface GigabitEthernet3
shutdown
interface GigabitEthernet4
shutdown
interface GigabitEthernet5
shutdown
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
ftp mode passive
pager lines 24
no failover
no asdm history enable
arp timeout 14400
console timeout 0
admin-context admin
context admin
allocate-interface GigabitEthernet0
allocate-interface GigabitEthernet1
allocate-interface GigabitEthernet2
config-url disk0:/admin.cfg
context CustA
allocate-interface GigabitEthernet0 CustA_Inside
allocate-interface GigabitEthernet1 CustA_Outside
config-url tftp://192.168.4.100/CustA.cfg
context CustB
allocate-interface GigabitEthernet1 CustB_Outside
allocate-interface GigabitEthernet2 CustB_Inside
config-url tftp://192.168.3.100/CustB.cfg
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:bb370df4ae90ab9b782d9d6eea1c91a0
: end
ciscoasa#
CustA Context:
ciscoasa/CustA# sh run
: Saved
ASA Version 8.4(2)
hostname CustA
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface CustA_Inside
nameif Inside
security-level 100
ip address 192.168.4.3 255.255.255.0
interface CustA_Outside
nameif Outside
security-level 0
ip address 192.168.1.2 255.255.255.0
object-group network Internal
network-object 192.168.4.0 255.255.255.0
object-group network External
network-object 192.168.1.25 255.255.255.255
pager lines 24
mtu Inside 1500
mtu Outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (Inside,Outside) source dynamic Internal External
route Outside 0.0.0.0 0.0.0.0 192.168.1.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
Cryptochecksum:a54fb97947d70811a9437dae93bfeae4
: end
ciscoasa/CustA#
Thanks -
Problem in Zone Based FW Config
Could anyone see why the below config is making http downloads/streaming hang. Cant watch any streaming as it hangs in various parts but also downloading MS service packs, it will sometimes not start at all or get a few percent then cut off.
Downloading off newsgroups though is not an issue.
It is deffo router in some way. Tried a bog standard one and no issues. Seems to be since I adjusted the FW config through the CCP wizard and might of selected the medium security option.
Any ideas please?
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any Incoming-XBL-Traffic
match access-group name XBOX-Live
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect Incoming-XBL-Policy
class type inspect Incoming-XBL-Traffic
pass
class class-default
drop
zone security in-zone
zone security out-zone
zone security private-in-zone
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-private-in-out source private-in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-private-in source out-zone destination private-in-zone
service-policy type inspect Incoming-XBL-Policy
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any Incoming-XBL-Traffic
match access-group name XBOX-Live
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect Incoming-XBL-Policy
class type inspect Incoming-XBL-Traffic
pass
class class-default
drop
zone security in-zone
zone security out-zone
zone security private-in-zone
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-private-in-out source private-in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-private-in source out-zone destination private-in-zone
service-policy type inspect Incoming-XBL-PolicyThis is the current running config:
HOME_RTR#sho term len 0
HOME_RTR#show run
Building configuration...
Current configuration : 8216 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname
logging message-counter syslog
enable secret 5
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2045468537
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2045468537
revocation-check none
rsakeypair TP-self-signed-2045468537
crypto pki certificate chain TP-self-signed
certificate self-signed 01
quit
dot11 syslog
ip source-route
ip dhcp pool PRIVATE
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
ip dhcp pool WORK
import all
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
ip dhcp pool SERVER
host 192.168.10.200 255.255.255.0
client-identifier 0100.248c.3fdb.a9
client-name SERVER
ip dhcp pool XBOX
host 192.168.10.210 255.255.255.0
client-identifier 0100.25ae.eae4.88
client-name XBOX
ip cef
ip domain name home.local
no ipv6 cef
multilink bundle-name authenticated
archive
log config
hidekeys
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any Incoming-XBL-Traffic
match access-group name XBOX-Live
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect Incoming-XBL-Policy
class type inspect Incoming-XBL-Traffic
pass
class class-default
drop
zone security in-zone
zone security out-zone
zone security private-in-zone
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-private-in-out source private-in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-private-in source out-zone destination private-in-zone
service-policy type inspect Incoming-XBL-Policy
interface ATM0
no ip address
no ip redirects
no ip proxy-arp
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0.1 point-to-point
description WAN via ADSL
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
shutdown
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security private-in-zone
ip tcp adjust-mss 1412
interface Vlan10
description $FW_INSIDE$
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security private-in-zone
ip tcp adjust-mss 1412
interface Vlan20
description $FW_INSIDE$
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1412
interface Dialer0
description ADSL Dialup
ip address negotiated
no ip redirects
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname
ppp chap password
ppp ipcp dns request
ppp ipcp address accept
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.10.210 88 interface Dialer0 88
ip nat inside source static udp 192.168.10.210 3074 interface Dialer0 3074
ip nat inside source static tcp 192.168.10.210 3074 interface Dialer0 3074
ip access-list extended XBOX-Live
permit udp any host 192.168.10.210 eq 88
permit udp any host 192.168.10.210 eq 3074
permit tcp any host 192.168.10.210 eq 3074
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
snmp-server community public RO
control-plane
banner login ^CHOME
^C
line con 0
no modem enable
line aux 0
line vty 0 4
transport input ssh
scheduler max-task-time 5000
end
HOME_RTR#exit -
Cisco 871w, radius server local, and leap or eap-fast will not authenticate
Hello, i trying to setup eap-fast or leap on my 871w. i belive i have it confiured correctly but i can not get any device to authenticate to router. Below is the confiureation that i being used. any help would be welcome!
! Last configuration change at 15:51:30 AZT Wed Jan 4 2012 by testtest
! NVRAM config last updated at 15:59:37 AZT Wed Jan 4 2012 by testtest
version 12.4
configuration mode exclusive auto
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
hostname router871
boot-start-marker
boot-end-marker
logging count
logging message-counter syslog
logging buffered 4096
logging rate-limit 512 except critical
logging console critical
enable secret 5 <omitted>
aaa new-model
aaa group server radius rad-test3
server 192.168.16.49 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login eap-methods group rad-test3
aaa authorization exec default local
aaa session-id common
clock timezone AZT -7
clock save interval 8
dot11 syslog
dot11 ssid test2
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 <omitted>
dot11 ssid test1
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 <omitted>
dot11 ssid test3
vlan 3
authentication open eap eap-methods
authentication network-eap eap-methods
no ip source-route
no ip gratuitous-arps
ip options drop
ip dhcp bootp ignore
ip dhcp excluded-address 192.162.16.49 192.162.16.51
ip dhcp excluded-address 192.168.16.33
ip dhcp excluded-address 192.168.16.1 192.168.16.4
ip dhcp pool vlan1pool
import all
network 192.168.16.0 255.255.255.224
default-router 192.168.16.1
domain-name test1.local.home
lease 4
ip dhcp pool vlan2pool
import all
network 192.168.16.32 255.255.255.240
default-router 192.168.16.33
domain-name test2.local.home
lease 0 6
ip dhcp pool vlan3pool
import all
network 192.168.16.48 255.255.255.240
default-router 192.168.16.49
domain-name test3.local.home
lease 2
ip cef
ip inspect alert-off
ip inspect max-incomplete low 25
ip inspect max-incomplete high 50
ip inspect one-minute low 25
ip inspect one-minute high 50
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 30
ip inspect tcp synwait-time 60
ip inspect tcp block-non-session
ip inspect tcp max-incomplete host 25 block-time 2
ip inspect name firewall tcp router-traffic
ip inspect name firewall ntp
ip inspect name firewall ftp
ip inspect name firewall udp router-traffic
ip inspect name firewall pop3
ip inspect name firewall pop3s
ip inspect name firewall imap
ip inspect name firewall imap3
ip inspect name firewall imaps
ip inspect name firewall smtp
ip inspect name firewall ssh
ip inspect name firewall icmp router-traffic timeout 10
ip inspect name firewall dns
ip inspect name firewall h323
ip inspect name firewall hsrp
ip inspect name firewall telnet
ip inspect name firewall tftp
no ip bootp server
no ip domain lookup
ip domain name local.home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip accounting-threshold 100
ip accounting-list 192.168.16.0 0.0.0.31
ip accounting-list 192.168.16.32 0.0.0.15
ip accounting-list 192.168.16.48 0.0.0.15
ip accounting-transits 25
login block-for 120 attempts 5 within 60
login delay 5
login on-failure log
memory free low-watermark processor 65536
memory free low-watermark IO 16384
username testtest password 7 <omitted>
archive
log config
logging enable
logging size 255
notify syslog contenttype plaintext
hidekeys
path tftp://<omitted>/archive-config
write-memory
ip tcp synwait-time 10
ip ssh time-out 20
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
bridge irb
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
shutdown
interface FastEthernet1
switchport mode trunk
shutdown
interface FastEthernet2
shutdown
spanning-tree portfast
interface FastEthernet3
spanning-tree portfast
interface FastEthernet4
description Cox Internet Connection
ip address dhcp
ip access-group ingress-filter in
ip access-group egress-filter out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip flow egress
ip inspect firewall out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
load-interval 30
duplex auto
speed auto
no cdp enable
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 2 mode ciphers aes-ccm
encryption key 1 size 128bit 7 <omitted> transmit-key
encryption mode wep mandatory
broadcast-key vlan 1 change <omitted> membership-termination
broadcast-key vlan 3 change <omitted> membership-termination
broadcast-key vlan 2 change <omitted> membership-termination
ssid test2
ssid test1
ssid test3
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
no cdp enable
interface Dot11Radio0.1
description <omitted>
encapsulation dot1Q 1 native
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description <omitted>
encapsulation dot1Q 2
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.3
description <omitted>
encapsulation dot1Q 3
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface Vlan1
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan2
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
bridge-group 2 spanning-disabled
interface Vlan3
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 3
bridge-group 3 spanning-disabled
interface BVI1
description <omitted>
ip address 192.168.16.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
interface BVI2
description <omitted>
ip address 192.168.16.33 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
interface BVI3
description <omitted>
ip address 192.168.16.49 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha rc4-128-sha
ip http timeout-policy idle 5 life 43200 requests 5
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.16.50 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.16.50 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.16.50 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.50 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.50 88 interface FastEthernet4 88
ip nat inside source static udp 192.168.16.50 53 interface FastEthernet4 53
ip access-list extended egress-filter
deny ip any host <omitted>
deny ip any host <omitted>
deny ip host <omitted> any
deny ip host <omitted> any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.10.9.255 any
deny ip 10.0.0.0 0.10.13.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.15.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
permit ip <omitted> 0.0.0.3 any
deny ip any any log
ip access-list extended ingress-filter
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc
deny icmp any any log
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host <omitted>
deny ip any host <omitted>
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip 10.10.10.0 0.0.0.255 any
deny ip 10.10.11.0 0.0.0.255 any
deny ip 10.10.12.0 0.0.0.255 any
deny ip any any log
access-list 1 permit 192.168.16.0 0.0.0.63
access-list 20 permit 127.127.1.1
access-list 20 permit 204.235.61.9
access-list 20 permit 173.201.38.85
access-list 20 permit 216.229.4.69
access-list 20 permit 152.2.21.1
access-list 20 permit 130.126.24.24
access-list 21 permit 192.168.16.0 0.0.0.63
radius-server local
no authentication mac
eapfast authority id <omitted>
eapfast authority info <omitted>
eapfast server-key primary 7 <omitted>
nas 192.168.16.49 key 7 <omitted>
group rad-test3
vlan 3
ssid test3
user test nthash 7 <omitted> group rad-test3
user testtest nthash 7 <omitted> group rad-test3
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.16.49 auth-port 1812 acct-port 1813 key 7 <omitted>
radius-server vsa send accounting
control-plane host
control-plane transit
control-plane cef-exception
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
line con 0
password 7 <omitted>
logging synchronous
no modem enable
transport output telnet
line aux 0
password 7 <omitted>
logging synchronous
transport output telnet
line vty 0 4
password 7 <omitted>
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
process cpu threshold type total rising 80 interval 10 falling 40 interval 10
ntp authentication-key 1 md5 <omitted> 7
ntp authenticate
ntp trusted-key 1
ntp source FastEthernet4
ntp access-group peer 20
ntp access-group serve-only 21
ntp master 1
ntp server 152.2.21.1 maxpoll 4
ntp server 204.235.61.9 maxpoll 4
ntp server 130.126.24.24 maxpoll 4
ntp server 216.229.4.69 maxpoll 4
ntp server 173.201.38.85 maxpoll 4
endso this what i am getting now for debug? any thoughs?
010724: Jan 5 16:26:04.527 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/2
010725: Jan 5 16:26:08.976 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/2
010726: Jan 5 16:26:08.976 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
010727: Jan 5 16:26:08.976 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
010728: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
010729: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
010730: Jan 5 16:26:08.976 AZT: Client d8b3.7759.0488 failed: EAP reason 1
010731: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
010732: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
010733: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
010734: Jan 5 16:26:08.976 AZT: EAPOL pak dump tx
010735: Jan 5 16:26:08.976 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0004
010736: Jan 5 16:26:08.976 AZT: EAP code: 0x4 id: 0x1 length: 0x0004
0AD05650: 01000004 04010004 ........
0AD05660:
010737: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: sending data to requestor status 1
010738: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010739: Jan 5 16:26:08.980 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
010740: Jan 5 16:26:08.980 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
010741: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: sending data to requestor status 0
010742: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
010743: Jan 5 16:26:08.980 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010744: Jan 5 16:26:08.984 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
010745: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010746: Jan 5 16:26:09.624 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010747: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: req->auth_type 0
010748: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010749: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010750: Jan 5 16:26:09.624 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010751: Jan 5 16:26:09.624 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010752: Jan 5 16:26:09.624 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010753: Jan 5 16:26:09.624 AZT: EAPOL pak dump tx
010754: Jan 5 16:26:09.624 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010755: Jan 5 16:26:09.624 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0AD05B50: 01000031 01010031 ...1...1
0AD05B60: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0AD05B80: 72383731 2C706F72 7469643D 30 r871,portid=0
010756: Jan 5 16:26:09.644 AZT: dot11_auth_send_msg: sending data to requestor status 1
010757: Jan 5 16:26:09.648 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010758: Jan 5 16:26:09.648 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010759: Jan 5 16:26:09.656 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010760: Jan 5 16:26:09.656 AZT: EAPOL pak dump rx
010761: Jan 5 16:26:09.656 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0009
010762: Jan 5 16:26:09.656 AZT: EAP code: 0x2 id: 0x1 length: 0x0009 type: 0x1
0B060D50: 01000009 02010009 ........
0B060D60: 01746573 74 .test
010763: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
010764: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
010765: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
010766: Jan 5 16:26:09.664 AZT: RADIUS/ENCODE(00000198):Orig. component type = DOT11
010767: Jan 5 16:26:09.664 AZT: RADIUS: AAA Unsupported Attr: ssid [282] 8
010768: Jan 5 16:26:09.664 AZT: RADIUS: 74 6F 79 73 6F 6E [toyson]
010769: Jan 5 16:26:09.664 AZT: RADIUS: AAA Unsupported Attr: interface [175] 3
010770: Jan 5 16:26:09.664 AZT: RADIUS: 36 [6]
010771: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
010772: Jan 5 16:26:09.664 AZT: RADIUS/ENCODE(00000198): acct_session_id: 408
010773: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
010774: Jan 5 16:26:09.664 AZT: RADIUS(00000198): sending
010775: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Send Access-Request to 162.168.16.49:1645 id 1645/3, len 133
010776: Jan 5 16:26:09.664 AZT: RADIUS: authenticator BF 69 DD DF 89 1F C6 FB - EF EC 12 EB C5 3F 3A CD
010777: Jan 5 16:26:09.664 AZT: RADIUS: User-Name [1] 6 "test"
010778: Jan 5 16:26:09.664 AZT: RADIUS: Framed-MTU [12] 6 1400
010779: Jan 5 16:26:09.664 AZT: RADIUS: Called-Station-Id [30] 16 "0019.3075.e660"
010780: Jan 5 16:26:09.664 AZT: RADIUS: Calling-Station-Id [31] 16 "d8b3.7759.0488"
010781: Jan 5 16:26:09.668 AZT: RADIUS: Service-Type [6] 6 Login [1]
010782: Jan 5 16:26:09.668 AZT: RADIUS: Message-Authenticato[80] 18
010783: Jan 5 16:26:09.668 AZT: RADIUS: 5B FA 47 07 0E E3 4B 71 7F 60 6E 4E 91 37 84 A6 [[?G???Kq?`nN?7??]
010784: Jan 5 16:26:09.668 AZT: RADIUS: EAP-Message [79] 11
010785: Jan 5 16:26:09.668 AZT: RADIUS: 02 01 00 09 01 74 65 73 74 [?????test]
010786: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
010787: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port [5] 6 661
010788: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port-Id [87] 5 "661"
010789: Jan 5 16:26:09.668 AZT: RADIUS: NAS-IP-Address [4] 6 192.168.16.49
010790: Jan 5 16:26:09.668 AZT: RADIUS: Nas-Identifier [32] 11 "router871"
010791: Jan 5 16:26:14.501 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010792: Jan 5 16:26:19.018 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010793: Jan 5 16:26:23.739 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010794: Jan 5 16:26:28.700 AZT: RADIUS: Fail-over to (162.168.16.49:1812,1813) for id 1645/3
router871#
010795: Jan 5 16:26:33.629 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010796: Jan 5 16:26:38.494 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010797: Jan 5 16:26:39.794 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010798: Jan 5 16:26:39.794 AZT: EAPOL pak dump rx
010799: Jan 5 16:26:39.794 AZT: EAPOL Version: 0x1 type: 0x1 length: 0x0000
0AD053D0: 01010000 ....
010800: Jan 5 16:26:39.798 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for d8b3.7759.0488
010801: Jan 5 16:26:39.798 AZT: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
router871#
010802: Jan 5 16:26:43.007 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010803: Jan 5 16:26:47.336 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/3
010804: Jan 5 16:26:47.336 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
010805: Jan 5 16:26:47.336 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
010806: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
010807: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
010808: Jan 5 16:26:47.336 AZT: Client d8b3.7759.0488 failed: EAP reason 1
010809: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
010810: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
010811: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
010812: Jan 5 16:26:47.336 AZT: EAPOL pak dump tx
010813: Jan 5 16:26:47.336 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0004
010814: Jan 5 16:26:47.336 AZT: EAP code: 0x4 id: 0x1 length: 0x0004
0B060710: 01000004 04010004 ........
0B060720:
010815: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: sending data to requestor status 1
010816: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010817: Jan 5 16:26:47.340 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
010818: Jan 5 16:26:47.340 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
010819: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: sending data to requestor status 0
010820: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
router871#
010821: Jan 5 16:26:47.340 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010822: Jan 5 16:26:47.344 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
010823: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010824: Jan 5 16:26:47.972 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010825: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: req->auth_type 0
010826: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010827: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010828: Jan 5 16:26:47.976 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010829: Jan 5 16:26:47.976 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010830: Jan 5 16:26:47.976 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010831: Jan 5 16:26:47.976 AZT: EAPOL pak dump tx
010832: Jan 5 16:26:47.976 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010833: Jan 5 16:26:47.976 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0AD05B50: 01000031 01010031 ...1...1
0AD05B60: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0AD05B80: 72383731 2C706F72 7469643D 30 r871,portid=0
010834: Jan 5 16:26:47.996 AZT: dot11_auth_send_msg: sending data to requestor status 1
010835: Jan 5 16:26:47.996 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010836: Jan 5 16:26:47.996 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010837: Jan 5 16:26:47.996 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
010838: Jan 5 16:26:47.996 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
router871#
010839: Jan 5 16:26:47.996 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
router871#
010840: Jan 5 16:26:58.634 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010841: Jan 5 16:26:58.634 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010842: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: req->auth_type 0
010843: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010844: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010845: Jan 5 16:26:58.638 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010846: Jan 5 16:26:58.638 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010847: Jan 5 16:26:58.638 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010848: Jan 5 16:26:58.638 AZT: EAPOL pak dump tx
010849: Jan 5 16:26:58.638 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010850: Jan 5 16:26:58.638 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0B060710: 01000031 01010031 ...1...1
0B060720: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0B060730: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0B060740: 72383731 2C706F72 7469643D 30 r871,portid=0
010851: Jan 5 16:26:58.658 AZT: dot11_auth_send_msg: sending data to requestor status 1
010852: Jan 5 16:26:58.658 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010853: Jan 5 16:26:58.658 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010854: Jan 5 16:27:01.603 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
010855: Jan 5 16:27:01.603 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
010856: Jan 5 16:27:01.603 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010857: Jan 5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list ingress-filter denied tcp 32.42.41.254(57443) -> 72.201.117.84(59652), 1 packet
010858: Jan 5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list egress-filter denied tcp 22.3.184.118(0) -> 74.125.53.188(0), 4 packets
010859: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010860: Jan 5 16:27:12.261 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010861: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: req->auth_type 0
010862: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010863: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010864: Jan 5 16:27:12.261 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010865: Jan 5 16:27:12.261 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010866: Jan 5 16:27:12.261 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010867: Jan 5 16:27:12.261 AZT: EAPOL pak dump tx
010868: Jan 5 16:27:12.261 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010869: Jan 5 16:27:12.261 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0B060FD0: 01000031 01010031 ...1...1
0B060FE0: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0B060FF0: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0B061000: 72383731 2C706F72 7469643D 30 r871,portid=0
010870: Jan 5 16:27:12.285 AZT: dot11_auth_send_msg: sending data to requestor status 1
010871: Jan 5 16:27:12.285 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010872: Jan 5 16:27:12.285 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010873: Jan 5 16:27:12.293 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010874: Jan 5 16:27:12.293 AZT: EAPOL pak dump rx
010875: Jan 5 16:27:12.293 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0009
010876: Jan 5 16:27:12.293 AZT: EAP code: 0x2 id: 0x1 length: 0x0009 type: 0x1
0AD05290: 01000009 02010009 ........
0AD052A0: 01746573 74 .test
010877: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
010878: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
010879: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
010880: Jan 5 16:27:12.301 AZT: RADIUS/ENCODE(0000019B):Orig. component type = DOT11
010881: Jan 5 16:27:12.305 AZT: RADIUS: AAA Unsupported Attr: ssid [282] 8
010882: Jan 5 16:27:12.305 AZT: RADIUS: 74 6F 79 73 6F 6E [toyson]
010883: Jan 5 16:27:12.305 AZT: RADIUS: AAA Unsupported Attr: interface [175] 3
010884: Jan 5 16:27:12.305 AZT: RADIUS: 36 [6]
010885: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
010886: Jan 5 16:27:12.305 AZT: RADIUS/ENCODE(0000019B): acct_session_id: 411
010887: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
010888: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): sending
010889: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Send Access-Request to 162.168.16.49:1645 id 1645/4, len 133
010890: Jan 5 16:27:12.305 AZT: RADIUS: authenticator 6F 6C 63 31 88 DE 30 A2 - C2 06 12 EB 50 A3 53 36
010891: Jan 5 16:27:12.305 AZT: RADIUS: User-Name [1] 6 "test"
010892: Jan 5 16:27:12.305 AZT: RADIUS: Framed-MTU [12] 6 1400
010893: Jan 5 16:27:12.305 AZT: RADIUS: Called-Station-Id [30] 16 "0019.3075.e660"
010894: Jan 5 16:27:12.305 AZT: RADIUS: Calling-Station-Id [31] 16 "d8b3.7759.0488"
010895: Jan 5 16:27:12.305 AZT: RADIUS: Service-Type [6] 6 Login [1]
010896: Jan 5 16:27:12.305 AZT: RADIUS: Message-Authenticato[80] 18
010897: Jan 5 16:27:12.305 AZT: RADIUS: 9D D5 62 1A 38 13 94 30 3A 43 D7 A4 AE A4 43 64 [??b?8??0:C????Cd]
010898: Jan 5 16:27:12.305 AZT: RADIUS: EAP-Message [79] 11
010899: Jan 5 16:27:12.305 AZT: RADIUS: 02 01 00 09 01 74 65 73 74 [?????test]
010900: Jan 5 16:27:12.305 AZT: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
010901: Jan 5 16:27:12.305 AZT: RADIUS: NAS-Port [5] 6 664
010902: Jan 5 16:27:12.309 AZT: RADIUS: NAS-Port-Id [87] 5 "664"
010903: Jan 5 16:27:12.309 AZT: RADIUS: NAS-IP-Address [4] 6 192.168.16.49
010904: Jan 5 16:27:12.309 AZT: RADIUS: Nas-Identifier [32] 11 "router871"
010905: Jan 5 16:27:16.642 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/4
Maybe you are looking for
-
Video problems after 10.0.5 update
Ever since I updated to Final Cut Pro X 10.0.5, all of my video has a green tinge at various places during the playback. Not sure how to correct it. It happens on my existing projects and new video I import. Here is an image of what I'm seeing, but i
-
Apple TV/Bonjour:Localized Implementation
Hi, I am working with a network that spans multiple campuses and we are in the process of installing Apple TVs to conference room projectors in order to do wireless projecting. Our end result is that we want to only have local Apple TVs show up on us
-
A select list from query question
Hello all - I've looked in detail at a great deal of posts on this subject and believe what I am trying to achieve is not unusual or out of scope. Therefore it's likely me mis-interpreting something and I'd be grateful for anybody's input. I have the
-
How is setPropertyActionListener really working?
I'm studying JSF and I believe I'm missing something as I don't get setPropertyActionListener. In the Java EE 5 Tutorial: <c:forEach items="#{bookDBAO.books}" var="book" varStatus="stat"> <c:set var="book" scope="request" value="${book
-
Hi I'm testing the windows authentication option but I have the following doubt: I created an user OPS$My_Domain\My_user identified externally. I can connect as: sqlplus /@my_Database but I can't connect as: sqlplus "OPS$My_Domain\My_user"/my_passwor