Gratuitous arp problem
When cisco 2851 mgcp gateway lost connection to the call manager, it will start sending out gratuitous arp which cause the McAfee intrushield reports arp spoofing. Anyone know why the gateway send out gratuitous arp?
Sorry for the delay. here is the debug mgcp all on that router.
192.168.10.50 is the CCM.
Similar Messages
-
Gratuitous ARPs do not populate the router ARP Table
Hello,
In order to debug an ARP problem in a Firewall cluster environment, I connected a one-armed router on the public VLAN of the firewall cluster, in order to observe the ARP cache behaviour during a switchover. I configured a loopback interface on this router and a default route to this loopback interface to simulate a real router.
When a switchover occurs between firewall cluster members, the active member sends Gratuitous ARPs for all NATed IP addresses. In my environment, I have 110 NATed addresses configured on the firewall.
By launching a "debug arp" on the one armed router, I clearly see all 110 gratuitous ARPs arriving on the router, but the ARP cache of the router is NOT populated with the 110 entries...
Note : The command is configured on the one armed router :
Router(config)# ip arp gratuitous local
What can be the problem ? Is there any condition for a router to accept Gratuitous ARPs ?
Thank you for any help
YvesHi
Gratuitous arp is used when a host wants to inform the switch that the mac-address has changed eg.
You have a cluster which has redundant connections and an IP to mac-address mapping. If the active NIC fails the IP address is moved across to the standby NIC but the standby NIC has a different mac-address. So the cluster sends out a gratuitous arp which informs the switch of the new IP to mac-address mapping.
The reason you might not want to allow gratuitous arp is that you might not want your switch updating it's arp table based on annoucements from devices on the LAN as you could very easily spoof mac-addresses and corrupt the arp cache.
HTH
Jon -
Question about "no ip gratuitous-arp" command in IOS
Does the "no ip gratuitous-arp" command affect gratuitous arps sent by the router (for example, when hsrp causes a secondary router to assume role of primary) or does it affect gratuitous arps received by the router (for example, gratuitous arps with the spoofed IP address of the router).
I do not have direct experience with this command. But I think that the documentation is clear that the command restricts the router sending gratuitous arp and does not affect the router receiving gratiutous arp.
The documentation is fairly clear that its restriction on gratiutous arp is a restriction on sending gratiutous arp when a remote client has learned an IP address via PPP negotiation and the address is in a local address pool. Assuming that this part of the documentation is accurate it would have no affect on the router sending gratiutous arp in HSRP takeover situations.
HTH
Rick -
No gratuitous arp N1k when second subgroup comes up again
Hello,
we have an Nexus 1000v with PortChannel to no clustered upstream Switches.
Port-Profile Configuration:
config attributes:
switchport mode trunk
switchport trunk allowed vlan 2,6-7,64,150,607,630
switchport trunk native vlan 1
channel-group auto mode on sub-group cdp
no shutdown
If one Link goes down, the VM of this Link will change to the second Link. During this change i see a maximum of one lost Packet in the Ping to this VM.
If the first Link still comes up, I see something that I don't understand.
After 6-7 seconds I have 6-7 Packets lost in the Ping to the VM that changes the Link.
The MAC of the VM will change from one Link to the other in the MAC-Address-Table on the Upstream Switches after this time.
In the Documentation I read only about gratuitous arps, when the link fails.
How can I reduce the Packet lost?I have one link from each host to each upstream switch in this port channel.
This is a test system with two ESX-Hosts and two upstream switches (C2960G).
Here the Configuration of the upstream switch Ports:
interface GigabitEthernet0/2
description esx-netz1_1
switchport trunk allowed vlan 2,6,7,64,150,607,630
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
In every Host I have four PNICs. Two for the channel, one for vMotion and one for the service console. -
We are in the process of migrating our servers from Cat6500 (HSRPv1) to Nexus 7000 (HSRPv2). The HSRP virtual ip address remains the same after the migration. During the migration, we will shut down the Layer3 interface vlan on the Cat6500 and create the new Layer 3 interface vlan on the N7K. Because we are migrating to HSRPv2, the HSRP virtual MAC address will change. Would like to check if there is there any way for the N7K to send gratuitous ARP to all the servers so that their ARP cache are refreshed. does "ip arp gratuitous update" help ? THanks Eng Wee
Hi Eng Wee,
Nexus sends gratuitous arp by default. This command is enabled on the interface by default. There is nothing special that you need to do for the switch to send the gratuitous arps.
JayaKrishna -
Gratuitous ARP ????
HI,
Have a simple doubt, Will cisco switch send gratuitous arp if HSRP not enabled ???? in which conditions a cisco switch\router\firewall send gratuitous ARP ???There are some threads regarding that, take a look at this one.
https://learningnetwork.cisco.com/thread/16335 -
DHCP conflict due to Gratuitous ARP.
One of my wireless VLAN DHCP scope on cisco core switch is often exhausted due to Gratuitous ARP.
Please help me to check what is the cause of this.I have a VLAN with DHCP SCOPE and layer 3 configured on core switch.
the DHCP pool often gets exhausted and when I do show ip dhcp conflict most of the IPs conflicted due to Gratuitous arp
CORESWITCH# show ip dhcp conflict
172.28.106.195 Gratuitous ARP Oct 14 2014 04:44 PM
172.28.106.54 Gratuitous ARP Oct 14 2014 04:49 PM
172.28.106.189 Gratuitous ARP Oct 15 2014 12:28 PM
172.28.106.55 Gratuitous ARP Oct 17 2014 02:05 PM
172.28.106.74 Gratuitous ARP Oct 21 2014 09:39 AM
172.28.106.72 Gratuitous ARP Oct 23 2014 02:26 PM
172.28.106.89 Gratuitous ARP Oct 28 2014 03:09 PM
172.28.106.119 Gratuitous ARP Nov 03 2014 01:39 PM
172.28.106.124 Gratuitous ARP Nov 05 2014 08:03 AM
172.28.106.127 Gratuitous ARP Nov 05 2014 02:56 PM
172.28.106.131 Gratuitous ARP Nov 08 2014 01:59 PM
172.28.106.153 Gratuitous ARP Nov 10 2014 12:14 PM
172.28.106.139 Gratuitous ARP Nov 11 2014 07:57 AM
172.28.106.143 Gratuitous ARP Nov 11 2014 09:28 AM
172.28.106.157 Gratuitous ARP Nov 11 2014 02:36 PM
172.28.106.156 Gratuitous ARP Nov 11 2014 07:55 PM
172.28.106.162 Gratuitous ARP Nov 13 2014 06:48 PM
172.28.106.187 Gratuitous ARP Nov 18 2014 01:57 PM
172.28.106.176 Gratuitous ARP Nov 19 2014 02:30 PM
172.28.106.53 Gratuitous ARP Nov 19 2014 02:47 PM
172.28.106.199 Gratuitous ARP Nov 20 2014 11:18 AM
172.28.106.61 Gratuitous ARP Nov 20 2014 01:27 PM
172.28.106.56 Gratuitous ARP Nov 20 2014 01:39 PM
172.28.106.63 Gratuitous ARP Nov 21 2014 02:15 PM
172.28.106.85 Gratuitous ARP Nov 24 2014 07:17 PM
172.28.106.92 Gratuitous ARP Nov 25 2014 10:47 AM
172.28.106.95 Gratuitous ARP Nov 25 2014 02:14 PM
172.28.106.97 Gratuitous ARP Nov 27 2014 04:19 PM
172.28.106.100 Gratuitous ARP Nov 28 2014 09:18 AM
172.28.106.79 Gratuitous ARP Nov 28 2014 11:09 AM
172.28.106.104 Gratuitous ARP Nov 28 2014 05:20 PM
172.28.106.129 Gratuitous ARP Dec 01 2014 09:53 AM
172.28.106.130 Gratuitous ARP Dec 01 2014 11:19 AM
172.28.106.133 Gratuitous ARP Dec 01 2014 11:36 AM
172.28.106.134 Gratuitous ARP Dec 01 2014 03:04 PM
172.28.106.135 Gratuitous ARP Dec 01 2014 03:47 PM
172.28.106.136 Gratuitous ARP Dec 01 2014 04:13 PM
172.28.106.137 Gratuitous ARP Dec 02 2014 12:28 PM
172.28.106.141 Gratuitous ARP Dec 03 2014 09:33 AM
172.28.106.149 Gratuitous ARP Dec 05 2014 02:01 PM
172.28.106.151 Gratuitous ARP Dec 05 2014 04:21 PM
172.28.106.173 Gratuitous ARP Dec 08 2014 06:40 PM
172.28.106.182 Gratuitous ARP Dec 09 2014 09:28 AM
172.28.106.158 Gratuitous ARP Dec 09 2014 04:46 PM
172.28.106.185 Gratuitous ARP Dec 09 2014 05:05 PM
172.28.106.188 Gratuitous ARP Dec 10 2014 02:56 PM
172.28.106.186 Gratuitous ARP Dec 10 2014 06:19 PM
172.28.106.193 Gratuitous ARP Dec 12 2014 12:48 PM
172.28.106.75 Gratuitous ARP Dec 16 2014 02:37 PM
172.28.106.68 Gratuitous ARP Dec 16 2014 04:05 PM
172.28.106.80 Gratuitous ARP Dec 16 2014 06:02 PM
172.28.106.81 Gratuitous ARP Dec 17 2014 03:11 PM
172.28.106.84 Gratuitous ARP Dec 19 2014 02:03 PM
172.28.106.115 Gratuitous ARP Dec 23 2014 10:35 AM
172.28.106.78 Gratuitous ARP Dec 23 2014 01:37 PM
172.28.106.121 Gratuitous ARP Dec 24 2014 06:18 PM
172.28.106.125 Gratuitous ARP Dec 26 2014 10:02 AM
172.28.106.161 Gratuitous ARP Dec 29 2014 12:01 PM
172.28.106.181 Gratuitous ARP Dec 29 2014 03:08 PM
172.28.106.184 Gratuitous ARP Dec 30 2014 05:25 PM
172.28.106.66 Gratuitous ARP Jan 02 2015 09:44 AM
172.28.106.194 Gratuitous ARP Jan 03 2015 03:14 PM
172.28.106.106 Gratuitous ARP Jan 07 2015 01:54 PM
172.28.106.112 Gratuitous ARP Jan 07 2015 04:32 PM
172.28.106.113 Gratuitous ARP Jan 08 2015 04:48 PM
172.28.106.103 Gratuitous ARP Jan 09 2015 12:53 PM
172.28.106.164 Gratuitous ARP Jan 13 2015 12:13 PM
172.28.106.155 Gratuitous ARP Jan 13 2015 03:54 PM
172.28.106.168 Gratuitous ARP Jan 13 2015 05:12 PM
172.28.106.169 Gratuitous ARP Jan 14 2015 05:07 PM
172.28.106.170 Gratuitous ARP Jan 14 2015 05:50 PM
172.28.106.197 Gratuitous ARP Jan 16 2015 06:18 PM
172.28.106.60 Gratuitous ARP Jan 19 2015 07:56 AM
172.28.106.88 Gratuitous ARP Jan 19 2015 05:17 PM
172.28.106.94 Gratuitous ARP Jan 20 2015 12:46 PM
172.28.106.101 Gratuitous ARP Jan 21 2015 10:15 AM
172.28.106.102 Gratuitous ARP Jan 21 2015 02:08 PM
172.28.106.147 Gratuitous ARP Jan 28 2015 11:04 AM
172.28.106.159 Gratuitous ARP Jan 28 2015 12:37 PM
172.28.106.128 Gratuitous ARP Jan 28 2015 02:27 PM
172.28.106.165 Gratuitous ARP Jan 29 2015 12:31 PM
172.28.106.166 Gratuitous ARP Jan 30 2015 07:40 AM
172.28.106.178 Gratuitous ARP Jan 30 2015 02:20 PM
172.28.106.183 Gratuitous ARP Jan 30 2015 02:39 PM
172.28.106.69 Gratuitous ARP Feb 02 2015 09:40 AM
172.28.106.76 Gratuitous ARP Feb 02 2015 07:18 PM
172.28.106.91 Gratuitous ARP Feb 02 2015 08:17 PM
172.28.106.93 Gratuitous ARP Feb 02 2015 08:20 PM
172.28.106.200 Gratuitous ARP Feb 04 2015 01:41 PM
172.28.106.96 Gratuitous ARP Feb 05 2015 09:57 AM
172.28.106.111 Gratuitous ARP Feb 05 2015 01:42 PM
172.28.106.108 Gratuitous ARP Feb 06 2015 08:04 AM
172.28.106.122 Gratuitous ARP Feb 09 2015 05:11 PM
172.28.106.174 Gratuitous ARP Feb 11 2015 06:17 PM
172.28.106.179 Gratuitous ARP Feb 12 2015 06:18 PM
172.28.106.83 Gratuitous ARP Feb 16 2015 03:56 PM -
Strange ARP Problems with C170 and AsyncOS 9
after upgrading to asyncOS 9.0 (Ironport C170) we have the following problem.
For better understanding a short explanation (without all network devices)
The traffic flow is
Lan --- Application Firewall ---Ironport
During a connection between the Firewall and the Ironport, the Ironport is unable to make a response.
It seems the Ironport is unable to make an arp resolution for the virtual cluster ip from the firewall.
E.g. ping from the firewall with the virtual cluster ip as source won't work.
Ping from the firewall with the physical interface as source works fine.
AsyncOS prior to version 9 has not such problems.
The arp table shows following entry for the virtual cluster ip (AsynOS)
(xxx.xxx.103.254) at (incomplete) on em1 expired [ethernet]
Explantation:
xx.103.254 with mac 01:00:5e:19:67:fe = virtual cluster ip
xx.103.128 with mac 00:e0:ed:37:05:1a = physical interface ip
Ping from "xxx.103.254 Cluster IP" as source to xxx.103.135 (cisco Ironport) as destination
The ICMP Packet went from the virtual Cluster Interface (xxx.25.103.254) with mac-adress 05:1a (physical interface) to the ironport.
The ironport makes an arp request...who is xxx.25.103.254?..and receives as answer the OTHER mac-address (virtual Clusterinterface) 67:fe.
I think, the ironport with the new asyncOS has some troubles with this 2 different mac-addresses.
No. Time Source Destination Protocol Length Info
10 4.115231 xxx.25.103.254 xxx.25.103.135 ICMP 98 Echo (ping) request id=0xaa26, seq=0/0, ttl=64 (no response found!)
Frame 10: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Ethernet II, Src: Silicom_37:05:1a (00:e0:ed:37:05:1a), Dst: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a)
Internet Protocol Version 4, Src: xxx.25.103.254 (xxx.25.103.254), Dst: xxx.25.103.135 (xxx.25.103.135)
Internet Control Message Protocol
No. Time Source Destination Protocol Length Info
11 4.115251 Cisco_9c:ba:3a Broadcast ARP 42 Who has xxx.25.103.254? Tell xxx.25.103.135
Frame 11: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
No. Time Source Destination Protocol Length Info
12 4.115365 Silicom_37:05:1a Cisco_9c:ba:3a ARP 60 xxx.25.103.254 is at 01:00:5e:19:67:fe
Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Silicom_37:05:1a (00:e0:ed:37:05:1a), Dst: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a)
any ideas?Try a different DNS server.
Open System Preferences > Network > Advanced > DNS
Click + and type:
208.67.222.222
Click + again and do the same.
208.67.220.220
Click OK.
Then try Safari or Mail. -
ARP problems in the same subnet
Hello,
I have a very strange problem.
I have the management vlan inside a customer (vlan 254). Well, I have two C2950 that suddenly stop replying icmp and all other traffic (only in the management vlan, not in the users vlan). It is necessary to do a 'clear arp' in the switches and then begin to respond again normally.
Any idea?
Regards,
RubenHello,
I'm trying to ping the ip address of two switches (c2950-12.1(22)EA1) that are conected in the same vlan that I am in and I get no response until I do a clear arp in the switches. Then I can ping them again, but if I wait some minutes I get the same problem and I have to clear the arp table. They are in the same vlan, so no L3 issues involved.
The diagram:
core1 -----switch1-----switch2
|
core2--------
Due to the nature of the connections, I think is a problem between the core and the switches. I have these outputs in switch1:
>
>switch1#sh int trunk
>Port Mode Encapsulation Status Native vlan
>Fa0/1 on 802.1q trunking 1
>Fa0/2 on 802.1q trunking 1
>
>Port Vlans allowed on trunk
>Fa0/1 1,45,55,73,254,1002-1005
>Fa0/2 1,45,55,73,254,1002-1005
>
>Port Vlans allowed and active in management domain
>Fa0/1 1,45,55,73,254
>Fa0/2 1,45,55,73,254
>
>Port Vlans in spanning tree forwarding state and not pruned
>Fa0/1 1,45,254
>Fa0/2 55,73
>
>Fa0/1 connects with core1 and fa0/2 with core2. Vlan with problems is 254. This side is normal (spanning-tree is forwarding vlan 254 in Fa0/1, Fa0/2 is blocking) but in core1 side I have:
>
>core1#sh int fa1/3 trunk
>Port Mode Encapsulation Status Native vlan
>Fa1/3 on 802.1q trunking 1
>
>Port Vlans allowed on trunk
>Fa1/3 1,45,55,73,254
>
>Port Vlans allowed and active in management domain
>Fa1/3 1,45,55,73,254
>
>Port Vlans in spanning tree forwarding state and not pruned
>Fa1/3 1
>
>The strange thing here is last line: it seems to be pruning vlan 254 for that connection!!! Switch1 and 2 are vtp transparent but obviously have vlan254 configured and core1 shouldn't prune vlan 254 in this connection. I think this is the problem. It is not a configuration issue; I had a problem similar in the past that was solved doing a shut/no shut of the interface. Anyway, as you can see, vlan 45 is also being prunned and there are clients there: I cannot explain why they're not affected...!
>
>What do you think?
>
>Regards,
>
>Ruben -
Cisco RV1200W strange Arp problem
Hi,
I have just bought a new Cisco Rv1200w router, which is running the very latest firmware V1.0.2.6.
My problem is that since swapping my router, my HP server can no longer see the default gateway (now the cisco), however it can see anything else on the LAN. I've done a trace with Wireshark (attached) and when I ping the default gateway from the server (10.10.52.9) I see an arp broadcast asking who is 10.10.52.254, then the router responds with its mac address but my server just completely ignores the reply and keeps asking.
I've tried upgrading the drivers on the server but its made absolutely no difference, I didn't have any problem before swapping my router.
Any ideas ?
Thanks PatPatrick,
That is very strange behaviour; to get a better understanding on whats going on please give the Cisco SBSC a call @1-866-606-1866 and open a support ticket. I haven't heard or seen of the issue you are currently having.
Thanks,
Jasbryan
Cisco Support Engineer
.:|:.:|:. -
AirPort Express disappears for network until it is rebooted, Arp problem
Hi,
I have just configured my AirPort Express as a remote speaker for iTunes.
After the AirPort is powered on I can access it via AirPort admin tool and from iTunes.
After a while, the AirPort can no longer be connected to, either by the admin utility or iTunes.
I am running firmware 6.3, and have reinstalled this version. The unit is around 4 months old
Anyway, what I have noticed is that the AirPort does not seem to respond to TCPIP ARP requests which means that if a computer flushes or expires its ARP cache it will not be able to connect to the AirPort.
A network sniffer shows the ARP packets being broadcast on the network but there is no response from the AirPort.
I can see that the AirPort sends out ARP requests after a reboot, but will not respond to ARP requests that other machines on the network send out.
Any ideas?
Ta
GavinI have had the AU running at all times but the AX's would still disappear.
The latest think I have tried is "not allow wireless clients" check box on the AX units. Since I have done this, I have not had an AX actually disappear. I now just deal with music skips and chops, if I turn on more than 2 units.
I also realize that using the AX units in for an Ethernet bridge is actually slower than using the Wireless G adapter. I use wireless to transfer shows on Tivo.
At this point, I am back to square one. The AE router gives me no benefits over a linksys or other wireless router. I can't use WDS, I can't use Ethernet Bridge.
The next thing I will try is to go back to Wireless G adapters on all the Tivos, then "allow wireless clients" and the AX units. At least I will get the WDS feature and be able to extend the range on my network.
I am guessing, if I just set up the AX units they way they were before (non-wds) and use the Tivo Wireless G adapters (essentially the way my networks was originally set up minus the AE router), that everything will work fine.
I would think Apple would do a better job before marketing products to do this. -
6500 arp problem catos 8.1(3)
I have one 6509 (core L3 router) switch with sup2/msfc2 running 12.1(13)E11 connected to two 6513's running catos 8.1(3).
We recently change the management vlan ip addresses on all three switches. The 6509 and one of the 6513's operates normally, but one of the 6513's seems to lose arp entries for our management stations. Which causes us to lose the ability to telnet to this switch. We can telnet to the core 6509 and then to the 6513. And if we ping our workstations from the suspect 6513 we then can telnet directly to it. But if we disconnect from the 6513 and wait a few minutes, we again lose connectivity.
Has anyone experienced this issue??
ThanksThe arp aging timer is set to 1200 sec
cam timer set to 300 sec
IP info follows:
original
6509 - 10.10.97.1/24 - vlan 97
6513a - 10.10.97.3/24 - sc0 gateway - 10.10.97.1
6513b - 10.10.97.4/24 - sc0 gateway - 10.10.97.1
new
6509 - 10.10.0.1/24 - vlan 10 (vlan97 deleted)
6513a - 10.10.0.16/24 - sc0 gateway - 10.10.0.1
6513b - 10.10.0.17/24 - sc0 gateway - 10.10.0.1
Doing a trace on sc0 on the suspect switch (6513b) shows that it does not see any arp broadcasts when we
try to ping the device from our workstations. We can see the broadcasts if we span the trunk port on 6513b but we don't see it on sc0. When we connect a workstation to a port on the 6513b switch and configure it for vlan 10 and span that port, we also don't see any arp broadcasts when doing a trace.
Thanks. -
I am having some issues with arp not getting pass. the thing is that if we reboot the WLC is starts working fine after but this keeps happening and we don't want to have to be doing that every time here the error we are getting for the WLC
*dtlArpTask: Jun 18 18:02:10.024: dtlArpFindClient:ARP look-up for 10.0.74.147 failed (not a client).
*dtlArpTask: Jun 18 18:02:10.024: Dropping ARP to DS (mscb (nil), port 65535)
sha 0001.c00b.a557 spa: 10.0.74.10
tha 0000.0000.0000 tpa: 10.0.74.147
*dtlArpTask: Jun 18 18:02:10.024: Arp from Wired side to passive client
*dtlArpTask: Jun 18 18:02:10.024: dtlArpBcastRecv: received packet (rxTunType 0, dataLen 64)
*dtlArpTask: Jun 18 18:02:10.024: bcastEthernetRx: Recv packet from Port 1,
vlan id 74, protocol 0x806, SRC MAC 00:01:c0:0b:a5:57
*dtlArpTask: Jun 18 18:02:10.024: Received dtlArpRequest
sha: 00:01:c0:0b:a5:57 spa: 10.0.74.10
tha: 00:00:00:00:00:00 tpa: 10.0.74.192
intf: 1, vlan: 74, node type: 1, mscb: not found, isFromSta: 0
*dtlArpTask: Jun 18 18:02:10.024: dtlArpFindClient:ARP look-up for 10.0.74.192 failed (not a client).
*dtlArpTask: Jun 18 18:02:10.025: Dropping ARP to DS (mscb (nil), port 65535)
sha 0001.c00b.a557 spa: 10.0.74.10
tha 0000.0000.0000 tpa: 10.0.74.192
I hope someone can helpIs the client using a static address? What type of client is it?
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
DHCP Reservation problems caused by ARP proxy?
We have been having recurring problems at three of our new school sites with printer IP addresses. We have created the address reservations in our DHCP servers (Windows Server 2012) but several times per week, the address shows up as a "BAD ADDRESS" in the DHCP leases and the printer never does get a good lease until we recreate the reservation and power cycle the printer. This is happening across several different printer models.
Because this is only happening at our new sites, I've been investigating possible reasons. The configurations are mostly identical at our new sites and old; we have 3750X's at the old sites and 3850's (and one school with 4500X's) at the new sites. We have the correct IP helpers on every VLAN - one for each of our DHCP servers and one for each ISE node. ISE doesn't respond to the DHCP requests, it only listens for them to profile the endpoints. I've also begun enforcing ISE at one of the sites to see if it was just related to IP conflicts - no luck so far.
Today I was fixing a printer reservation and came across something interesting. At one of the new schools, the MDF ARP table reported that 10.24.12.20 was assigned to a workstation (it is supposed to be assigned to a printer). When I ran a check on the port in the IDF associated with that IP address to find the IP that was associated with the device, the device had an IP of 10.24.12.26. This caused me to start looking for ARP problems.
I went looking for a difference in the configs on the 3850's and the 4500X's compared to the 3750X's at the older sites. Here's what I found when I did a "sh run all":
4500X:
ip arp poll queue 1000
ip arp poll rate 1000
no ip arp proxy disable
ip arp gleaning tftp
ip arp gleaning udp
ip arp incomplete retry 20
ip arp incomplete entries 5000
ip arp incomplete enable
ip arp inspection log-buffer entries 32
ip arp inspection log-buffer logs 5 interval 1
ip sticky-arp
no ip gratuitous-arps
The 3750X only has the following ARP commands:
ip sticky-arpno ip gratuitous-arps
ip arp inspection log-buffer entries 32ip arp inspection log-buffer logs 5 interval 1
I was looking in particular at the "no ip arp proxy disable" on the 4500 and 3850's. I'm wondering if the newer switches are working as ARP proxies and causing problems with the printers. It doesn't seem that the 3750X's or older are doing this, or even have the commands. I am headed down the wrong path here? What are the repercussions of disabling the arp proxy on the newer switches to test it?
ThanksHi,
if you have proxy arp then you should see multiple IP mapped to same MAC( the one from the device with proxy arp enabled), is this the case ?
Regards
Alain
Don't forget to rate helpful posts. -
Problem with roamingin in VoIP SSID...
Hi guys,
My client has a WLC 5508 with a two dosens of 1262s. I set SSID for the VoIP but when the client roams there is a loss of packest. The client is using Cisco phones. Any help will be appreciated.
Pete
(Cisco Controller) >show wlan 144
WLAN Identifier.................................. 144
Profile Name..................................... VoIP_Network
Network Name (SSID).............................. Inside_144
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 10
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 144_v
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Platinum
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-Air mode....................... Enabled
FT Over-The-Ds mode........................ Enabled
GTK Randomization.......................... Enabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >debug client 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:02:25.463: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e Processing WPA IE type 221, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*pemReceiveTask: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfMsConnTask_2: Nov 30 17:02:25.464: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_2: Nov 30 17:02:25.465: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 0)
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Initiating WPA PSK to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Force Auth state
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Skipping EAP-Success to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*dot1xMsgTask: Nov 30 17:02:25.466: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:25.990: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.015: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.015: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.016: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b2:b1:10, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Key exchange done, data packets from mobile 2c:54:2d:ea:d4:0e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*spamApTask5: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e Sent EAPOL-Key M5 for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Nov 30 17:02:26.017: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:02:26.036: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 144, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Nov 30 17:03:17.385: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Processing WPA IE type 221, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*pemReceiveTask: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_2: Nov 30 17:03:17.386: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Associated
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 0)
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Initiating WPA PSK to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Force Auth state
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Skipping EAP-Success to mobile 2c:54:2d:ea:d4:0e
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*dot1xMsgTask: Nov 30 17:03:17.389: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.422: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.423: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b2:b1:10 vapId 144 apVapId 2
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.433: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b2:b1:10, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Key exchange done, data packets from mobile 2c:54:2d:ea:d4:0e should be forwarded shortly
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*spamApTask5: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e Sent EAPOL-Key M5 for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Nov 30 17:03:17.435: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Received EAPOL-key in REKEYNEGOTIATING state (message 6) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Nov 30 17:03:17.447: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*emWeb: Nov 30 17:03:46.162: Configuring IPv6 ACL for WLAN:144, aclName passed is NULL
*apfReceiveTask: Nov 30 17:03:46.173: 2c:54:2d:ea:d4:0e apfSendDisAssocMsgDebug (apf_80211.c:2162) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Associated to Disassociated
*apfReceiveTask: Nov 30 17:03:46.178: 2c:54:2d:ea:d4:0e Sent Disassociate to mobile on AP 34:bd:c8:b2:b1:10-0 (reason 1, caller apf_ms.c:5558)
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e Sent Deauthenticate to mobile on BSSID 34:bd:c8:b2:b1:10 slot 0(caller apf_ms.c:5678)
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsAssoStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsExpireMobileStation (apf_ms.c:5716) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b2:b1:10 from Disassociated to Idle
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Deleted mobile LWAPP rule on AP [34:bd:c8:b2:b1:10]
*pemReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfReceiveTask: Nov 30 17:03:46.183: 2c:54:2d:ea:d4:0e Deleting mobile on AP 34:bd:c8:b2:b1:10(0)Hi guys and Saravanan thank for the ideas....
the qualituy is getting better, not satisfactory for the customer though...
I have upgraded the firware as advised to 1.4.3 - I forgot to mention I have 7925g wifi phonee
I set the 802.1x + cckm with eap-fast and WPA2 and definately the quality of the calls got a huge improvement but still not enough. What can be the reason for the confinuing problems during roaming?
Guys, is it possible to set the CCKM without ACS (or WDS - i think that was the second option)
here is some output:
(Cisco Controller) show>wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... test_wifi_144
Network Name (SSID).............................. test144
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1
Exclusionlist.................................... Disabled
Session Timeout.................................. 65535 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ 144_v
--More-- or (q)uit
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Platinum
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Required
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... ap-cac-limit
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 2
DTIM period for 802.11b radio.................... 2
Radius Servers
--More-- or (q)uit
Authentication................................ 172.16.106.53 1645
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Enabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout................... 20
FT Over-The-Air mode....................... Enabled
FT Over-The-Ds mode........................ Enabled
--More-- or (q)uit
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More-- or (q)uit
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
Access Network type............................ Not configured
Network Authentication type.................... Not configured
Internet service............................... Disabled
HESSID......................................... 00:00:00:00:00:00
Hotspot 2.0.................................... Disabled
WAN Metrics configuration
Link status.................................. 0
Link symmetry................................ 0
Downlink speed............................... 0
Uplink speed................................. 0
Mobility Services Advertisement Protocol....... Disabled
(Cisco Controller) >debug client 2C542DEAD40E
*apfMsConnTask_3: Dec 07 13:55:49.522: 2c:54:2d:ea:d4:0e Adding mobile on LWAPP AP 34:bd:c8:b3:d9:f0(0)
*apfMsConnTask_3: Dec 07 13:55:49.522: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 0 0 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_3: Dec 07 13:55:49.523: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfMsAssoStateInc
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Idle to Associated
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b3:d9:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_3: Dec 07 13:55:49.524: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Connecting state
*dot1xMsgTask: Dec 07 13:55:49.525: 2c:54:2d:ea:d4:0e Sending EAP-Request/Identity to mobile 2c:54:2d:ea:d4:0e (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Received Identity Response (count=1) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e EAP State update from Connecting to Authenticating for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.574: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=85) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 1 ===> 85 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.583: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 85)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 85, EAP Type 3)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.591: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=86) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.602: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 86)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 86, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.621: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=87) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.625: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 87)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 87, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.653: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=89) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 87 ===> 89 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.655: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 89)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 89, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.671: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.676: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 90, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.691: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.702: 2c:54:2d:ea:d4:0e Processing Access-Accept for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Username entry (test960) created for mobile, length = 253
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Username entry (test960) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting re-auth timeout to 65535 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Adding BSSID 34:bd:c8:b3:d9:f0 to PMKID cache at index 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: [0000] ab 8f b5 75 ad c5 8e af 50 0d ce 4a f1 7b 16 9e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e CCKM: Create a global PMK cache entry
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Sending EAP-Success to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: [0000] ab 8f b5 75 ad c5 8e af 50 0d ce 4a f1 7b 16 9e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Entering Backend Auth Success state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.703: 2c:54:2d:ea:d4:0e Received Auth Success while in Authenticating state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.704: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e CCKM: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: CCKM: Sending CCKM PMK (Version_1) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: CCKM: Sending CCKM PMK (Version_2) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.721: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5253, Adding TMP rule
*Dot1x_NW_MsgTask_: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*apfReceiveTask: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Dec 07 13:55:49.741: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4891, Adding TMP rule
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255,
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*apfReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e Sent an XID frame
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Dec 07 13:55:49.742: 2c:54:2d:ea:d4:0e Sent an XID frame
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:50.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ARPing for 10.123.200.1 (SPA 10.123.200.15, vlanId 144)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - 172.16.100.122 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:50.514: 2c:54:2d:ea:d4:0e DHCP ARPing for 10.123.200.1 (SPA 10.123.200.15, vlanId 144)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.512: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 374, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - 172.16.100.122 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 2
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.205.33
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 374, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP setting server from OFFER (server 172.16.100.121, yiaddr 10.123.201.4)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP sending REPLY to STA (len 430, port 1, vlan 0)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP OFFER (2)
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.513: 2c:54:2d:ea:d4:0e DHCP server id: 1.1.1.1 rcvd server id: 172.16.100.121
*DHCP Socket Task: Dec 07 13:55:52.514: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.514: 2c:54:2d:ea:d4:0e DHCP dropping OFFER from 172.16.100.122 (yiaddr 10.123.205.33)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP received op BOOTREQUEST (1) (len 556,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP selecting relay 1 - control block settings:
dhcpServer: 172.16.100.121, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP selected relay 1 - 172.16.100.121 (local address 10.123.200.15, gateway 10.123.200.1, VLAN 144, port 1)
*DHCP Socket Task: Dec 07 13:55:52.523: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 10.123.200.15
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP requested ip: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP server id: 172.16.100.121 rcvd server id: 1.1.1.1
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP sending REQUEST to 10.123.200.1 (len 382, port 1, vlan 144)
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP selecting relay 2 - control block settings:
dhcpServer: 172.16.100.121, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.123.200.15 VLAN: 144
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP selected relay 2 - NONE
*DHCP Socket Task: Dec 07 13:55:52.524: 2c:54:2d:ea:d4:0e DHCP received op BOOTREPLY (2) (len 322,vlan 144, port 1, encap 0xec00)
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e Static IP client associated to interface 144_v which can support client subnet.
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*DHCP Socket Task: Dec 07 13:55:52.525: 2c:54:2d:ea:d4:0e 10.123.201.4 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5776
*DHCP Soc: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e Assigning Address 10.123.201.4 to mobile
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP success event for client. Clearing dhcp failure count for interface 144_v.
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP sending REPLY to STA (len 430, port 1, vlan 0)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP transmitting DHCP ACK (5)
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP xid: 0xf12d461 (252892257), secs: 0, flags: 0
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP chaddr: 2c:54:2d:ea:d4:0e
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP ciaddr: 0.0.0.0, yiaddr: 10.123.201.4
*DHCP Socket Task: Dec 07 13:55:52.526: 2c:54:2d:ea:d4:0e DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e DHCP server id: 1.1.1.1 rcvd server id: 172.16.100.121
*pemReceiveTask: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x10
*pemReceiveTask: Dec 07 13:55:52.527: 2c:54:2d:ea:d4:0e Sending a gratuitous ARP for 10.123.201.4, VLAN Id 144
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Removing BSSID 34:bd:c8:b3:d9:f0 from PMKID cache of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:01.509: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Initializing policy
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 START (0) Change state to AUTHCHECK (2) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 AUTHCHECK (2) Change state to 8021X_REQD (3) last state RUN (20)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) DHCP required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfPemAddUser2 (apf_policy.c:268) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b3:d9:f0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_3: Dec 07 13:57:01.510: 2c:54:2d:ea:d4:0e apfProcessAssocReq (apf_80211.c:6290) Changing state for mobile 2c:54:2d:ea:d4:0e on AP 34:bd:c8:b3:d9:f0 from Associated to Associated
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Connecting state
*dot1xMsgTask: Dec 07 13:57:01.512: 2c:54:2d:ea:d4:0e Sending EAP-Request/Identity to mobile 2c:54:2d:ea:d4:0e (EAP Id 1)
*pemReceiveTask: Dec 07 13:57:01.513: 2c:54:2d:ea:d4:0e 10.123.201.4 Removed NPU entry.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Received Identity Response (count=1) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e EAP State update from Connecting to Authenticating for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.654: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=86) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 1 ===> 86 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.684: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 86)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 86, EAP Type 3)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.695: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=87) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.699: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 87)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 87, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.806: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=88) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.809: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 88)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 88, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.874: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=90) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e WARNING: updated EAP-Identifier 88 ===> 90 for STA 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.880: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 90)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 90, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.903: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Processing Access-Challenge for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Entering Backend Auth Req state (id=91) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:01.909: 2c:54:2d:ea:d4:0e Sending EAP Request from AAA to mobile 2c:54:2d:ea:d4:0e (EAP Id 91)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Received EAPOL EAPPKT from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Received EAP Response from mobile 2c:54:2d:ea:d4:0e (EAP Id 91, EAP Type 43)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.061: 2c:54:2d:ea:d4:0e Entering Backend Auth Response state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Processing Access-Accept for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.076: 2c:54:2d:ea:d4:0e Setting re-auth timeout to 65535 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Station 2c:54:2d:ea:d4:0e setting dot1x reauth timeout = 65535
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Adding BSSID 34:bd:c8:b3:d9:f0 to PMKID cache at index 0 for station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: [0000] 16 bf c0 3e 07 00 79 b1 51 ca d3 47 44 69 1b a1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e CCKM: Create a global PMK cache entry
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Sending EAP-Success to mobile 2c:54:2d:ea:d4:0e (EAP Id 91)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: [0000] 16 bf c0 3e 07 00 79 b1 51 ca d3 47 44 69 1b a1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Starting key exchange to mobile 2c:54:2d:ea:d4:0e, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Entering Backend Auth Success state (id=91) for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e Received Auth Success while in Authenticating state for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.077: 2c:54:2d:ea:d4:0e dot1x - moving mobile 2c:54:2d:ea:d4:0e into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTK_START state (message 2) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e CCKM: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: CCKM: Sending CCKM PMK (Version_1) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: CCKM: Sending CCKM PMK (Version_2) information to mobility group
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.113: 2c:54:2d:ea:d4:0e Sending EAPOL-Key Message to mobile 2c:54:2d:ea:d4:0e
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e Received EAPOL-Key from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 2c:54:2d:ea:d4:0e
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state RUN (20)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) DHCP required on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 34:bd:c8:b3:d9:f0 vapId 3 apVapId 1
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.164: 2c:54:2d:ea:d4:0e 10.123.201.4 L2AUTHCOMPLETE (4) Change state to RUN (20) last state RUN (20)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Reached PLUMBFASTPATH: from line 5362
*Dot1x: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 34:bd:c8:b3:d9:f0, slot 0, interface = 1, QOS = 2
IPv4 ACL ID = 255, IPv6 ACL ID = 2
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 7006 Local Bridging Vlan = 144, Local Bridging intf id = 12
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*Dot1x_NW_MsgTask_6: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e Stopping retransmission timer for mobile 2c:54:2d:ea:d4:0e
*pemReceiveTask: Dec 07 13:57:02.166: 2c:54:2d:ea:d4:0e 10.123.201.4 Added NPU entry of type 1, dtlFlags 0x0
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e CCKM: Received REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Reassociation received from mobile on AP 34:bd:c8:b2:b1:10
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_2: Dec 07 13:57:03.265: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Found an cache entry for BSSID 34:bd:c8:b3:d9:f0 in PMKID cache at index 0 of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Removing BSSID 34:bd:c8:b3:d9:f0 from PMKID cache of station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Processing REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: using HMAC SHA1 to compute MIC
*apfMsConnTask_2: Dec 07 13:57:03.266: 2c:54:2d:ea:d4:0e CCKM: Received a valid REASSOC REQ IE
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e CCKM: Initializing PMK cache entry with a new PTK
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Resetting MSCB PMK Cache Entry 0 for station 2c:54:2d:ea:d4:0e
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Creating a PKC PMKID Cache entry for station 2c:54:2d:ea:d4:0e (RSN 2) on BSSID 34:bd:c8:b3:d9:f0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Setting active key cache index 0 ---> 8
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e CCKM: using HMAC SHA1 to compute MIC
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Including CCKM Response IE (length 54) in Assoc Resp to mobile
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Sending Assoc Response to station on BSSID 34:bd:c8:b2:b1:10 (status 202) ApVapId 1 Slot 0
*apfMsConnTask_2: Dec 07 13:57:03.267: 2c:54:2d:ea:d4:0e Scheduling deletion of Mobile Station: (callerId: 22) in 3 seconds
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Association received from mobile on AP 34:bd:c8:b3:d9:f0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying site-specific Local Bridging override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying Local Bridging Interface Policy for station 2c:54:2d:ea:d4:0e - vlan 144, interface id 12, interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Applying site-specific override for station 2c:54:2d:ea:d4:0e - vapId 3, site 'Floor_1', interface '144_v'
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1697)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1864)
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Processing RSN IE type 48, length 22 for mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e CCKM: Mobile is using CCKM
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Received RSN IE with 0 PMKIDs from mobile 2c:54:2d:ea:d4:0e
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e Setting active key cache index 8 ---> 8
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e unsetting PmkIdValidatedByAp
*apfMsConnTask_3: Dec 07 13:57:04.925: 2c:54:2d:ea:d4:0e apfMsRunStateDec
*apfMsConnTask_3: Dec 07 13:57:04.926: 2c:54:2d:ea:d4:0e apfMs1xStateDec
*apfMsConnTask_3: Dec 07 13:57:04.926: 2c:54:2d:ea:d4:0e 10.123.201.4 RUN (20) Change state to START (0) last state RUN (20)
Maybe you are looking for
-
Legacy Data Migration - Correct Order
Can anyone tell me a relatively complete process for what order data has to be loaded into SAP? Some information I have, but would like confirmation, is: 1 a - SAP Org (Client) 2 a - Chart(s) of Accounts
-
Mac Mini and FinalCut Pro ? OK or ?
Hi Mac Mini with x2 HD (2.66GHz) suggests to me to be a possibly FCP workstation. Am I right and able to recommend this OR am I missing something IMPORTANT ? Yours very interested Bengt W
-
One Key System Repair D: drive
Dear Community, I got a virus on my computer and when my computer boots up the icons and start menu doesn't not show. I keep all my important files on the D drive and I want to do a one key system restore. But when I press the button during booting o
-
A warning about 2.6.9-rc1-mm1 (Data Loss)
2.6.9-rc1-mm1 contains patches that can cause data loss. See this thread http://lkml.org/lkml/2004/8/27/59, which contains a patch to correct the problem.
-
Nvidia doesn't exist in /proc/modules
After running pacman -Syu (I should have blocked the nvidia & nvidia-utils packages from upgrading...), X won't start with nvidia and resolution only goes to 800x600 in vesa. So I tried going to a completely minimal xorg.conf file with the bare minim