IDLE-TIMEOUT IN ISDN BRI INTERFACE
If bri isdn interface is backup by serial interface. Two commands are president for timeout bri interface
one under backup serial interface
1. backup delay 10 30
The other under bri interface
2. dialer idle-timeout 800
My query is when interface serial comes back what will be time bri interface to in the disconnect position 30 or 800.
hi
AFAIK ideally the time would be 830 (30+800) coz the traffic will only get diverted back to serial interface after its observed stable for the configured time period which is 30 here.
Once it starts getting the traffic thru main serial interface the dialer interface will become idle..
so it will have to stay upto the timeout period (800 here)configured to get disconnected..
regds
Similar Messages
-
Isdn bri interface is used as backup by serial interface
backup delay 10 60
under bri interface following command is also configured
dialer idle-timeout 900
what will be idle timeout of bri interface if serial interface comes back and functional.Hello Jabbar,
this looks like a cisco BCRAN question, here it goes:
the backup delay 10 60 , means that it will take 10 seconds before the secondary link comes up, after the primary goes down, and it will take 60 seconds after the primary goes back up, before the secondary goes down.
dialer idle-timeout 900:
this command indicates how long the call can stay idle before it is disconnected.
from cisco:
"This command is used on lines for which there is no contention. When contention occurs, the dialer fast-idle command is activated. For example, when a busy line is requested to send another packet to a different destination than it is currently connected to, line contention occurs and the dialer fast-idle command is activated.
By default, this command applies to inbound and outbound calls. For example, if a receiving system needs to make outgoing calls, you might configure it with a short idle timeout.
Only packets that match the dialer group reset the idle timer."
So, I guess it would be 900s
HTH,
please rate this post if it does,
Vlad -
No dialer command under ISDN BRI interface
Hi all,
I have a 2901 router voice bundle with 4 ISDN BRI ports and would like to have them bundled under Dialer1 interface. Unfortunately it doesn't give me option for Dialer command under BRI interface as expected.
router(config-if)#int bri0/0/0
router(config-if)#dia
router(config-if)#dia
^
% Invalid input detected at '^' marker.
router(config-if)#dialer
^
% Invalid input detected at '^' marker.
router(config-if)#
I assume it's down to the UC license installed on the device but not sure. Does the ISDN BRI interface behave in different way under this license?
Pasting portion of "show ver" as well.
Cisco CISCO2901/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID
2 Gigabit Ethernet interfaces
4 ISDN Basic Rate interfaces
1 terminal line
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 CISCO2901/K9
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc uck9 Permanent uck9
data None None None
Configuration register is 0x2102Hi,
Snippet of "sh ver" with IOS version is below:
router#show ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 13-Sep-13 14:59 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
router uptime is 2 days, 21 hours, 47 minutes
System returned to ROM by reload at 16:48:03 UTC Mon Aug 18 2014
System restarted at 16:50:01 UTC Mon Aug 18 2014
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M5.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
The output of trying to type dialer command is in the initial post, I'm also pasting all available commands under bri0/0/0.
router(config-if)#int bri0/0/0
router(config-if)#?
Interface configuration commands:
aaa Authentication, Authorization and Accounting.
access-expression Build a bridge boolean access expression
arp Set arp type (arpa, probe, snap), timeout, log
options or packet priority
authentication Auth Manager Interface Configuration Commands
autodetect Autodetect Encapsulations on Serial interface
bandwidth Set bandwidth informational parameter
bgp-policy Apply policy propagated by bgp community string
bridge-group Transparent bridging interface parameters
carrier-delay Specify delay for interface transitions
cdp CDP interface subcommands
clns CLNS interface subcommands
clock Configure serial interface clock
cwmp Configure CPE WAN Management Protocol(CWMP) on this
interface
dampening Enable event dampening
default Set a command to its defaults
delay Specify interface throughput delay
description Interface specific description
dot1q dot1q interface configuration commands
dot1x Interface Config Commands for IEEE 802.1X
down-when-looped Force looped serial interface down
encapsulation Set encapsulation type for an interface
ethernet Ethernet interface parameters
exit Exit from interface configuration mode
flow-sampler Attach flow sampler to the interface
full-duplex Configure full-duplex operational mode
h323-gateway Configure H323 Gateway
half-duplex Configure half-duplex and related commands
help Description of the interactive help system
history Interface history histograms - 60 second, 60 minute
and 72 hour
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
iphc-profile Configure IPHC profile
ipv6 IPv6 interface subcommands
isdn ISDN Interface configuration commands
isis IS-IS commands
iso-igrp ISO-IGRP interface subcommands
keepalive Enable keepalive
line-power Provide power on the line.
llc2 LLC2 Interface Subcommands
load-interval Specify interval for load calculation for an
interface
logging Configure logging for interface
loopback Configure internal loopback on an interface
mab MAC Authentication Bypass Interface Config Commands
mac-address Manually set interface MAC address
macro Command macro
metadata Metadata Application
mop DEC MOP server commands
mtu Set the interface Maximum Transmission Unit (MTU)
netbios Use a defined NETBIOS access list or enable
name-caching
network-clock-priority Configure clock source priority
no Negate a command or set its defaults
ntp Configure NTP
ospfv3 OSPFv3 interface commands
pulse-time Force DTR low during resets
rate-limit Rate Limit
redundancy RG redundancy interface config
routing Per-interface routing configuration
sdllc Configure SDLC to LLC2 translation
serial serial interface commands
service-policy Configure CPL Service Policy
shutdown Shutdown the selected interface
smds Modify SMDS parameters
snapshot Configure snapshot support on the interface
snmp Modify SNMP interface parameters
source Get config from another source
tarp TARP interface subcommands
timeout Define timeout values for this interface
topology Configure routing topology on the interface
transmit-interface Assign a transmit interface to a receive-only
interface
trunk-group Configure interface to be in a trunk group
tx-ring-limit Configure PA level transmit ring limit
vpdn Virtual Private Dialup Network
vrf VPN Routing/Forwarding parameters on the interface
waas WAN Optimization
router(config-if)# -
If I had 2 isdn routers on different sites and wanted them to connect, do I need to put both BRI interfaces on the same subnet or does it not matter with isdn ?
Hi
AFAIK there are 2 ways one is considering the isdn connectvitiy as a seperate point to point link and assigining a seperate /30 block for that connectivity or else you can also use ip unnunmbered option and make use of your ethernet ip or the loopback ip.
But i would suggest to go with the first option coz of the simplicity involved, also the second option may create or result in some operational problems if you have some routing protocol in place between your locations.
regds -
MGCP Gateway With ISDN BRI interface
Hi Guys,
I have a voice gateway with a BRI card on slot 0/3/0 (port 0/1) and I wanted to terminate both WAN and PSNT connection to the same gateway with MGCP protocol, and as I'm new to voice over IP world can anyone suggest/recommand me a proper guide which includes the stepts and proper explanations to acheive this task.
Thank you
Regards,
SuthakarHi Aman,
As discussed please find the attached output as follows,
#sh isdn status
Global ISDN Switchtype = basic-net3
%Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 0. Layer 3 output may not apply
ISDN BRI0/0/0 interface
dsl 0, interface ISDN Switchtype = basic-net3
L2 Protocol = Q.921 0x0000 L3 Protocol(s) = CCM MANAGER 0x0003
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x80000003
%Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 1. Layer 3 output may not apply
ISDN BRI0/0/1 interface
dsl 1, interface ISDN Switchtype = basic-net3
L2 Protocol = Q.921 0x0000 L3 Protocol(s) = CCM MANAGER 0x0003
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 1 CCBs = 0
The Free Channel Mask: 0x80000003
ISDN BRI0/3/0 interface
dsl 12, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 12 CCBs = 0
The Free Channel Mask: 0x80000003
%Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 13. Layer 3 output may not apply
ISDN BRI0/3/1 interface
dsl 13, interface ISDN Switchtype = basic-net3
L2 Protocol = Q.921 0x0000 L3 Protocol(s) = CCM MANAGER 0x0003
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
--More-- Active dsl 13 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0
#sh ccm-manager
MGCP Domain Name: xxxxx.com
Priority Status Host
============================================================
Primary Registered x.x.x.x
First Backup None
Second Backup None
Current active Call Manager: x.x.x.x
Backhaul/Redundant link port: 2428
Failover Interval: 30 seconds
Keepalive Interval: 15 seconds
Last keepalive sent: 11:10:43 AEDST Nov 21 2013 (elapsed time: 00:00:11)
Last MGCP traffic time: 11:10:43 AEDST Nov 21 2013 (elapsed time: 00:00:11)
Last failover time: None
Last switchback time: None
Switchback mode: Graceful
MGCP Fallback mode: Enabled/OFF
Last MGCP Fallback start time: 05:28:32 AEDST Nov 18 2013
Last MGCP Fallback end time: 11:57:01 AEDST Nov 20 2013
MGCP Download Tones: Disabled
TFTP retry count to shut Ports: 2
Backhaul Link info:
Link Protocol: TCP
Remote Port Number: 2428
Remote IP Address: x.x.x.x
Current Link State: OPEN
Statistics:
Packets recvd: 3
Recv failures: 0
Packets xmitted: 5
Xmit failures: 0
BRI Ports being backhauled:
Slot 0, VIC 0, port 1
Slot 0, VIC 0, port 0
Slot 0, VIC 3, port 1
Configuration Auto-Download Information
=======================================
Current version-id: 1384908973-2cefe363-d1ae-423b-a6ef-a85a0d4216af
Last config-downloaded:00:00:00
Current state: Waiting for commands
Configuration Download statistics:
Download Attempted : 6
Download Successful : 3
Download Failed : 1
TFTP Download Failed : 8428
Configuration Attempted : 3
Configuration Successful : 3
Configuration Failed(Parsing): 0
Configuration Failed(config) : 0
Last config download command: New Registration
FAX mode: disable
Configuration Error History:
Regards,
Suthakar -
Problem connecting isdn bri voice interface to pstn
i'm trying to configure my ISDN BRI NT/TE voice interface card (VIC-2BRI-NT/TE) on router 3825 to link to my PSTN provider. This must allow my Cisco IP phones to pass call to the PSTN through my call manager 4.1.
I suscribe to two isdn line. The provider told me that the SWITCH TYPE is VN6 (COTE d'IVOIRE or Ivory Coast).
For my bri configuration, see file "interfaces configuration..."
My problem is that when i pass call from my Ip telephony network, the first call goes well. But after this first call, when i type the command isdn status, i can see that the layer 1 of my isdn interfaces are DEACTIVATED, and after a few minutes, it turn back to ACTIVE. During these minuite, i can't pass any call through my isdn interface.
for outputs of show isdn status command, and isdn debug q931 commands
see file "show isdn status and debug..."
Notice: when the status of the isdn layer is in the deactvated status, i can receive call from the pstn, but i can't passe call to pstn (the state changes to ACTIVE when incomming call from pstn arrive, but still stay DEACTIVATED when outgoing call is initiated)
Please help meI've entered the "isdn transition-delay 1" interface command and things seem to work well.According to the IOS help on my router,this command clears the ISDN D-CHANNEL after a delay of 1 second.
But i would like to get more information on this command, and also on the isdn layer 2 and 3 timers, and even possible on all the "isdn" interface command option.
THANKS -
Understanding ISDN BRI Voice Interface Cards
Hi all,
I was wondering about the VIC-2BRI-NT/TE VIC:
In NT mode, what kind of BRI interface I can connect to it? Is it a BRI S/T interface (The device that is been connected to it)?
I got a PBX that has BRI S/T interfaces... can i connect them to this card (while in NT state)?
Will DID work in this case?
Thanks,
Edy.Hi Malleyne,
Thanks for the response.
I looked at the document, and I found my answers indeed. The only way to understand from the document (or any other on the net) that it will connect to an S/T interface is by the fact is says it acts as a NT1 device. Couldn't they make it more simple? :)
Thanks again,
Edy. -
following is my configuration of 1812.
interface BRI0
no ip address
encapsulation frame-relay IETF
dialer pool-member 1
isdn switch-type basic-net3
isdn point-to-point-setup
interface Dialer0
ip address xx.xx.xx.xx 255.255.255.252
encapsulation frame-relay IETF
dialer pool 1
dialer idle-timeout 0
dialer string XXXXXX
dialer max-call 4095
dialer persistent
frame-relay interface-dlci 16
frame-relay lmi-type q933a
my porblem is this when ever my Line of BRI is fluctuate for any reason my router does not automatically redials. instead i have to restart the router every time.
could any one suggesst me is there any thning wrong in my configuration.
but same configuration works well in 1841 with BRI module installed.
Thanks in advance.
RegardsAlthough you may manually configure dial peers to work with the MLPP for Analog and BRI Endpoints on Cisco IOS Voice Gateways feature, we recommend that you use Cisco CallManager autoconfiguration. Refer URL
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00804202c9.html#wp1050570 -
Good Day
We have a IDN BRI connection to ISP.
We are seeing this error log in the router. Any body have seen this error log before?
000759: *Nov 18 13:01:04.652 : ISDN BR0 **ERROR**: process_bri_call: Outgoing call id 0x809B blocked
000760: *Nov 18 13:01:04.652 : ISDN BR0 **ERROR**: UserIdle: process_bri_call failed on call to 0321632168
000761: *Nov 18 13:01:22.547 : BRI0: wait for isdn carrier timeout, call id=0x809A
000762: *Nov 18 13:01:22.547 : ISDN BR0 EVENT: UserIdle: callid 0x809A received ISDN_HANGUP (0x1)
000763: *Nov 18 13:01:22.547 : ISDN BR0 EVENT: isdn_hangup: Hangup call to call id 0x809A ces = 1
000764: *Nov 18 13:01:22.547 : ISDN BR0 **ERROR**: CCBRI_Go: NO CCB Src->HOST call id 0x809A, event 0x5 ces 1
000765: *Nov 18 13:01:22.547 : ISDN BR0 EVENT: process_rxstate: ces/callid 1/0x809A calltype 1 HOST_QUERY_RESPONSE
000766: *Nov 18 13:01:34.644 : BRI0: wait for isdn carrier timeout, call id=0x809B
000767: *Nov 18 13:01:34.644 : ISDN BR0 EVENT: UserIdle: callid 0x809B received ISDN_HANGUP (0x1)
000768: *Nov 18 13:01:34.644 : ISDN BR0 EVENT: isdn_hangup: Hangup call to call id 0x809B ces = 1
configuration of the router.
ROUTER#sh run int BRI0
Building configuration...
Current configuration : 523 bytes
interface BRI0
description ***** ISDN Backup for ADSL *****
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1400
dialer idle-timeout 60
dialer string 0320544000
dialer string 2856000
dialer watch-group 1
dialer-group 2
isdn switch-type basic-net3
isdn point-to-point-setup
no cdp enable
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 7 XXXXX
end
ROUTER#sh isdn sta
Global ISDN Switchtype = basic-net3
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 67, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0Actually I did.
When I upgraded the IOS on the router I mistakenly used the AdvanceIP services as we used that on all 871 routers. The 876 should, however have been upgraded with the Enterprise version.
The fault message was due to a license issue.
Took long time to figure this out and find something about it. -
ISDN BRI S/T 2 BRI S/T
Hi,
I have a 2621 with a WIC 1B S/T card and a 2811 with a WIC 1B S/T V3 card
I have connected the two ports with an ethernet cable and configured the 2 Interfaces but I can't ping neither of the interfaces......is this because I don't have a "proper" D channel???
Is there anyway of establishing a link between the two routers using the ISDN interfaces ........ for testing purposes??
interface BRI0/1/0
ip address 84.94.34.84 255.255.255.240
dialer idle-timeout 2147482
dialer map ip 84.94.34.94 name SAMS_router
dialer-group 1
isdn switch-type basic-net3
isdn spid1 51055530000001 5553000
dialer-list 1 protocol ip permit
Thank you for any help........To answer your questions.. Yes, you need a D-channel. You cannot just connect the two ports together on a BRI and expect to get connected locally. The only way to test the BRI is to attach your ISDN service to the ports and test them out. You may be able to get a test ISDN number from your carrier provider that allows you to call the special number and it is a loopback. Or you can use the ISDN call command that allows you to make a test call to verify your ISDN service.To verify ISDN service you can use the show isdn status command to verify your layers 1 through 3. Also you can use debug isdn q921 or debug isdn q931 for any troubleshooting issues..Good Luck....
-
Hi all,
I have this configuration:
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime
service timestamps log datetime msec localtime
service password-encryption
service internal
service sequence-numbers
hostname c3620
ip subnet-zero
no ip source-route
ip rtp coalesce
ip cef
ip tcp selective-ack
ip tcp path-mtu-discovery
interface Ethernet1/0
bandwidth 10000
ip address 172.16.0.1 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
full-duplex
interface BRI1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
dialer rotary-group 0
isdn switch-type basic-net3
isdn spid1 985123123
isdn timeout-signaling
no cdp enable
interface Dialer0
bandwidth 64
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
service-policy output QoS-RDSI
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 909250250
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname tu@eresmas
ppp chap password 7 00000
ppp pap sent-username tu@eresmas password 7 00000
ip nat translation tcp-timeout 1800
ip nat inside source list 150 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 permit 172.16.0.2
access-list 1 permit 172.16.0.3
access-list 150 remark ** Dialer-list 1 y Ip nat inside **
access-list 150 permit tcp 172.16.0.0 0.0.0.7 gt 1023 any
access-list 150 permit udp 172.16.0.0 0.0.0.7 gt 1023 any
access-list 150 permit icmp 172.16.0.0 0.0.0.7 any
dialer-list 1 protocol ip list 150
dial-peer cor custom
line con 0
logging synchronous
line aux 0
line vty 0 4
access-class 1 in
logging synchronous
transport input telnet ssh
end
(I avoid user accounts and other commands that I think are not interesting for my problem at all)
Ok, my problem is that "dialer idle-timeout" under diler0 interface doesn't run.
As I read into the documentation the interesting traffic should use ACL 150 and then resets the dialer counter in order to mantain the call/internet connetion UP.
That is not the case. The diale counter ends and the connection must be re-established.
Any suggestions?
I don't know what to try.
Thanks.Hi Rick,
Changes into configuration were...
no access-list 150
access-list 150 remark ** IP NAT inside **
access-list 150 permit tcp 172.16.0.0 0.0.0.7 gt 1023 any
access-list 150 permit udp 172.16.0.0 0.0.0.7 gt 1023 any
access-list 150 permit icmp 172.16.0.0 0.0.0.7 any
access-list 151 remark ** Dialer List **
access-list 151 permit tcp 172.16.0.0 0.0.0.7 gt 1023 any
access-list 151 permit udp 172.16.0.0 0.0.0.7 gt 1023 any
access-list 151 permit icmp 172.16.0.0 0.0.0.7 any
no dialer-list 1 protocol ip list 150
dialer-list 1 protocol ip list 151
As you can see I made two ACLs, one for NAT and other for the "dialer-list" command.
Then, I modified the "dialer idle-timeout" under Dialer0 interface and I changed it to 90 seconds.
After that I executed "show dialer" with this result:
# show dialer
Dial reason: ip (s=172.16.0.3, d=61.155.39.144)
Time until disconnect 81 secs
Ok, idle counter is running!!
I did a ping against 61.155.39.144 (it replied correctly) and the idle counter didn't reset to the 90 seconds :(
Another strange thing is that Dialer0 interface always appears with "no ip route-cache cef", but I can force the interface to use CEF. It doesn't matter if I save the config with CEF, after a reboot the Dialer0 interface appears as "no ip route-cache cef". I don't know if this issue has relation with the "dialer idle-timeout" command. I don't think so since I have the same "dialer idle-timeout" with and without CEF. This issue calls my attention too because I never see it before.
More info, IOS Version:
3600 Software (C3620-IK9S-M), Version 12.2(28a), RELEASE SOFTWARE (fc2)
c3620-ik9s-mz.122-28a.bin
I hope this helps -
Configuring BRI interface for Voice ( MGCP gateway
hi there,
i have a Call Manager which is connect to Cisco 2800 series acting as MGCP getway. ISDN connection between the 2800 and the carrier ( telestra sydney ). the call manager is seeing the gateway and i have configured a numbering plan on the call manager for the phones. the phones can call internally but externally i dont what configuration i should configure under the BRI interface for the carrier ( telestra ) to recongnise my number plan. please if you have any demo configuration or configuration that has perviously used post to me.this is a basic MGCP config on the Gateway on your area
BRI Switchtype Information
BRIs in Australia require no service profile identifiers (SPIDs).
There are two ISDN switch-types that can be used:
basic-net3?Currently the most commonly used.
basic-ts013?For older ISDN switches such as MicroLink.
isdn switch-type basic-net3 or 5
voice-card 2
dspfarm
dsp services dspfarm
controller T1 2/0
description T1 link to SRST
framing esf !--- Automatic method automatically adds
clock source internal
linecode b8zs !--- Automatic method automatically adds
cablelength short 133
pri-group timeslots 1-2,24 service mgcp !--- Automatic method
!--- automatically adds 24 channels.
!---You can manually edit channels.
description T1 link to SRST
interface Serial2/0:23
no ip address
isdn switch-type primary-ni !--- Automatic method automatically adds
isdn protocol-emulate network !--- Simulated Lab ISDN
isdn bind-l3 ccm-manager !--- Allows all Q931 to be backhauled over TCP to
!--- CallManager; automatic method automatically adds
no cdp enable !--- Automatic method automatically adds
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server 171.69.103.225
ccm-manager config !--- Enables automatic config download from CallManager
!--- Automatic method automatically adds these commands
mgcp
mgcp call-agent 171.69.103.225 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
no mgcp package-capability fxr-package
mgcp package-capability pre-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp profile default -
ISDN BRI backup - Disconnect after 1 sec
There is a ISDN BRI backup to Serial IF on a router.BRI seems to be able to cennect with opossite site, but after 1 sec comes Disconnect(see attachment).I tried Floating static routes and Dialer watch as well, with the same result. Can anybode help me? Thanks
There is no aaa new-model statment on both side.I`ve rewrite user/psw and added ppp chap hostname ... command.
output of isdn status follows:
cpp-poprad#
Sep 20 14:52:00.647: %DIALER-6-BIND: Interface BR0/1/0:1 bound to profile Di0
Sep 20 14:52:00.651: %LINK-3-UPDOWN: Interface BRI0/1/0:1, changed state to up
Sep 20 14:52:00.651: %ISDN-6-CONNECT: Interface BRI0/1/0:1 is now connected to 0524684841 N/A
Sep 20 14:52:01.655: %ISDN-6-CONNECT: Interface BRI0/1/0:1 is now connected to 0524684841 cpp-poprad
Sep 20 14:52:01.655: %ISDN-6-DISCONNECT: Interface BRI0/1/0:1 disconnected from 0524684841 cpp-poprad, call lasted 1 seconds
Sep 20 14:52:01.659: %LINK-3-UPDOWN: Interface BRI0/1/0:1, changed state to down
Sep 20 14:52:01.659: %DIALER-6-UNBIND: Interface BR0/1/0:1 unbound from profile Di0sh isdn statu
Global ISDN Switchtype = basic-net3
ISDN BRI0/1/0 interface
dsl 2, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 71, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 2 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0
cpp-poprad#sh isdn act
ISDN ACTIVE CALLS
Call Calling Called Remote Seconds Seconds Seconds Charges
Type Number Number Name Used Left Idle Units/Currency
cpp-poprad#
Sep 20 14:52:18.295: %LINK-3-UPDOWN: Interface BRI0/1/0:1, changed state to up
Sep 20 14:52:18.295: %DIALER-6-BIND: Interface BR0/1/0:1 bound to profile Di0
Sep 20 14:52:18.299: %ISDN-6-CONNECT: Interface BRI0/1/0:1 is now connected to 05246848411 N/A
Sep 20 14:52:18.351: %ISDN-6-CONNECT: Interface BRI0/1/0:1 is now connected to 05246848411 cpp-poprad
Sep 20 14:52:18.531: %LINK-3-UPDOWN: Interface BRI0/1/0:1, changed state to down
Sep 20 14:52:18.531: %DIALER-6-UNBIND: Interface BR0/1/0:1 unbound from profile Di0sh isdn act -
Connecting to an ISDN BRI on a router from a PSTN line from remote site..!!
Friends,
I have a 1812 at HO with WIC1 BS/T Card, connected it to an ISDN BRI line.One of my critical remote location uses Leased circuit to reach my HO Router.But in case if LL goes down,some of the important PC's at the remote site should be able to dial to HO Router BRI Number using PSTN line, get connected and continue, ip address assigned from HO Router and access the application... Is any way available...Hi Arnab.
You need to configure dial backup through AUX port. You need to connect a normal PSTN line to a modem which in turn is connected to your AUX port. You will have to configure a chat script which you can find in the attachmnet. The attachment is a working example in one of my routers.
You also have to create an ASYNC interface. Check that in the attached file also
--Pls rate if useful--- -
WLAN User Idle Timeout and WPA2-PSK authentication
Hi,
There is a WLAN for Guest users with Session Timeout of 65535 sec and User Idle Timeout of 28800 sec. The WLAN uses PSK as Layer-2 authentication and Web Auth as Layer-3 authentication. Authentication source is locally created users on the controllers (LocalEAP) - can be RADIUS through ISE as well.
(Cisco Controller) show>sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
RTOS Version..................................... 7.6.130.0
Bootloader Version............................... 7.6.130.0
Emergency Image Version.......................... 7.6.130.0
Build Type....................................... DATA + WPS
System Name...................................... vwlc-1
System Location.................................. Matrix
System Contact................................... IT HelpDesk Matrix
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.10.10.50
System Up Time................................... 6 days 17 hrs 30 mins 26 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:0C:29:74:15:2F
Maximum number of APs supported.................. 200
(Cisco Controller) show> wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Matrix-LocalEAP
Network Name (SSID).............................. Matrix-LocalEAP
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 65535 seconds
User Idle Timeout................................ 28800 seconds
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... vwlc-1
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... 802.1P (Tag=2)
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ 10.10.10.70 1812
Accounting.................................... 10.10.10.70 1813
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Enabled (Profile 'local-eap-matrix')
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Disabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
Priority Policy Name
The wireless user on joining the WLAN enters the PSK and than gets redirected to WLC Web Auth portal for authentication. On successful login, the user is granted access. The issue is that despite Idle Timeout being 28800 sec (8 hours), the WLC removes the client entry before 8 hours if the device goes to sleep - mostly within the first hour. Tested this on Windows 7 notebook multiple times. When the PC is put to sleep, the WLC loses its record after some time. When PC wakes up, it has to undergo Web Auth again. Debugging the client MAC generates these logs - from initial association to final clearing.
(Cisco Controller) >*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Association received from mobile on BSSID 00:26:cb:4c:89:d1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Global 200 Clients are allowed to AP radio
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 override for default ap group, marking intgrp NULL
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 10
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Re-applying interface policy for client
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying site-specific Local Bridging override for station 3c:a9:f4:0b:91:70 - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Applying Local Bridging Interface Policy for station 3c:a9:f4:0b:91:70 - vlan 10, interface id 0, interface 'management'
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 STA - rates (6): 152 36 176 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Processing RSN IE type 48, length 22 for mobile 3c:a9:f4:0b:91:70
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 AID 1 in Assoc Req from flex AP 00:26:cb:4c:89:d0 is same as in mscb 3c:a9:f4:0b:91:70
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfMs1xStateDec
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Change state to START (0) last state WEBAUTH_REQD (8)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Initializing policy
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Encryption policy is set to 0x80000001
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Central switch is FALSE
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Sending Local Switch flag = 1
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) DHCP Not required on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2for this client
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_0: Feb 04 07:48:10.562: 3c:a9:f4:0b:91:70 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Associated
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 apfPemAddUser2:session timeout forstation 3c:a9:f4:0b:91:70 - Session Tout 65535, apfMsTimeOut '65535' and sessionTimerRunning flag is 0
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Func: apfPemAddUser2, Ms Timeout = 65535, Session Timeout = 65535
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 Sending Assoc Response to station on BSSID 00:26:cb:4c:89:d1 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_0: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Associated
*pemReceiveTask: Feb 04 07:48:10.563: 3c:a9:f4:0b:91:70 10.10.1.130 Removed NPU entry.
*spamApTask7: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sent 1x initiate message to multi thread task for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Creating a PKC PMKID Cache entry for station 3c:a9:f4:0b:91:70 (RSN 2)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Removing BSSID 00:26:cb:4c:89:d1 from PMKID cache of station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Setting active key cache index 0 ---> 8
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Adding BSSID 00:26:cb:4c:89:d1 to PMKID cache at index 0 for station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: New PMKID: (16)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: [0000] 67 67 8f 7d 2a 8d 78 f9 6d 29 c7 74 d2 fd 6a 25
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Initiating RSN PSK to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 dot1x - moving mobile 3c:a9:f4:0b:91:70 into Force Auth state
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Skipping EAP-Success to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 EAPOL Header:
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Found an cache entry for BSSID 00:26:cb:4c:89:d1 in PMKID cache at index 0 of station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Found an cache entry for BSSID 00:26:cb:4c:89:d1 in PMKID cache at index 0 of station 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: [0000] 67 67 8f 7d 2a 8d 78 f9 6d 29 c7 74 d2 fd 6a 25
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Starting key exchange to mobile 3c:a9:f4:0b:91:70, data packets will be dropped
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 Allocating EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.566: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.567: 3c:a9:f4:0b:91:70 Received EAPOL-Key from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Received EAPOL-key in PTK_START state (message 2) from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Stopping retransmission timer for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 EAPOL Header:
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 Reusing allocated memory for EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.568: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Received EAPOL-Key from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Stopping retransmission timer for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Freeing EAP Retransmit Bufer for mobile 3c:a9:f4:0b:91:70
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 apfMs1xStateInc
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Central switch is FALSE
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Sending the Central Auth Info
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Central Auth Info Allocated PMKLen = 32
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 PMK: pmkActiveIndex = 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 apfMsEapType = 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Sending Local Switch flag = 1
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) DHCP Not required on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2for this client
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:26:cb:4c:89:d0 vapId 2 apVapId 2 flex-acl-name:
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 L2AUTHCOMPLETE (4) Change state to WEBAUTH_REQD (8) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) pemAdvanceState2 6236, Adding TMP rule
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Adding Fast Path rule
type = Airespace AP Client - ACL passthru
on AP 00:26:cb:4c:89:d0, slot 0, interface = 1, QOS = 0
IPv4 ACL ID
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 2, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 10, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_0: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*spamApTask7: Feb 04 07:48:10.569: 3c:a9:f4:0b:91:70 spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 pmkLen = 32
*pemReceiveTask: Feb 04 07:48:10.570: 3c:a9:f4:0b:91:70 10.10.1.130 Added NPU entry of type 2, dtlFlags 0x0
*pemReceiveTask: Feb 04 07:48:10.570: 3c:a9:f4:0b:91:70 Pushing IPv6: fe80:0000:0000:0000:c915:4a8e:6d1a:e20d , and MAC: 3C:A9:F4:0B:91:70 , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP received op BOOTREPLY (2) (len 308,vlan 10, port 1, encap 0xec03)
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP processing DHCP ACK (5)
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP xid: 0xcce207f6 (3437365238), secs: 0, flags: 0
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP chaddr: 3c:a9:f4:0b:91:70
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP ciaddr: 0.0.0.0, yiaddr: 10.10.1.130
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Feb 04 07:48:10.589: 3c:a9:f4:0b:91:70 DHCP server id: 10.10.1.20 rcvd server id: 10.10.1.20
*SNMPTask: Feb 04 07:48:16.594: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:48:16.594: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:48:16.595: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:48:16.595: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*ewmwebWebauth1: Feb 04 07:48:31.129: 3c:a9:f4:0b:91:70 Username entry (local1) created for mobile, length = 6
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 Username entry (local1) created in mscb for mobile, length = 6
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_REQD (8) Change state to WEBAUTH_NOL3SEC (14) last state WEBAUTH_REQD (8)
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 apfMsRunStateInc
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 WEBAUTH_NOL3SEC (14) Change state to RUN (20) last state WEBAUTH_NOL3SEC (14)
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 Session Timeout is 65535 - starting session timer for the mobile
*ewmwebWebauth1: Feb 04 07:48:31.130: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Reached PLUMBFASTPATH: from line 6571
*ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 00:26:cb:4c:89:d0, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID =
*ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Fast Path rule (contd...) 802.1P = 2, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 10, Local Bridging intf id = 0
*ewmwebWebauth1: Feb 04 07:48:31.131: 3c:a9:f4:0b:91:70 10.10.1.130 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Feb 04 07:48:31.132: 3c:a9:f4:0b:91:70 10.10.1.130 Added NPU entry of type 1, dtlFlags 0x0
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*pemReceiveTask: Feb 04 07:48:31.132: 3c:a9:f4:0b:91:70 Pushing IPv6: fe80:0000:0000:0000:c915:4a8e:6d1a:e20d , and MAC: 3C:A9:F4:0B:91:70 , Binding to Data Plane. SUCCESS !!
*emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*emWeb: Feb 04 07:49:14.120: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.646: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.646: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.662: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.662: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.663: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:51:19.663: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*IPv6_Msg_Task: Feb 04 07:53:35.661: 3c:a9:f4:0b:91:70 Link Local address fe80::c915:4a8e:6d1a:e20d updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
*dot1xMsgTask: Feb 04 07:54:26.664: GTK Rotation Kicked in for AP: 00:26:cb:4c:89:d0 SlotId = 1 - (0x47440ef0)
*dot1xMsgTask: Feb 04 07:54:26.665: Generated a new group key for AP 00:26:cb:4c:89:d0(1) - vap 1
*dot1xMsgTask: Feb 04 07:54:26.665: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*dot1xMsgTask: Feb 04 07:54:26.665: Generated a new group key for AP 00:26:cb:4c:89:d0(1) - vap 2
*dot1xMsgTask: Feb 04 07:54:26.665: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*SNMPTask: Feb 04 07:56:19.689: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 07:56:19.689: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 08:01:19.730: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*SNMPTask: Feb 04 08:01:19.730: 3c:a9:f4:0b:91:70 Central Switch = FALSE
*dot1xMsgTask: Feb 04 08:01:23.904: GTK Rotation Kicked in for AP: 00:26:cb:4c:89:d0 SlotId = 0 - (0x47440ef0)
*dot1xMsgTask: Feb 04 08:01:23.904: Generated a new group key for AP 00:26:cb:4c:89:d0(0) - vap 1
*dot1xMsgTask: Feb 04 08:01:23.905: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*dot1xMsgTask: Feb 04 08:01:23.905: Generated a new group key for AP 00:26:cb:4c:89:d0(0) - vap 2
*dot1xMsgTask: Feb 04 08:01:23.905: GTK rotation for 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 EAPOL Header:
*dot1xMsgTask: Feb 04 08:01:23.905: 00000000: 02 03 5f 00 .._.
*dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 Key exchange done, data packets from mobile 3c:a9:f4:0b:91:70 should be forwarded shortly
*dot1xMsgTask: Feb 04 08:01:23.905: 3c:a9:f4:0b:91:70 Key exchange done, data packets from mobile 3c:a9:f4:0b:91:70 should be forwarded shortly
*dot1xMsgTask: Feb 04 08:01:23.906: Confirmation Key: (16)
*dot1xMsgTask: Feb 04 08:01:23.906: [0000] fa a3 68 28 46 1f 49 18 a0 60 7a 92 c4 f5 64 3d
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Sending EAPOL-Key Message to mobile 3c:a9:f4:0b:91:70
state PTKINITDONE (message 5 - group), replay counter 00.00.00.00.00.00.00.02
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 Allocating EAP Pkt for retransmission to mobile 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: Feb 04 08:01:23.906: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 Updated broadcast key sent to mobile 3C:A9:F4:0B:91:70
*dot1xMsgTask: Feb 04 08:01:23.907: 3c:a9:f4:0b:91:70 Updated broadcast key sent to mobile 3C:A9:F4:0B:91:70
*dot1xMsgTask: Feb 04 08:01:23.907: Sending of M5 for 00:26:cb:4c:89:d0 is Skipped, rc = 1
*osapiBsnTimer: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 Retransmit 1 of EAPOL-Key M5 (length 131) for mobile 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*dot1xMsgTask: Feb 04 08:01:25.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*osapiBsnTimer: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 Retransmit 2 of EAPOL-Key M5 (length 131) for mobile 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappLradNhMac = 00:0c:29:e4:e9:6a mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsBssid = 00:26:cb:4c:89:d0 mscb->apfMsAddress = 3c:a9:f4:0b:91:70 mscb->apfMsApVapId = 2
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 1 mscb->apfMsLwappLradVlanId = 10 mscb->apfMsLwappMwarInet.ipv4.addr = 168430130
*dot1xMsgTask: Feb 04 08:01:26.104: 3c:a9:f4:0b:91:70 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 168427904 mscb->apfMsLwappLradPort = 41879
*osapiBsnTimer: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 802.1x 'timeoutEvt' Timer expired for station 3c:a9:f4:0b:91:70 and for message = M5
*dot1xMsgTask: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 Retransmit failure for EAPOL-Key M5 to mobile 3c:a9:f4:0b:91:70, retransmit count 3, mscb deauth count 0
*dot1xMsgTask: Feb 04 08:01:27.104: 3c:a9:f4:0b:91:70 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Removing BSSID 00:26:cb:4c:89:d1 from PMKID cache of station 3c:a9:f4:0b:91:70
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Setting active key cache index 0 ---> 8
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Sent Deauthenticate to mobile on BSSID 00:26:cb:4c:89:d0 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 8
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: Feb 04 08:01:27.105: 3c:a9:f4:0b:91:70 Global PMK Cache deletion failed.
*dot1xMsgTask: Feb 04 08:01:27.106: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: Feb 04 08:01:27.106: 3c:a9:f4:0b:91:70 Freeing EAP Retransmit Bufer for mobile 3c:a9:f4:0b:91:70
*osapiBsnTimer: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 apfMsExpireMobileStation (apf_ms.c:6655) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Associated to Disassociated
*apfReceiveTask: Feb 04 08:01:37.105: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: Feb 04 08:01:47.105: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Sent Deauthenticate to mobile on BSSID 00:26:cb:4c:89:d0 slot 0(caller apf_ms.c:6749)
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Setting active key cache index 8 ---> 8
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Global PMK Cache deletion failed.
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 apfMsAssoStateDec
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 apfMsExpireMobileStation (apf_ms.c:6787) Changing state for mobile 3c:a9:f4:0b:91:70 on AP 00:26:cb:4c:89:d0 from Disassociated to Idle
*apfReceiveTask: Feb 04 08:01:47.106: 3c:a9:f4:0b:91:70 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds
*osapiBsnTimer: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 apfMsExpireCallback (apf_ms.c:626) Expiring Mobile!
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 10.10.1.130 START (0) Deleted mobile LWAPP rule on AP [00:26:cb:4c:89:d0]
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 Username entry deleted for mobile
*apfReceiveTask: Feb 04 08:01:57.106: 3c:a9:f4:0b:91:70 Deleting mobile on AP 00:26:cb:4c:89:d0(0)
If Layer-2 Auth (PSK) is set to "none" and only Layer-3 Web Auth is kept, then there are no issues. PC can wake up before 8 hours and not prompted for Web Auth again. As a test, I setup the WLAN with Layer-2 PSK auth only with Layer-3 auth set to none. The WLC removed the client entry after 25 minutes. Not an issue for PSK based auth only as PC on wake up seamlessly gets associated to WLAN.
Is User Idle Timeout setting not valid when WPA2-PSK is used as the auth method ?
Thanks,
Rick.Thanks Scott, The code version is 7.6.130.0 which supports Sleeping Client feature. However, as per the docu "http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_010111.html#reference_7008E6F7D7094BA7AD39491D7361622D"
The authentication of sleeping clients feature is not supported with Layer 2 security and web authentication enabled.
and as you mentioned as well
...Sleeping client like George mentioned is a better way than adjusting the idle timer but strictly for layer 3 only...
Sleeping Client wasn't an option in my case. That is why I was hoping that Idle Timeout may do the trick here. This is an actual case where a client with an existing wireless network just wanted to enable sleeping client feature so that their guests don't need to re-auth if their device sleeps or they go out (break) and come back after some time. Layer-3 Web Auth alone should be enough I think. Keeping L2-PSK is probably their security team's decision, as they also use the same SSID for BYOD devices and don't want nearby people/buildings to see that there is an Open Wifi available and on joining would see the Web Auth portal and company disclaimer.
George, I agree with Dot1X method. It can be used for the BYOD devices (separate SSID) while we can keep the Guest WLAN as L3-WebAuth only on controller (or do CWA through ISE if available).
Thanks for all your help.
Rick.
Maybe you are looking for
-
In Flex2, How to get coordinates in a view port?
I know one can use something like fooUIControl.localToGlobal(new Point(x,y)) to get the coordinates corresponding to the origin at the top left of the main flex app 'document'. In case that the main flex app scrolls, how can I get the coordinates cor
-
Connect iPhone to external modem?
Maritime and emergency workers need to access the web and email over a satellite connection when there is no cellular service available. Although this is a lot slower than a cellular connection, it is better than nothing. Can I set up the networking
-
Error AIP-50014: in running Acme-Global sample tutorial
Hi I am facing the following in running the Acme_GlobalChips tutorial. Error I got after deploying in the b2b server reports Machine Info: (SALDTP072103) Description: General Error StackTrace: Error -: AIP-50014: General Error: java.lang.NullPointerE
-
I've read through many posts re: iWeb domain files vanishing, which happened to me (guess who'll be adding domain to his backup schedule...). Here's my question: Is there a way to create a new domain file? The one in my app. support file is a new (bl
-
How to uninstal third party software on Macbook pro
how can we uninstall a third party software Khullar