Primary/secondary RADIUS server
Hey all,
I've been trying to discover for a while how primary and secondary RADIUS servers work on WLC 4400s. If the primary RADIUS server goes down, and the secondary is used, at what point does the controller go back to the primary once it's back up? Does it wait until the secondary goes down, or does it immediately switch back to the primary once it becomes available?
Thanks in advance!
Jeff
On 4.2 and previous versions, if the primary goes down, then the secondary is used until the secondary is not available. So if you want to froce the primay to be the radius server to be used, reboot the secondary. Then the tertiary then back to the primary. 5.0 has a feature in which you can set a keep alive so that when the primary comes back up, the primary will be used again. 5.0 code in not a good code version though.
Similar Messages
-
Primary-secondary radius server configuration
Hi all ,
I have a couple of ACS 5.2 configured as active and backup and I am doing dot 1x authentication using these servers . I have configured the switch with the bellow configuration.
radius-server host 10.0.10.15 auth-port 1645 acct-port 1646
radius-server host 10.0.10.16 auth-port 1645 acct-port 1646
radius-server key 7 aaaaaaaaaaaaaa
please help to understand what will happen in switch
1) in case of primary failure
2)in case if primary returns alive .
thanks in advance ,
SelvaHi Selva,
You need to post all your AAA config. the above lines show you added the radius servers but it is not necessarily all server will be reached. We need to look into the AAA config to see what server groups are configured and what servers under the groups.
In general, if things are configured correctly:
- If the primary did not reply at all (down, not reachable...etc) the AAA client (switch in your case) will try the next radius server.
- If the primary server replies (with access-reject, error, ...etc) the AAA client (switch in your case) send auth failure to the host.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
When WLC authenticate users with secondary RADIUS server?
Hi Sir,
I'm configuring a WLC4404-100. One of the WLANs points to two RADIUS Servers for Authentication and Accounting (please see attached).
I'd like to know, under what circumstances will the WLC authenticate users against the secondary RADIUS Server (in my case, the ACS with IP address 10.200.67.84)?
Please advise.
Thank you.
B.Rgds,
Lim TSHi,
I navigated to the following on the WLC:
MANAGEMENT -> SNMP -> Trap Logs
I noticed the following SNMP trap:
Fri Dec 8 11:23:21 2006 No Radius Servers Are Responding
I checked the 2nd ACS server, and true, at around the same time 11:23, the 2nd ACS server was authenticating users.
I checked the 1st ACS server; at around the same time 11:23, there wasn't any service suspension or database replication going on. What's the cause of this WLC authenticating with the 2nd ACS server? The network is robust and I don't expect any latency issue. The two RADIUS servers are serving only wireless users, the number is about 120.
On the WLC, I used the default of 2 seconds Retransmit Timeout for both the RADIUS Authentication Servers. Should I fine-tune it to higher value?
Retransmit Timeout - Specify the time in seconds after which the RADIUS authentication request will timeout and a retransmission will be taken up by the controller. You can specify a value between 2 to 30 seconds.
There are Passed Authentications logged on the 1st ACS server after during & after 11:23. So, I suspect the WLC is doing a kind of load-balancing across the two RADIUS servers.
Please advise.
Thank you.
B.Rgds,
Lim TS -
1. Suppose we have mutliple Radius server in a Netowrk. If primary Radius server goes down , how secondary server will come into the picture..
2. Where can we check ,which Radius server is active (Primary or secondary Radius server)
3. Is there any limit like one server can authenticate a number of clients?
Thanks
SriSri,
1) Its the NAS that brings up secondary radius server. First it will try hitting primary radius server and if there is no response it will then try seoncdary radius.
2) On ASA you can use this command to check the server status,
ASA# show aaa-server protocol radius
On IOS
Switch#show aaa servers
RADIUS: id 3, priority 1, host 192.168.26.119, auth-port 1645, acct-port 1646
State: current UP, duration 151040s, previous duration 0s
Dead: total time 0s, count 0
Quarantined: No
Authen: request 6, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 190ms
Transaction: success 6, failure 0
Author: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Account: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Elapsed time since counters last cleared: 1d17h33m
RADIUS: id 4, priority 2, host 192.168.1.99, auth-port 1645, acct-port 1646
State: current UP, duration 151040s, previous duration 0s
Dead: total time 0s, count 0
Quarantined: No
Authen: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Author: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Account: request 0, timeouts 0
Response: unexpected 0, server error 0, incorrect 0, time 0ms
Transaction: success 0, failure 0
Elapsed time since counters last cleared: 0m
3) I'm not aware of any limit that can be configured on radius. But there are certain paremeters you can set up (That depends on verdor)
Regards,
~JG
Do rate helpful posts -
Errors in event log of Secondary DPM server protecting replicas on Primary
Hello again
I have two DPM servers, one situated on-site (primary) and one situated off-site (secondary). Protection jobs seem to be running correctly on both servers in that the jobs complete and I am able to restore data from the backups. I use the primary server
to make the initial backups of critical systems and data (Exchange MDB's etc) and the secondary server to backup those replicas off-site in case of primary site loss or DPM system loss.
The primary server is a physical server and the secondary server is a virtual server. Both DPM servers have their DPM databases stored on one physical SQL server that is in the primary site.
Basically what is happening is that every day our virtual machines are snapshotted (secondary DPM server included) and everyday the snapshot of the secondary DPM server fails. I see the following to entries in the event log of the secondary server.
Error 1:
WARNING
Source: MSDPM
Event ID: 955
The description for Event ID 955 from source MSDPM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
The consistency check resulted in the following changes to SQL Server Agent schedules: Schedules added: 2 Schedules removed: 2 Schedules updated: 0.
Problem Details:
<ConsistencyCheck><__System><ID>26</ID><Seq>27861</Seq><TimeCreated>22/05/2014 23:01:31</TimeCreated><Source>SchedulerImpl.cs</Source><Line>719</Line><HasError>True</HasError></__System><Tags><JobSchedule
/></Tags></ConsistencyCheck>
the message resource is present but the message is not found in the string/message table
Error 2
ERROR
Source: MSDPM
Event ID: 4212
The description for Event ID 4212 from source MSDPM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
DpmWriter service encountered an error during PrepareBackup as more than one component is selected for backup in the same snapshot set. Select a single DPM replica for backup and try the operation again.
Problem Details:
<DpmWriterEvent><__System><ID>30</ID><Seq>7</Seq><TimeCreated>23/05/2014 00:30:45</TimeCreated><Source>d:\btvsts\21011\private\product\tapebackup\dpswriter\vssfunctionality.cpp</Source><Line>438</Line><HasError>True</HasError></__System><DetailedCode>4212</DetailedCode></DpmWriterEvent>
the message resource is present but the message is not found in the string/message table
These two events are followed by another event from VMWare Tools everyday
Error 3:
WARNING
Source: VMWare Tools
Event ID: 1000
[ warning] [vmvss:vmvss] CVmSnapshotRequestor::CheckWriterStatus():1536: writer DPM Writer in failed state: res = 0x800423f4, err = 0x1, error =
Has anyone come across this before? Currently I am not quite sure what is going wrong and whether it is actually related to snapshots failing, but I want to try to fix these errors first and see what happens.
RegardsYour ar using VMware for Virtualization?
Are you trying to do an online Backup of the VM, think that will not work?
One thing i wonder, your have installed second DPM if Site one fails or goes done, but SQL for DPM2 is in Site one? try to move SQL to external site for DPM 2
Seidl Michael | http://www.techguy.at |
twitter.com/techguyat | facebook.com/techguyat -
Cisco 5508-WLC using MS NPS as RADIUS Server for EAP-TLS
Has anyone experienced a problem getting a Cisco WLC to work with MS NPS server? We've done it before albeit with differnt code versions.
I have a Cisco 5508 WLC running 7.0.116.0 code hosting a WLAN configured for WPA2 with 802.1x for authentication. I have two Windows NPS servers configured as the RADIUS servers for EAP-TLS authentication. Via debug info on the WLC I can see the 802.1x handshake take place with the wireless client and the WLC as well as a successful transmission of an Authentication Packet from the WLC to one of the RADIUS servers. However on the WLC I see repeated RADIUS server x.x.x.x:1812 deactivated in global list and on the NPS server I'm seeing event log errors indicating "The Network Policy Server discarded the request for a user" along with the pertinent auth request info that I would expect the NPS server to receive from the WLC.
Based on the WLC debug info I'm never actually getting to the EAP-TLS certificate authentication part. It seems the NPS servers don't like the format of the initial RADIUS authentication request coming from the WLC and so don't respond whcih in turn casues to WLC to switch to the other NPS server which produces the same issue.
Any ideas of what might be the issue or misconfiguration?Jim,
I wanted to know if you can setup wireshark on both of the boxes and see if your are hitting the following bug:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti91044
It looks as if the WLC is retransmitting the client traffic from one radius session with primary over to the secondary in which the radius state attribute that was assigned from the primary server is probably hitting the secondary server. Therefore if the state attribute isnt assigned from the secondary server it will discard the packet.
May need to open a TAC case to see if this issue is on the 550x controllers also.
Thanks,
Tarik -
3600 AP keeps bouncing between Primary & Secondary 5760 WLC
Hello All,
I am not sure if it was a good idea to change the controllers from software based to IOS based :(..... Anyway this is the first time I am working on the IOS based controllers and have been going through very unusual thing. I have a 3600 AP and a couple of 2600 AP, I am just at the start of the configuration for a new deployment. Even though I have many concerns but I will start with the one which is bothering me the most, which is the APs keep jumping from a primary controller to the secondary controller. I have attached the sh run, sh logging, and the sh version for a 3600 AP and the two controllers. All I can understand from the logs is that the capwap interface keeps going down which causes the AP to fall back to the other controller, I have also tried turning off the AP FALLBACK feature, still no luck.
Addiditional Confusions,
Does any one know as how to setup HA in these controllers, as I do not see any HA or RP (Port) on these controllers neither there is any stacking module on the controllers. Would it be the old way of doing it, which was defining Primary and Secondary Controllers on the APs, if yes than I should receive two different licenses for the Controllers. But these are my devices Part numbers:
Primary: AIR-CT5760-500-K9
Secondary: AIR-CT5760-HA-K9
for now I have enabled the evaluation license on both the devices. I hope that does not make any difference.Hi,
I have been doing some of my own trouble shooting and found out that as soon as I create a layer 3 interface on the controller so as to map it to any SSID, all of my APs start to jump on to the secondary controller and since there is a primary and secondary controller configuration on each AP they tend to come back but than soon after they jump back to the secondary....... As soon as I delete the additional layer 3 interfaces, apart from the wireless management, I get all the APs back to normal register to the controller without a glitch, I am pasting the logs being received for the APs behaviour. I have marked the logs in between with Asterics to indicate when I cleared the layer 3 interfaces and from there onwards all the APs started coming up again
Mar 12 15:09:58.624: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 4 times.!]
Mar 12 15:09:58.624: *%CAPWAP-3-ECHO_ERR: 1 wcm: Did not receive heartbeat reply; AP: 1c1d.86ee.7b40
Mar 12 15:10:03.427: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:05.373: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap13, changed state to down
Mar 12 15:10:08.539: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 7 times/sec!.]
Mar 12 15:10:11.657: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:10:11.657: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:10:11.660: %LINK-3-UPDOWN: Interface Capwap30, changed state to up
Mar 12 15:10:12.703: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap30, changed state to up
Mar 12 15:10:13.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap16, changed state to down
Mar 12 15:10:13.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap28, changed state to down
Mar 12 15:10:15.840: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:10:15.840: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:18.070: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap11, changed state to down
Mar 12 15:10:18.268: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap20, changed state to down
Mar 12 15:10:20.695: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 4 times/sec!.]
Mar 12 15:10:25.608: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap14, changed state to down
Mar 12 15:10:32.273: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times/sec!.]
Mar 12 15:10:35.526: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap24, changed state to down
Mar 12 15:10:47.032: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap29, changed state to down
Mar 12 15:10:50.913: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times/sec!.]
Mar 12 15:10:58.725: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:10:58.726: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:58.726: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:10:58.726: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:11:00.521: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap30, changed state to down
Mar 12 15:11:08.450: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:11:08.450: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:11:08.921: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Join Request) and state (CAPWAP Join Response) combination
Mar 12 15:11:09.318: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:11:09.319: %LINK-3-UPDOWN: Interface Capwap15, changed state to up
Mar 12 15:11:10.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap15, changed state to up
Mar 12 15:11:13.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap27, changed state to down
Mar 12 15:11:14.095: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:11:14.095: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:11:14.098: %LINK-3-UPDOWN: Interface Capwap23, changed state to up
Mar 12 15:11:15.098: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap23, changed state to up
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:11:56.713: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:11:56.713: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:12:06.178: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap23, changed state to down
Mar 12 15:12:06.899: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 5 times/sec!.]
Mar 12 15:12:10.411: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:12:10.411: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:12:10.413: %LINK-3-UPDOWN: Interface Capwap1, changed state to up
Mar 12 15:12:11.266: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:12:11.266: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:12:11.267: %LINK-3-UPDOWN: Interface Capwap3, changed state to up
Mar 12 15:12:11.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to up
Mar 12 15:12:12.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap3, changed state to up
Mar 12 15:12:16.889: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap4, changed state to down
Mar 12 15:12:30.365: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:12:30.365: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:12:30.366: %LINK-3-UPDOWN: Interface Capwap22, changed state to up
Mar 12 15:12:31.366: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap22, changed state to up
Mar 12 15:12:33.942: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:12:33.942: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:12:48.627: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to down
Mar 12 15:12:51.385: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 4 times/sec!.]
Mar 12 15:13:06.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap15, changed state to down
Mar 12 15:13:09.053: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:13:09.053: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
VIP_G_M_Core1(config-if)#
Mar 12 15:13:12.177: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:16.687: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times.!]
Mar 12 15:13:16.687: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:13:16.688: %LINK-3-UPDOWN: Interface Capwap31, changed state to up
Mar 12 15:13:17.689: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap31, changed state to up
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:20.998: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:13:20.998: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:13:21.001: %LINK-3-UPDOWN: Interface Capwap21, changed state to up
VIP_G_M_Core1(config-if)#
Mar 12 15:13:22.001: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap21, changed state to up
VIP_G_M_Core1(config-if)#
Mar 12 15:13:23.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap22, changed state to down
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:40.943: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:13:40.943: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:41.815: %DOT1X-5-FAIL: Authentication failed for client (c0f8.da9f.8227) on Interface Ca21 AuditSessionID 0a06906e53207995000001b8
Mar 12 15:13:41.815: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (c0f8.da9f.8227) on Interface Ca21 AuditSessionID 0a06906e53207995000001b8
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:44.342: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 3 times.!]
Mar 12 15:13:44.342: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:44.344: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
VIP_G_M_Core1(config-if)#
Mar 12 15:13:54.081: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times.!]
Mar 12 15:13:54.081: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:55.673: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap31, changed state to down
Mar 12 15:13:57.761: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
Mar 12 15:13:57.761: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cd:01:f0
Mar 12 15:13:57.763: %LINK-3-UPDOWN: Interface Capwap6, changed state to up
Mar 12 15:13:58.642: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cd:01:f0
Mar 12 15:13:58.642: *%CAPWAP-3-ECHO_ERR: 1 wcm: Did not receive heartbeat reply; AP: 1c1d.86ee.7b40
Mar 12 15:13:58.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap6, changed state to up
Mar 12 15:13:59.044: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap18, changed state to down
Mar 12 15:13:59.512: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Mar 12 15:14:07.361: *%LOG-3-Q_IND: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times.!]
Mar 12 15:14:07.361: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:6f:80
Mar 12 15:14:07.362: %LINK-3-UPDOWN: Interface Capwap2, changed state to up
Mar 12 15:14:08.111: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:6f:80
Mar 12 15:14:08.111: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:2d:60
Mar 12 15:14:08.115: %LINK-3-UPDOWN: Interface Capwap8, changed state to up
Mar 12 15:14:08.363: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap2, changed state to up
Mar 12 15:14:08.964: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap21, changed state to down
Mar 12 15:14:09.114: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap8, changed state to up
Mar 12 15:14:13.525: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap3, changed state to down
Mar 12 15:14:16.013: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.6.5.132:1812,1813 is not responding.
Mar 12 15:14:16.013: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.6.5.132:1812,1813 is being marked alive.
THIS IS WHERE I DELETED THE LAYER 3 INTERFACES ON THE WLC
Mar 12 15:14:24.129: %DOT1X-5-FAIL: Authentication failed for client (c0f8.da9f.8227) on Interface Ca6 AuditSessionID 0a06906e532079bf000001b9
Mar 12 15:14:24.129: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (c0f8.da9f.8227) on Interface Ca6 AuditSessionID 0a06906e532079bf000001b9
Mar 12 15:14:42.537: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:2d:60
Mar 12 15:14:42.537: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:80:10
Mar 12 15:14:42.539: %LINK-3-UPDOWN: Interface Capwap17, changed state to up
Mar 12 15:14:43.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap17, changed state to up
Mar 12 15:14:46.456: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:80:10
Mar 12 15:14:46.456: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:22:a0
Mar 12 15:14:46.458: %LINK-3-UPDOWN: Interface Capwap5, changed state to up
Mar 12 15:14:47.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap5, changed state to up
Mar 12 15:14:52.018: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:22:a0
Mar 12 15:14:52.018: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bc:d0
Mar 12 15:14:52.021: %LINK-3-UPDOWN: Interface Capwap0, changed state to up
Mar 12 15:14:53.021: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap0, changed state to up
Mar 12 15:14:58.080: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bc:d0
Mar 12 15:14:58.080: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 7c:95:f3:54:0d:d0
Mar 12 15:14:58.083: %LINK-3-UPDOWN: Interface Capwap9, changed state to up
Mar 12 15:14:59.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap9, changed state to up
Mar 12 15:14:59.727: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 7c:95:f3:54:0d:d0
Mar 12 15:14:59.727: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:14:59.730: %LINK-3-UPDOWN: Interface Capwap10, changed state to up
Mar 12 15:15:00.730: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap10, changed state to up
Mar 12 15:15:04.498: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host 40f0.2f58.a172 moving from Port Te1/0/1 to Port Ca17 as wireless entry
Mar 12 15:15:05.916: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:ca:60
Mar 12 15:15:05.916: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 24:b6:57:5b:7d:90
Mar 12 15:15:05.918: %LINK-3-UPDOWN: Interface Capwap7, changed state to up
Mar 12 15:15:06.918: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap7, changed state to up
Mar 12 15:15:11.247: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 24:b6:57:5b:7d:90
Mar 12 15:15:11.247: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:de:b0
Mar 12 15:15:11.248: %LINK-3-UPDOWN: Interface Capwap19, changed state to up
Mar 12 15:15:12.249: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap19, changed state to up
Mar 12 15:15:17.150: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:de:b0
Mar 12 15:15:17.151: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:15:17.152: %LINK-3-UPDOWN: Interface Capwap26, changed state to up
Mar 12 15:15:18.152: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap26, changed state to up
Mar 12 15:15:19.211: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP f0:29:29:92:c7:f0
Mar 12 15:15:19.211: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:dd:60
Mar 12 15:15:19.212: %LINK-3-UPDOWN: Interface Capwap25, changed state to up
Mar 12 15:15:20.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap25, changed state to up
Mar 12 15:15:28.681: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:dd:60
Mar 12 15:15:28.681: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:ff:d0
Mar 12 15:15:28.684: %LINK-3-UPDOWN: Interface Capwap12, changed state to up
Mar 12 15:15:29.684: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap12, changed state to up
Mar 12 15:15:30.285: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host 286a.bae3.de95 moving from Port Te1/0/1 to Port Ca7 as wireless entry
Mar 12 15:15:31.078: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host e0b9.ba1e.02b4 moving from Port Te1/0/1 to Port Ca7 as wireless entry
Mar 12 15:15:34.781: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:ff:d0
Mar 12 15:15:34.781: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:a7:10
Mar 12 15:15:34.782: %LINK-3-UPDOWN: Interface Capwap13, changed state to up
Mar 12 15:15:35.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap13, changed state to up
Mar 12 15:15:37.962: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:a7:10
Mar 12 15:15:37.962: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:15:37.964: %LINK-3-UPDOWN: Interface Capwap16, changed state to up
Mar 12 15:15:38.965: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap16, changed state to up
Mar 12 15:15:40.401: %SW_MATM-4-WIRELESS_MAC_MOVE_NOTIF: Host e0b9.ba1e.4c97 moving from Port Te1/0/1 to Port Ca7 as wireless entry
Mar 12 15:15:44.895: %AUTHMGR-4-UNAUTH_MOVE: (slow) MAC address (40f0.2f58.a172) from Ca0 to Ca17
Mar 12 15:15:50.124: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e6:10
Mar 12 15:15:50.124: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:9b:20
Mar 12 15:15:50.127: %LINK-3-UPDOWN: Interface Capwap28, changed state to up
Mar 12 15:15:51.126: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap28, changed state to up
Mar 12 15:15:54.510: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:9b:20
Mar 12 15:15:54.510: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:2f:00
Mar 12 15:15:54.512: %LINK-3-UPDOWN: Interface Capwap11, changed state to up
Mar 12 15:15:55.513: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap11, changed state to up
Mar 12 15:15:58.371: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:2f:00
Mar 12 15:15:58.371: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:c9:10
Mar 12 15:15:58.374: %LINK-3-UPDOWN: Interface Capwap20, changed state to up
Mar 12 15:15:59.263: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:c9:10
Mar 12 15:15:59.263: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:ce:70
Mar 12 15:15:59.266: %LINK-3-UPDOWN: Interface Capwap14, changed state to up
Mar 12 15:15:59.373: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap20, changed state to up
Mar 12 15:16:00.265: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap14, changed state to up
Mar 12 15:16:02.655: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:ce:70
Mar 12 15:16:02.655: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e7:10
Mar 12 15:16:02.658: %LINK-3-UPDOWN: Interface Capwap24, changed state to up
Mar 12 15:16:02.877: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:e7:10
Mar 12 15:16:02.877: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:7f:a0
Mar 12 15:16:02.878: %LINK-3-UPDOWN: Interface Capwap29, changed state to up
Mar 12 15:16:03.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap24, changed state to up
Mar 12 15:16:03.879: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap29, changed state to up
Mar 12 15:16:07.595: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:4d:7f:a0
Mar 12 15:16:07.595: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:16:07.598: %LINK-3-UPDOWN: Interface Capwap30, changed state to up
Mar 12 15:16:08.597: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap30, changed state to up
Mar 12 15:16:10.146: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1f:e0
Mar 12 15:16:10.147: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:d6:30
Mar 12 15:16:10.148: %LINK-3-UPDOWN: Interface Capwap27, changed state to up
Mar 12 15:16:10.821: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:cc:d6:30
Mar 12 15:16:10.821: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:16:10.824: %LINK-3-UPDOWN: Interface Capwap23, changed state to up
Mar 12 15:16:11.148: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap27, changed state to up
Mar 12 15:16:11.824: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap23, changed state to up
Mar 12 15:16:16.727: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 1c:1d:86:ee:7b:40
Mar 12 15:16:16.727: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:62:e0
Mar 12 15:16:16.730: %LINK-3-UPDOWN: Interface Capwap4, changed state to up
Mar 12 15:16:17.729: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap4, changed state to up
Mar 12 15:16:21.617: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:62:e0
Mar 12 15:16:21.617: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bf:50
Mar 12 15:16:21.618: %LINK-3-UPDOWN: Interface Capwap1, changed state to up
Mar 12 15:16:22.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to up
Mar 12 15:16:23.266: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP dc:a5:f4:61:bf:50
Mar 12 15:16:23.266: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:16:23.268: %LINK-3-UPDOWN: Interface Capwap15, changed state to up
Mar 12 15:16:24.268: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap15, changed state to up
Mar 12 15:16:26.127: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:c0:a0
Mar 12 15:16:26.127: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:16:26.128: %LINK-3-UPDOWN: Interface Capwap22, changed state to up
Mar 12 15:16:27.128: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap22, changed state to up
Mar 12 15:16:27.919: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:67:1d:c0
Mar 12 15:16:27.920: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:a7:e0
Mar 12 15:16:27.921: %LINK-3-UPDOWN: Interface Capwap31, changed state to up
Mar 12 15:16:28.922: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap31, changed state to up
Mar 12 15:16:30.051: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b8:a7:e0
Mar 12 15:16:30.051: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:29:00
Mar 12 15:16:30.053: %LINK-3-UPDOWN: Interface Capwap18, changed state to up
Mar 12 15:16:31.054: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap18, changed state to up
Mar 12 15:16:32.695: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP 34:db:fd:a4:29:00
Mar 12 15:16:32.695: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:67:40
Mar 12 15:16:32.697: %LINK-3-UPDOWN: Interface Capwap21, changed state to up
Mar 12 15:16:33.697: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap21, changed state to up
Mar 12 15:16:34.336: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:a1:67:40
Mar 12 15:16:34.336: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP d0:c7:89:b4:d0:20
Mar 12 15:16:34.339: %LINK-3-UPDOWN: Interface Capwap3, changed state to up
Mar 12 15:16:35.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap3, changed state to up -
Accounting-Start and Accounting-Stop recorded on diffrent RADIUS server.
1.If a NAS configured to have a primary and a backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the primary server goes down (Primary server won’t tell the NAS?). When sessions stop, the NAS sends the “Accounting-Stop” to the secondary. I understand the “Start-Stop” record with the same “user name” and “session-id” ideally should be recorded in the same server. If this situation happens what should both the NAS and RADIUS server do?
2.A NAS configured to have a primary and backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the administrator decided to change the primary server (as there are problems with the previous primary). sessions stop, the NAS sends the “Accounting-Stop” to the new primary. This ends up the “Accounting-Start” and “Accounting-Stop” with the same “user name” and “session Id” in two RADIUS servers.
To summarize, how to avoid the ”start-stop” pair ends up in different servers ? If it does, is it an issue for RADIUS application ?
Cheers,It is my understanding that the 'NAS_PORT' value in authentication and accounting request are unique and a different value for each authentication request allows it to identify those users that are logged in. However, sending one Acct-Unique-Session-Id at the Start and a different one at stop does sound fishy. However, I could not find any bugs related to this problem. Do let me know if you manage to locate something.
-
Uninstalling Secondary Site Server through SW Delivery fails
We have migrated to SCCM2012
and now need to uninstall our
SCCM 2007 Secondary Siteserver.
Since we have 300 Secondary Site Server
in the Hirarchy, the uninstall
of the software must be distributed.
We have to create a task sequence,
in which the following steps are
performed:
Put the server in the SCOM
Maintenance Mode
Stop SCCM services SMS_SITE_COMPONENT_MANAGER
and SMS_EXECUTIVE
Uninstalling the Secondary Siteserver with the
Command "{install path} \setup.exe /deinstall"
Cleanup of folders and files that are left
Restarting the Server
Take server out of the SCOM
Maintenance Mode
The uninstallation works well on all Windows Server 2008 R2 Server. But not on the Windows Server 2003. There we get errors "Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS"
and "MP name must be set in an environment variable" and "Fatal error is returned in execution of the action (Uninstall Secondary Site). The system cannot find the file specified. (Error: 80070002; Source: Windows)".
After this errors, the Task Sequence Deployment aborts.
Has anybody a solution for this situation?
Here is the SMSTS.Log
!--------------------------------------------------------------------------------------------! TSManager 26.02.2014 05:16:02 4392 (0x1128)
Successfully completed the action (Set TS Variable SSS_Uninstall to True) with the exit win32 code 0 TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set authenticator in transport TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set a global environment variable _SMSTSLastActionSucceeded=true TSManager 26.02.2014 05:16:02 4392 (0x1128)
Clear local default environment TSManager 26.02.2014 05:16:02 4392 (0x1128)
Updated security on object K:\_SMSTaskSequence. TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set a global environment variable _SMSTSNextInstructionPointer=25 TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set a TS execution environment variable _SMSTSNextInstructionPointer=25 TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set a global environment variable _SMSTSInstructionStackString=0 18 19 22 TSManager 26.02.2014 05:16:02 4392 (0x1128)
Set a TS execution environment variable _SMSTSInstructionStackString=0 18 19 22 TSManager 26.02.2014 05:16:02 4392 (0x1128)
Save the current environment block TSManager 26.02.2014 05:16:02 4392 (0x1128)
Start executing an instruction. Instruction name: Uninstall Secondary Site. Instruction pointer: 25 TSManager 26.02.2014 05:16:03 4392 (0x1128)
Set a global environment variable _SMSTSCurrentActionName=Uninstall Secondary Site TSManager 26.02.2014 05:16:03 4392 (0x1128)
Set a global environment variable _SMSTSNextInstructionPointer=25 TSManager 26.02.2014 05:16:03 4392 (0x1128)
Set a local default variable SMSTSDisableWow64Redirection TSManager 26.02.2014 05:16:03 4392 (0x1128)
Set a local default variable _SMSTSRunCommandLineAsUser TSManager 26.02.2014 05:16:03 4392 (0x1128)
Set a global environment variable _SMSTSLogPath=C:\WINDOWS\CCM\Logs\SMSTSLog TSManager 26.02.2014 05:16:03 4392 (0x1128)
Evaluating an AND expression TSManager 26.02.2014 05:16:03 4392 (0x1128)
Evaluating a file condition expression TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: E:\Program Files\Microsoft Configuration Manager\bin\i386\smsexec.exe TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: TSManager 26.02.2014 05:16:03 4392 (0x1128)
The condition for the action (Uninstall Secondary Site) is evaluated to be true TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: smsswd.exe /run: "E:\Program Files\Microsoft Configuration Manager\bin\i386\setup.exe" /deinstall TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: TSManager 26.02.2014 05:16:03 4392 (0x1128)
Start executing the command line: smsswd.exe /run: "E:\Program Files\Microsoft Configuration Manager\bin\i386\setup.exe" /deinstall TSManager 26.02.2014 05:16:03 4392 (0x1128)
!--------------------------------------------------------------------------------------------! TSManager 26.02.2014 05:16:03 4392 (0x1128)
Expand a string: WinPEandFullOS TSManager 26.02.2014 05:16:03 4392 (0x1128)
Executing command line: smsswd.exe /run: "E:\Program Files\Microsoft Configuration Manager\bin\i386\setup.exe" /deinstall TSManager 26.02.2014 05:16:03 4392 (0x1128)
[ smsswd.exe ] InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
PackageID = '' InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
BaseVar = '', ContinueOnError='' InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
ProgramName = '"E:\Program Files\Microsoft Configuration Manager\bin\i386\setup.exe" /deinstall' InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
SwdAction = '0001' InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
Working dir 'not set' InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
Executing command line: Run command line InstallSoftware 26.02.2014 05:16:03 11464 (0x2CC8)
Process completed with exit code 0 InstallSoftware 26.02.2014 05:31:19 11464 (0x2CC8)
Command line returned 0 InstallSoftware 26.02.2014 05:31:19 11464 (0x2CC8)
Process completed with exit code 0 TSManager 26.02.2014 05:31:19 4392 (0x1128)
!--------------------------------------------------------------------------------------------! TSManager 26.02.2014 05:31:19 4392 (0x1128)
Successfully completed the action (Uninstall Secondary Site) with the exit win32 code 0 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
MP name must be set in an environment variable TSManager 26.02.2014 05:31:19 4392 (0x1128)
Non fatal error 0x80004005 in sending task sequence execution status message to MP TSManager 26.02.2014 05:31:19 4392 (0x1128)
Set a global environment variable _SMSTSLastActionRetCode=0 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Failed to set a global environment variable _SMSTSLastActionRetCode=0.
The system cannot find the file specified. (Error: 80070002; Source: Windows) TSManager 26.02.2014 05:31:19 4392 (0x1128)
Clear local default environment TSManager 26.02.2014 05:31:19 4392 (0x1128)
TS::Execution::CCommandLineInstruction::Execute() failed with the error code 80070002 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Fatal error is returned in execution of the action (Uninstall Secondary Site).
The system cannot find the file specified. (Error: 80070002; Source: Windows) TSManager 26.02.2014 05:31:19 4392 (0x1128)
An error (0x80070002) is encountered in execution of the task sequence TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
MP name must be set in an environment variable TSManager 26.02.2014 05:31:19 4392 (0x1128)
Non fatal error 0x80004005 in sending task sequence execution status message to MP TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Task Sequence Engine failed! Code: 80070002 TSManager 26.02.2014 05:31:19 4392 (0x1128)
**************************************************************************** TSManager 26.02.2014 05:31:19 4392 (0x1128)
Task sequence execution failed with error code 80070002 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Cleaning Up. TSManager 26.02.2014 05:31:19 4392 (0x1128)
Removing Authenticator TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Successfully unregistered Task Sequencing Environment COM Interface. TSManager 26.02.2014 05:31:19 4392 (0x1128)
Executing command line: "C:\WINDOWS\CCM\TsProgressUI.exe" /Unregister TSManager 26.02.2014 05:31:19 4392 (0x1128)
==========[ TsProgressUI started in process 12220 ]========== TsProgressUI 26.02.2014 05:31:19 7740 (0x1E3C)
Unregistering COM classes TsProgressUI 26.02.2014 05:31:19 7740 (0x1E3C)
Shutdown complete. TsProgressUI 26.02.2014 05:31:19 7740 (0x1E3C)
Process completed with exit code 0 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Successfully unregistered TS Progress UI. TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:19 4392 (0x1128)
Getting active request access handle TSManager 26.02.2014 05:31:19 4392 (0x1128)
Error opening HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Task Sequence. code 80070002 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Error - could not get package and program IDs. code 80070002 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Failed to open the task sequence key HKLM\Software\Microsoft\SMS\Task Sequence. Error code 0x80070002 TSManager 26.02.2014 05:31:19 4392 (0x1128)
Start to cleanup TS policy TSManager 26.02.2014 05:31:19 4392 (0x1128)
End TS policy cleanup TSManager 26.02.2014 05:31:20 4392 (0x1128)
RegOpenKeyExW failed for Software\Microsoft\SMS\Task Sequence TSManager 26.02.2014 05:31:20 4392 (0x1128)
GetTsRegValue() failed. 0x80070002. TSManager 26.02.2014 05:31:20 4392 (0x1128)
End program: TSManager 26.02.2014 05:31:20 4392 (0x1128)
Error executing Task Sequence Manager service. Code 0x80070002 TSManager 26.02.2014 05:31:20 4392 (0x1128)
Sending error status message TSManager 26.02.2014 05:31:20 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:20 4392 (0x1128)
Failed to open key Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00\SMSTS TSManager 26.02.2014
05:31:20 4392 (0x1128)
MP name must be set in an environment variable TSManager 26.02.2014 05:31:20 4392 (0x1128)
Non fatal error 0x80004005 in sending task sequence execution status message to MP TSManager 26.02.2014 05:31:20 4392 (0x1128)
Successfully finalized logs to SMS client log directory from C:\WINDOWS\CCM\Logs TSManager 26.02.2014 05:31:20 4392 (0x1128)
Kind regards Stefan SomogyiHi,
When removing a secondary site using the Delete Secondary Site Wizard, you must choose whether to delete or uninstall the secondary
site:
Deleting the site will delete all information about the site and its resources from the Configuration Manager site database at its
parent site, but it will leave the Configuration Manager secondary site installed on the secondary site computer. Select this option if you have already manually uninstalled the secondary site using Configuration Manager Setup at the secondary site computer.
When Configuration Manager 2007 sites are deleted, the deleted site information is only deleted from the deleted site's direct parent site. Site deletion
information is not propagated up the hierarchy to grandparent sites. In order to delete the site from the site database at sites above the deleted site's direct parent site, the hierarchy maintenance tool (Preinst.exe) must be run on every primary site above
the deleted site's parent primary site using the command Preinst /delsite. For more information about the hierarchy maintenance tool, see
Hierarchy Maintenance Tool (Preinst.exe).
Refer to:
How to Remove a Secondary Site Using the Configuration Manager Console
Thanks, Prabha G -
Service Manager 2012R2 - Hotfix for Service Manager 2012 SP1 secondary Management server
Can the hotfix for the issue described here -
http://blogs.technet.com/b/servicemanager/archive/2013/04/22/service-manager-2012-sp1-secondary-management-server-cannot-set-availability-on-a-health-service-that-doesn-t-exist.aspx
, be applied to a 2012R2 Service Manager environment?
My dilemma; In a Service Manager 2012 SP1 environment, I installed a secondary mgmt server, promoted it, then upgraded to R2. This R2 Primary mgmt server has the error described in the TechNet blog.
The reason this was done, the original primary mgmt server (2012 SP1) resided on the same server as the Portal. This original primary is still at 2012 SP1 with the System Center services disabled.
Again, can the hotfix for Service Manager 2012 SP1 secondary mgmt servers be applied to a Primary mgmt server (or environment, however the hotfix is run) server Service Manager 2012 R2?
Thank you,
Brian VanDam
BVAN in SoColHi,
Hmm, you should probably log a case for this, but my first thought here would be to install a new SCSM 2012 R2 server and promote that one to the new Primary server, then remove the old ones.
Regards
//Anders
Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se -
Cisco 871w, radius server local, and leap or eap-fast will not authenticate
Hello, i trying to setup eap-fast or leap on my 871w. i belive i have it confiured correctly but i can not get any device to authenticate to router. Below is the confiureation that i being used. any help would be welcome!
! Last configuration change at 15:51:30 AZT Wed Jan 4 2012 by testtest
! NVRAM config last updated at 15:59:37 AZT Wed Jan 4 2012 by testtest
version 12.4
configuration mode exclusive auto
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
hostname router871
boot-start-marker
boot-end-marker
logging count
logging message-counter syslog
logging buffered 4096
logging rate-limit 512 except critical
logging console critical
enable secret 5 <omitted>
aaa new-model
aaa group server radius rad-test3
server 192.168.16.49 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login eap-methods group rad-test3
aaa authorization exec default local
aaa session-id common
clock timezone AZT -7
clock save interval 8
dot11 syslog
dot11 ssid test2
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 <omitted>
dot11 ssid test1
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 <omitted>
dot11 ssid test3
vlan 3
authentication open eap eap-methods
authentication network-eap eap-methods
no ip source-route
no ip gratuitous-arps
ip options drop
ip dhcp bootp ignore
ip dhcp excluded-address 192.162.16.49 192.162.16.51
ip dhcp excluded-address 192.168.16.33
ip dhcp excluded-address 192.168.16.1 192.168.16.4
ip dhcp pool vlan1pool
import all
network 192.168.16.0 255.255.255.224
default-router 192.168.16.1
domain-name test1.local.home
lease 4
ip dhcp pool vlan2pool
import all
network 192.168.16.32 255.255.255.240
default-router 192.168.16.33
domain-name test2.local.home
lease 0 6
ip dhcp pool vlan3pool
import all
network 192.168.16.48 255.255.255.240
default-router 192.168.16.49
domain-name test3.local.home
lease 2
ip cef
ip inspect alert-off
ip inspect max-incomplete low 25
ip inspect max-incomplete high 50
ip inspect one-minute low 25
ip inspect one-minute high 50
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 30
ip inspect tcp synwait-time 60
ip inspect tcp block-non-session
ip inspect tcp max-incomplete host 25 block-time 2
ip inspect name firewall tcp router-traffic
ip inspect name firewall ntp
ip inspect name firewall ftp
ip inspect name firewall udp router-traffic
ip inspect name firewall pop3
ip inspect name firewall pop3s
ip inspect name firewall imap
ip inspect name firewall imap3
ip inspect name firewall imaps
ip inspect name firewall smtp
ip inspect name firewall ssh
ip inspect name firewall icmp router-traffic timeout 10
ip inspect name firewall dns
ip inspect name firewall h323
ip inspect name firewall hsrp
ip inspect name firewall telnet
ip inspect name firewall tftp
no ip bootp server
no ip domain lookup
ip domain name local.home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip accounting-threshold 100
ip accounting-list 192.168.16.0 0.0.0.31
ip accounting-list 192.168.16.32 0.0.0.15
ip accounting-list 192.168.16.48 0.0.0.15
ip accounting-transits 25
login block-for 120 attempts 5 within 60
login delay 5
login on-failure log
memory free low-watermark processor 65536
memory free low-watermark IO 16384
username testtest password 7 <omitted>
archive
log config
logging enable
logging size 255
notify syslog contenttype plaintext
hidekeys
path tftp://<omitted>/archive-config
write-memory
ip tcp synwait-time 10
ip ssh time-out 20
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
bridge irb
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
shutdown
interface FastEthernet1
switchport mode trunk
shutdown
interface FastEthernet2
shutdown
spanning-tree portfast
interface FastEthernet3
spanning-tree portfast
interface FastEthernet4
description Cox Internet Connection
ip address dhcp
ip access-group ingress-filter in
ip access-group egress-filter out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip flow egress
ip inspect firewall out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
load-interval 30
duplex auto
speed auto
no cdp enable
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 2 mode ciphers aes-ccm
encryption key 1 size 128bit 7 <omitted> transmit-key
encryption mode wep mandatory
broadcast-key vlan 1 change <omitted> membership-termination
broadcast-key vlan 3 change <omitted> membership-termination
broadcast-key vlan 2 change <omitted> membership-termination
ssid test2
ssid test1
ssid test3
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
rts threshold 2312
no cdp enable
interface Dot11Radio0.1
description <omitted>
encapsulation dot1Q 1 native
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description <omitted>
encapsulation dot1Q 2
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
interface Dot11Radio0.3
description <omitted>
encapsulation dot1Q 3
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface Vlan1
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan2
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 2
bridge-group 2 spanning-disabled
interface Vlan3
description <omitted>
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
bridge-group 3
bridge-group 3 spanning-disabled
interface BVI1
description <omitted>
ip address 192.168.16.1 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
interface BVI2
description <omitted>
ip address 192.168.16.33 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
interface BVI3
description <omitted>
ip address 192.168.16.49 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http secure-ciphersuite 3des-ede-cbc-sha rc4-128-sha
ip http timeout-policy idle 5 life 43200 requests 5
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.16.50 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.16.50 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.16.50 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.50 3074 interface FastEthernet4 3074
ip nat inside source static udp 192.168.16.50 88 interface FastEthernet4 88
ip nat inside source static udp 192.168.16.50 53 interface FastEthernet4 53
ip access-list extended egress-filter
deny ip any host <omitted>
deny ip any host <omitted>
deny ip host <omitted> any
deny ip host <omitted> any
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.10.9.255 any
deny ip 10.0.0.0 0.10.13.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.15.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
permit ip <omitted> 0.0.0.3 any
deny ip any any log
ip access-list extended ingress-filter
remark ----- To get IP form COX -----
permit udp any eq bootps any eq bootpc
deny icmp any any log
deny udp any any eq echo
deny udp any eq echo any
deny tcp any any fragments
deny udp any any fragments
deny ip any any fragments
deny ip any any option any-options
deny ip any any ttl lt 4
deny ip any host <omitted>
deny ip any host <omitted>
deny udp any any range 33400 34400
remark ----- Bogons Filter -----
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 198.51.100.0 0.0.0.255 any
deny ip 203.0.113.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
remark ----- Internal networks -----
deny ip 10.10.10.0 0.0.0.255 any
deny ip 10.10.11.0 0.0.0.255 any
deny ip 10.10.12.0 0.0.0.255 any
deny ip any any log
access-list 1 permit 192.168.16.0 0.0.0.63
access-list 20 permit 127.127.1.1
access-list 20 permit 204.235.61.9
access-list 20 permit 173.201.38.85
access-list 20 permit 216.229.4.69
access-list 20 permit 152.2.21.1
access-list 20 permit 130.126.24.24
access-list 21 permit 192.168.16.0 0.0.0.63
radius-server local
no authentication mac
eapfast authority id <omitted>
eapfast authority info <omitted>
eapfast server-key primary 7 <omitted>
nas 192.168.16.49 key 7 <omitted>
group rad-test3
vlan 3
ssid test3
user test nthash 7 <omitted> group rad-test3
user testtest nthash 7 <omitted> group rad-test3
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.16.49 auth-port 1812 acct-port 1813 key 7 <omitted>
radius-server vsa send accounting
control-plane host
control-plane transit
control-plane cef-exception
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip
line con 0
password 7 <omitted>
logging synchronous
no modem enable
transport output telnet
line aux 0
password 7 <omitted>
logging synchronous
transport output telnet
line vty 0 4
password 7 <omitted>
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
process cpu threshold type total rising 80 interval 10 falling 40 interval 10
ntp authentication-key 1 md5 <omitted> 7
ntp authenticate
ntp trusted-key 1
ntp source FastEthernet4
ntp access-group peer 20
ntp access-group serve-only 21
ntp master 1
ntp server 152.2.21.1 maxpoll 4
ntp server 204.235.61.9 maxpoll 4
ntp server 130.126.24.24 maxpoll 4
ntp server 216.229.4.69 maxpoll 4
ntp server 173.201.38.85 maxpoll 4
endso this what i am getting now for debug? any thoughs?
010724: Jan 5 16:26:04.527 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/2
010725: Jan 5 16:26:08.976 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/2
010726: Jan 5 16:26:08.976 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
010727: Jan 5 16:26:08.976 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
010728: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
010729: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
010730: Jan 5 16:26:08.976 AZT: Client d8b3.7759.0488 failed: EAP reason 1
010731: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
010732: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
010733: Jan 5 16:26:08.976 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
010734: Jan 5 16:26:08.976 AZT: EAPOL pak dump tx
010735: Jan 5 16:26:08.976 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0004
010736: Jan 5 16:26:08.976 AZT: EAP code: 0x4 id: 0x1 length: 0x0004
0AD05650: 01000004 04010004 ........
0AD05660:
010737: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: sending data to requestor status 1
010738: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010739: Jan 5 16:26:08.980 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
010740: Jan 5 16:26:08.980 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
010741: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: sending data to requestor status 0
010742: Jan 5 16:26:08.980 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
010743: Jan 5 16:26:08.980 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010744: Jan 5 16:26:08.984 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
010745: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010746: Jan 5 16:26:09.624 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010747: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: req->auth_type 0
010748: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010749: Jan 5 16:26:09.624 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010750: Jan 5 16:26:09.624 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010751: Jan 5 16:26:09.624 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010752: Jan 5 16:26:09.624 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010753: Jan 5 16:26:09.624 AZT: EAPOL pak dump tx
010754: Jan 5 16:26:09.624 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010755: Jan 5 16:26:09.624 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0AD05B50: 01000031 01010031 ...1...1
0AD05B60: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0AD05B80: 72383731 2C706F72 7469643D 30 r871,portid=0
010756: Jan 5 16:26:09.644 AZT: dot11_auth_send_msg: sending data to requestor status 1
010757: Jan 5 16:26:09.648 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010758: Jan 5 16:26:09.648 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010759: Jan 5 16:26:09.656 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010760: Jan 5 16:26:09.656 AZT: EAPOL pak dump rx
010761: Jan 5 16:26:09.656 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0009
010762: Jan 5 16:26:09.656 AZT: EAP code: 0x2 id: 0x1 length: 0x0009 type: 0x1
0B060D50: 01000009 02010009 ........
0B060D60: 01746573 74 .test
010763: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
010764: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
010765: Jan 5 16:26:09.660 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
010766: Jan 5 16:26:09.664 AZT: RADIUS/ENCODE(00000198):Orig. component type = DOT11
010767: Jan 5 16:26:09.664 AZT: RADIUS: AAA Unsupported Attr: ssid [282] 8
010768: Jan 5 16:26:09.664 AZT: RADIUS: 74 6F 79 73 6F 6E [toyson]
010769: Jan 5 16:26:09.664 AZT: RADIUS: AAA Unsupported Attr: interface [175] 3
010770: Jan 5 16:26:09.664 AZT: RADIUS: 36 [6]
010771: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
010772: Jan 5 16:26:09.664 AZT: RADIUS/ENCODE(00000198): acct_session_id: 408
010773: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Config NAS IP: 192.168.16.49
010774: Jan 5 16:26:09.664 AZT: RADIUS(00000198): sending
010775: Jan 5 16:26:09.664 AZT: RADIUS(00000198): Send Access-Request to 162.168.16.49:1645 id 1645/3, len 133
010776: Jan 5 16:26:09.664 AZT: RADIUS: authenticator BF 69 DD DF 89 1F C6 FB - EF EC 12 EB C5 3F 3A CD
010777: Jan 5 16:26:09.664 AZT: RADIUS: User-Name [1] 6 "test"
010778: Jan 5 16:26:09.664 AZT: RADIUS: Framed-MTU [12] 6 1400
010779: Jan 5 16:26:09.664 AZT: RADIUS: Called-Station-Id [30] 16 "0019.3075.e660"
010780: Jan 5 16:26:09.664 AZT: RADIUS: Calling-Station-Id [31] 16 "d8b3.7759.0488"
010781: Jan 5 16:26:09.668 AZT: RADIUS: Service-Type [6] 6 Login [1]
010782: Jan 5 16:26:09.668 AZT: RADIUS: Message-Authenticato[80] 18
010783: Jan 5 16:26:09.668 AZT: RADIUS: 5B FA 47 07 0E E3 4B 71 7F 60 6E 4E 91 37 84 A6 [[?G???Kq?`nN?7??]
010784: Jan 5 16:26:09.668 AZT: RADIUS: EAP-Message [79] 11
010785: Jan 5 16:26:09.668 AZT: RADIUS: 02 01 00 09 01 74 65 73 74 [?????test]
010786: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
010787: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port [5] 6 661
010788: Jan 5 16:26:09.668 AZT: RADIUS: NAS-Port-Id [87] 5 "661"
010789: Jan 5 16:26:09.668 AZT: RADIUS: NAS-IP-Address [4] 6 192.168.16.49
010790: Jan 5 16:26:09.668 AZT: RADIUS: Nas-Identifier [32] 11 "router871"
010791: Jan 5 16:26:14.501 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010792: Jan 5 16:26:19.018 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010793: Jan 5 16:26:23.739 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/3
router871#
010794: Jan 5 16:26:28.700 AZT: RADIUS: Fail-over to (162.168.16.49:1812,1813) for id 1645/3
router871#
010795: Jan 5 16:26:33.629 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010796: Jan 5 16:26:38.494 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010797: Jan 5 16:26:39.794 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010798: Jan 5 16:26:39.794 AZT: EAPOL pak dump rx
010799: Jan 5 16:26:39.794 AZT: EAPOL Version: 0x1 type: 0x1 length: 0x0000
0AD053D0: 01010000 ....
010800: Jan 5 16:26:39.798 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,EAP_START) for d8b3.7759.0488
010801: Jan 5 16:26:39.798 AZT: dot11_auth_dot1x_ignore_event: Ignore event: do nothing
router871#
010802: Jan 5 16:26:43.007 AZT: RADIUS: Retransmit to (162.168.16.49:1812,1813) for id 1645/3
router871#
010803: Jan 5 16:26:47.336 AZT: RADIUS: No response from (162.168.16.49:1812,1813) for id 1645/3
010804: Jan 5 16:26:47.336 AZT: RADIUS/DECODE: No response from radius-server; parse response; FAIL
010805: Jan 5 16:26:47.336 AZT: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
010806: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAIL
010807: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
010808: Jan 5 16:26:47.336 AZT: Client d8b3.7759.0488 failed: EAP reason 1
010809: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_parse_aaa_resp: Failed client d8b3.7759.0488 with aaa_req_status_detail 1
010810: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for d8b3.7759.0488
010811: Jan 5 16:26:47.336 AZT: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client d8b3.7759.0488
010812: Jan 5 16:26:47.336 AZT: EAPOL pak dump tx
010813: Jan 5 16:26:47.336 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0004
010814: Jan 5 16:26:47.336 AZT: EAP code: 0x4 id: 0x1 length: 0x0004
0B060710: 01000004 04010004 ........
0B060720:
010815: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: sending data to requestor status 1
010816: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010817: Jan 5 16:26:47.340 AZT: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
010818: Jan 5 16:26:47.340 AZT: dot11_auth_dot1x_send_client_fail: Authentication failed for d8b3.7759.0488
010819: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: sending data to requestor status 0
010820: Jan 5 16:26:47.340 AZT: dot11_auth_send_msg: client FAILED to authenticate d8b3.7759.0488, node_type 64 for application 0x1
router871#
010821: Jan 5 16:26:47.340 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010822: Jan 5 16:26:47.344 AZT: %DOT11-7-AUTH_FAILED: Station d8b3.7759.0488 Authentication failed
010823: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010824: Jan 5 16:26:47.972 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010825: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: req->auth_type 0
010826: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010827: Jan 5 16:26:47.972 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010828: Jan 5 16:26:47.976 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010829: Jan 5 16:26:47.976 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010830: Jan 5 16:26:47.976 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010831: Jan 5 16:26:47.976 AZT: EAPOL pak dump tx
010832: Jan 5 16:26:47.976 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010833: Jan 5 16:26:47.976 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0AD05B50: 01000031 01010031 ...1...1
0AD05B60: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0AD05B70: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0AD05B80: 72383731 2C706F72 7469643D 30 r871,portid=0
010834: Jan 5 16:26:47.996 AZT: dot11_auth_send_msg: sending data to requestor status 1
010835: Jan 5 16:26:47.996 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010836: Jan 5 16:26:47.996 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010837: Jan 5 16:26:47.996 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
010838: Jan 5 16:26:47.996 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
router871#
010839: Jan 5 16:26:47.996 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
router871#
010840: Jan 5 16:26:58.634 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010841: Jan 5 16:26:58.634 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010842: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: req->auth_type 0
010843: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010844: Jan 5 16:26:58.638 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010845: Jan 5 16:26:58.638 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010846: Jan 5 16:26:58.638 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010847: Jan 5 16:26:58.638 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010848: Jan 5 16:26:58.638 AZT: EAPOL pak dump tx
010849: Jan 5 16:26:58.638 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010850: Jan 5 16:26:58.638 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0B060710: 01000031 01010031 ...1...1
0B060720: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0B060730: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0B060740: 72383731 2C706F72 7469643D 30 r871,portid=0
010851: Jan 5 16:26:58.658 AZT: dot11_auth_send_msg: sending data to requestor status 1
010852: Jan 5 16:26:58.658 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010853: Jan 5 16:26:58.658 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010854: Jan 5 16:27:01.603 AZT: dot11_auth_client_abort: Received abort request for client d8b3.7759.0488
010855: Jan 5 16:27:01.603 AZT: dot11_auth_client_abort: Aborting client d8b3.7759.0488 for application 0x1
010856: Jan 5 16:27:01.603 AZT: dot11_auth_delete_client_entry: d8b3.7759.0488 is deleted for application 0x1
010857: Jan 5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list ingress-filter denied tcp 32.42.41.254(57443) -> 72.201.117.84(59652), 1 packet
010858: Jan 5 16:27:02.179 AZT: %SEC-6-IPACCESSLOGP: list egress-filter denied tcp 22.3.184.118(0) -> 74.125.53.188(0), 4 packets
010859: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: Create new client d8b3.7759.0488 for application 0x1
010860: Jan 5 16:27:12.261 AZT: dot11_auth_initialize_client: d8b3.7759.0488 is added to the client list for application 0x1
010861: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: req->auth_type 0
010862: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: auth_methods_inprocess: 2
010863: Jan 5 16:27:12.261 AZT: dot11_auth_add_client_entry: eap list name: eap-methods
010864: Jan 5 16:27:12.261 AZT: dot11_run_auth_methods: Start auth method EAP or LEAP
010865: Jan 5 16:27:12.261 AZT: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
010866: Jan 5 16:27:12.261 AZT: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to d8b3.7759.0488
010867: Jan 5 16:27:12.261 AZT: EAPOL pak dump tx
010868: Jan 5 16:27:12.261 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0031
010869: Jan 5 16:27:12.261 AZT: EAP code: 0x1 id: 0x1 length: 0x0031 type: 0x1
0B060FD0: 01000031 01010031 ...1...1
0B060FE0: 01006E65 74776F72 6B69643D 746F7973 ..networkid=toys
0B060FF0: 6F6E7067 2C6E6173 69643D72 6F757465 onpg,nasid=route
0B061000: 72383731 2C706F72 7469643D 30 r871,portid=0
010870: Jan 5 16:27:12.285 AZT: dot11_auth_send_msg: sending data to requestor status 1
010871: Jan 5 16:27:12.285 AZT: dot11_auth_send_msg: Sending EAPOL to requestor
010872: Jan 5 16:27:12.285 AZT: dot11_auth_dot1x_send_id_req_to_client: Client d8b3.7759.0488 timer started for 30 seconds
010873: Jan 5 16:27:12.293 AZT: dot11_auth_parse_client_pak: Received EAPOL packet from d8b3.7759.0488
010874: Jan 5 16:27:12.293 AZT: EAPOL pak dump rx
010875: Jan 5 16:27:12.293 AZT: EAPOL Version: 0x1 type: 0x0 length: 0x0009
010876: Jan 5 16:27:12.293 AZT: EAP code: 0x2 id: 0x1 length: 0x0009 type: 0x1
0AD05290: 01000009 02010009 ........
0AD052A0: 01746573 74 .test
010877: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for d8b3.7759.0488
010878: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Sending client d8b3.7759.0488 data to server
010879: Jan 5 16:27:12.301 AZT: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
010880: Jan 5 16:27:12.301 AZT: RADIUS/ENCODE(0000019B):Orig. component type = DOT11
010881: Jan 5 16:27:12.305 AZT: RADIUS: AAA Unsupported Attr: ssid [282] 8
010882: Jan 5 16:27:12.305 AZT: RADIUS: 74 6F 79 73 6F 6E [toyson]
010883: Jan 5 16:27:12.305 AZT: RADIUS: AAA Unsupported Attr: interface [175] 3
010884: Jan 5 16:27:12.305 AZT: RADIUS: 36 [6]
010885: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
010886: Jan 5 16:27:12.305 AZT: RADIUS/ENCODE(0000019B): acct_session_id: 411
010887: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Config NAS IP: 192.168.16.49
010888: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): sending
010889: Jan 5 16:27:12.305 AZT: RADIUS(0000019B): Send Access-Request to 162.168.16.49:1645 id 1645/4, len 133
010890: Jan 5 16:27:12.305 AZT: RADIUS: authenticator 6F 6C 63 31 88 DE 30 A2 - C2 06 12 EB 50 A3 53 36
010891: Jan 5 16:27:12.305 AZT: RADIUS: User-Name [1] 6 "test"
010892: Jan 5 16:27:12.305 AZT: RADIUS: Framed-MTU [12] 6 1400
010893: Jan 5 16:27:12.305 AZT: RADIUS: Called-Station-Id [30] 16 "0019.3075.e660"
010894: Jan 5 16:27:12.305 AZT: RADIUS: Calling-Station-Id [31] 16 "d8b3.7759.0488"
010895: Jan 5 16:27:12.305 AZT: RADIUS: Service-Type [6] 6 Login [1]
010896: Jan 5 16:27:12.305 AZT: RADIUS: Message-Authenticato[80] 18
010897: Jan 5 16:27:12.305 AZT: RADIUS: 9D D5 62 1A 38 13 94 30 3A 43 D7 A4 AE A4 43 64 [??b?8??0:C????Cd]
010898: Jan 5 16:27:12.305 AZT: RADIUS: EAP-Message [79] 11
010899: Jan 5 16:27:12.305 AZT: RADIUS: 02 01 00 09 01 74 65 73 74 [?????test]
010900: Jan 5 16:27:12.305 AZT: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
010901: Jan 5 16:27:12.305 AZT: RADIUS: NAS-Port [5] 6 664
010902: Jan 5 16:27:12.309 AZT: RADIUS: NAS-Port-Id [87] 5 "664"
010903: Jan 5 16:27:12.309 AZT: RADIUS: NAS-IP-Address [4] 6 192.168.16.49
010904: Jan 5 16:27:12.309 AZT: RADIUS: Nas-Identifier [32] 11 "router871"
010905: Jan 5 16:27:16.642 AZT: RADIUS: Retransmit to (162.168.16.49:1645,1646) for id 1645/4 -
Adding secondary ADFS server to farm fails with Could Not Load Assembly error
Hi all,
I have two servers running Server 2012 R2.
There are two AD sites, in site 1, I have the primary ADFS server running on a member server. In site 2 I have a secondary ADFS server running on the only DC in the site. There will be WAP servers publishing these servers in either site.
I successfully set up the first ADFS server in site 1, and this is working ok. However, when I set up the server in site 2 I get the following error during the prerequisite checker:
Could not load file or assembly 'System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. Access is denied.
Unable to retrieve configuration from the primary server. Could not load file or assembly 'System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. Access is denied.
I ran this as my domain admin account and also as domain\administrator which is seldom used.
When I run the resulting PowerShell script, I get errors relating to the GSMA, so not sure if that is where my issue lies. Here is the script:
# Windows PowerShell script for AD FS Deployment
Import-Module ADFS
# Get the credential used for performaing installation/configuration of ADFS
$installationCredential = Get-Credential -Message "Enter the credential for the account used to perform the configuration."
Add-AdfsFarmNode `
-CertificateThumbprint:"Thumbprint Here" `
-Credential:$installationCredential `
-GroupServiceAccountIdentifier:"DOMAIN\STSSvc`$" `
-PrimaryComputerName:"machine.domain.net"
I tried using the FQDN of the ADFS server as well as the common name of sts.domain.net, neither worked.
Any suggestions?
Andrew HodgsonHi,
Thanks for your post.
According to the error message, it is more about permission issue.
Please refer to this artile about how to resolve the error "Could not load file or assembly or one of its dependencies. Access is denied"
http://blogs.msdn.com/b/sayanghosh/archive/2007/04/21/solution-to-could-not-load-file-or-assembly-or-one-of-its-dependencies-access-is-denied.aspx
Regards.
Vivian Wang -
When trying to login, the message appears "No radius server configured" and the local user does not authenticate. How do I access without rebooting the Switch 6500 with CatOS.
Hi PK.
Thanks for your Attention. You know how to insert a line configuration via SNMP RW "set radius server 10.112.15.21 auth-port 1645 primary"?
I believe this way or can I work around the problem. -
Is it possible to configure BEA to automatically switch to alternate
secondary LDAP server in case of failing connection to primary?
Arne"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
Using root bridge as a fallback radius server for WPA and EAP
From reading the different documentation out there, it seems that one should be able to configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable. Has anyone encountered this situation? And could they share the steps and configuration statements to apply the bridges (1310 or 1410) in order to make this happen?
Many Thanks and Regards,
Giles -Yes, you have to first configure a root bridge as a fallback radius server in case a primary radius server were to be unreachable
Maybe you are looking for
-
Is there a way to make the bookmark bar autohide, but visible with rollover?
Or something similar? Although I have since found an add-on to autohide the navigation bar.......that helps a little......
-
Playlists selected in iTunes are not shown on my device
I selected several playlists in iTunes to synce to my devices (iPhone 5S and iPad). Neither the playlists nor the songs are syncing, and I do not have manual checked. I am running OSX 10.8.5 and iTunes 11.1.3. My iPad and iPhone software is up to dat
-
Problem Coding Button over Frame by Frame Animation
Compiler Error: Scene=Scene 1, layer=actoins, fr;'{' expected
-
FFacebook app on iPad doesn't refresh. It tries but eventually times out. I have to reboot the iPad in order for it to update the FB feed. It's annoying! I've tried deleting the app and reloading but the issue is still there.
-
Automatically Block old vendors or not in use from 24 months
Hi We would like to Lock all the Dormant vendors (old vendors or not in use) which will not have any transactions for the specified period, say the vendors which will not have any transactions from past 36 Months, or 24 Months. Do we have any standar