Problem moving guest access webauth server

I need to move my guest WLAN's webauth page from its server-1 to server-2. It has been working fine with the guest WLAN anchor controller configured to do webauth. But when it is configured to go to server-2 -- I basically just changed the "External Webauth URL" in the "Security >> Web Auth >> Web Login Page" -- then the redirection does not seem to happen.
I did ping tests from the controller command line to server-2, that works fine. DNS name look ups on my laptop also works fine with it connected to the guest WLAN but not yet authenticated.
I ran tcpdump on server-2 where I did see ICMP packets when I pinged it from the controller but nothing when I try to authenticate on my laptop.
Any help is greatly appreciated. Thanks!
[Edit]: Problems solved. I *assumed* (always a bad thing to do) that the security group has put server-2 into the rule that allow the controller/webauth communication. They did, but the IP address was typed wrong.

Hi - turns out that its a bug in the 5.0 software, confirmed by a consulting SE. We've found a workaround, just waiting for new code. Workaround was to put all the controllers in the same mobility group, and just make sure the APs can't contact the 'anchor' controller for registration. Not ideal, but it works.

Similar Messages

Problems with guest access radius/local accounts?

I have a setup running with 2 2100 controllers. I want to authenticate guest users either using Radius if they exists there, and if not using a guest account set up from WCS.
It's working if I create a local net user from the controller, but not if I create the guest account from the WCS. The account created from the wcs shows up in the controller under local net users, but if I try to login I get this message in the controller:
AAA Authentication Failure for UserName:test User Type: WLAN USER
So it's trying with radius. But what is the difference from creating a guest user directly on the controller. Is this a bug? I'm running 5.2.178.0 on the controller and WCS 5.2.130.0.

The way I understand is there is no difference in the guest accounts created through WCS and WLC. If you are creating the users locally on the controllers, you need to repeat the procedure by logging into each controller. This can be a time consuming task. Instead, you can create the guest accounts on the WCS and push them to the controllers at one go.
You may want to delete the guest accounts on the WLC and WCS and try to reconfigure the guest accounts on the WCS and push them to the controllers and check if you are seeeing this issue. Because if the configs are correct and the user is providing the correct username / password the setup should work.

E4200 Bridge Mode + Guest Access?

Hi,
I'm trying to set up my E4200 in "Bridge Mode," but want to enable a few things in the wireless settings, such as:
a) choosing SSIDs and network keys,
b) enable Guest Access
I've been able to get things working without too much hassle:
* factory reset
* set wireless SSIDs and network keys
* enable guess access and set password
* turn on bridge mode
Everything is basically fine, except that when the device goes into bridge mode it seems that it shuts off *all* web UI. This kind of makes sense, but do I actually understand that correcty? (Or have I simply not found the right connection method?)
If so, it leads to a couple follow-on questions:
a) How do I disable Bridge Mode if I want to change any settings? (Is the answer just 'factory reset'?)
b) Can Guest Access mode work in Bridge Mode?
So far, I have not been successful in getting the device to display the login page for Guest Access. I'm not sure if that's a config problem with Guest Access or if that just doesn't work in Bridge Mode.
Any tips/advice appreciated.
thx

Dude buddy. This is your post:
gv
Expert
Posts: 11,833
Registered: 07-16-2006
0
Re: E4200 Guest Network Not Working [ Edited ]
06-24-2011 10:40 AM - last edited on 06-24-2011 10:41 AM
It's not possible to use guest access in bridge mode. Guest access is only possible when the E4200 operates as router. In bridge mode any wireless network goes directly into the same LAN. Guest separation would not be possible.
Also don't disable the SSID broadcast.
http://homecommunity.cisco.com/t5/Wireless-Routers/E4200-Guest-Network-Not-Working/td-p/406345/highl...
What I'm saying is that it is possible and that I am doing just that on our LAN here at work.
You pegged me on the linksys devices not allowing higher subnets. Alas, I am used to using DD-WRT and Tomato for years now (where you can use any subnet mask) and took for granted that I have not seen a stock linksys GUI in a long time. However, in bridge mode on the E4200 you are able to set subnet masks as you wish...

Problem accessing Sql server Procedure from Crystal with JDBC driver

I have some Crystal reports using SQL Server procedures, most of them are working very well; however, I have 2 that have problems accessing sql server procedures. These reports are working using OLE DB connection without problem, but when I try to relocate the connection to JDBC Crystal generates an error like that the procedure not return records.
The procedure is working with other products including OLE DB connections from crystal.
What can I do?
Thanks in Advance,
JaimeC

I am using:
Crystal report 11 - 11.0.0.1282 and Crystal 2008 = 12.0.0.683
SQL Server 2005 - Microsoft SQL Server Management Studio Express 9.00.4035.00
Windows XP
I have discovered that the procedures create and work temporary tables. In other cases when is working ok, the procedures have not working temporary tables.
Thanks,
Jaime Carrillo

I purchased an HD movie on Apple TV but it says that I cannot access the server at this time. I try daily but this problem doesn't seem to go away. Any suggestions?

I purchased a movie via Apple TV/iTunes but it says that I cannot access the server at this time. In summary, I can't download the movie. This problem has persisted for 4-5 days now. Any suggestions? BTW, I upgraded to Yosemite on my iMac last weekend. Thanks!

You need more RAM.
http://www.thexlab.com/faqs/lackofram.html
Mostly iTunes, mail, finder, google chrome, and one or two other programs.
What are the "two other programs?" The ones you named shouldn't be consuming all your RAM, even if open concurrently. But I've heard (I don't use it) 10.7 is a memory hog.
Closing open apps may not solve the problem, since that memory is still being held in reserve for them.
This problem is usually caused by a combination of low RAM and low disk space.I am very puzzled when you say you have 895GB left on the drive. That should be an enormous amount of room for the memory to page out (write) to.
Message was edited by: WZZZ

10.8 Server - AFP Guest access not working

Hi Folks
I have a brand new Mac Mini server running the latest 10.8.4 and Server.app from the app store (10.8 / v2 / whatever it's called these days). I have everything up and running perfectly except that no matter what I do when users connect via AFP there is no option for them to connect as guest. It literally just does not even show up in the login dialog.
I have several AFP share points setup to allow guest access, I have enabled the option in System Prefs->Users and Groups->Guest User->Allow guests to connect to shared folders. I have even also enabled it via command line tool; serveradmin settings afp:guestAccess = yes
But no matter what I do any machines connecting (either via browsing to the server via finder and connecting or directly from "Connect to server" using the afp:// URI approach) the login dialog doesn't give us the option to select to connect as guest -- it's just not there at all in the dialog box.
This is fairly urgent, a few more days and this server needs to go into production at our school here and this is essential for the way we need to do things. A little more background information: we are bound to both a local OD setup and a campus wide AD setup (not sure if any of this matters or not).
Help and thanks!

And I guess toggling File Sharing on and off about a dozen times it seems to have finally picked up and is allowing guest access to work :/ Answer my own question!

We just moved from a Windows server to a Mac server with our Macs -problem!

We just moved from a Windows server to a Mac server with our Mac Network!!!
Problem:
Now, when we create files from our personal computers, no one else can write them. We can all read these files, but when we make changes we have to save a version! This wasn't happening on the Windows server, so I can only guess that it's a setting on the Mac? (G4 Laptop running 10.4.5)
Can anyone help me figure out what setting needs to be changed?
Thank you very much in advance!
-Alex

This is normal behavior, and is a result of the POSIX umask. Newly created files have their POSIX permissions (owner, group, and everyone fields) set such that only the owner can read and write.
The best way to solve this problem is to use an ACL entry to define desired permissions for a folder, specifying inheritance (e.g., permissions apply to this folder and any newly-created files or folders inside of that).
Please see my ACL Tips version 2 link for more information, including a more detailed explanation of POSIX and ACL permissions and how they work together: http://discussions.apple.com/thread.jspa?messageID=1732788
--Gerrit

TS4526 Problems Accessing iTunes Server from Apple TV

After the last update, my Apple TV couldn't access the iTunes server. I've followed all of the recommended instructions including the reset, signing in and out. I have ATT DSL. Did Apple change something about how they access the server so that it's blocked? Or, any other ideas? Accessing Netflix, Hulu, and youtube are no problem.
Thanks.

Welcome to the Apple Community.
The following article(s) may help you.
Troubleshooting Home Sharing
Security Software Issues
Troubleshooting Wi-Fi networks and connections
Recommended Wi-Fi settings
Wifi Diagnostic Software (for Mac users)
You may also find some help on this page, where I’ve collected some of the more unusual solutions to network issues.
When making adjustments to your network for better optimisation, you may find some of the points mentioned on this page helpful.

Problem in accessing application server file using open dataset

Hi All,
I am trying to access application server file using open dataset command, its working fine for normal path which imention. But when i am giving path of XI server file, its not working. How to access XI server file using open dataset. Please let me know.
Thanks in advance.
Regards,
Vishal

Hi Vishal,
You need to verify if the location where you are trying to save the file is in the same server of SAP. In case that the location is in other server you need to map that directy into the same server of SAP.
You need to point always to a location in the same server of SAP, in order that the open dataset could work.
Regards,
Eric

Wired guest access on WLC 4400 with SW 7.0.240.0

Hello,
after we upgrade our Wlan-controller 4400 from software 7.0.116.0 to 7.0.240.0
wired guest access don't work anymore.
All other things works fine, incl. WLAN guest access!
When we try wired guest access, we get the web-authentication page and can log in.
On the controller we can see that the Policy Manager State changes from WEBAUTH_REQD
to RUN.
But then there is no access to the internet.
We tried also SW 7.0.250.0, same problem!
Log Analysis on the WCS:
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :The WLAN to which client is connecting does not require 802 1x authentication.
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client does not have an IP address yet.
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L3 authentication is required
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role update request. from Unassociated to Local Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.101.200.11
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role changed. State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :DHCP successful.
Time :03/12/2014 14:21:26 MEZ Severity :ERROR Controller IP :10.101.200.11 Message :Client got an IP address successfully and the WLAN requires Web Auth or Web Auth pass through.
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client IP address is assigned.
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Webauth user logged in to the network. manni
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :AAA response message sent.
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
Trying http://www.google.de .... doesnt work. No Log Entries. Next entries while logging out.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Web auth is being triggered again.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L2 authentication has been completed successfully.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :WebAuth user Logged out from network.
Has someone a idea how to solve this problem?
Regards
Manfred

Hi
Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

Guest Access Redirect accepting AD credentials

I have a 2106 controller with a guest access SSID on a isolated vlan 192. The guest SSID is setup for webauth and redirects all traffic to the isolated vlan 192. There is a RADIUS server handling AD authentications on the native management vlan. The dhcp scope on the guest access (192) vlan resides on a watchguard firewall. When I connect to the guest SSID with a WLC resident account and password I am allowed internet access fine. When I use a AD account and password from the rest of the network I am also allowed on fine. Anyone seen this before? I should not be able to even to see the AD server from the isolated VLAN much less have the controller see it as a valid login. I get an IP address from the isolated vlan and I can not ping my protected (all other vlans) network. The problem is I can not monitor content easily or filter where my AD users are going if they connect to the guest SSID. Code is older version 4.0.217.0 and I will upgrade unit to 4.1.185 this week but I suspect the problem will still exist.

I am posting this as I have found my problem. This is bug number CSCsh35098. In this bug the if the Web account for the local user fails then the authentication request will be forwarded to a RADIUS server if one is configured on the controller. It over rides the WLAN setting to not have a RADIUS authentication. The work around is to change the RADIUS authentication from PAP to CHAP or MD5-CHAP as this will not allow the RADIUS to authenticate.

Email server problem - failed to connect to server

Since Friday 27th August I've been having trouble connecting to the email server for my BT Yahoo account. It simply can't find the server, even though none of the account settings have changed and it has worked fine for years. Weirdly, sometimes it works and emails come through (so the settings are obviously fine) but then it will stop working for no apparent reason. I use Thunderbird as my email client, but I tested the account in Outlook Express and it gives the same error. The account works fine over webmail, and through my iPhone, however.
It seems like this is a DNS error rather than software related - is there anything BT-related that could be causing this, or any simple fixes? I've tried rebooting the HomeHub but that doesn't seem to have made a difference. I work from home, so this is a really annoying problem.

Lynx wrote:
Interesting - we have exactly the same problem. Haven't been able to download for days. This has happened with two different computers with different anti-virus systems - so one assumes it's not suddenly that. I can access my e-mail online and reply (having to bcc myself, so when it does eventually work I have copies on my outlook express. It was working perfectly one night and the next morning just stopped - nothing happened in between.
I have tried to find out what the error number means, but no-one - not even BT's Help section - seem to have the solution. Have you ever seen the Eddie Izzard sketch on YouTube? This is definately one of those moments!
If you find a solution - would really appreciate you posting it on here, so I can fix mine. Will do the same for youi.
Hi.
This sort of problem is hard to determine. It could be a few things, including a corruption of the mail account (which can last for a short time or a number of days), it could be a local problem - which you've ruled out by the different computer check, or perhaps a "stuck" email - say one which is spam/virus attached and the online checking systems failing to pass through it, or possibly a stale IP address.
The latter 2 are easy to check, the first via webmail and see if there is anything near the "top" of the list that may cause a problem, moving to a new folder, and try again. The last can be tried by power cycling the router to get a new IP address. Disconnect the broadband and router for say 15 minutes and then reconnect to try again.
If there was a major server problem, there would be lots more complaints.
http://www.andyweb.co.uk/shortcuts
http://www.andyweb.co.uk/pictures

Problems moving app from tomcat 321 to 4.0

I have serious problems moving an old app from tomcat 321 to 4.0. I tried just moving the entire webapps/<myApp> to the new server, and also using a war-file, but I get a message saying that one of my Beans doesn't exist.
Its a bean in the /WEB-INF/classes subdir, so its in an annonymous package. The jsp-page accessing it uses the
<jsp:useBean id="dateBean" class="DateBean" scope="session" />
tag.
Error message from jsp-page says: org.apache.jsp.DateBean not found.
Seems my tomcat4 doesn�t use the web-inf/classes in its classpath???
regards
Markus

I don't believe the current Servlet specs allow for anonymous packages. Try moving your class into its own package (under WEB-INF/classes/packagename/) and see if that fixes the problem. Also be sure to change the <jsp:useBean> tag to give the full classname in the class attribute.

10.10.2 keeps trying to access disconnected server

Hi there, kids!
Something in my 10.10.2 setup insists on trying to access a server that no longer resides at a particular address. Access to the new address is all good, but I keep getting interrupted by messages about the old one being offline/disconnected/dead.
Please - how do I find out what application/applet/daemon is doing this, and how do I persuade it to stop?
I have no problem hitting the command line if that's the most effective path.
Thanks!

There are many possible causes for this issue, and it may be very hard to resolve without wiping your account clean of everything except documents as a last resort. Please take each of the following steps that you haven't already tried. Back up all data before making any changes.
If you get the alert in the login screen before you log in, stop here and ask for instructions.
Step 1
If you get the alert as soon as you log in, it's probably caused by one of your login items or by software that otherwise loads at startup or login. Ask if you need help identifying it. Known offenders are "1Password" and "Adobe Resource Synchronizer."
Step 2
If there's an icon representing the server in the sidebar of a Finder window, hold down the command key and drag it out.
Step 3
In the Finder, press the key combination command-K or select
          Go ▹ Go to Server...
from the menu bar. In the upper right corner of the window that opens is a Recent Servers popup menu represented by a clock icon. From that menu, select
          Clear Recent Servers…
and confirm. Test.
Step 4
Open the Printers & Scanners pane in System Preferences and delete any network devices you no longer use. If in doubt, delete them all and add back the ones you want.
Step 5
Triple-click anywhere in the line below on this page to select it, then copy the text to the Clipboard by pressing command-C:
~/Library/PDF Services
In the Finder, select
          Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder may open. If it does, move the contents to the Desktop, or to a new folder on the Desktop. Log out and log back in. Test. If there's no change, put the items you moved back where they were and continue.
Step 6
Open the folder
~/Library/Preferences
as in Step 5 and move the file named "loginwindow.plist" items in that folder to the Trash, if it exists (it may not.)
Log out and back in again, and test.
Step 7
Other possible causes are references in the iPhoto, iTunes, or iMovie library pointing to the server, bookmarks in the Preview application, and PDF files created by Adobe Acrobat with embedded scripts.
Try rebuilding the iPhoto library, if applicable.
Step 8
Resources such as images or sounds stored on the server may have been added to various applications. Examples would be pictures added to Contacts and custom sounds added to Mail. The range of possibilites here is practically infinite, so I can't be more specific. You might get a hint by launching the Console application and looking for error messages that appear at the same time as the alerts.
Step 9
Disconnect all wired peripherals except those needed to start up. Start up in safe mode. Test. After testing, restart as usual (not in safe mode) and verify that you still have the problem.
Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a Fusion Drive or a software RAID, you can’t do this. Ask for further instructions.
Step 10
Triple-click the line below to select it:
/System/Library/CoreServices/Directory Utility.app
Rght-click or control-click the highlighted text and select
          Services ▹ Open
from the contextual menu.* The application Directory Utility will open.
In the Directory Utility window, select the Directory Editor tool in the toolbar. Select Mounts from the Viewing menu in the toolbar, and/Local/Default from the node menu, if not already selected. On the right is a list of names and values. By default, the list is empty. If it's not empty, post a screenshot of the window and stop here.
*If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.
Step 11
Open the following file as you did in the last step:
/etc/auto_master
It will open in a TextEdit window. The contents should be exactly this:
# Automounter master map
+auto_master          # Use directory service
/net               -hosts          -nobrowse,hidefromfinder,nosuid
/home               auto_home     -nobrowse,hidefromfinder
/Network/Servers     -fstab
/-               -static
If there are any other lines in the window, post them. Otherwise, close the window.

Wireless guest access with CWA and ISE using mobility anchor

My team is trying to demo wireless guest access using CWA with an ISE server. We appear to be hitting an issue when combining this with mobility anchoring.
When we don't use a mobility anchor the authentication goes off without a hitch seemingly proving that the ISE configuration is sound. The test laptop associates and gets redirected, auths, moves to the RUN state and access to the network is granted.
When the mobility anchor is enabled, the test laptop does get redirected, authentication is successful, but the process does not fully complete, as on the foreign controller the user is in RUN state whereas on the anchor the user is still stuck at CWA required.
Now, I've read the L2 auth occurs between the foreign controller and ISE, and the L3 auth occurs between the anchor controller and ISE, but this does not appear to borne out in packet captures of the process where both parts of the auth seems to go to and from the foreign controller and ISE.
I'm curious to know if anyone else has come across this issue, or has ideas where I should be looking in the config or debugs to find the root cause.
When setting up the controllers and ISE this guide (linked below) was used and the controllers are 2504 controllers on 7.5 series software and ISE is on the latest 1.2 patches:
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml
To me it seems to be mobility related, but the authentication flow does seem to be off compared with what the guide says.

FOREIGN
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Adding mobile on LWAPP AP 0c:d9:96:ba:7d:20(1)
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Association received from mobile on BSSID 0c:d9:96:ba:7d:2f
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Max Client Trap Threshold: 0 cur: 0
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 Re-applying interface policy for client
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfMsConnTask_4: Jan 28 23:04:59.525: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 In processSsidIE:4565 setting Central switched to TRUE
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 In processSsidIE:4568 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 Applying site-specific Local Bridging override for station 00:1e:c2:c0:96:05 - vapId 1, site 'AP-Group-CHEC.default', interface 'management'
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 Applying Local Bridging Interface Policy for station 00:1e:c2:c0:96:05 - vlan 84, interface id 0, interface 'management'
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 apfProcessAssocReq (apf_80211.c:7830) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from Idle to AAA Pending
*apfMsConnTask_4: Jan 28 23:04:59.526: 00:1e:c2:c0:96:05 Scheduling deletion of Mobile Station: (callerId: 20) in 10 seconds
*radiusTransportThread: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Username entry (00-1E-C2-C0-96-05) created for mobile, length = 253
*radiusTransportThread: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Username entry (00-1E-C2-C0-96-05) created in mscb for mobile, length = 253
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Received SGT for this Client.
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Redirect URL received for client from RADIUS. Client will be moved to WebAuth_Reqd state to facilitate redirection. Skip web-auth Flag = 0
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Resetting web IPv4 acl from 255 to 255
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Resetting web IPv4 Flex acl from 65535 to 65535
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 84
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 Re-applying interface policy for client
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfReceiveTask: Jan 28 23:04:59.550: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 0 on mobile
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Inserting AAA Override struct for mobile
MAC: 00:1e:c2:c0:96:05, source 2
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Initializing policy
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Not Using WMM Compliance code qosCap 00
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 0c:d9:96:ba:7d:20 vapId 1 apVapId 1 flex-acl-name:
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfMsAssoStateInc
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from AAA Pending to Associated
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfPemAddUser2:session timeout forstation 00:1e:c2:c0:96:05 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 Sending Assoc Response to station on BSSID 0c:d9:96:ba:7d:2f (status 0) ApVapId 1 Slot 1
*apfReceiveTask: Jan 28 23:04:59.551: 00:1e:c2:c0:96:05 apfProcessRadiusAssocResp (apf_80211.c:3066) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from Associated to Associated
*DHCP Socket Task: Jan 28 23:04:59.567: 00:1e:c2:c0:96:05 DHCP received op BOOTREQUEST (1) (len 308,vlan 84, port 13, encap 0xec03)
*DHCP Socket Task: Jan 28 23:04:59.567: 00:1e:c2:c0:96:05 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Jan 28 23:04:59.567: 00:1e:c2:c0:96:05 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*DHCP Socket Task: Jan 28 23:05:01.523: 00:1e:c2:c0:96:05 DHCP received op BOOTREQUEST (1) (len 308,vlan 84, port 13, encap 0xec03)
*DHCP Socket Task: Jan 28 23:05:01.523: 00:1e:c2:c0:96:05 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Jan 28 23:05:01.523: 00:1e:c2:c0:96:05 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=ExpForeign, client state=APF_MS_STATE_ASSOCIATED
*mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 apfMsRunStateInc
*mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
*mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Reached PLUMBFASTPATH: from line 5793
*mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP 0c:d9:96:ba:7d:20, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID = 255,
*mmMaListen: Jan 28 23:05:02.362: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 84, Local Bridging intf id = 0
*mmMaListen: Jan 28 23:05:02.363: 00:1e:c2:c0:96:05 0.0.0.0 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Jan 28 23:05:02.364: 00:1e:c2:c0:96:05 Set bi-dir guest tunnel for 00:1e:c2:c0:96:05 as in Export Foreign role
*pemReceiveTask: Jan 28 23:05:02.364: 00:1e:c2:c0:96:05 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4
*pemReceiveTask: Jan 28 23:05:02.364: 00:1e:c2:c0:96:05 Skip Foreign / Export Foreign Client IP 0.0.0.0 plumbing in FP SCB
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP received op BOOTREQUEST (1) (len 308,vlan 84, port 13, encap 0xec03)
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP processing DHCP REQUEST (3)
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   xid: 0xafea6bc9 (2951375817), secs: 5, flags: 0
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   chaddr: 00:1e:c2:c0:96:05
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Socket Task: Jan 28 23:05:03.869: 00:1e:c2:c0:96:05 DHCP   requested ip: 10.130.98.8
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP received op BOOTREPLY (2) (len 320,vlan 84, port 13, encap 0xec07)
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP processing DHCP ACK (5)
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   xid: 0xafea6bc9 (2951375817), secs: 0, flags: 0
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   chaddr: 00:1e:c2:c0:96:05
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   ciaddr: 0.0.0.0, yiaddr: 10.130.98.8
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   siaddr: 10.30.4.173, giaddr: 0.0.0.0
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 DHCP   server id: 1.1.1.2 rcvd server id: 1.1.1.2
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) DHCP Address Re-established
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Reached PLUMBFASTPATH: from line 6978
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 0c:d9:96:ba:7d:20, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID
*DHCP Socket Task: Jan 28 23:05:03.887: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 84, Local Bridging intf id = 0
*DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 Assigning Address 10.130.98.8 to mobile
*DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Socket Task: Jan 28 23:05:03.888: 00:1e:c2:c0:96:05 DHCP successfully bridged packet to STA
*pemReceiveTask: Jan 28 23:05:03.889: 00:1e:c2:c0:96:05 Set bi-dir guest tunnel for 00:1e:c2:c0:96:05 as in Export Foreign role
*pemReceiveTask: Jan 28 23:05:03.889: 00:1e:c2:c0:96:05 10.130.98.8 Added NPU entry of type 1, dtlFlags 0x4
*pemReceiveTask: Jan 28 23:05:03.890: 00:1e:c2:c0:96:05 Skip Foreign / Export Foreign Client IP 10.130.98.8 plumbing in FP SCB
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Received SGT for this Client.
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Resetting web IPv4 acl from 0 to 255
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Resetting web IPv4 Flex acl from 65535 to 65535
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 AAA redirect is NULL. Skipping Web-auth for Radius NAC enabled WLAN.
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfReceiveTask: Jan 28 23:05:18.716: 00:1e:c2:c0:96:05 Inserting AAA Override struct for mobile
MAC: 00:1e:c2:c0:96:05, source 2
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Setting session timeout 3600 on mobile 00:1e:c2:c0:96:05
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Session Timeout is 3600 - starting session timer for the mobile
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Applying cached RADIUS Override values for mobile 00:1e:c2:c0:96:05 (caller pem_api.c:2307)
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Setting session timeout 3600 on mobile 00:1e:c2:c0:96:05
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Session Timeout is 3600 - starting session timer for the mobile
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Applied RADIUS override policy
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 0c:d9:96:ba:7d:20, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 84, Local Bridging intf id = 0
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Not Using WMM Compliance code qosCap 00
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Plumbed mobile LWAPP rule on AP 0c:d9:96:ba:7d:20 vapId 1 apVapId 1 flex-acl-name:
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 10.130.98.8 RUN (20) Change state to RUN (20) last state RUN (20)
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 apfMsAssoStateInc
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from AAA Pending to Associated
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 apfPemAddUser2:session timeout forstation 00:1e:c2:c0:96:05 - Session Tout 3600, apfMsTimeOut '1800' and sessionTimerRunning flag is 1
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Scheduling deletion of Mobile Station: (callerId: 49) in 3600 seconds
*apfReceiveTask: Jan 28 23:05:18.717: 00:1e:c2:c0:96:05 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 3600
*apfReceiveTask: Jan 28 23:05:18.718: 00:1e:c2:c0:96:05 Sending Assoc Response to station on BSSID 0c:d9:96:ba:7d:2f (status 0) ApVapId 1 Slot 1
*apfReceiveTask: Jan 28 23:05:18.718: 00:1e:c2:c0:96:05 apfProcessRadiusAssocResp (apf_80211.c:3066) Changing state for mobile 00:1e:c2:c0:96:05 on AP 0c:d9:96:ba:7d:20 from Associated to Associated
*pemReceiveTask: Jan 28 23:05:18.720: 00:1e:c2:c0:96:05 Set bi-dir guest tunnel for 00:1e:c2:c0:96:05 as in Export Foreign role
*pemReceiveTask: Jan 28 23:05:18.720: 00:1e:c2:c0:96:05 10.130.98.8 Added NPU entry of type 1, dtlFlags 0x4

Problem moving guest access webauth server

Similar Messages

Maybe you are looking for