Rogue AP Countermeasure in WLC

Similar Messages

• Rogue AP - Not in sync with WCS and WLC

  WCS - 7.0.164.0 and WLC - 7.0.98.0.
  For some reason, I am seeing rogue ap alert on WLC and am not seeing on WCS.   How do I clean up database and sync with WCS and WLC.
  I am seeing same thing with coverage holes.
  - Allen -

  Allen,
       On the WLC go to Management > SNMP > Trap Controls, make sure that you have the traps checked.
  HTH,
  Steve
  *Please remember to rate helpful posts*

• Cisco Prime Rogue AP Report - No Rogues from 3702 Series AP's

  I am running Cisco Prime Infrastructure (2.1) that manages a Cisco 5508 WLC (7.6). We have multiple version of AP's managed by this WLC to include 1142, 2602, 3702, etc...In Cisco prime when we run a Rogue AP Report. None of the Rogue AP's discovered by 3702's are displayed in the report. The Rogues show on the WLC though from all AP's. Cannot find a reason for this. Any ideas?

  The Rogue alarm state always stays on "removed" once deleted
  CSCuo91446
  Description
  Symptom:
  Once one of the alarm of rogue AP is deleted the newer rogue AP alarm changed to removed state even for different mac address.
  Because of the removed state the detecting AP which detected the rogue is not displayed
  Conditions:
  1) Auto SPT is turned on
  2) Prime 2.0 or 2.1
  Workaround:
  Click on refresh from network for each alarm in removed state or disable auto spt
  Last Modified:
  Jun 30,2014
  Status:
  Fixed
  Severity:
  3 Moderate
  Product:
  Cisco Prime Network Control System Series Appliances
  Known Affected Releases:
  (1)
  2.1(0.0.1)

• Rogue Rules and Rogue AP alert in Prime

  Hi Supportcommunity,
  i have done a lot of research according this topic but i was unfortunately unable to find an helpful post.
  If i missed something I am sorry about.
  I got the following issue my customer complains about Rogue AP Alerts in Cisco Prime.
  There are always many of them.
  I already configured the Rogue Rules at the WLC´s security tab as follows.
  Here are the rules in detail.
  1st rule
  2nd rule
  3rd rule
  Could you please help me to understand what I did wrong.
  I dont understand why there are still so many Rogue warnings although I configure it to not alert.
  Thanks for your support
  With kind regards
  Benedikt

  Rogue detection is a way of being aware of other APs in your surroundings, I would not advise on turning the SNMP traps off totally. On the other hand the customer cant really blame you because there are other APs around their network? In 99,9% of all networks there will be....
  However, if you want to tidy up among the rogue alarms, the rules can be used. 
  What your rules are saying is "Anyone except me using my SSIDs? - mark it as a Bad Guy" (OK).
  Then it gets a bit weird to me, lets do a short one on Signal strength:
  - 30 dBm = Less than one meter from the AP at max European output level 20 dBm EIRP
  -40 dBm = Ten times weaker, some 2-4m from AP. All distances are roughly speaking...
  -50 dBm = 1/100 weaker, less than 10m from AP
  -60 dBm = 1/1000 weaker, some 16m from AP, a "normal" and strong signal
  -70 dBm = 1/10000, within 30m from AP, not great, but lower end of "normal" span
  -80 dBm = hardly useable signal, might be able to connect @ 1-2 Mbps, not much more
  -90 dBm = almost no clients can use this weak levels
  -100 dBm = background noise.
  You delete rule says that "Any other AP located less than a meter from mine (-30 dBm) should be marked as Malicious and deleted". Lower this to, say -70 dBm and see what happens.
  Also note that the order of the rules can be important. It runs from top down, and as far as I remember the last one that matched determines if it is Friendly or Malicious. Play around with the levels first, then if necessary the order of the rules, and get back...
  **Please rate helpful posts**

• Rogue AP: Question

  I need a bit of info with the below topics.
  Q1. What is a Rogue AP?
  Q2. WLC 4400 is detecting a number of rogue access points from neighboring buildings. How should the WLC 4400 deal with these rogue access points?
  Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?
  Regards,
  Colm

  For the Clases, you have the ability to define what criteria must be met for a roge to be called friendly or malicious.  Under the Security tab > Wireless Protection Policy, Rogue Policies, Rogue Rules.
  Class Type:
  unclassified  <---  AP detected but not matching any policy
  friendly  <---  AP matches the criteria of a friendly AP
  malicious <--- AP matches the criteria of a malicious AP
  Update Status:
  Contain <--Contain the AP, uses our own AP to spoof the AP to get the clients to join "us" instead of "them" , once again, you need to be real careful with this, as if you are containing your neighbors, there can be reprocussions
  Alert  <-- Just a message saying there is a rogue

• Question on Rogue Detection

  Hi All,
  I have a question regarding rogue detection configuration on WLC.
  we know that rogue detection can be enabled on a per AP basis under the advanced tab of each AP, starting from code 6.0, and it also supports rogue detection in RF groups when we configure protection type as "AP Authentication" under WLC security tab, which will make APs to authentication frames based on the RF group name, if name is different, then the AP is considered as a rogue.
  so the question is if we only enable rogue detection on the AP level, however leave the AP authentication selected as "none", how does the AP detect rogues? does that mean if any signal detected is not from the APs connected to the WLC, then this will be considered as a rogue?
  also in the configuration guide, under the section "enable rogue access point detection in RF groups", it says rogue detection will need the AP to be configured as either local or monitor mode, when we also have AP authentication enabled. however if an AP is under h-reap mode, we still able to enable/disable rogue detection under the advanced tab, so how does H-REAP mode APs detect rogues? is that the same method as when AP authentication selected as "none"
  thanks in advance for your help.

  I've done some tests as well:
  I have multiple WLCs on same mobility and same RF groups. AP Auth type set to "none" on all o ft hem. I took one WLC (I'll call it thereafter "My WLC") and changed its RF group name. I also cahnged its AP auth policy to "AP Authentication". All WLCs have same SSIDs configured. I added one extra test SSID on "MY WLC".
  The results are:
  - The WLC with different RF group name did not mention other APs as rogues. Other APs did not mention my WLC APs as rogues as well.
  - There is very high number of AP impersonation detected by "My WLC". other WLCs did not detect ap impersonation. This indicates that other APs on other WLCs try to contain "My WLC" APs. However, "My WLC" does not seem to try impersonating other APs. (it worths to notice that number of APs on "My WLC" is much less than APs on other WLCs).
  - When using "AP authentication", there is a new IE appears in the SSID beacons.
  The highlighted in blue is that information that could not be interpretted (as seen in highlighted yellow above). This information differs based no the SSID. Different SSID name shows different information. This IE seems to carry the information about the RF group name. If this does not appear when using "none" as AP auth policy then WLCs can not distinguish different RF group names if ap auth set to "none". (because I could not find any RF group info anywhere in the beacon packet. If you know it is exist somewhere else please let us know. So far I assume it is included in this vendor specific IE).
  - When I changed the AP auth to "none" the number of AP impersonation reported started to decrease gradually. I'll keep monitoring to see what it will be after couple of hours.
  - Config guide is very useful. However, sometimes it is extremley stupid. Why?
       well, because if you go to the part that talks about configuring MFP (http://tiny.cc/un6thw), and if you go to Step 5,      you will find that the optoin metnioned in step 5 is not available in the AP. It tells you that to enable or disable MFP      validation for specific AP you can do this from under Advanced tab. However, this option is not available under      Advanced tab. I had a big discussion with TAC about this very long time ago. prompted to doc guys about it but so      far nothign changed.
  HTH
  Amjad

• Wired rogue

  Hello all,
  I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue.
  On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch. does anybody come across this issue before? Thank you.

  Hi.
  If you have an access point working in both 802.11b/g and 802.11a/g frequencies, then you will be detected as 2 different access points. You can confirm that with the following command
  AP1230#show dot11 bssid
  Interface     BSSID           Guest  SSID
  Dot11Radio1   0011.2161.b7c0  Yes  atlantic
  Dot11Radio0   0005.9a3e.7c0f  Yes  WPA2-TLS-g
  Please rate if it helps

• Roaming issues

  Hi,
  I bought my iPhone 3G in Boston, but am spending a month in Dublin, Ireland. Ever since I have been here I have had the usual issues with 3G and signals getting dropped, battery draining etc... However, the biggest problem I have is that I cannot make a call!
  Whenever I try to make a call (either locally or a call back to the States) it immediately says "call failed" and stops. Its fairly immediate so that makes me believe its not that the network is causing the problem. And this is when I have a decent signal.
  It seems to be able to receive calls fine.
  Also, the voicemail feature keeps asking me for a password - however, there was never a password before! So I dont know what to type in and therefore have no voicemail..!
  Any ideas?
  Eric

  Hi Scott, thank you for answer.
  I've just tested with WPA2/AES and the issue is still happening.
  I tried without authentication and still occur.
  At this moment I have 525 Rogue APs listed on WLC... May I disable A/B/G/N low data rates, is this a possible issue?
  Thanks

• Protecting against Virtual Jamming (RTS/CTS) attacks ?

  I am new to Wireless, and was wondering how Cisco products guard againts "Virtual Jamming" attacks where a station keeps sending RTS/CTS packets, and causes the NAV of all other stations to be reset.
  I believe that the "Rouge AP" detection / prevention mechanism infact uses this very same method to block out rouge access points.
  So what prevents a rouge station from doing the same ?
  I am also not sure if this problem is eliminated in 802.11n due to its full-duplex like behaviour ??
  Thanks

  802.11 uses CSMA/CA.
  There are 2 ways a radio will sense the medium.
  Physical Carrier Sense - is a mech that allows the radio to sense if there is transmissions on the channel
  Virtual Carrier Sense - is the use of rts-cts and cts-to-self to reserve the network with NAV timers.
  yes, you can do DoS attacks with the correct software to 'jam' the MAC later and not allowing ANY radios to talk at ALL.
  Rogue detector with the WLC does not operate in this way. It simply spoofs the rogues access point BSSID and sends deauth frames telling surrounding clients not to attach.

• WLC Seeing It's Own LAP as Rogue

  I just finished a deployment of WLC 4.2.112.0 with about 30 AP's. Everything is working fine, but the WLC is showing an AP as rogue, not wired with a radio MAC address that is the same as one of my functioning registered AP's.
  It doesn't appear to be causing any problems other than the WLC showing it as rogue.
  Has anyone else come across this?
  Thanks,
  Jeff

  Jeff we see this, too. We had a lot of Bugs with older releases concerning this issue since 2006 (3.2) but all should be fixed with current 4.2.112.0. We had not open a new SR yet for the latest release.
  If you happen to get a new BugID for these please let me know.

• Does WCS come with the 5508 WLC?

  Forum
  I am providing a quote to a client for a wireless installation.  I have two 5508 boxes and about 40 AP's on the quote, as well as associated SmartNet.
  I was reading how the Cisco Unified Wireless Network is comprised of:
  Controllers
  Access Points
  The Cisco Wireless Control System (WCS)
  Cisco Mobility Services Engine
  My questions are:
  1.  Does WCS come installed on the Controller?  Is this something that the customer receives simply by virtue of the fact that they are purchasing the Controller?  Or is this a separate piece of software with a cost?
  2.  What exactly is the Cisco Mobility Services Engine?  What does it do that the Controller will not?  How would I sell one to a customer?
  Thank You
  Kevin

  WCS is a Windows 2003 application (so not "on the controller") that is completely separate and has to be purchased separately with different levels of licensing for different feature sets.
  WCS is most useful when having several WLCs to manage and is offered when you buy a lot of stuff I think.
  WCS alone brings better reporting features (graphs, pdf reports, ...) and maps to visualize everything.
  MSE is a kind of "calculation appliance" that you link to your WCS to locate all clients and rogues in real-time on the map. Only that. But it's a cool enough feature :-) Without MSE you can only view one client at a time (when entering its mac address in the search field) on WCS maps.
  Nicolas

• I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN .

  HI All,
  I have a Problem with Romming Between SSIDs withing the same WLC but with deferent VLAN . the WLC are providing the HQ and one of the Branches the Wireless services .
  Am using all the available 9 SSIDs at the HQ , and am using only 4 of it at the Brnche.
  The problem that i have are happening only at the Branch office as i cant room between the SSIDs within Diferent VLANs but i can do it with the one that pointing to the same VLAN. Once the client ( Laptop/Phone ) connected to one of the SSIDs. it imposiible to have him connected to the other ones with Different VLAN. meanwhile, It says its connected to the other SSID but its not getting IP from that pool.
  here is the Show Run-Config from my WLC .. and the Problem happening between the SSID AMOBILE and ASTAFF. i have the Debug while am switching between the SSIDs if needed .
  =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.11.04 10:20:47 =~=~=~=~=~=~=~=~=~=~=~=
  show run-config
  Press Enter to continue...
  System Inventory
  NAME: "Chassis"   , DESCR: "Cisco 5500 Series Wireless LAN Controller"
  PID: AIR-CT5508-K9, VID: V01, SN: FCW1535L01G
  Burned-in MAC Address............................ 30:E4:DB:1B:99:80
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 12
  Press Enter to continue or <ctrl-z> to abort
  System Information
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.235.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... 6.0.182.0
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
  Build Type....................................... DATA + WPS
  System Name...................................... WLAN Controller 5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  IP Address....................................... 10.125.18.15
  Last Reset....................................... Software reset
  System Up Time................................... 41 days 5 hrs 14 mins 42 secs
  System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
  Current Boot License Level....................... base
  Current Boot License Type........................ Permanent
  Next Boot License Level.......................... base
  Next Boot License Type........................... Permanent
  Configured Country............................... US - United States
  --More or (q)uit current module or <ctrl-z> to abort
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +36 C
  External Temperature............................. +20 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 10
  Number of Active Clients......................... 61
  Burned-in MAC Address............................ 30:E4:DB:1B:99:80
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 12
  Press Enter to continue or <ctrl-z> to abort
  AP Bundle Information
  Primary AP Image  Size
  ap3g1             5804
  ap801             5192
  ap802             5232
  c1100             3096
  c1130             4972
  c1140             4992
  c1200             3364
  c1240             4812
  c1250             5512
  c1310             3136
  c1520             6412
  c3201             4324
  c602i             3716
  Secondary AP Image      Size
  ap801             4964
  c1100             3036
  --More or (q)uit current module or <ctrl-z> to abort
  c1130             4884
  c1140             4492
  c1200             3316
  c1240             4712
  c1250             5064
  c1310             3084
  c1520             5244
  c3201             4264
  Press Enter to continue or <ctrl-z> to abort
  Switch Configuration
  802.3x Flow Control Mode......................... Disable
  FIPS prerequisite features....................... Disabled
  secret obfuscation............................... Enabled
  Strong Password Check Features:
         case-check ...........Enabled
         consecutive-check ....Enabled
         default-check .......Enabled
         username-check ......Enabled
  Press Enter to continue or <ctrl-z> to abort
  Network Information
  RF-Network Name............................. OGR
  Web Mode.................................... Disable
  Secure Web Mode............................. Enable
  Secure Web Mode Cipher-Option High.......... Disable
  Secure Web Mode Cipher-Option SSLv2......... Enable
  OCSP........................................ Disabled
  OCSP responder URL..........................
  Secure Shell (ssh).......................... Enable
  Telnet...................................... Disable
  Ethernet Multicast Forwarding............... Disable
  Ethernet Broadcast Forwarding............... Disable
  AP Multicast/Broadcast Mode................. Unicast
  IGMP snooping............................... Disabled
  IGMP timeout................................ 60 seconds
  IGMP Query Interval......................... 20 seconds
  User Idle Timeout........................... 300 seconds
  ARP Idle Timeout............................ 300 seconds
  Cisco AP Default Master..................... Enabled
  AP Join Priority............................ Disable
  Mgmt Via Wireless Interface................. Disable
  Mgmt Via Dynamic Interface.................. Disable
  --More or (q)uit current module or <ctrl-z> to abort
  Bridge MAC filter Config.................... Enable
  Bridge Security Mode........................ EAP
  Mesh Full Sector DFS........................ Enable
  AP Fallback ................................ Enable
  Web Auth Redirect Ports .................... 80
  Web Auth Proxy Redirect ................... Disable
  Fast SSID Change ........................... Enabled
  AP Discovery - NAT IP Only ................. Enabled
  IP/MAC Addr Binding Check .................. Enabled
  Press Enter to continue or <ctrl-z> to abort
  Port Summary
             STP   Admin   Physical   Physical   Link   Link
  Pr Type   Stat   Mode     Mode     Status   Status Trap    POE   SFPType  
  1 Normal Forw Enable Auto       1000 Full Up     Enable N/A     1000BaseTX
  2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  3 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  4 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  5 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  6 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  7 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  8 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
  Press Enter to continue or <ctrl-z> to abort
  AP Summary
  Number of APs.................................... 8
  Global AP User Name.............................. Not Configured
  Global AP Dot1x User Name........................ Not Configured
  AP Name             Slots AP Model             Ethernet MAC       Location         Port Country Priority
  KNOWLOGY_DC01       2     AIR-LAP1131AG-A-K9   00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1       US       1
  KNOWLOGY_DC02       2     AIR-LAP1131AG-A-K9   00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1       US       1
  KN1252_AP01         2     AIR-LAP1252AG-A-K9   00:21:d8:ef:06:50 Knowlogy Confere 1       US       1
  KN1252_AP02         2     AIR-LAP1252AG-A-K9   00:22:55:8e:2e:d4 Server Room Side 1       US       1
  Anham_AP03           2     AIR-LAP1142N-A-K9     70:81:05:88:15:b5 default location 1       US       1
  ANHAM_AP01          2     AIR-LAP1142N-A-K9     70:81:05:b0:e4:62 Small Conference 1       US       1
  ANHAM_AP04           2     AIR-LAP1131AG-A-K9   00:1d:45:86:e1:b8   Conference room 1       US       1
  ANHAM_AP02           2     AIR-LAP1142N-A-K9     70:81:05:96:7a:49         Copy Room 1       US       1
  AP Tcp-Mss-Adjust Info
  AP Name             TCP State MSS Size
  KNOWLOGY_DC01       disabled   -
  KNOWLOGY_DC02       disabled   -
  --More or (q)uit current module or <ctrl-z> to abort
  KN1252_AP01         disabled   -
  KN1252_AP02         disabled   -
  Anham_AP03           disabled   -
  ANHAM_AP01           disabled   -
  ANHAM_AP04           disabled   -
  ANHAM_AP02           disabled   -
  Press Enter to continue or <ctrl-z> to abort
  AP Location
  Total Number of AP Groups........................ 3  
  Site Name........................................ ANHAM8075
  Site Description................................. ANHAM 8075 Location
  WLAN ID         Interface         Network Admission Control         Radio Policy
  1               knowlogy_ogr         Disabled                         None
  6               knowlogy_ogr         Disabled                         None
  9               knowlogy_ogr         Disabled                         None
  7               knowlogy_ogr         Disabled                         None
  AP Name             Slots AP Model             Ethernet MAC       Location         Port Country Priority
  Anham_AP03           2     AIR-LAP1142N-A-K9   70:81:05:88:15:b5 default location 1     US       1
  ANHAM_AP01           2     AIR-LAP1142N-A-K9   70:81:05:b0:e4:62 Small Conference 1     US       1
  ANHAM_AP04           2     AIR-LAP1131AG-A-K9   00:1d:45:86:e1:b8   Conference room 1     US       1
  ANHAM_AP02           2     AIR-LAP1142N-A-K9   70:81:05:96:7a:49         Copy Room 1     US       1
  Site Name........................................ Knowlogy_DC
  --More or (q)uit current module or <ctrl-z> to abort
  Site Description................................. DC Center Access points
  WLAN ID         Interface         Network Admission Control         Radio Policy
  2               knowlogy_ogr         Disabled                         None
  4               knowlogy_ogr         Disabled                         None
  3               knowlogy_ogr         Disabled                         None
  AP Name             Slots AP Model             Ethernet MAC       Location         Port Country Priority
  KNOWLOGY_DC01       2     AIR-LAP1131AG-A-K9   00:1d:45:86:ed:4e KNOWLOGY_DC_Serv 1     US       1
  KNOWLOGY_DC02       2     AIR-LAP1131AG-A-K9   00:21:d8:36:c5:c4 KNOWLOGY_DC_Serv 1     US       1
  Site Name........................................ OGR
  Site Description................................. 1934 OGR Office
  WLAN ID         Interface         Network Admission Control         Radio Policy
  1               knowlogy_ogr         Disabled                         None
  2               knowlogy_ogr         Disabled                        None
  4               knowlogy_ogr         Disabled                         None
  6               knowlogy_ogr         Disabled                         None
  --More or (q)uit current module or <ctrl-z> to abort
  7               knowlogy_ogr        Disabled                         None
  9               knowlogy_ogr         Disabled                         None
  8               knowlogy_ogr         Disabled                         None
  AP Name             Slots AP Model             Ethernet MAC       Location         Port Country Priority
  KN1252_AP01         2     AIR-LAP1252AG-A-K9   00:21:d8:ef:06:50 Knowlogy Confere 1    US       1
  KN1252_AP02         2     AIR-LAP1252AG-A-K9   00:22:55:8e:2e:d4 Server Room Side 1     US       1
  Site Name........................................ default-group
  Site Description................................. <none>
  WLAN ID        Interface         Network Admission Control         Radio Policy
  1               knowlogy_ogr         Disabled                         None
  2               knowlogy_ogr         Disabled                         None
  3               knowlogy_ogr         Disabled                         None
  4               knowlogy_ogr         Disabled                         None
  5               knowlogy_ogr         Disabled                         None
  6               knowlogy_ogr         Disabled                         None
  7               knowlogy_ogr         Disabled                         None
  8               knowlogy_ogr         Disabled                          None
  --More or (q)uit current module or <ctrl-z> to abort
  9               knowlogy_ogr         Disabled                         None
  10             management           Disabled                         None
  AP Name             Slots AP Model             Ethernet MAC       Location         Port Country Priority
  Press Enter to continue or <ctrl-z> to abort
  AP Config
  Cisco AP Identifier.............................. 6
  Cisco AP Name.................................... KNOWLOGY_DC01
  Country code..................................... US - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:1d:45:86:ed:4e
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.22.1.100
  Gateway IP Addr.................................. 10.22.1.1
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Disabled
  Ssh State........................................ Disabled
  Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
  Cisco AP Group Name.............................. Knowlogy_DC
  Primary Cisco Switch Name........................ wireless.knowlogy.com
  Primary Cisco Switch IP Address.................. 10.125.18.15
  Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  --More or (q)uit current module or <ctrl-z> to abortIP Address.................. 10.125.18.15
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W Version .................................... 7.0.235.0
  Boot Version ................................... 12.3.8.0
  Mini IOS Version ................................ 3.0.51.0
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Disabled
  PoE Power Injector MAC Addr...................... Disabled
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1131AG-A-K9
  AP Image......................................... C1130-K9W8-M
  IOS Version...................................... 12.4(23c)JA5
  --More or (q)uit current module or <ctrl-z> to abort
  Reset Button..................................... Enabled
  AP Serial Number................................. FTX1134T0QG
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 22
        WLAN 2 :........................................ 21
        WLAN 4 :........................................ 25
        WLAN 3 :........................................ 25
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... AUTOMATIC
  AP User Name..................................... Not Configured
  AP Dot1x User Mode............................... Not Configured
  AP Dot1x User Name............................... Not Configured
  Cisco AP system logging host..................... 255.255.255.255
  AP Up Time....................................... 48 days, 20 h 19 m 18 s
  AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
  Join Date and Time............................... Tue Sep 24 21:24:33 2013
  Join Taken Time.................................. 0 days, 00 h 10 m 47 s
  --More or (q)uit current module or <ctrl-z> to abort
  Attributes for Slot 0
      Radio Type................................... RADIO_TYPE_80211b
     Administrative State ........................ ADMIN_ENABLED
     Operation State ............................. UP
     Radio Role .................................. ACCESS
     CellId ...................................... 0
     Station Configuration
       Configuration ............................. AUTOMATIC
       Number Of WLANs ........................... 3
       Medium Occupancy Limit .................... 100
       CFP Period ................................ 4
       CFP MaxDuration ........................... 60
       BSSID ..................................... 00:1d:71:09:8f:90
       Operation Rate Set
         1000 Kilo Bits........................... MANDATORY
         2000 Kilo Bits........................... MANDATORY
         5500 Kilo Bits........................... MANDATORY
         11000 Kilo Bits.......................... MANDATORY
       Beacon Period ............................. 100
       Fragmentation Threshold ................... 2346
       Multi Domain Capability Implemented ....... TRUE
  --More or (q)uit current module or <ctrl-z> to abort
       Multi Domain Capability Enabled ........... TRUE
       Country String ............................ US
      Multi Domain Capability
       Configuration ............................. AUTOMATIC
       First Chan Num ............................ 1
       Number Of Channels ........................ 11
     MAC Operation Parameters
       Configuration ............................. AUTOMATIC
       Fragmentation Threshold ................... 2346
       Packet Retry Limit ........................ 64
     Tx Power
       Num Of Supported Power Levels ............. 8
       Tx Power Level 1 .......................... 20 dBm
       Tx Power Level 2 .......................... 17 dBm
       Tx Power Level 3 .......................... 14 dBm
       Tx Power Level 4 .......................... 11 dBm
       Tx Power Level 5 .......................... 8 dBm
       Tx Power Level 6 .......................... 5 dBm
       Tx Power Level 7 .......................... 2 dBm
       Tx Power Level 8 .......................... -1 dBm
  --More or (q)uit current module or <ctrl-z> to abort
       Tx Power Configuration .................... AUTOMATIC
       Current Tx Power Level .................... 1
     Phy DSSS parameters
       Configuration ............................. AUTOMATIC
       Current Channel ........................... 11
       Extension Channel ......................... NONE
       Channel Width.............................. 20 Mhz
       Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
       Current CCA Mode .......................... 0
       ED Threshold .............................. -50
       Antenna Type............................... INTERNAL_ANTENNA
       Internal Antenna Gain (in .5 dBi units).... 8
       Diversity.................................. DIVERSITY_ENABLED
     Performance Profile Parameters
       Configuration ............................. AUTOMATIC
       Interference threshold..................... 10 %
       Noise threshold............................ -70 dBm
       RF utilization threshold................... 80 %
       Data-rate threshold........................ 1000000 bps
       Client threshold........................... 12 clients
       Coverage SNR threshold..................... 12 dB
  --More or (q)uit current module or <ctrl-z> to abort
       Coverage exception level................... 25 %
       Client minimum exception level............. 3 clients
     Rogue Containment Information
     Containment Count............................ 0
     CleanAir Management Information
         CleanAir Capable......................... No
  Cisco AP Identifier.............................. 6
  Cisco AP Name.................................... KNOWLOGY_DC01
  Country code..................................... US - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:1d:45:86:ed:4e
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.22.1.100
  Gateway IP Addr.................................. 10.22.1.1
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Disabled
  Ssh State........................................ Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
  Cisco AP Group Name.............................. Knowlogy_DC
  Primary Cisco Switch Name........................ wireless.knowlogy.com
  Primary Cisco Switch Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W Version .................................... 7.0.235.0
  Boot Version ................................... 12.3.8.0
  Mini IOS Version ................................ 3.0.51.0
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Disabled
  PoE Power Injector MAC Addr...................... Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1131AG-A-K9
  AP Image......................................... C1130-K9W8-M
  IOS Version...................................... 12.4(23c)JA5
  Reset Button..................................... Enabled
  AP Serial Number................................. FTX1134T0QG
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 22
        WLAN 2 :........................................ 21
        WLAN 4 :........................................ 25
        WLAN 3 :........................................ 25
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... AUTOMATIC
  AP User Name..................................... Not Configured
  AP Dot1x User Mode............................... Not Configured
  AP Dot1x User Name............................... Not Configured
  Cisco AP system logging host..................... 255.255.255.255
  --More or (q)uit current module or <ctrl-z> to abort
  AP Up Time....................................... 48 days, 20 h 19 m 18 s
  AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
  Join Date and Time............................... Tue Sep 24 21:24:33 2013
  Join Taken Time.................................. 0 days, 00 h 10 m 47 s
  Attributes for Slot 1
     Radio Type................................... RADIO_TYPE_80211a
     Radio Subband................................ RADIO_SUBBAND_ALL
     Administrative State ........................ ADMIN_ENABLED
     Operation State ............................. UP
     Radio Role .................................. ACCESS
     CellId ...................................... 0
     Station Configuration
       Configuration ............................. AUTOMATIC
       Number Of WLANs ........................... 3
       Medium Occupancy Limit .................... 100
       CFP Period ................................ 4
        CFP MaxDuration ........................... 60
       BSSID ..................................... 00:1d:71:09:8f:90
       Operation Rate Set
         6000 Kilo Bits........................... MANDATORY
  --More or (q)uit current module or <ctrl-z> to abort
         9000 Kilo Bits........................... SUPPORTED
         12000 Kilo Bits.......................... MANDATORY
         18000 Kilo Bits.......................... SUPPORTED
         24000 Kilo Bits.......................... MANDATORY
        36000 Kilo Bits.......................... SUPPORTED
         48000 Kilo Bits.......................... SUPPORTED
         54000 Kilo Bits.......................... SUPPORTED
       Beacon Period ............................. 100
       Fragmentation Threshold ................... 2346
       Multi Domain Capability Implemented ....... TRUE
       Multi Domain Capability Enabled ........... TRUE
       Country String ............................ US
     Multi Domain Capability
       Configuration ............................. AUTOMATIC
       First Chan Num ............................ 36
       Number Of Channels ........................ 20
     MAC Operation Parameters
       Configuration ............................. AUTOMATIC
       Fragmentation Threshold ................... 2346
       Packet Retry Limit ........................ 64
  --More or (q)uit current module or <ctrl-z> to abort
     Tx Power
       Num Of Supported Power Levels ............. 7
       Tx Power Level 1 .......................... 15 dBm
       Tx Power Level 2 .......................... 14 dBm
       Tx Power Level 3 .......................... 11 dBm
       Tx Power Level 4 .......................... 8 dBm
       Tx Power Level 5 .......................... 5 dBm
       Tx Power Level 6 .......................... 2 dBm
       Tx Power Level 7 .......................... -1 dBm
       Tx Power Configuration .................... AUTOMATIC
       Current Tx Power Level .................... 1
     Phy OFDM parameters
       Configuration ............................. AUTOMATIC
       Current Channel ........................... 44
       Extension Channel ......................... NONE
       Channel Width.............................. 20 Mhz
       Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
         ......................................... 104,108,112,116,132,136,140,
         ......................................... 149,153,157,161
       TI Threshold .............................. -50
       Antenna Type............................... INTERNAL_ANTENNA
       Internal Antenna Gain (in .5 dBi units).... 8
  --More or (q)uit current module or <ctrl-z> to abort
       Diversity.................................. DIVERSITY_ENABLED
     Performance Profile Parameters
       Configuration ............................. AUTOMATIC
       Interference threshold..................... 10 %
       Noise threshold............................ -70 dBm
       RF utilization threshold................... 80 %
        Data-rate threshold........................ 1000000 bps
       Client threshold........................... 12 clients
       Coverage SNR threshold..................... 16 dB
       Coverage exception level................... 25 %
       Client minimum exception level............. 3 clients
     Rogue Containment Information
     Containment Count............................ 0
     CleanAir Management Information
         CleanAir Capable......................... No
  Press Enter to continue or <ctrl-z> to abort
  Cisco AP Identifier.............................. 3
  Cisco AP Name.................................... KNOWLOGY_DC02
  Country code..................................... US - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:21:d8:36:c5:c4
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.22.1.101
  Gateway IP Addr.................................. 10.22.1.1
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Disabled
  Ssh State........................................ Disabled
  Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
  Cisco AP Group Name.............................. Knowlogy_DC
  Primary Cisco Switch Name........................
  Primary Cisco Switch IP Address.................. Not Configured
  Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  Tertiary Cisco Switch Name.......................
  --More or (q)uit current module or <ctrl-z> to abort
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W  Version .................................... 7.0.235.0
  Boot Version ................................... 12.3.8.0
  Mini IOS Version ................................ 3.0.51.0
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Enabled
  PoE Power Injector MAC Addr...................... Disabled
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1131AG-A-K9
  AP Image......................................... C1130-K9W8-M
  IOS Version...................................... 12.4(23c)JA5
  Reset Button..................................... Enabled
  --More or (q)uit current module or <ctrl-z> to abort
  AP Serial Number................................. FTX1230T24F
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 22
        WLAN 2 :........................................ 21
        WLAN 4 :........................................ 25
        WLAN 3 :........................................ 25
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... AUTOMATIC
  AP User Name..................................... Not Configured
  AP Dot1x User Mode............................... Not Configured
  AP Dot1x User Name............................... Not Configured
  Cisco AP system logging host..................... 255.255.255.255
  AP Up Time....................................... 48 days, 20 h 24 m 41 s
  AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
  Join Date and Time............................... Tue Sep 24 21:24:35 2013
  Join Taken Time.................................. 0 days, 00 h 10 m 48 s
  --More or (q)uit current module or <ctrl-z> to abort
  Attributes for Slot 0
     Radio Type................................... RADIO_TYPE_80211b
     Administrative State ........................ ADMIN_ENABLED
     Operation State ............................. UP
     Radio Role .................................. ACCESS
     CellId ...................................... 0
      Station Configuration
       Configuration ............................. AUTOMATIC
       Number Of WLANs ........................... 3
       Medium Occupancy Limit .................... 100
       CFP Period ................................ 4
       CFP MaxDuration ........................... 60
       BSSID ..................................... 00:22:55:a5:0c:30
       Operation Rate Set
         1000 Kilo Bits........................... MANDATORY
         2000 Kilo Bits........................... MANDATORY
         5500 Kilo Bits........................... MANDATORY
         11000 Kilo Bits.......................... MANDATORY
       Beacon Period ............................. 100
       Fragmentation Threshold ................... 2346
       Multi Domain Capability Implemented ....... TRUE
       Multi Domain Capability Enabled ........... TRUE
  --More or (q)uit current module or <ctrl-z> to abort
       Country String ............................ US
     Multi Domain Capability
       Configuration ............................. AUTOMATIC
       First Chan Num ............................ 1
       Number Of Channels ........................ 11
     MAC Operation Parameters
       Configuration ............................. AUTOMATIC
       Fragmentation Threshold ................... 2346
       Packet Retry Limit ........................ 64
     Tx Power
       Num Of Supported Power Levels ............. 8
       Tx Power Level 1 .......................... 20 dBm
       Tx Power Level 2 .......................... 17 dBm
       Tx Power Level 3 .......................... 14 dBm
       Tx Power Level 4 .......................... 11 dBm
       Tx Power Level 5 .......................... 8 dBm
       Tx Power Level 6 .......................... 5 dBm
       Tx Power Level 7 .......................... 2 dBm
       Tx Power Level 8 .......................... -1 dBm
       Tx Power Configuration .................... AUTOMATIC
  --More or (q)uit current module or <ctrl-z> to abort
       Current Tx Power Level .................... 1
     Phy DSSS parameters
       Configuration ............................. AUTOMATIC
       Current Channel ........................... 1
       Extension Channel ......................... NONE
       Channel Width.............................. 20 Mhz
       Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
       Current CCA Mode .......................... 0
       ED Threshold .............................. -50
       Antenna Type............................... INTERNAL_ANTENNA
       Internal Antenna Gain (in .5 dBi units).... 8
       Diversity.................................. DIVERSITY_ENABLED
     Performance Profile Parameters
       Configuration ............................. AUTOMATIC
       Interference threshold..................... 10 %
       Noise threshold............................ -70 dBm
       RF utilization threshold................... 80 %
       Data-rate threshold........................ 1000000 bps
       Client threshold........................... 12 clients
       Coverage SNR threshold..................... 12 dB
       Coverage exception level................... 25 %
  --More or (q)uit current module or <ctrl-z> to abort
       Client minimum exception level............. 3 clients
     Rogue Containment Information
     Containment Count............................ 0
     CleanAir Management Information
         CleanAir Capable......................... No
  Cisco AP Identifier.............................. 3
  Cisco AP Name.................................... KNOWLOGY_DC02
  Country code..................................... US - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:21:d8:36:c5:c4
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.22.1.101
  Gateway IP Addr.................................. 10.22.1.1
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Disabled
  Ssh State........................................ Disabled
  Cisco AP Location................................ KNOWLOGY_DC_ServerRoom
  --More or (q)uit current module or <ctrl-z> to abort
  Cisco AP Group Name.............................. Knowlogy_DC
  Primary Cisco Switch Name........................
  Primary Cisco Switch IP Address.................. Not Configured
  Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W Version .................................... 7.0.235.0
  Boot Version ................................... 12.3.8.0
  Mini IOS Version ................................ 3.0.51.0
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Enabled
  PoE Power Injector MAC Addr...................... Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1131AG-A-K9
  AP Image......................................... C1130-K9W8-M
  IOS Version...................................... 12.4(23c)JA5
  Reset Button..................................... Enabled
  AP Serial Number................................. FTX1230T24F
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 22
        WLAN 2 :........................................ 21
        WLAN 4 :........................................ 25
        WLAN 3 :........................................ 25
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... AUTOMATIC
  AP User Name..................................... Not Configured
  AP Dot1x User Mode............................... Not Configured
  AP Dot1x User Name............................... Not Configured
  Cisco AP system logging host..................... 255.255.255.255
  --More or (q)uit current module or <ctrl-z> to abort
  AP Up Time....................................... 48 days, 20 h 24 m 41 s
  AP LWAPP Up Time................................. 40 days, 13 h 58 m 18 s
  Join Date and Time............................... Tue Sep 24 21:24:35 2013
  Join Taken Time.................................. 0 days, 00 h 10 m 48 s
  Attributes for Slot 1
     Radio Type................................... RADIO_TYPE_80211a
     Radio Subband................................ RADIO_SUBBAND_ALL
     Administrative State ........................ ADMIN_ENABLED
     Operation State ............................. UP
     Radio Role .................................. ACCESS
     CellId ...................................... 0
     Station Configuration
       Configuration ............................. AUTOMATIC
       Number Of WLANs ........................... 3
       Medium Occupancy Limit .................... 100
       CFP Period ................................ 4
       CFP MaxDuration ........................... 60
       BSSID ..................................... 00:22:55:a5:0c:30
       Operation Rate Set
         6000 Kilo Bits........................... MANDATORY
  --More or (q)uit current module or <ctrl-z> to abort
         9000 Kilo Bits........................... SUPPORTED
         12000 Kilo Bits.......................... MANDATORY
         18000 Kilo Bits.......................... SUPPORTED
         24000 Kilo Bits.......................... MANDATORY
         36000 Kilo Bits.......................... SUPPORTED
         48000 Kilo Bits.......................... SUPPORTED
         54000 Kilo Bits.......................... SUPPORTED
       Beacon Period ............................. 100
       Fragmentation Threshold ................... 2346
       Multi Domain Capability Implemented ....... TRUE
       Multi Domain Capability Enabled ........... TRUE
       Country String ............................ US
     Multi Domain Capability
       Configuration ............................. AUTOMATIC
       First Chan Num ............................ 36
       Number Of Channels ........................ 20
     MAC Operation Parameters
       Configuration ............................. AUTOMATIC
       Fragmentation Threshold ................... 2346
       Packet Retry Limit ........................ 64
  --More or (q)uit current module or <ctrl-z> to abort
     Tx Power
       Num Of Supported Power Levels ............. 7
       Tx Power Level 1 .......................... 15 dBm
      Tx Power Level 2 .......................... 14 dBm
       Tx Power Level 3 .......................... 11 dBm
       Tx Power Level 4 .......................... 8 dBm
       Tx Power Level 5 .......................... 5 dBm
       Tx Power Level 6 .......................... 2 dBm
       Tx Power Level 7 .......................... -1 dBm
       Tx Power Configuration .................... AUTOMATIC
       Current Tx Power Level .................... 1
     Phy OFDM parameters
       Configuration ............................. AUTOMATIC
       Current Channel ........................... 36
       Extension Channel ......................... NONE
       Channel Width.............................. 20 Mhz
       Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
         ......................................... 104,108,112,116,132,136,140,
         ......................................... 149,153,157,161
       TI Threshold .............................. -50
       Antenna Type............................... INTERNAL_ANTENNA
       Internal Antenna Gain (in .5 dBi units).... 8
  --More or (q)uit current module or <ctrl-z> to abort
       Diversity.................................. DIVERSITY_ENABLED
     Performance Profile Parameters
        Configuration ............................. AUTOMATIC
       Interference threshold..................... 10 %
       Noise threshold............................ -70 dBm
       RF utilization threshold................... 80 %
       Data-rate threshold........................ 1000000 bps
       Client threshold........................... 12 clients
       Coverage SNR threshold..................... 16 dB
       Coverage exception level................... 25 %
       Client minimum exception level............. 3 clients
     Rogue Containment Information
     Containment Count............................ 0
     CleanAir Management Information
         CleanAir Capable......................... No
  Press Enter to continue or <ctrl-z> to abort
  Cisco AP Identifier.............................. 5
  Cisco AP Name.................................... KN1252_AP01
  Country code..................................... US - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:21:d8:ef:06:50
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.125.18.101
  IP NetMask....................................... 255.255.255.0
  Gateway IP Addr.................................. 10.125.18.1
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Enabled
  Ssh State........................................ Disabled
  Cisco AP Location................................ Knowlogy Conference Rooms Side
  Cisco AP Group Name.............................. OGR
  Primary Cisco Switch Name........................
  Primary Cisco Switch IP Address.................. Not Configured
  Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  --More or (q)uit current module or <ctrl-z> to abort
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W Version .................................... 7.0.235.0
  Boot Version ................................... 12.4.10.0
  Mini IOS Version ................................ 3.0.51.0
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Disabled
  PoE Power Injector MAC Addr...................... Disabled
  Power Type/Mode.................................. PoE/Medium Power (15.4 W)
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1252AG-A-K9
  AP Image......................................... C1250-K9W8-M
  IOS Version...................................... 12.4(23c)JA5
  --More or (q)uit current module or <ctrl-z> to abort
  Reset Button..................................... Enabled
  AP Serial Number................................. FTX122990L5
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 118
        WLAN 1 :........................................ 111
        WLAN 2 :........................................ 111
        WLAN 4 :........................................ 112
        WLAN 6 :........................................ 112
        WLAN 7 :........................................ 111
        WLAN 9 :........................................ 112
        WLAN 8 :........................................ 112
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... AUTOMATIC
  AP User Name..................................... Not Configured
  AP Dot1x User Mode............................... Not Configured
  AP Dot1x User Name............................... Not Configured
  Cisco AP system logging host..................... 255.255.255.255
  AP Up Time....................................... 26 days, 00 h 24 m 39 s
  --More or (q)uit current module or <ctrl-z> to abort
  AP LWAPP Up Time................................. 26 days, 00 h 23 m 48 s
  Join Date and Time............................... Wed Oct 9 10:59:07 2013
  Join Taken Time.................................. 0 days, 00 h 00 m 50 s
  Attributes for Slot 0
     Radio Type................................... RADIO_TYPE_80211n-2.4
     Administrative State ........................ ADMIN_ENABLED
     Operation State ............................. UP
     Radio Role .................................. ACCESS
     CellId ...................................... 0
     Station Configuration
       Configuration ............................. AUTOMATIC
       Number Of WLANs ........................... 7
       Medium Occupancy Limit .................... 100
       CFP Period ................................ 4
       CFP MaxDuration ........................... 60
       BSSID ..................................... 00:22:55:df:a5:90
       Operation Rate Set
         1000 Kilo Bits........................... MANDATORY
         2000 Kilo Bits........................... MANDATORY
         5500 Kilo Bits........................... MANDATORY
  --More or (q)uit current module or <ctrl-z> to abort
         11000 Kilo Bits.......................... MANDATORY
       MCS Set
         MCS 0.................................... SUPPORTED
         MCS 1.................................... SUPPORTED
         MCS 2.................................... SUPPORTED
         MCS 3.................................... SUPPORTED
         MCS 4.................................... SUPPORTED
         MCS 5.................................... SUPPORTED
         MCS 6.................................... SUPPORTED
         MCS 7.................................... SUPPORTED
         MCS 8.................................... SUPPORTED
          MCS 9.................................... SUPPORTED
         MCS 10................................... SUPPORTED
         MCS 11................................... SUPPORTED
         MCS 12................................... SUPPORTED
         MCS 13................................... SUPPORTED
         MCS 14................................... SUPPORTED
         MCS 15................................... SUPPORTED
       Beacon Period ............................. 100
       Fragmentation Threshold ................... 2346
       Multi Domain Capability Implemented ....... TRUE
       Multi Domain Capability Enabled ........... TRUE
       Country String ............................ US
  --More or (q)uit current module or <ctrl-z> to abort
     Multi Domain Capability
       Configuration ............................. AUTOMATIC
       First Chan Num ............................ 1
       Number Of Channels ........................ 11
     MAC Operation Parameters
       Configuration ............................. AUTOMATIC
       Fragmentation Threshold ................... 2346
       Packet Retry Limit ........................ 64
     Tx Power
       Num Of Supported Power Levels ............. 8
       Tx Power Level 1 .......................... 20 dBm
       Tx Power Level 2 .......................... 17 dBm
       Tx Power Level 3 .......................... 14 dBm
       Tx Power Level 4 ..........

  Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
  Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
  There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
  Sent from Cisco Technical Support iPhone App

• Can't put two 5508 WLCs in the same RF group

  Hi experts,
  I have two 5508 WLCs and I want them to be backup to each other. I put in the same "RF Group Name" and even the same "Default Mobility Domain Name" however under Wireless -> 802.11b/g/n -> RRM -> RF Grouping each controller still only have themselves as the only memter to the group.
  Two controllers are having management IPs on the same subnet 192.168.161.x/24. AP-manager interfaces are in the same network as well. They can ping each other fine. The following screen shots show the current relavent config on the controller:
  I do have two controllers in the same mobility group and they are both showing up...
  Does anyone know why they can't add each other to the RF group? All other settings are pretty much default...
  Thanks!

  Hi,
  is there a chance that one of the 2 WLC doesn't contain any access point ? Or that the APs from one WLC are not physically close to the APs of the second WLC ?
  The point of RF grouping is to exchange RF information, to make RRM decisions together and to know what ap is a rogue and which is not. RF group information travels over the air from AP to AP.
  So if a wlc has no ap of if its APs are not close to those of the other WLC there is both no point in grouping with the other WLC in rf group and also no technical way of doing so.
  Regards,
  Nicolas
  ===
  Don't forget to rate answers that you find useful

• WLC 4402 Multiple clients can connect to AP but only one gets an IP

  I have a 4402 which is connected to a 4506 Switch int Gig 3/1 via a trunk port. The Managment and AP-manger interfaces are on vlan 6
  interface GigabitEthernet3/1
  description Trunk Port to WLC
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2-6
  switchport mode trunk
  end
  I have a 1142N AP also connected to the switch and it pulls a DHCP IP Address and configs etc and registers to the WLC. It too is on Vlan 6 and it is connected to the 4506 on int gig 4/33 which is an access port.
  interface GigabitEthernet4/33
  description Access port to Cisco LAP 1142
  switchport access vlan 6
  switchport mode access
  end
  My router is my dhcp server;
  ip dhcp pool wlanmantraffic
     network 10.6.0.0 255.255.255.0
     default-router 10.6.0.1
     dns-server 66.109.38.250 10.7.0.8
     option 43 hex f104.3130.2e36.2e30.2e33
  interface FastEthernet0/1.6
  description Vlan6
  encapsulation dot1Q 6
  ip address 10.6.0.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly
  I am doing local authentication, so i have added users to the WLC
  My problem is that the first client that connected was able to get an IP address and connect to anything internal and external.
  I then connected another client on another laptop and that client could connect but not get an IP address, it  just self assigned.
  When i look at the clients i can see the MAC address of both Clients on the WLC, but doing a show mac address-table dynamic i only see the MAC of the client that works properly. The client that doesnt get an IP has no entry in the 4506 switch.
  I am stumped, from what I understand, is that the 2nd clients traffic is being trunked to the WLC , hence it has the MAC address. But I dont know why its not getting a DHCP assigned IP address.
  Thanks in advance for your help.

  Here is some of the WLC config,
  (Cisco Controller) >show run-config
  Press Enter to continue...
  System Inventory
  NAME: "Chassis"    , DESCR: "4400 Series WLAN Controller:25 APs"
  PID: AIR-WLC4402-25-K9,  VID: V02,  SN: FOCblankedbyme
  Burned-in MAC Address............................ 00:07:0E:55:FA:C0
  Crypto Accelerator 1............................. Absent
  Crypto Accelerator 2............................. Absent
  Power Supply 1................................... Absent
  Power Supply 2................................... Present, OK
  Maximum number of APs supported.................. 25
  Press Enter to continue or to abort
  System Information
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.235.3
  RTOS Version..................................... 7.0.235.3
  Bootloader Version............................... 7.0.235.3
  Emergency Image Version.......................... 7.0.235.3
  Build Type....................................... DATA + WPS
  System Name...................................... CISCO-LWAPP-CONTROLLER
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
  IP Address....................................... 10.6.0.3
  System Up Time................................... 0 days 21 hrs 7 mins 20 secs
  System Timezone Location......................... (GMT -5:00) Eastern Time (US a
  nd Canada)
  Configured Country............................... US  - United States
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +36 C
  --More or (q)uit current module or to abort
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 3
  Burned-in MAC Address............................ 00:07:0E:55:FA:C0
  Crypto Accelerator 1............................. Absent
  Crypto Accelerator 2............................. Absent
  Power Supply 1................................... Absent
  Power Supply 2................................... Present, OK
  Maximum number of APs supported.................. 25
  Press Enter to continue or to abort
  AP Bundle Information
  Primary AP Image        Size
  ap3g1                   6672
  ap801                   5180
  ap802                   5220
  c1100                   3092
  c1130                   4960
  c1140                   4980
  c1200                   3360
  c1240                   4800
  c1250                   5500
  c1310                   3132
  c1520                   6400
  c3201                   4312
  c602i                   3712
  Secondary AP Image      Size
  ap801                   4952
  c1100                   3040
  --More or (q)uit current module or to abort
  c1130                   4880
  c1140                   4492
  c1200                   3312
  c1240                   4712
  c1250                   5060
  c1310                   3080
  c1520                   5240
  c3201                   4260
  Press Enter to continue or to abort
  Switch Configuration
  802.3x Flow Control Mode......................... Disable
  FIPS prerequisite features....................... Disabled
  secret obfuscation............................... Enabled
  Strong Password Check Features:
           case-check ...........Enabled
           consecutive-check ....Enabled
           default-check .......Enabled
           username-check ......Enabled
  Press Enter to continue or to abort
  Network Information
  RF-Network Name............................. RFMobile
  Web Mode.................................... Disable
  Secure Web Mode............................. Enable
  Secure Web Mode Cipher-Option High.......... Disable
  Secure Web Mode Cipher-Option SSLv2......... Enable
  OCSP........................................ Disabled
  OCSP responder URL..........................
  Secure Shell (ssh).......................... Enable
  Telnet...................................... Disable
  Ethernet Multicast Forwarding............... Disable
  Ethernet Broadcast Forwarding............... Disable
  AP Multicast/Broadcast Mode................. Unicast
  IGMP snooping............................... Disabled
  IGMP timeout................................ 60 seconds
  IGMP Query Interval......................... 20 seconds
  User Idle Timeout........................... 300 seconds
  ARP Idle Timeout............................ 300 seconds
  Cisco AP Default Master..................... Enabled
  AP Join Priority............................ Disable
  Mgmt Via Wireless Interface................. Disable
  Mgmt Via Dynamic Interface.................. Disable
  --More or (q)uit current module or to abort
  Bridge MAC filter Config.................... Enable
  Bridge Security Mode........................ EAP
  Mesh Full Sector DFS........................ Enable
  Apple Talk ................................. Disable
  AP Fallback ................................ Enable
  Web Auth Redirect Ports .................... 80
  Web Auth Proxy Redirect  ................... Disable
  Fast SSID Change ........................... Disabled
  802.3 Bridging ............................. Disable
  IP/MAC Addr Binding Check .................. Enabled
  Press Enter to continue or to abort
  Port Summary
             STP   Admin   Physical   Physical   Link   Link    Mcast
  Pr  Type   Stat   Mode     Mode      Status   Status  Trap   Appliance   POE
  1  Normal  Forw Enable  Auto       1000 Full  Up     Enable  Enable     N/A
  2  Normal  Forw Enable  Auto       1000 Full  Up     Enable  Enable     N/A
  Press Enter to continue or to abort
  AP Summary
  Number of APs.................................... 1
  Global AP User Name.............................. Not Configured
  Global AP Dot1x User Name........................ Not Configured
  AP Name             Slots  AP Model              Ethernet MAC       Location
        Port  Country  Priority
  NOSC-N-B1917-AP01    2     AIR-LAP1142N-A-K9     00:22:bd:1b:34:5a         Route
  23B  1        US       1
  AP Tcp-Mss-Adjust Info
  AP Name              TCP State  MSS Size
  NOSC-N-B1917-AP01    disabled   -
  Press Enter to continue or to abort
  AP Location
  Total Number of AP Groups........................ 0
  Site Name........................................ default-group
  Site Description.................................
  WLAN ID          Interface          Network Admission Control          Radio Pol
  icy
  1               management           Disabled                          None
  AP Name             Slots  AP Model             Ethernet MAC       Location
       Port  Country  Priority
  NOSC-N-B1917-AP01    2     AIR-LAP1142N-A-K9    00:22:bd:1b:34:5a         Route
  23B  1     US       1
  Press Enter to continue or to abort
  AP Config
  Cisco AP Identifier.............................. 6
  Cisco AP Name.................................... NOSC-N-B1917-AP01
  Country code..................................... US  - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US  - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:22:bd:1b:34:5a
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.6.0.26
  Gateway IP Addr.................................. 10.6.0.1
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Enabled
  Ssh State........................................ Enabled
  Cisco AP Location................................ Route 23B
  Cisco AP Group Name.............................. default-group
  Primary Cisco Switch Name........................
  Primary Cisco Switch IP Address.................. Not Configured
  Secondary Cisco Switch Name......................
  Secondary Cisco Switch IP Address................ Not Configured
  --More or (q)uit current module or to abort... Not Configured
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W  Version .................................... 7.0.235.3
  Boot  Version ................................... 12.4.18.0
  Mini IOS Version ................................ 3.0.51.0
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Disabled
  PoE Power Injector MAC Addr...................... Disabled
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1142N-A-K9
  AP Image......................................... C1140-K9W8-M
  IOS Version...................................... 12.4(23c)JA6
  --More or (q)uit current module or to abort
  Reset Button..................................... Enabled
  AP Serial Number................................. FTX1337SA7D
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
          Native ID :..................................... 6
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... CUSTOMIZED
  AP User Name..................................... danielott
  AP Dot1x User Mode............................... CUSTOMIZED
  AP Dot1x User Name............................... danielott
  Cisco AP system logging host..................... 255.255.255.255
  AP Up Time....................................... 0 days, 19 h 22 m 53 s
  AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
  Join Date and Time............................... Mon Nov  5 16:17:51 2012
  Join Taken Time.................................. 0 days, 00 h 00 m 12 s
  Attributes for Slot  0
      Radio Type................................... RADIO_TYPE_80211n-2.4
  --More or (q)uit current module or to abort
      Administrative State ........................ ADMIN_ENABLED
      Operation State ............................. UP
      Radio Role .................................. ACCESS
      CellId ...................................... 0
      Station Configuration
        Configuration ............................. AUTOMATIC
        Number Of WLANs ........................... 1
        Medium Occupancy Limit .................... 100
        CFP Period ................................ 4
        CFP MaxDuration ........................... 60
        BSSID ..................................... 00:27:0d:07:cb:e0
        Operation Rate Set
          1000 Kilo Bits........................... MANDATORY
          2000 Kilo Bits........................... MANDATORY
          5500 Kilo Bits........................... MANDATORY
          11000 Kilo Bits.......................... MANDATORY
          6000 Kilo Bits........................... SUPPORTED
          9000 Kilo Bits........................... SUPPORTED
          12000 Kilo Bits.......................... SUPPORTED
          18000 Kilo Bits.......................... SUPPORTED
          24000 Kilo Bits.......................... SUPPORTED
          36000 Kilo Bits.......................... SUPPORTED
  --More or (q)uit current module or to abort
          48000 Kilo Bits.......................... SUPPORTED
          54000 Kilo Bits.......................... SUPPORTED
        MCS Set
          MCS 0.................................... SUPPORTED
          MCS 1.................................... SUPPORTED
          MCS 2.................................... SUPPORTED
          MCS 3.................................... SUPPORTED
          MCS 4.................................... SUPPORTED
          MCS 5.................................... SUPPORTED
          MCS 6.................................... SUPPORTED
          MCS 7.................................... SUPPORTED
          MCS 8.................................... SUPPORTED
          MCS 9.................................... SUPPORTED
          MCS 10................................... SUPPORTED
          MCS 11................................... SUPPORTED
          MCS 12................................... SUPPORTED
          MCS 13................................... SUPPORTED
          MCS 14................................... SUPPORTED
          MCS 15................................... SUPPORTED
        Beacon Period ............................. 100
        Fragmentation Threshold ................... 2346
        Multi Domain Capability Implemented ....... TRUE
        Multi Domain Capability Enabled ........... TRUE
        Country String ............................ US
      Multi Domain Capability
        Configuration ............................. AUTOMATIC
        First Chan Num ............................ 1
        Number Of Channels ........................ 11
      MAC Operation Parameters
        Configuration ............................. AUTOMATIC
        Fragmentation Threshold ................... 2346
        Packet Retry Limit ........................ 64
      Tx Power
        Num Of Supported Power Levels ............. 8
        Tx Power Level 1 .......................... 20 dBm
        Tx Power Level 2 .......................... 17 dBm
        Tx Power Level 3 .......................... 14 dBm
        Tx Power Level 4 .......................... 11 dBm
        Tx Power Level 5 .......................... 8 dBm
        Tx Power Level 6 .......................... 5 dBm
        Tx Power Level 7 .......................... 2 dBm
        Tx Power Level 8 .......................... -1 dBm
        Tx Power Configuration .................... AUTOMATIC
  --More or (q)uit current module or to abort
        Current Tx Power Level .................... 1
      Phy OFDM parameters
        Configuration ............................. AUTOMATIC
        Current Channel ........................... 1
        Extension Channel ......................... NONE
        Channel Width.............................. 20 Mhz
        Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
        TI Threshold .............................. -50
        Legacy Tx Beamforming Configuration ....... AUTOMATIC
        Legacy Tx Beamforming ..................... DISABLED
        Antenna Type............................... INTERNAL_ANTENNA
        Internal Antenna Gain (in .5 dBi units).... 8
        Diversity.................................. DIVERSITY_ENABLED
        802.11n Antennas
           A....................................... ENABLED
           B....................................... ENABLED
           C....................................... ENABLED
      Performance Profile Parameters
        Configuration ............................. AUTOMATIC
        Interference threshold..................... 10 %
        Noise threshold............................  -70 dBm
  --More or (q)uit current module or to abort
        RF utilization threshold................... 80 %
        Data-rate threshold........................ 1000000 bps
        Client threshold........................... 12 clients
        Coverage SNR threshold..................... 12 dB
        Coverage exception level................... 25 %
        Client minimum exception level............. 3 clients
      Rogue Containment Information
      Containment Count............................ 0
      CleanAir Management Information
          CleanAir Capable......................... No
  Cisco AP Identifier.............................. 6
  Cisco AP Name.................................... NOSC-N-B1917-AP01
  Country code..................................... US  - United States
  Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
  AP Country code.................................. US  - United States
  AP Regulatory Domain............................. -A
  Switch Port Number .............................. 1
  MAC Address...................................... 00:22:bd:1b:34:5a
  IP Address Configuration......................... DHCP
  IP Address....................................... 10.6.0.26
  Gateway IP Addr.................................. 10.6.0.1
  --More or (q)uit current module or to abort
  NAT External IP Address.......................... None
  CAPWAP Path MTU.................................. 1485
  Telnet State..................................... Enabled
  Ssh State........................................ Enabled
  Cisco AP Location................................ Route 23B
  Cisco AP Group Name.............................. default-group
  Primary Cisco Switch Name........................
  Primary Cisco Switch IP Address...............Secondary Cisco Switch Name.......
  Secondary Cisco Switch IP Address................ Not Configured
  Tertiary Cisco Switch Name.......................
  Tertiary Cisco Switch IP Address................. Not Configured
  Administrative State ............................ ADMIN_ENABLED
  Operation State ................................. REGISTERED
  Mirroring Mode .................................. Disabled
  AP Mode ......................................... H-Reap
  Public Safety ................................... Disabled
  AP SubMode ...................................... Not Configured
  Remote AP Debug ................................. Disabled
  Logging trap severity level ..................... informational
  Logging syslog facility ......................... kern
  S/W  Version .................................... 7.0.235.3
  Boot  Version ................................... 12.4.18.0
  Mini IOS Version ................................ 3.0.51.0
  --More or (q)uit current module or to abort
  Stats Reporting Period .......................... 180
  LED State........................................ Enabled
  PoE Pre-Standard Switch.......................... Disabled
  PoE Power Injector MAC Addr...................... Disabled
  Power Type/Mode.................................. Power injector / Normal mode
  Number Of Slots.................................. 2
  AP Model......................................... AIR-LAP1142N-A-K9
  AP Image......................................... C1140-K9W8-M
  IOS Version...................................... 12.4(23c)JA6
  Reset Button..................................... Enabled
  AP Serial Number................................. FTX1337SA7D
  AP Certificate Type.............................. Manufacture Installed
  H-REAP Vlan mode :............................... Enabled
          Native ID :..................................... 6
  H-REAP Backup Auth Radius Servers :
  Static Primary Radius Server.................... Disabled
  Static Secondary Radius Server.................. Disabled
  Group Primary Radius Server..................... Disabled
  Group Secondary Radius Server................... Disabled
  AP User Mode..................................... CUSTOMIZED
  AP User Name..................................... danielott
  AP Dot1x User Mode............................... CUSTOMIZED
  AP Dot1x User Name............................... danielott
  --More or (q)uit current module or to abort
  Cisco AP system logging host..................... 255.255.255.255
  AP Up Time....................................... 0 days, 19 h 22 m 53 s
  AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
  Join Date and Time............................... Mon Nov  5 16:17:51 2012
  Join Taken Time.................................. 0 days, 00 h 00 m 12 s
  Attributes for Slot  1
      Radio Type................................... RADIO_TYPE_80211n-5
      Radio Subband................................ RADIO_SUBBAND_ALL
      Administrative State ........................ ADMIN_ENABLED
      Operation State ............................. UP
      Radio Role .................................. ACCESS
      CellId ...................................... 0
      Station Configuration
        Configuration ............................. AUTOMATIC
        Number Of WLANs ........................... 1
        Medium Occupancy Limit .................... 100
        CFP Period ................................ 4
        CFP MaxDuration ........................... 60
        BSSID ..................................... 00:27:0d:07:cb:e0
        Operation Rate Set
  --More or (q)uit current module or to abort
          6000 Kilo Bits........................... MANDATORY
          9000 Kilo Bits........................... SUPPORTED
          12000 Kilo Bits.......................... MANDATORY
          18000 Kilo Bits.......................... SUPPORTED
          24000 Kilo Bits.......................... MANDATORY
          36000 Kilo Bits.......................... SUPPORTED
          48000 Kilo Bits.......................... SUPPORTED
          54000 Kilo Bits.......................... SUPPORTED
        MCS Set
          MCS 0.................................... SUPPORTED
          MCS 1.................................... SUPPORTED
          MCS 2.................................... SUPPORTED
          MCS 3.................................... SUPPORTED
          MCS 4.................................... SUPPORTED
          MCS 5.................................... SUPPORTED
          MCS 6.................................... SUPPORTED
          MCS 7.................................... SUPPORTED
          MCS 8.................................... SUPPORTED
          MCS 9.................................... SUPPORTED
          MCS 10................................... SUPPORTED
          MCS 11................................... SUPPORTED
          MCS 12................................... SUPPORTED
          MCS 13................................... SUPPORTED
  --More or (q)uit current module or to abort
          MCS 14................................... SUPPORTED
          MCS 15................................... SUPPORTED
        Beacon Period ............................. 100
        Fragmentation Threshold ................... 2346
        Multi Domain Capability Implemented ....... TRUE
        Multi Domain Capability Enabled ........... TRUE
        Country String ............................ US
      Multi Domain Capability
        Configuration ............................. AUTOMATIC
        First Chan Num ............................ 36
        Number Of Channels ........................ 21
      MAC Operation Parameters
        Configuration ............................. AUTOMATIC
        Fragmentation Threshold ................... 2346
        Packet Retry Limit ........................ 64
      Tx Power
        Num Of Supported Power Levels ............. 7
        Tx Power Level 1 .......................... 17 dBm
        Tx Power Level 2 .......................... 14 dBm
        Tx Power Level 3 .......................... 11 dBm
  --More or (q)uit current module or to abort
        Tx Power Level 4 .......................... 8 dBm
        Tx Power Level 5 .......................... 5 dBm
        Tx Power Level 6 .......................... 2 dBm
        Tx Power Level 7 .......................... -1 dBm
        Tx Power Configuration .................... AUTOMATIC
        Current Tx Power Level .................... 1
      Phy OFDM parameters
        Configuration ............................. AUTOMATIC
        Current Channel ........................... 161
        Extension Channel ......................... NONE
        Channel Width.............................. 20 Mhz
        Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
          ......................................... 104,108,112,116,132,136,140,
          ......................................... 149,153,157,161,165
        TI Threshold .............................. -50
        Legacy Tx Beamforming Configuration ....... AUTOMATIC
        Legacy Tx Beamforming ..................... DISABLED
        Antenna Type............................... INTERNAL_ANTENNA
        Internal Antenna Gain (in .5 dBi units).... 8
        Diversity.................................. DIVERSITY_ENABLED
        802.11n Antennas
           A....................................... ENABLED
  --More or (q)uit current module or to abort
           B....................................... ENABLED
           C....................................... ENABLED
      Performance Profile Parameters
        Configuration ............................. AUTOMATIC
        Interference threshold..................... 10 %
        Noise threshold............................  -70 dBm
        RF utilization threshold................... 80 %
        Data-rate threshold........................ 1000000 bps
        Client threshold........................... 12 clients
        Coverage SNR threshold..................... 16 dB
        Coverage exception level................... 25 %
        Client minimum exception level............. 3 clients
      Rogue Containment Information
      Containment Count............................ 0
      CleanAir Management Information
          CleanAir Capable......................... No

• Cisco ISE 1.2 & Cisco WLC 5508 v7.6

  Hi all,
  we are planning to upgrade our WLC to 7.6 to fix a bug with FlexConnect Client ACLs but I have just seen on the Cisco ISE Compatibility table that the it only recommends up to v7.5 of the WLC 5508...
  Cisco have told me to steer clear of 7.5 as it is in a defferred status, so does anyone know, or have running in a lab or production, ISE1.2 with a 5508 WLC v7.6 NAD ?
  I would much rather know of any issues people are experiencing before hand than to have to go through a software upgrade and then rollback.
  Thanks all
  Mario De Rosa

  Hi Neno,
  right I have this almost working now.
  I have simplified the setup. I am not going to do any client provisioning at the moment.
  So I can connect to the corporate SSID using EAP-TLS and I can successfully push the branch data VLAN upon successful authorisation.
  Now I am trying to introduce the posture element & per user ACLs.
  I have defined the redirect ACL & Flex ACL on the vWLC however the NAC agent will not pop-up. The client is in the right VLAN and the redirect ACL seems to be getting applied as the client does get an IP through DHCP. However, the client cannot ping the ISE or access the guest portal when I open the browser.
  DNS resolution seems to be working fine.
  VLAN220 is my datacentre VLAN which the Management Interface on the controller is plugged in to.
  VLAN10 is the branch DATA VLAN.
  below is some output to give you some more details...
  (Cisco Controller) >show client detail 00:24:d6:97:b3:be
  Client MAC Address............................... 00:24:d6:97:b3:be
  Client Username ................................. [email protected]
  AP MAC Address................................... 18:33:9d:f0:21:80
  AP Name.......................................... test-flex-ap
  AP radio slot Id................................. 0
  Client State..................................... Associated
  Client NAC OOB State............................. Access
  Wireless LAN Id.................................. 2
  Hotspot (802.11u)................................ Not Supported
  BSSID............................................ 18:33:9d:f0:21:81
  Connected For ................................... 128 secs
  Channel.......................................... 6
  IP Address....................................... 10.130.130.120
  Gateway Address.................................. 10.130.130.1
  Netmask.......................................... 255.255.255.0
  IPv6 Address..................................... fe80::f524:1910:69f0:9482
  Association Id................................... 1
  Authentication Algorithm......................... Open System
  Reason Code...................................... 1
  Status Code...................................... 0
  Client CCX version............................... 4
  Client E2E version............................... 1
  --More-- or (q)uit
  Re-Authentication Timeout........................ 1651
  QoS Level........................................ Silver
  Avg data Rate.................................... 0
  Burst data Rate.................................. 0
  Avg Real time data Rate.......................... 0
  Burst Real Time data Rate........................ 0
  802.1P Priority Tag.............................. disabled
  CTS Security Group Tag........................... Not Applicable
  KTS CAC Capability............................... No
  WMM Support...................................... Enabled
    APSD ACs.......................................  BK  BE  VI  VO
  Power Save....................................... OFF
  Current Rate..................................... m13
  Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
      ............................................. 12.0,18.0,24.0,36.0,48.0,
      ............................................. 54.0
  Mobility State................................... Local
  Mobility Move Count.............................. 0
  Security Policy Completed........................ No
  Policy Manager State............................. POSTURE_REQD
  Policy Manager Rule Created...................... Yes
  AAA Override ACL Name............................ POSTURE_REDIRECT_ACL
  AAA Override ACL Applied Status.................. Yes
  --More-- or (q)uit
  AAA Override Flex ACL Name....................... POSTURE_REDIRECT_ACL
  AAA Override Flex ACL Applied Status............. Yes
  AAA URL redirect................................. https://pdc-ise-man01.kier.group:8443/guestportal/gateway?sessionId=c8dc800a00000005b3e7e953&action=cpp
  Audit Session ID................................. c8dc800a00000005b3e7e953
  AAA Role Type.................................... none
  Local Policy Applied............................. none
  IPv4 ACL Name.................................... none
  FlexConnect ACL Applied Status................... Yes
  IPv4 ACL Applied Status.......................... Unavailable
  IPv6 ACL Name.................................... none
  IPv6 ACL Applied Status.......................... Unavailable
  Layer2 ACL Name.................................. none
  Layer2 ACL Applied Status........................ Unavailable
  mDNS Status...................................... Disabled
  mDNS Profile Name................................ none
  No. of mDNS Services Advertised.................. 0
  Policy Type...................................... WPA2
  Authentication Key Management.................... 802.1x
  Encryption Cipher................................ CCMP (AES)
  Protected Management Frame ...................... No
  Management Frame Protection...................... No
  EAP Type......................................... EAP-TLS
  FlexConnect Data Switching....................... Local
  --More-- or (q)uit
  FlexConnect Dhcp Status.......................... Local
  FlexConnect Vlan Based Central Switching......... No
  FlexConnect Authentication....................... Central
  Quarantine VLAN.................................. 0
  Access VLAN...................................... 220
  Client Capabilities:
        CF Pollable................................ Not implemented
        CF Poll Request............................ Not implemented
        Short Preamble............................. Implemented
        PBCC....................................... Not implemented
        Channel Agility............................ Not implemented
        Listen Interval............................ 10
        Fast BSS Transition........................ Not implemented
  Client Wifi Direct Capabilities:
        WFD capable................................ No
        Manged WFD capable......................... No
        Cross Connection Capable................... No
        Support Concurrent Operation............... No
  Fast BSS Transition Details:
  Client Statistics:
        Number of Bytes Received................... 33698
        Number of Bytes Sent....................... 19397
        Total Number of Bytes Sent................. 19397
  --More-- or (q)uit
        Total Number of Bytes Recv................. 33698
        Number of Bytes Sent (last 90s)............ 19397
        Number of Bytes Recv (last 90s)............ 33698
        Number of Packets Received................. 283
        Number of Packets Sent..................... 147
        Number of Interim-Update Sent.............. 0
        Number of EAP Id Request Msg Timeouts...... 0
        Number of EAP Id Request Msg Failures...... 0
        Number of EAP Request Msg Timeouts......... 0
        Number of EAP Request Msg Failures......... 0
        Number of EAP Key Msg Timeouts............. 0
        Number of EAP Key Msg Failures............. 0
        Number of Data Retries..................... 53
        Number of RTS Retries...................... 0
        Number of Duplicate Received Packets....... 2
        Number of Decrypt Failed Packets........... 0
        Number of Mic Failured Packets............. 0
        Number of Mic Missing Packets.............. 0
        Number of RA Packets Dropped............... 0
        Number of Policy Errors.................... 0
        Radio Signal Strength Indicator............ -42 dBm
        Signal to Noise Ratio...................... 41 dB
  Client Rate Limiting Statistics:
  --More-- or (q)uit
        Number of Data Packets Recieved............ 0
        Number of Data Rx Packets Dropped.......... 0
        Number of Data Bytes Recieved.............. 0
        Number of Data Rx Bytes Dropped............ 0
        Number of Realtime Packets Recieved........ 0
        Number of Realtime Rx Packets Dropped...... 0
        Number of Realtime Bytes Recieved.......... 0
        Number of Realtime Rx Bytes Dropped........ 0
        Number of Data Packets Sent................ 0
        Number of Data Tx Packets Dropped.......... 0
        Number of Data Bytes Sent.................. 0
        Number of Data Tx Bytes Dropped............ 0
        Number of Realtime Packets Sent............ 0
        Number of Realtime Tx Packets Dropped...... 0
        Number of Realtime Bytes Sent.............. 0
        Number of Realtime Tx Bytes Dropped........ 0
  Nearby AP Statistics:
        test-flex-ap(slot 0)
          antenna0: 14 secs ago.................... -51 dBm
          antenna1: 14 secs ago.................... -37 dBm
        test-flex-ap(slot 1)
          antenna0: 14 secs ago.................... -51 dBm
          antenna1: 14 secs ago.................... -54 dBm
  --More-- or (q)uit
  DNS Server details:
        DNS server IP ............................. 10.0.17.31
        DNS server IP ............................. 10.0.17.43
  Assisted Roaming Prediction List details:
   Client Dhcp Required:     False
  Allowed (URL)IP Addresses
  (Cisco Controller) >
  (Cisco Controller) >show wlan 2
  WLAN Identifier.................................. 2
  Profile Name..................................... Demo1x
  Network Name (SSID).............................. Demo1x
  Status........................................... Enabled
  MAC Filtering.................................... Disabled
  Broadcast SSID................................... Enabled
  AAA Policy Override.............................. Enabled
  Network Admission Control
  Client Profiling Status
      Radius Profiling ............................ Disabled
       DHCP ....................................... Disabled
       HTTP ....................................... Disabled
      Local Profiling ............................. Disabled
       DHCP ....................................... Disabled
       HTTP ....................................... Disabled
    Radius-NAC State............................... Enabled
    SNMP-NAC State................................. Disabled
    Quarantine VLAN................................ 0
  Maximum number of Associated Clients............. 0
  Maximum number of Clients per AP Radio........... 200
  --More-- or (q)uit
  Number of Active Clients......................... 1
  Exclusionlist Timeout............................ 60 seconds
  Session Timeout.................................. 1800 seconds
  User Idle Timeout................................ Disabled
  Sleep Client..................................... disable
  Sleep Client Timeout............................. 12 hours
  User Idle Threshold.............................. 0 Bytes
  NAS-identifier................................... mario-test-flex-vwlc
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ management
  Multicast Interface.............................. Not Configured
  WLAN IPv4 ACL.................................... unconfigured
  WLAN IPv6 ACL.................................... unconfigured
  WLAN Layer2 ACL.................................. unconfigured
  mDNS Status...................................... Disabled
  mDNS Profile Name................................ unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  Static IP client tunneling....................... Disabled
  Quality of Service............................... Silver
  Per-SSID Rate Limits............................. Upstream      Downstream
  Average Data Rate................................   0             0
  --More-- or (q)uit
  Average Realtime Data Rate.......................   0             0
  Burst Data Rate..................................   0             0
  Burst Realtime Data Rate.........................   0             0
  Per-Client Rate Limits........................... Upstream      Downstream
  Average Data Rate................................   0             0
  Average Realtime Data Rate.......................   0             0
  Burst Data Rate..................................   0             0
  Burst Realtime Data Rate.........................   0             0
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  WMM UAPSD Compliant Client Support............... Disabled
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  --More-- or (q)uit
  Radius Servers
     Authentication................................ 10.0.16.111 1812
     Accounting.................................... 10.131.16.111 1813
        Interim Update............................. Disabled
        Framed IPv6 Acct AVP ...................... Prefix
     Dynamic Interface............................. Disabled
     Dynamic Interface Priority.................... wlan
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     FT Support.................................... Disabled
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Enabled
        WPA (SSN IE)............................... Disabled
        WPA2 (RSN IE).............................. Enabled
           TKIP Cipher............................. Disabled
           AES Cipher.............................. Enabled
                                                                 Auth Key Management
           802.1x.................................. Enabled
           PSK..................................... Disabled
           CCKM.................................... Disabled
  --More-- or (q)uit
           FT-1X(802.11r).......................... Disabled
           FT-PSK(802.11r)......................... Disabled
           PMF-1X(802.11w)......................... Disabled
           PMF-PSK(802.11w)........................ Disabled
        FT Reassociation Timeout................... 20
        FT Over-The-DS mode........................ Enabled
        GTK Randomization.......................... Disabled
        SKC Cache Support.......................... Disabled
        CCKM TSF Tolerance......................... 1000
     WAPI.......................................... Disabled
     Wi-Fi Direct policy configured................ Disabled
     EAP-Passthrough............................... Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Disabled
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     FlexConnect Local Switching................... Enabled
     flexconnect Central Dhcp Flag................. Disabled
     flexconnect nat-pat Flag...................... Disabled
     flexconnect Dns Override Flag................. Disabled
     flexconnect PPPoE pass-through................ Disabled
  --More-- or (q)uit
     flexconnect local-switching IP-source-guar.... Disabled
     FlexConnect Vlan based Central Switching ..... Disabled
     FlexConnect Local Authentication.............. Disabled
     FlexConnect Learn IP Address.................. Enabled
     Client MFP.................................... Optional
     PMF........................................... Disabled
     PMF Association Comeback Time................. 1
     PMF SA Query RetryTimeout..................... 200
     Tkip MIC Countermeasure Hold-down Timer....... 60
     Eap-params.................................... Disabled
  AVC Visibilty.................................... Disabled
  AVC Profile Name................................. None
  Flow Monitor Name................................ None
  Split Tunnel (Printers).......................... Disabled
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  SIP CAC Fail Send-486-Busy Policy................ Disabled
  SIP CAC Fail Send Dis-Association Policy......... Disabled
  KTS based CAC Policy............................. Disabled
  Assisted Roaming Prediction Optimization......... Disabled
  802.11k Neighbor List............................ Disabled
  802.11k Neighbor List Dual Band.................. Disabled
  Band Select...................................... Disabled
  --More-- or (q)uit
  Load Balancing................................... Disabled
  Multicast Buffer................................. Disabled
   Mobility Anchor List
   WLAN ID     IP Address            Status
  802.11u........................................ Disabled
  MSAP Services.................................. Disabled
  Local Policy
  Priority  Policy Name
  (Cisco Controller) >
  when debugging the client during redirect, this is the output and I cannot spot anything wrong here...
  (Cisco Controller) >*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Adding mobile on LWAPP AP 18:33:9d:f0:21:80(1) 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Association received from mobile on BSSID 18:33:9d:f0:21:8e
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Global 200 Clients are allowed to AP radio
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Max Client Trap Threshold: 0  cur: 0
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Rf profile 600 Clients are allowed to AP wlan
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Re-applying interface policy for client 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be In processSsidIE:4850 setting Central switched to FALSE
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying site-specific Local Bridging override for station 00:24:d6:97:b3:be - vapId 2, site 'default-group', interface 'management'
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Local Bridging Interface Policy for station 00:24:d6:97:b3:be - vlan 220, interface id 0, interface 'management'
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE  statusCode is 0 and status is 0 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE  ssid_done_flag is 0 finish_flag is 0
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be suppRates  statusCode is 0 and gotSuppRatesElement is 1 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Processing RSN IE type 48, length 22 for mobile 00:24:d6:97:b3:be
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Received RSN IE with 0 PMKIDs from mobile 00:24:d6:97:b3:be
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Updating AID for REAP AP Client 18:33:9d:f0:21:80 - AID ===> 1
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Initializing policy
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Central switch is FALSE
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name: 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfMsAssoStateInc
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Idle to Associated
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2:session timeout forstation 00:24:d6:97:b3:be - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is  0 
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Stopping deletion of Mobile Station: (callerId: 48)
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Sending Assoc Response to station on BSSID 18:33:9d:f0:21:8e (status 0) ApVapId 2 Slot 1
  *apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Associated to Associated
  *spamApTask6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sent 1x initiate message to multi thread task for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Connecting state
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sending EAP-Request/Identity to mobile 00:24:d6:97:b3:be (EAP Id 1)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received Identity Response (count=1) from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Resetting reauth count 1 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be EAP State update from Connecting to Authenticating for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticating state
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=214) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be WARNING: updated EAP-Identifier 1 ===> 214 for STA 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 214)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Allocating EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 214, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=215) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 215)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 215, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=216) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 216)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 216, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=217) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 217)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 217, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=218) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 218)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 218, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=219) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 219)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 219, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=220) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 220)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 220, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=221) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 221)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 221, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=222) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 222)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 222, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=223) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 223)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 223, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=224) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 224)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 224, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=225) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 225)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 225, EAP Type 13)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Processing Access-Accept for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 acl from 255 to 255
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 Flex acl from 65535 to 65535
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created for mobile, length = 253 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created in mscb for mobile, length = 253 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 220
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Re-applying interface policy for client 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 1 on mobile 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Inserting AAA Override struct for mobile
      MAC: 00:24:d6:97:b3:be, source 4
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting re-auth timeout to 1800 seconds, got from WLAN config.
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Creating a PKC PMKID Cache entry for station 00:24:d6:97:b3:be (RSN 2)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting MSCB PMK Cache Entry 0 for station 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 0
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Adding BSSID 18:33:9d:f0:21:8e to PMKID cache at index 0 for station 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: New PMKID: (16)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410:      [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Disabling re-auth since PMK lifetime can take care of same.
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Client in Posture Reqd state. PMK cache not updated.
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAP-Success to mobile 00:24:d6:97:b3:be (EAP Id 225)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Freeing AAACB from Dot1xCB as AAA auth is done for  mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be EAPOL Header: 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00000000: 02 03 5f 00                                       .._.
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: Including PMKID in M1  (16)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410:      [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Starting key exchange to mobile 00:24:d6:97:b3:be, data packets will be dropped
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
     state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Entering Backend Auth Success state (id=225) for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Received Auth Success while in Authenticating state for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticated state
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-key in PTK_START state (message 2) from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be PMK: Sending cache add
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be EAPOL Header: 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00000000: 02 03 5f 00                                       .._.
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
     state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
     state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Reusing allocated memory for  EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be  mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be  dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be  mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Freeing EAP Retransmit Bufer for mobile 00:24:d6:97:b3:be
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be apfMs1xStateInc
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central switch is FALSE
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Sending the Central Auth Info
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central Auth Info Allocated PMKLen = 32
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be PMK: pmkActiveIndex = 0
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be EapolReplayCounter: 00 00 00 00 00 00 00 01
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
  apfMsEntryType = 0 apfMsEapType = 13
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:POSTURE_REDIRECT_ACL 
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6166, Adding TMP rule
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
    type = Airespace AP - Learn IP address
    on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
    IPv4 ACL ID = 255, IPv
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206  Local Bridging Vlan = 220, Local Bridging intf id = 0
  *Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
  *apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
  *apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5761, Adding TMP rule
  *apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
    type = Airespace AP - Learn IP address
    on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
    IPv4 ACL ID = 255, 
  *apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206  Local Bridging Vlan = 220, Local Bridging intf id = 0
  *apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
  *pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
  *pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
  *spamApTask6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
  apfMsEntryType = 0 pmkLen = 32
  *DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 325,vlan 220, port 1, encap 0xec03)
  *DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP setting server from ACK (server 10.0.17.85, yiaddr 10.130.130.120)
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 DHCP_REQD (7) Change state to WEBAUTH_REQD (8) last state DHCP_REQD (7)
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) pemAdvanceState2 6671, Adding TMP rule
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Replacing Fast Path rule
    type = Airespace AP Client - ACL passthru
    on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
    IPv4 A
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206  Local Bridging Vlan = 220, Local Bridging intf id = 0
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 1, IPv6 ACL ID 255, L2 ACL ID 255)
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Plumbing web-auth redirect rule due to user logout
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Assigning Address 10.130.130.120 to mobile 
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
  *DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
  *pemReceiveTask: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 Added NPU entry of type 2, dtlFlags 0x0
  *IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Pushing IPv6 Vlan Intf ID 0: fe80:0000:0000:0000:f524:1910:69f0:9482 , and MAC: 00:24:D6:97:B3:BE , Binding to Data Plane. SUCCESS !! dhcpv6bitmap 0
  *IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Link Local address fe80::f524:1910:69f0:9482 updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
  *DHCP Socket Task: Aug 12 10:58:28.581: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
  *DHCP Socket Task: Aug 12 10:58:28.589: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
  *DHCP Socket Task: Aug 12 11:00:07.959: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
  *DHCP Socket Task: Aug 12 11:00:07.967: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
  *DHCP Socket Task: Aug 12 11:01:59.153: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
  Can you see any obvious reason why the NAC agent wont pop up?
  Thanks
  Mario