Unsupported Authentication Algorithm
I keep getting this message in my 350AP logs when trying to do PEAP:
Station [172.16.200.204]00097cfcd901 Failed Authentication, status "Unsupported Authentication Algorithm"
It doesn't even try and contact my Radius server (Win2k IAS)
I've tried using both 11.23T and 12.00 images on the AP. I've followed every set of instructions I could find and nothing seems to be able to get it to work... I've set the authentication on the AP to Require EAP (i've also tried Network-EAP) with a WEP rotation and I've got ACU 5.05 with latest firmware (4.25.30) and drivers (8.2.3) installed on my WinXp (SP1) machine.
It's like I'm missing the "work / don't work" switch somewhere.
Any help would be appreciated.
Ben
If you are using some sort of wireless security,and you are getting a message like unsupported authentication algorithm, this indicates that there is a mismatch of the security that is configured. Please recheck the security configuration of the access point and the client.
The URL http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wrsec_an.htm provides information on client and device requirements for security configurations
You can enable accounting on the access point to send network accounting information about wireless client devices to a RADIUS server on your network. Cisco Secure ACS writes accounting records to a log file or to a database daily.
Similar Messages
-
If anyone can help with this it would be great. I have a 350 AP w/ 11.10 firmware running LEAP, i have a couple 350 workgroup bridges that authenticate with it just fine, but i have a win98 client w/ a 350 pci card in it that will not authenticate. the error i keep getting is Station 00409646007a Failed Authentication, status "Unsupported Authentication Algorithm" Does anyone know how t correct this?
Thankshi,
well my suggestion is to download the latest ACU from cisco site and configure it for LEAP cause i think its easy to configure the latest ACU and u'll able to understand the options.
cause its the problem of client settings. -
Open and Network-EAP authentication - difference in security?
As far as security goes, and assuming Radius authentication wil actually authenticate and allow users access to the wireless network (or not), it there any difference (once again, as far as security goes), between Open Authentication and Network-EAP as described below?
In any EAP/802.1x-based authentication method, you may question what the differences are between Network-EAP and Open authentication with EAP. These items refer to values in the Authentication Algorithm field in the headers of management and association packets. Most manufacturers of wireless clients set this field at the value 0 (Open authentication), and then signal their desire to do EAP authentication later in the association process. Cisco sets the value differently, from the start of association with the Network EAP flag.1. Join process - comparable to connecting a cable in the wired network world. Usually "OPEN".2. Authentication - this verifies the client is who they claim they are because they possess a certificate (EAP-TLS), know the password or a PSK.3. Encryption with TKIP or AES - this is about protecting data as it is transmitted through the air AFTER authentication.
You are correct.
What confuses me when attempting to configure the Aironet I'm working with is the difference in terminology with the familiar choices I had in Linksys access points, something like this:- WEP- WPA- WPA-Enterprise- WPA2- WPA2-EnterpriseI thought WPA-Enterprise has to do with Radius and indeed I was able to create a test network in which a Windows XP laptop could connect via a Linksys access point, authenticating with EAP-TLS, with WPA-Enterprise selected on the AP. The Windows 2008 server was both a certificate authority, a radius (NPS) server and a domain controller.With the Aironet, I'm not sure what the equivalent choices should be, because, if you look at the link in my last post, there is a larger selection: WEP 40 bit, WEP 128 bit, TKIP, AES, combinations of what precedes and no reference to WPA or WPA2. I'm guessing TKIP = WPA and AES = WPA2.And while I can select "EAP" in the Express Security Setup tab, I cannot see where I would opt for EAP-TLS rather than PEAP or EAP-TTLS and so forth.I'm going to take a look at your blog now and see if that doesn't enlighten me further.
You are on track my friend keep the thinking going .... you are very close!
Some more foundation for you ...
WPA - Is PSK with TKIP
WPA2 - Is PSK with AES
WPA Enterprsie - EAP- ??? with TKIP
WAP2 Enterprsie - EAP - ??? with AES
??? = Your selected EAP type
Now, why dont you have to configure EAP type on the AP? Great question, lets break this down.
1. The AP or WLC for that matter doesnt care what EAP type you use . Why you ask?
When you configure 802.1X, there are 2 virtual ports . These are virtual and you do nothing to configure these. Once you connect to an AP and EAP starts, the ap BLOCKS ALL TRAFFIC except for EAPOL traffic. This is the ONLY traffic allowed past the until the AP / WLC receives a RADIUS SUCCESS. Once the AP/WLC sees this radius success it then switches virtually over to the controlled port and allows ALL your traffic to pass.
2. With that being said, your client is only passing traffic through the ap and wlc. The ap / wlc doesnt care what EAP you are using. Your client is talking directly to the radius server at that point. The AP/WLC at this point is only a pass through, nothing more.
Does that help ?
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin -
WLC user authentication and SSID broadcast
Hi Everyone,
Need to confirm if WLC is sending the ssid as broadcast or not?
Also if users connect if they get the ip from dhcp need to confirm how they are getting authenticated?
Regards
MaheshWith respect to username you are correct.
But regarding authentication you cannot come to a conclusion like that, You have to see the full "show client detail " . Here is an example of PEAP authenticated client. Authentication algorithm open system does not mean user does not use password. Any EAP method Authentication Algorithm show as open system, but still user has to enter their credential (except TLS where it is certificate based)
(WLC) >show client detail 04:1e:64:13:f9:03
Client MAC Address............................... 04:1e:64:13:f9:03
Client Username ................................. smcowgill
AP MAC Address................................... c4:0a:cb:a0:e8:50
AP Name.......................................... APc464.13b4.4be8
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2
Hotspot (802.11u)................................ Not Supported
BSSID............................................ c4:0a:cb:a0:e8:51
Connected For ................................... 7520 secs
Channel.......................................... 1
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... No CCX support
Re-Authentication Timeout........................ 3284
802.1P Priority Tag.............................. 6
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... 54.0
Supported Rates.................................. 12.0,18.0,24.0,36.0,48.0,54.0
Mobility State................................... Foreign
Mobility Anchor IP Address....................... 10.14.7.247
Mobility Move Count.............................. 3
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. 0a0a06f400040f985228de2e
IPv4 ACL Name.................................... none
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Client Type...................................... SimpleIP
PMIPv6 State..................................... Unavailable
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... PEAP -
I installed a brand new system two days ago, from the latest Arch ISO. I'm using Xorg 1.11 and Catalyst 12.6 from the official xorg111/hd234k repos. My DE is Gnome Shell 3.6.1. Arch is dual booted alongside Windows 8 (sda1/2 for Win8, sda3/4 for Arch, no Swap). The hardware is a AMD Phenome II x4 920, ATi HD Radeon 4870 512mb, and 8Gb of ram.
This is the first time I've tried to use both systemd and grub2. But so far all the help I've been able to get from the IRC has lead to dead-ends. As far as I know, I've read the docs very thoroughly and set everything up correctly, and everything does work perfectly except for GDM. Meaning if I put "exec gnome-session" in ~/.xinitrc and '$ startx' then Gnome Shell starts up and runs fine (though keyring doesn't remember my passwords).
Yes, I have set "nomodeset" in /etc/default/grub and generated Grub2 correctly
Yes, I have set up systemd correctly (hostname, locale, timezone, hwclock, kernel modules, etc). Like I said, everything works great in Gnome-Shell.
Yes, I have run "systemd enable gdm", but gdm fails to load, and while no error message display at boot (it just sits there after the "systemd-fsdisk : clean ... " message), disabling GDM then running it manually ("# gdm") says that Xorg failed to load, and to check the Xorg logs.
Well I've checked the Xorg logs, and the errors present don't return any useful results on Google... so I'm posting here in hope this isn't just some odd bug with my system specifically. The logs are as follows:
Log: /var/log/Xorg.log.old (this is the one generated [i believe] from running '# gdm')
[ 25.921]
X.Org X Server 1.11.4
Release Date: 2012-01-27
[ 25.924] X Protocol Version 11, Revision 0
[ 25.925] Build Operating System: Linux 3.3.7-1-ARCH x86_64
[ 25.926] Current Operating System: Linux philip-linux 3.6.4-1-ARCH #1 SMP PREEMPT Mon Oct 29 09:49:00 CET 2012 x86_64
[ 25.927] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=cc87c822-7ff7-43c0-9d61-4770c2e40d0c ro nomodeset quiet
[ 25.928] Build Date: 01 June 2012 05:44:06PM
[ 25.929]
[ 25.930] Current version of pixman: 0.26.2
[ 25.931] Before reporting problems, check [url]http://wiki.x.org[/url]
to make sure that you have the latest version.
[ 25.934] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 25.938] (==) Log file: "/var/log/Xorg.0.log", Time: Thu Nov 1 21:11:33 2012
[ 25.999] (==) Using config file: "/etc/X11/xorg.conf"
[ 26.001] (==) Using config directory: "/etc/X11/xorg.conf.d"
[ 26.022] (==) ServerLayout "aticonfig Layout"
[ 26.022] (**) |-->Screen "aticonfig-Screen[0]-0" (0)
[ 26.022] (**) | |-->Monitor "<default monitor>"
[ 26.023] (**) | |-->Device "aticonfig-Device[0]-0"
[ 26.023] (==) No monitor specified for screen "aticonfig-Screen[0]-0".
Using a default monitor configuration.
[ 26.023] (==) Automatically adding devices
[ 26.023] (==) Automatically enabling devices
[ 26.136] (WW) The directory "/usr/share/fonts/OTF/" does not exist.
[ 26.136] Entry deleted from font path.
[ 26.138] (WW) `fonts.dir' not found (or not valid) in "/usr/share/fonts/100dpi/".
[ 26.138] Entry deleted from font path.
[ 26.138] (Run 'mkfontdir' on "/usr/share/fonts/100dpi/").
[ 26.138] (WW) `fonts.dir' not found (or not valid) in "/usr/share/fonts/75dpi/".
[ 26.138] Entry deleted from font path.
[ 26.138] (Run 'mkfontdir' on "/usr/share/fonts/75dpi/").
[ 26.138] (==) FontPath set to:
/usr/share/fonts/misc/,
/usr/share/fonts/TTF/,
/usr/share/fonts/Type1/
[ 26.138] (==) ModulePath set to "/usr/lib/xorg/modules"
[ 26.138] (II) The server relies on udev to provide the list of input devices.
If no devices become available, reconfigure udev or disable AutoAddDevices.
[ 26.138] (II) Loader magic: 0x7c7ae0
[ 26.138] (II) Module ABI versions:
[ 26.138] X.Org ANSI C Emulation: 0.4
[ 26.138] X.Org Video Driver: 11.0
[ 26.138] X.Org XInput driver : 13.0
[ 26.138] X.Org Server Extension : 6.0
[ 26.140] (--) PCI:*(0:1:0:0) 1002:9440:1043:01fc rev 0, Mem @ 0xd0000000/268435456, 0xfbef0000/65536, I/O @ 0x0000d000/256, BIOS @ 0x????????/131072
[ 26.140] (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory)
[ 26.140] (II) "extmod" will be loaded by default.
[ 26.140] (II) "dbe" will be loaded by default.
[ 26.140] (II) "glx" will be loaded by default.
[ 26.140] (II) "record" will be loaded by default.
[ 26.140] (II) "dri" will be loaded by default.
[ 26.140] (II) "dri2" will be loaded by default.
[ 26.140] (II) LoadModule: "extmod"
[ 26.156] (II) Loading /usr/lib/xorg/modules/extensions/libextmod.so
[ 26.168] (II) Module extmod: vendor="X.Org Foundation"
[ 26.168] compiled for 1.11.4, module version = 1.0.0
[ 26.168] Module class: X.Org Server Extension
[ 26.168] ABI class: X.Org Server Extension, version 6.0
[ 26.168] (II) Loading extension MIT-SCREEN-SAVER
[ 26.168] (II) Loading extension XFree86-VidModeExtension
[ 26.168] (II) Loading extension XFree86-DGA
[ 26.168] (II) Loading extension DPMS
[ 26.168] (II) Loading extension XVideo
[ 26.168] (II) Loading extension XVideo-MotionCompensation
[ 26.168] (II) Loading extension X-Resource
[ 26.168] (II) LoadModule: "dbe"
[ 26.169] (II) Loading /usr/lib/xorg/modules/extensions/libdbe.so
[ 26.175] (II) Module dbe: vendor="X.Org Foundation"
[ 26.175] compiled for 1.11.4, module version = 1.0.0
[ 26.175] Module class: X.Org Server Extension
[ 26.175] ABI class: X.Org Server Extension, version 6.0
[ 26.175] (II) Loading extension DOUBLE-BUFFER
[ 26.175] (II) LoadModule: "glx"
[ 26.176] (II) Loading /usr/lib/xorg/modules/extensions/libglx.so
[ 26.190] (II) Module glx: vendor="Advanced Micro Devices, Inc."
[ 26.191] compiled for 6.9.0, module version = 1.0.0
[ 26.191] (II) Loading extension GLX
[ 26.191] (II) LoadModule: "record"
[ 26.191] (II) Loading /usr/lib/xorg/modules/extensions/librecord.so
[ 26.198] (II) Module record: vendor="X.Org Foundation"
[ 26.198] compiled for 1.11.4, module version = 1.13.0
[ 26.198] Module class: X.Org Server Extension
[ 26.198] ABI class: X.Org Server Extension, version 6.0
[ 26.198] (II) Loading extension RECORD
[ 26.198] (II) LoadModule: "dri"
[ 26.198] (II) Loading /usr/lib/xorg/modules/extensions/libdri.so
[ 26.201] (II) Module dri: vendor="X.Org Foundation"
[ 26.201] compiled for 1.11.4, module version = 1.0.0
[ 26.201] ABI class: X.Org Server Extension, version 6.0
[ 26.201] (II) Loading extension XFree86-DRI
[ 26.201] (II) LoadModule: "dri2"
[ 26.201] (II) Loading /usr/lib/xorg/modules/extensions/libdri2.so
[ 26.202] (II) Module dri2: vendor="X.Org Foundation"
[ 26.202] compiled for 1.11.4, module version = 1.2.0
[ 26.202] ABI class: X.Org Server Extension, version 6.0
[ 26.202] (II) Loading extension DRI2
[ 26.202] (II) LoadModule: "fglrx"
[ 26.210] (II) Loading /usr/lib/xorg/modules/drivers/fglrx_drv.so
[ 26.441] (II) Module fglrx: vendor="FireGL - ATI Technologies Inc."
[ 26.455] compiled for 1.4.99.906, module version = 8.97.2
[ 26.455] Module class: X.Org Video Driver
[ 26.456] (II) Loading sub module "fglrxdrm"
[ 26.456] (II) LoadModule: "fglrxdrm"
[ 26.456] (II) Loading /usr/lib/xorg/modules/linux/libfglrxdrm.so
[ 26.466] (II) Module fglrxdrm: vendor="FireGL - ATI Technologies Inc."
[ 26.466] compiled for 1.4.99.906, module version = 8.97.2
[ 26.466] (II) ATI Proprietary Linux Driver Version Identifier:8.97.2
[ 26.466] (II) ATI Proprietary Linux Driver Release Identifier: UNSUPPORTED-8.97.100.3
[ 26.466] (II) ATI Proprietary Linux Driver Build Date: Jul 3 2012 23:56:30
[ 26.466] (++) using VT number 1
[ 26.467] (WW) Falling back to old probe method for fglrx
[ 26.506] (II) Loading PCS database from /etc/ati/amdpcsdb
[ 26.520] (--) Chipset Supported AMD Graphics Processor (0x9440) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:17:0) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:18:0) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:18:1) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:18:2) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:19:0) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:19:1) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:19:2) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:20:0) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:20:1) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:20:2) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:20:3) found
[ 26.527] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:20:4) found
[ 26.528] (WW) fglrx: No matching Device section for instance (BusID PCI:0@0:20:5) found
[ 26.528] (WW) fglrx: No matching Device section for instance (BusID PCI:0@1:0:1) found
[ 26.528] (II) AMD Video driver is running on a device belonging to a group targeted for this release
[ 26.539] (II) AMD Video driver is signed
[ 26.539] (II) Loading /usr/lib/xorg/modules/drivers/fglrx_drv.so
[ 26.539] (II) Loading /usr/lib/xorg/modules/linux/libfglrxdrm.so
[ 26.539] (II) fglrx(0): pEnt->device->identifier=0xaebed0
[ 26.540] (II) fglrx(0): === [xdl_xs111_atiddxPreInit] === begin
[ 26.540] (II) Loading sub module "vgahw"
[ 26.540] (II) LoadModule: "vgahw"
[ 26.540] (II) Loading /usr/lib/xorg/modules/libvgahw.so
[ 26.541] (II) Module vgahw: vendor="X.Org Foundation"
[ 26.541] compiled for 1.11.4, module version = 0.1.0
[ 26.541] ABI class: X.Org Video Driver, version 11.0
[ 26.541] (**) fglrx(0): Depth 24, (--) framebuffer bpp 32
[ 26.541] (II) fglrx(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps)
[ 26.541] (==) fglrx(0): Default visual is TrueColor
[ 26.541] (==) fglrx(0): RGB weight 888
[ 26.541] (II) fglrx(0): Using 8 bits per RGB
[ 26.541] (==) fglrx(0): Buffer Tiling is ON
[ 26.542] (II) Loading sub module "fglrxdrm"
[ 26.542] (II) LoadModule: "fglrxdrm"
[ 26.543] (II) Loading /usr/lib/xorg/modules/linux/libfglrxdrm.so
[ 26.543] (II) Module fglrxdrm: vendor="FireGL - ATI Technologies Inc."
[ 26.543] compiled for 1.4.99.906, module version = 8.97.2
[ 26.546] ukiDynamicMajor: found major device number 251
[ 26.546] ukiDynamicMajor: found major device number 251
[ 26.546] ukiOpenByBusid: Searching for BusID PCI:1:0:0
[ 26.546] ukiOpenDevice: node name is /dev/ati/card0
[ 26.546] ukiOpenDevice: open result is 11, (OK)
[ 26.546] ukiOpenByBusid: ukiOpenMinor returns 11
[ 26.546] ukiOpenByBusid: ukiGetBusid reports PCI:1:0:0
[ 26.546] (**) fglrx(0): NoAccel = NO
[ 26.546] (**) fglrx(0): ATI 2D Acceleration Architecture enabled
[ 26.546] (--) fglrx(0): Chipset: "ATI Radeon HD 4800 Series " (Chipset = 0x9440)
[ 26.546] (--) fglrx(0): (PciSubVendor = 0x1043, PciSubDevice = 0x01fc)
[ 26.546] (==) fglrx(0): board vendor info: third party graphics adapter - NOT original ATI
[ 26.546] (--) fglrx(0): Linear framebuffer (phys) at 0xd0000000
[ 26.546] (--) fglrx(0): MMIO registers at 0xfbef0000
[ 26.546] (--) fglrx(0): I/O port at 0x0000d000
[ 26.546] (==) fglrx(0): ROM-BIOS at 0x000c0000
[ 26.564] (II) fglrx(0): AC Adapter is used
[ 26.589] (II) fglrx(0): Primary V_BIOS segment is: 0xc000
[ 26.591] (II) Loading sub module "vbe"
[ 26.591] (II) LoadModule: "vbe"
[ 26.592] (II) Loading /usr/lib/xorg/modules/libvbe.so
[ 26.593] (II) Module vbe: vendor="X.Org Foundation"
[ 26.593] compiled for 1.11.4, module version = 1.1.0
[ 26.593] ABI class: X.Org Video Driver, version 11.0
[ 26.593] (II) fglrx(0): VESA BIOS detected
[ 26.593] (II) fglrx(0): VESA VBE Version 3.0
[ 26.593] (II) fglrx(0): VESA VBE Total Mem: 16384 kB
[ 26.593] (II) fglrx(0): VESA VBE OEM: ATI ATOMBIOS
[ 26.593] (II) fglrx(0): VESA VBE OEM Software Rev: 11.7
[ 26.593] (II) fglrx(0): VESA VBE OEM Vendor: (C) 1988-2005, ATI Technologies Inc.
[ 26.593] (II) fglrx(0): VESA VBE OEM Product: RV770
[ 26.593] (II) fglrx(0): VESA VBE OEM Product Rev: 01.00
[ 26.631] (II) fglrx(0): ATI Video BIOS revision 9 or later detected
[ 26.632] (--) fglrx(0): Video RAM: 524288 kByte, Type: GDDR5
[ 26.632] (II) fglrx(0): PCIE card detected
[ 26.632] (--) fglrx(0): Using per-process page tables (PPPT) as GART.
[ 26.632] (WW) fglrx(0): board is an unknown third party board, chipset is supported
[ 26.633] (II) fglrx(0): Using adapter: 1:0.0.
[ 26.665] (II) fglrx(0): [FB] MC range(MCFBBase = 0xf00000000, MCFBSize = 0x20000000)
[ 26.672] (II) fglrx(0): Interrupt handler installed at IRQ 44.
[ 26.672] (II) fglrx(0): RandR 1.2 support is enabled!
[ 26.672] (II) fglrx(0): RandR 1.2 rotation support is enabled!
[ 26.672] (==) fglrx(0): Center Mode is disabled
[ 26.672] (II) Loading sub module "fb"
[ 26.672] (II) LoadModule: "fb"
[ 26.672] (II) Loading /usr/lib/xorg/modules/libfb.so
[ 26.685] (II) Module fb: vendor="X.Org Foundation"
[ 26.685] compiled for 1.11.4, module version = 1.0.0
[ 26.685] ABI class: X.Org ANSI C Emulation, version 0.4
[ 26.685] (II) Loading sub module "ddc"
[ 26.685] (II) LoadModule: "ddc"
[ 26.685] (II) Module "ddc" already built-in
[ 27.457] (II) fglrx(0): Finished Initialize PPLIB!
[ 27.479] (II) fglrx(0): Output DFP1 using monitor section 0-DFP1
[ 27.479] (**) fglrx(0): Option "PreferredMode" "1920x1080"
[ 27.479] (**) fglrx(0): Option "Position" "0 0"
[ 27.479] (**) fglrx(0): Option "Disable" "false"
[ 27.479] (**) fglrx(0): Option "Rotate" "normal"
[ 27.479] (**) fglrx(0): Option "TargetRefresh" "60"
[ 27.479] (II) fglrx(0): Output DFP2 using monitor section 0-DFP2
[ 27.479] (**) fglrx(0): Option "Position" "331 1080"
[ 27.479] (**) fglrx(0): Option "Disable" "true"
[ 27.479] (**) fglrx(0): Option "Rotate" "normal"
[ 27.479] (**) fglrx(0): Option "TargetRefresh" "60"
[ 27.479] (II) fglrx(0): Output CRT1 has no monitor section
[ 27.479] (II) fglrx(0): Output CRT2 has no monitor section
[ 27.479] (II) fglrx(0): Output TV has no monitor section
[ 27.479] (II) fglrx(0): Output CV has no monitor section
[ 27.479] (II) Loading sub module "ddc"
[ 27.479] (II) LoadModule: "ddc"
[ 27.479] (II) Module "ddc" already built-in
[ 27.479] (II) fglrx(0): Connected Display0: DFP1
[ 27.479] (II) fglrx(0): Display0 EDID data ---------------------------
[ 27.479] (II) fglrx(0): Manufacturer: ACR Model: 87 Serial#: 2435877271
[ 27.479] (II) fglrx(0): Year: 2009 Week: 13
[ 27.479] (II) fglrx(0): EDID Version: 1.3
[ 27.479] (II) fglrx(0): Digital Display Input
[ 27.479] (II) fglrx(0): Max Image Size [cm]: horiz.: 48 vert.: 27
[ 27.479] (II) fglrx(0): Gamma: 2.20
[ 27.479] (II) fglrx(0): DPMS capabilities: StandBy Suspend
[ 27.479] (II) fglrx(0): Supported color encodings: RGB 4:4:4 YCrCb 4:4:4
[ 27.479] (II) fglrx(0): First detailed timing is preferred mode
[ 27.479] (II) fglrx(0): redX: 0.640 redY: 0.330 greenX: 0.300 greenY: 0.600
[ 27.479] (II) fglrx(0): blueX: 0.150 blueY: 0.060 whiteX: 0.313 whiteY: 0.329
[ 27.479] (II) fglrx(0): Supported established timings:
[ 27.479] (II) fglrx(0): 720x400@70Hz
[ 27.479] (II) fglrx(0): 640x480@60Hz
[ 27.479] (II) fglrx(0): 640x480@67Hz
[ 27.479] (II) fglrx(0): 640x480@72Hz
[ 27.479] (II) fglrx(0): 640x480@75Hz
[ 27.479] (II) fglrx(0): 800x600@56Hz
[ 27.479] (II) fglrx(0): 800x600@60Hz
[ 27.479] (II) fglrx(0): 800x600@72Hz
[ 27.479] (II) fglrx(0): 800x600@75Hz
[ 27.479] (II) fglrx(0): 832x624@75Hz
[ 27.479] (II) fglrx(0): 1024x768@60Hz
[ 27.479] (II) fglrx(0): 1024x768@70Hz
[ 27.479] (II) fglrx(0): 1024x768@75Hz
[ 27.479] (II) fglrx(0): 1280x1024@75Hz
[ 27.479] (II) fglrx(0): 1152x864@75Hz
[ 27.479] (II) fglrx(0): Manufacturer's mask: 0
[ 27.479] (II) fglrx(0): Supported standard timings:
[ 27.479] (II) fglrx(0): #0: hsize: 1152 vsize 864 refresh: 75 vid: 20337
[ 27.479] (II) fglrx(0): #1: hsize: 1280 vsize 1024 refresh: 60 vid: 32897
[ 27.479] (II) fglrx(0): #2: hsize: 1680 vsize 1050 refresh: 60 vid: 179
[ 27.479] (II) fglrx(0): #3: hsize: 1920 vsize 1080 refresh: 60 vid: 49361
[ 27.479] (II) fglrx(0): #4: hsize: 1440 vsize 900 refresh: 60 vid: 149
[ 27.479] (II) fglrx(0): #5: hsize: 1600 vsize 1200 refresh: 60 vid: 16553
[ 27.479] (II) fglrx(0): #6: hsize: 1280 vsize 960 refresh: 60 vid: 16513
[ 27.479] (II) fglrx(0): #7: hsize: 1280 vsize 720 refresh: 60 vid: 49281
[ 27.479] (II) fglrx(0): Supported detailed timing:
[ 27.479] (II) fglrx(0): clock: 138.5 MHz Image Size: 531 x 299 mm
[ 27.479] (II) fglrx(0): h_active: 1920 h_sync: 1968 h_sync_end 2000 h_blank_end 2080 h_border: 0
[ 27.479] (II) fglrx(0): v_active: 1080 v_sync: 1083 v_sync_end 1088 v_blanking: 1110 v_border: 0
[ 27.479] (II) fglrx(0): Ranges: V min: 56 V max: 76 Hz, H min: 31 H max: 83 kHz, PixClock max 175 MHz
[ 27.479] (II) fglrx(0): Monitor name: H213H
[ 27.479] (II) fglrx(0): Serial No: LF80D0028500
[ 27.479] (II) fglrx(0): EDID (in hex):
[ 27.479] (II) fglrx(0): 00ffffffffffff000472870097893091
[ 27.479] (II) fglrx(0): 0d13010380301b78caee95a3544c9926
[ 27.479] (II) fglrx(0): 0f5054bfef80714f8180b300d1c09500
[ 27.479] (II) fglrx(0): a940814081c01a3680a070381e403020
[ 27.479] (II) fglrx(0): 3500132b21000018000000fd00384c1f
[ 27.479] (II) fglrx(0): 5311000a202020202020000000fc0048
[ 27.479] (II) fglrx(0): 323133480a20202020202020000000ff
[ 27.479] (II) fglrx(0): 004c46383044303032383530300a001a
[ 27.479] (II) fglrx(0): End of Display0 EDID data --------------------
[ 27.479] (II) fglrx(0): Connected Display1: DFP2
[ 27.479] (II) fglrx(0): Display1 EDID data ---------------------------
[ 27.479] (II) fglrx(0): Manufacturer: WAC Model: 1019 Serial#: 5284
[ 27.479] (II) fglrx(0): Year: 2008 Week: 5
[ 27.479] (II) fglrx(0): EDID Version: 1.3
[ 27.479] (II) fglrx(0): Digital Display Input
[ 27.479] (II) fglrx(0): DFP 1.x compatible TMDS
[ 27.479] (II) fglrx(0): Max Image Size [cm]: horiz.: 27 vert.: 17
[ 27.479] (II) fglrx(0): Gamma: 2.20
[ 27.479] (II) fglrx(0): DPMS capabilities: StandBy Off
[ 27.479] (II) fglrx(0): Supported color encodings: RGB 4:4:4 YCrCb 4:4:4
[ 27.479] (II) fglrx(0): First detailed timing is preferred mode
[ 27.479] (II) fglrx(0): redX: 0.589 redY: 0.341 greenX: 0.321 greenY: 0.535
[ 27.479] (II) fglrx(0): blueX: 0.157 blueY: 0.145 whiteX: 0.313 whiteY: 0.329
[ 27.479] (II) fglrx(0): Supported established timings:
[ 27.479] (II) fglrx(0): 720x400@70Hz
[ 27.479] (II) fglrx(0): 640x480@60Hz
[ 27.479] (II) fglrx(0): 640x480@75Hz
[ 27.479] (II) fglrx(0): 800x600@60Hz
[ 27.479] (II) fglrx(0): 800x600@72Hz
[ 27.479] (II) fglrx(0): 800x600@75Hz
[ 27.479] (II) fglrx(0): 832x624@75Hz
[ 27.479] (II) fglrx(0): 1024x768@60Hz
[ 27.479] (II) fglrx(0): 1024x768@70Hz
[ 27.479] (II) fglrx(0): 1024x768@75Hz
[ 27.479] (II) fglrx(0): Manufacturer's mask: 0
[ 27.479] (II) fglrx(0): Supported standard timings:
[ 27.479] (II) fglrx(0): #0: hsize: 1280 vsize 800 refresh: 60 vid: 129
[ 27.479] (II) fglrx(0): Supported detailed timing:
[ 27.479] (II) fglrx(0): clock: 83.4 MHz Image Size: 261 x 163 mm
[ 27.479] (II) fglrx(0): h_active: 1280 h_sync: 1480 h_sync_end 1616 h_blank_end 1680 h_border: 0
[ 27.479] (II) fglrx(0): v_active: 800 v_sync: 824 v_sync_end 827 v_blanking: 828 v_border: 0
[ 27.479] (II) fglrx(0): Ranges: V min: 56 V max: 75 Hz, H min: 31 H max: 82 kHz, PixClock max 145 MHz
[ 27.479] (II) fglrx(0): Serial No: 8AC005284
[ 27.479] (II) fglrx(0): Monitor name: Cintiq 12WX
[ 27.479] (II) fglrx(0): EDID (in hex):
[ 27.479] (II) fglrx(0): 00ffffffffffff005c231910a4140000
[ 27.479] (II) fglrx(0): 05120103811b1178aad4459657528928
[ 27.479] (II) fglrx(0): 255054a5ee0081000101010101010101
[ 27.479] (II) fglrx(0): 0101010101019420009051201c30c888
[ 27.479] (II) fglrx(0): 830405a31000001e000000fd00384b1f
[ 27.479] (II) fglrx(0): 520e000a202020202020000000ff0038
[ 27.479] (II) fglrx(0): 414330303532383420202020000000fc
[ 27.479] (II) fglrx(0): 0043696e74697120313257580a200023
[ 27.479] (II) fglrx(0): End of Display1 EDID data --------------------
[ 27.767] (II) fglrx(0): EDID for output DFP1
[ 27.767] (II) fglrx(0): Manufacturer: ACR Model: 87 Serial#: 2435877271
[ 27.767] (II) fglrx(0): Year: 2009 Week: 13
[ 27.767] (II) fglrx(0): EDID Version: 1.3
[ 27.768] (II) fglrx(0): Digital Display Input
[ 27.768] (II) fglrx(0): Max Image Size [cm]: horiz.: 48 vert.: 27
[ 27.768] (II) fglrx(0): Gamma: 2.20
[ 27.768] (II) fglrx(0): DPMS capabilities: StandBy Suspend
[ 27.768] (II) fglrx(0): Supported color encodings: RGB 4:4:4 YCrCb 4:4:4
[ 27.768] (II) fglrx(0): First detailed timing is preferred mode
[ 27.768] (II) fglrx(0): redX: 0.640 redY: 0.330 greenX: 0.300 greenY: 0.600
[ 27.768] (II) fglrx(0): blueX: 0.150 blueY: 0.060 whiteX: 0.313 whiteY: 0.329
[ 27.768] (II) fglrx(0): Supported established timings:
[ 27.768] (II) fglrx(0): 720x400@70Hz
[ 27.768] (II) fglrx(0): 640x480@60Hz
[ 27.768] (II) fglrx(0): 640x480@67Hz
[ 27.768] (II) fglrx(0): 640x480@72Hz
[ 27.768] (II) fglrx(0): 640x480@75Hz
[ 27.768] (II) fglrx(0): 800x600@56Hz
[ 27.768] (II) fglrx(0): 800x600@60Hz
[ 27.768] (II) fglrx(0): 800x600@72Hz
[ 27.768] (II) fglrx(0): 800x600@75Hz
[ 27.768] (II) fglrx(0): 832x624@75Hz
[ 27.768] (II) fglrx(0): 1024x768@60Hz
[ 27.768] (II) fglrx(0): 1024x768@70Hz
[ 27.768] (II) fglrx(0): 1024x768@75Hz
[ 27.768] (II) fglrx(0): 1280x1024@75Hz
[ 27.768] (II) fglrx(0): 1152x864@75Hz
[ 27.768] (II) fglrx(0): Manufacturer's mask: 0
[ 27.768] (II) fglrx(0): Supported standard timings:
[ 27.768] (II) fglrx(0): #0: hsize: 1152 vsize 864 refresh: 75 vid: 20337
[ 27.768] (II) fglrx(0): #1: hsize: 1280 vsize 1024 refresh: 60 vid: 32897
[ 27.768] (II) fglrx(0): #2: hsize: 1680 vsize 1050 refresh: 60 vid: 179
[ 27.768] (II) fglrx(0): #3: hsize: 1920 vsize 1080 refresh: 60 vid: 49361
[ 27.768] (II) fglrx(0): #4: hsize: 1440 vsize 900 refresh: 60 vid: 149
[ 27.768] (II) fglrx(0): #5: hsize: 1600 vsize 1200 refresh: 60 vid: 16553
[ 27.768] (II) fglrx(0): #6: hsize: 1280 vsize 960 refresh: 60 vid: 16513
[ 27.768] (II) fglrx(0): #7: hsize: 1280 vsize 720 refresh: 60 vid: 49281
[ 27.768] (II) fglrx(0): Supported detailed timing:
[ 27.768] (II) fglrx(0): clock: 138.5 MHz Image Size: 531 x 299 mm
[ 27.768] (II) fglrx(0): h_active: 1920 h_sync: 1968 h_sync_end 2000 h_blank_end 2080 h_border: 0
[ 27.768] (II) fglrx(0): v_active: 1080 v_sync: 1083 v_sync_end 1088 v_blanking: 1110 v_border: 0
[ 27.768] (II) fglrx(0): Ranges: V min: 56 V max: 76 Hz, H min: 31 H max: 83 kHz, PixClock max 175 MHz
[ 27.768] (II) fglrx(0): Monitor name: H213H
[ 27.768] (II) fglrx(0): Serial No: LF80D0028500
[ 27.768] (II) fglrx(0): EDID (in hex):
[ 27.768] (II) fglrx(0): 00ffffffffffff000472870097893091
[ 27.768] (II) fglrx(0): 0d13010380301b78caee95a3544c9926
[ 27.768] (II) fglrx(0): 0f5054bfef80714f8180b300d1c09500
[ 27.768] (II) fglrx(0): a940814081c01a3680a070381e403020
[ 27.768] (II) fglrx(0): 3500132b21000018000000fd00384c1f
[ 27.768] (II) fglrx(0): 5311000a202020202020000000fc0048
[ 27.768] (II) fglrx(0): 323133480a20202020202020000000ff
[ 27.768] (II) fglrx(0): 004c46383044303032383530300a001a
[ 27.768] (II) fglrx(0): EDID vendor "ACR", prod id 135
[ 27.781] (II) fglrx(0): Using EDID range info for horizontal sync
[ 27.781] (II) fglrx(0): Using EDID range info for vertical refresh
[ 27.781] (II) fglrx(0): Printing DDC gathered Modelines:
[ 27.781] (II) fglrx(0): Modeline "1920x1080"x0.0 138.50 1920 1968 2000 2080 1080 1083 1088 1110 -hsync -vsync (66.6 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x0.0 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x0.0 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x0.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x0.0 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x0.0 30.24 640 704 768 864 480 483 486 525 -hsync -vsync (35.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x0.0 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "720x400"x0.0 28.32 720 738 846 900 400 412 414 449 -hsync +vsync (31.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x1024"x0.0 135.00 1280 1296 1440 1688 1024 1025 1028 1066 +hsync +vsync (80.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x0.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x0.0 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x0.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz)
[ 27.781] (II) fglrx(0): Modeline "832x624"x0.0 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x0.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x0.0 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz)
[ 27.781] (II) fglrx(0): Modeline "1152x864"x0.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x1024"x0.0 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync (64.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1680x1050"x0.0 119.00 1680 1728 1760 1840 1050 1053 1059 1080 +hsync -vsync (64.7 kHz)
[ 27.781] (II) fglrx(0): Modeline "1920x1080"x60.0 172.80 1920 2040 2248 2576 1080 1081 1084 1118 -hsync +vsync (67.1 kHz)
[ 27.781] (II) fglrx(0): Modeline "1440x900"x0.0 88.75 1440 1488 1520 1600 900 903 909 926 +hsync -vsync (55.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1600x1200"x0.0 162.00 1600 1664 1856 2160 1200 1201 1204 1250 +hsync +vsync (75.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x960"x0.0 108.00 1280 1376 1488 1800 960 961 964 1000 +hsync +vsync (60.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x720"x60.0 74.48 1280 1336 1472 1664 720 721 724 746 -hsync +vsync (44.8 kHz)
[ 27.781] (II) fglrx(0): Printing probed modes for output DFP1
[ 27.781] (II) fglrx(0): Modeline "1920x1080"x60.0 138.50 1920 1968 2000 2080 1080 1083 1088 1110 +hsync +vsync (66.6 kHz)
[ 27.781] (II) fglrx(0): Modeline "1776x1000"x60.0 147.05 1776 1880 2072 2368 1000 1001 1004 1035 +hsync -vsync (62.1 kHz)
[ 27.781] (II) fglrx(0): Modeline "1600x900"x60.0 108.00 1600 1624 1704 1800 900 901 904 1000 -hsync -vsync (60.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1600x1200"x60.0 162.00 1600 1664 1856 2160 1200 1201 1204 1250 -hsync -vsync (75.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1680x1050"x60.0 146.25 1680 1784 1960 2240 1050 1053 1059 1089 +hsync -vsync (65.3 kHz)
[ 27.781] (II) fglrx(0): Modeline "1400x1050"x60.0 121.75 1400 1488 1632 1864 1050 1053 1057 1089 +hsync -vsync (65.3 kHz)
[ 27.781] (II) fglrx(0): Modeline "1360x1024"x60.0 116.01 1360 1448 1592 1824 1024 1025 1028 1060 +hsync -vsync (63.6 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x1024"x75.0 135.00 1280 1296 1440 1688 1024 1025 1028 1066 -hsync -vsync (80.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x1024"x60.0 108.00 1280 1328 1440 1688 1024 1025 1028 1066 -hsync -vsync (64.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1440x900"x60.0 106.50 1440 1520 1672 1904 900 903 909 934 +hsync -vsync (55.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x960"x75.0 129.86 1280 1368 1504 1728 960 961 964 1002 +hsync -vsync (75.2 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x960"x60.0 108.00 1280 1376 1488 1800 960 961 964 1000 -hsync -vsync (60.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x800"x75.0 107.21 1280 1360 1496 1712 800 801 804 835 +hsync -vsync (62.6 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x800"x60.0 83.46 1280 1344 1480 1680 800 801 804 828 +hsync -vsync (49.7 kHz)
[ 27.781] (II) fglrx(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 -hsync -vsync (67.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 +hsync -vsync (53.7 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x768"x75.0 102.25 1280 1360 1488 1696 768 771 778 805 +hsync -vsync (60.3 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x768"x60.0 79.50 1280 1344 1472 1664 768 771 778 798 +hsync -vsync (47.8 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x720"x60.0 74.25 1280 1390 1430 1650 720 725 730 750 -hsync -vsync (45.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 -hsync -vsync (60.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x70.0 75.00 1024 1048 1184 1328 768 771 777 806 +hsync +vsync (56.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 +hsync +vsync (48.4 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x72.0 50.00 800 856 976 1040 600 637 643 666 -hsync -vsync (48.1 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 -hsync -vsync (46.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x70.0 45.50 800 840 920 1040 600 601 604 625 +hsync -vsync (43.8 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x60.0 40.00 800 840 968 1056 600 601 605 628 -hsync -vsync (37.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x56.0 36.00 800 824 896 1024 600 601 603 625 -hsync -vsync (35.2 kHz)
[ 27.781] (II) fglrx(0): Modeline "720x480"x60.0 26.71 720 736 808 896 480 481 484 497 +hsync -vsync (29.8 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 +hsync +vsync (37.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x72.0 31.50 640 656 696 832 480 481 484 520 +hsync +vsync (37.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x60.0 25.18 640 648 744 800 480 482 484 525 +hsync +vsync (31.5 kHz)
[ 27.781] (II) fglrx(0): EDID for output DFP2
[ 27.781] (II) fglrx(0): Manufacturer: WAC Model: 1019 Serial#: 5284
[ 27.781] (II) fglrx(0): Year: 2008 Week: 5
[ 27.781] (II) fglrx(0): EDID Version: 1.3
[ 27.781] (II) fglrx(0): Digital Display Input
[ 27.781] (II) fglrx(0): DFP 1.x compatible TMDS
[ 27.781] (II) fglrx(0): Max Image Size [cm]: horiz.: 27 vert.: 17
[ 27.781] (II) fglrx(0): Gamma: 2.20
[ 27.781] (II) fglrx(0): DPMS capabilities: StandBy Off
[ 27.781] (II) fglrx(0): Supported color encodings: RGB 4:4:4 YCrCb 4:4:4
[ 27.781] (II) fglrx(0): First detailed timing is preferred mode
[ 27.781] (II) fglrx(0): redX: 0.589 redY: 0.341 greenX: 0.321 greenY: 0.535
[ 27.781] (II) fglrx(0): blueX: 0.157 blueY: 0.145 whiteX: 0.313 whiteY: 0.329
[ 27.781] (II) fglrx(0): Supported established timings:
[ 27.781] (II) fglrx(0): 720x400@70Hz
[ 27.781] (II) fglrx(0): 640x480@60Hz
[ 27.781] (II) fglrx(0): 640x480@75Hz
[ 27.781] (II) fglrx(0): 800x600@60Hz
[ 27.781] (II) fglrx(0): 800x600@72Hz
[ 27.781] (II) fglrx(0): 800x600@75Hz
[ 27.781] (II) fglrx(0): 832x624@75Hz
[ 27.781] (II) fglrx(0): 1024x768@60Hz
[ 27.781] (II) fglrx(0): 1024x768@70Hz
[ 27.781] (II) fglrx(0): 1024x768@75Hz
[ 27.781] (II) fglrx(0): Manufacturer's mask: 0
[ 27.781] (II) fglrx(0): Supported standard timings:
[ 27.781] (II) fglrx(0): #0: hsize: 1280 vsize 800 refresh: 60 vid: 129
[ 27.781] (II) fglrx(0): Supported detailed timing:
[ 27.781] (II) fglrx(0): clock: 83.4 MHz Image Size: 261 x 163 mm
[ 27.781] (II) fglrx(0): h_active: 1280 h_sync: 1480 h_sync_end 1616 h_blank_end 1680 h_border: 0
[ 27.781] (II) fglrx(0): v_active: 800 v_sync: 824 v_sync_end 827 v_blanking: 828 v_border: 0
[ 27.781] (II) fglrx(0): Ranges: V min: 56 V max: 75 Hz, H min: 31 H max: 82 kHz, PixClock max 145 MHz
[ 27.781] (II) fglrx(0): Serial No: 8AC005284
[ 27.781] (II) fglrx(0): Monitor name: Cintiq 12WX
[ 27.781] (II) fglrx(0): EDID (in hex):
[ 27.781] (II) fglrx(0): 00ffffffffffff005c231910a4140000
[ 27.781] (II) fglrx(0): 05120103811b1178aad4459657528928
[ 27.781] (II) fglrx(0): 255054a5ee0081000101010101010101
[ 27.781] (II) fglrx(0): 0101010101019420009051201c30c888
[ 27.781] (II) fglrx(0): 830405a31000001e000000fd00384b1f
[ 27.781] (II) fglrx(0): 520e000a202020202020000000ff0038
[ 27.781] (II) fglrx(0): 414330303532383420202020000000fc
[ 27.781] (II) fglrx(0): 0043696e74697120313257580a200023
[ 27.781] (II) fglrx(0): Printing probed modes for output DFP2
[ 27.781] (II) fglrx(0): Modeline "1280x800"x60.0 83.40 1280 1480 1616 1680 800 824 827 828 -hsync -vsync (49.6 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x768"x60.0 79.50 1280 1344 1472 1664 768 771 778 798 +hsync -vsync (47.8 kHz)
[ 27.781] (II) fglrx(0): Modeline "1280x720"x60.0 74.25 1280 1390 1430 1650 720 725 730 750 -hsync -vsync (45.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1152x648"x60.0 59.90 1152 1200 1320 1488 648 649 652 671 +hsync -vsync (40.3 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x75.0 78.75 1024 1040 1136 1312 768 769 772 800 -hsync -vsync (60.0 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x70.0 75.00 1024 1048 1184 1328 768 771 777 806 +hsync +vsync (56.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 +hsync +vsync (48.4 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x72.0 50.00 800 856 976 1040 600 637 643 666 -hsync -vsync (48.1 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 -hsync -vsync (46.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x70.0 45.50 800 840 920 1040 600 601 604 625 +hsync -vsync (43.8 kHz)
[ 27.781] (II) fglrx(0): Modeline "800x600"x60.0 40.00 800 840 968 1056 600 601 605 628 -hsync -vsync (37.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "720x480"x60.0 26.71 720 736 808 896 480 481 484 497 +hsync -vsync (29.8 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 +hsync +vsync (37.5 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x72.0 31.50 640 656 696 832 480 481 484 520 +hsync +vsync (37.9 kHz)
[ 27.781] (II) fglrx(0): Modeline "640x480"x60.0 25.18 640 648 744 800 480 482 484 525 +hsync +vsync (31.5 kHz)
[ 27.781] (II) fglrx(0): EDID for output CRT1
[ 27.781] (II) fglrx(0): EDID for output CRT2
[ 27.782] (II) fglrx(0): EDID for output TV
[ 27.782] (II) fglrx(0): EDID for output CV
[ 27.782] (II) fglrx(0): Output DFP1 connected
[ 27.782] (II) fglrx(0): Output DFP2 disabled by config file
[ 27.782] (II) fglrx(0): Output CRT1 disconnected
[ 27.782] (II) fglrx(0): Output CRT2 disconnected
[ 27.782] (II) fglrx(0): Output TV disconnected
[ 27.782] (II) fglrx(0): Output CV disconnected
[ 27.782] (II) fglrx(0): Using user preference for initial modes
[ 27.782] (II) fglrx(0): Output DFP1 using initial mode 1920x1080
[ 27.782] (II) fglrx(0): Display dimensions: (480, 270) mm
[ 27.782] (II) fglrx(0): DPI set to (101, 101)
[ 27.782] (II) fglrx(0): Adapter ATI Radeon HD 4800 Series has 2 configurable heads and 2 displays connected.
[ 27.782] (==) fglrx(0): PseudoColor visuals disabled
[ 27.782] (II) Loading sub module "ramdac"
[ 27.782] (II) LoadModule: "ramdac"
[ 27.782] (II) Module "ramdac" already built-in
[ 27.782] (==) fglrx(0): NoDRI = NO
[ 27.782] (==) fglrx(0): Capabilities: 0x00000000
[ 27.782] (==) fglrx(0): CapabilitiesEx: 0x00000000
[ 27.782] (==) fglrx(0): OpenGL ClientDriverName: "fglrx_dri.so"
[ 27.782] (==) fglrx(0): UseFastTLS=0
[ 27.782] (==) fglrx(0): BlockSignalsOnLock=1
[ 27.782] (II) fglrx(0): Desktop Vsync is enabled.
[ 27.782] (--) Depth 24 pixmap format is 32 bpp
[ 27.782] (II) Loading extension ATIFGLRXDRI
[ 27.782] (II) fglrx(0): doing swlDriScreenInit
[ 27.782] (II) fglrx(0): swlDriScreenInit for fglrx driver
[ 27.782] ukiDynamicMajor: found major device number 251
[ 27.782] ukiDynamicMajor: found major device number 251
[ 27.782] ukiDynamicMajor: found major device number 251
[ 27.782] ukiOpenByBusid: Searching for BusID PCI:1:0:0
[ 27.782] ukiOpenDevice: node name is /dev/ati/card0
[ 27.782] ukiOpenDevice: open result is 16, (OK)
[ 27.782] ukiOpenByBusid: ukiOpenMinor returns 16
[ 27.782] ukiOpenByBusid: ukiGetBusid reports PCI:1:0:0
[ 27.782] (II) fglrx(0): [uki] DRM interface version 1.0
[ 27.782] (II) fglrx(0): [uki] created "fglrx" driver at busid "PCI:1:0:0"
[ 27.782] (II) fglrx(0): [uki] added 8192 byte SAREA at 0x2000
[ 27.782] (II) fglrx(0): [uki] mapped SAREA 0x2000 to 0x7f541545b000
[ 27.782] (II) fglrx(0): [uki] framebuffer handle = 0x3000
[ 27.782] (II) fglrx(0): [uki] added 1 reserved context for kernel
[ 27.782] (II) fglrx(0): swlDriScreenInit done
[ 27.782] (II) fglrx(0): Kernel Module Version Information:
[ 27.782] (II) fglrx(0): Name: fglrx
[ 27.782] (II) fglrx(0): Version: 8.97.2
[ 27.782] (II) fglrx(0): Date: Jul 4 2012
[ 27.782] (II) fglrx(0): Desc: ATI FireGL DRM kernel module
[ 27.782] (II) fglrx(0): Kernel Module version matches driver.
[ 27.782] (II) fglrx(0): Kernel Module Build Time Information:
[ 27.782] (II) fglrx(0): Build-Kernel UTS_RELEASE: 3.6.4-1-ARCH
[ 27.782] (II) fglrx(0): Build-Kernel MODVERSIONS: no
[ 27.782] (II) fglrx(0): Build-Kernel __SMP__: no
[ 27.782] (II) fglrx(0): Build-Kernel PAGE_SIZE: 0x1000
[ 27.782] (II) fglrx(0): [uki] register handle = 0x00004000
[ 27.799] (II) fglrx(0): DRI initialization successfull
[ 27.800] (II) fglrx(0): FBADPhys: 0xf00000000 FBMappedSize: 0x01068000
[ 27.804] (==) fglrx(0): Backing store disabled
[ 27.804] (II) Loading extension FGLRXEXTENSION
[ 27.804] (==) fglrx(0): DPMS enabled
[ 27.804] (II) fglrx(0): Initialized in-driver Xinerama extension
[ 27.804] (**) fglrx(0): Textured Video is enabled.
[ 27.804] (II) LoadModule: "glesx"
[ 27.805] (II) Loading /usr/lib/xorg/modules/glesx.so
[ 27.934] (II) Module glesx: vendor="X.Org Foundation"
[ 27.934] compiled for 1.4.99.906, module version = 1.0.0
[ 27.934] (II) Loading extension GLESX
[ 27.934] (II) fglrx(0): GLESX enableFlags = 528
[ 27.945] (II) fglrx(0): GLESX is enabled
[ 27.945] (II) LoadModule: "amdxmm"
[ 27.945] (II) Loading /usr/lib/xorg/modules/amdxmm.so
[ 27.955] (II) Module amdxmm: vendor="X.Org Foundation"
[ 27.955] compiled for 1.4.99.906, module version = 2.0.0
[ 27.955] (II) Loading extension AMDXVOPL
[ 27.955] (II) Loading extension AMDXVBA
[ 27.958] (II) fglrx(0): UVD feature is enabled(II) fglrx(0):
[ 27.961] (II) fglrx(0): Enable composite support successfully
[ 27.961] (II) fglrx(0): X context handle = 0x1
[ 27.961] (II) fglrx(0): [DRI] installation complete
[ 27.961] (==) fglrx(0): Silken mouse enabled
[ 27.962] (==) fglrx(0): Using HW cursor of display infrastructure!
[ 27.962] (II) fglrx(0): Disabling in-server RandR and enabling in-driver RandR 1.2.
[ 27.962] (II) fglrx(0): Cannot get TV Format. Set all TV geometry value to zero!
[ 27.962] (II) fglrx(0): Cannot set TV horizontal size.
[ 27.962] (II) fglrx(0): Cannot get TV Format for trying to adjust horizontal position after horizontal size changed.
[ 27.962] (II) fglrx(0): Cannot set TV horizontal position.
[ 27.962] (II) fglrx(0): Cannot set TV vertical position.
[ 27.984] (II) fglrx(0): User Preference Output DFP1 using refresh rate 60.0 Hz.
[ 28.079] (--) RandR disabled
[ 28.079] (II) Initializing built-in extension Generic Event Extension
[ 28.079] (II) Initializing built-in extension SHAPE
[ 28.079] (II) Initializing built-in extension MIT-SHM
[ 28.079] (II) Initializing built-in extension XInputExtension
[ 28.079] (II) Initializing built-in extension XTEST
[ 28.079] (II) Initializing built-in extension BIG-REQUESTS
[ 28.079] (II) Initializing built-in extension SYNC
[ 28.079] (II) Initializing built-in extension XKEYBOARD
[ 28.079] (II) Initializing built-in extension XC-MISC
[ 28.079] (II) Initializing built-in extension SECURITY
[ 28.079] (II) Initializing built-in extension XINERAMA
[ 28.079] (II) Initializing built-in extension XFIXES
[ 28.079] (II) Initializing built-in extension RENDER
[ 28.079] (II) Initializing built-in extension RANDR
[ 28.079] (II) Initializing built-in extension COMPOSITE
[ 28.079] (II) Initializing built-in extension DAMAGE
[ 28.081] ukiDynamicMajor: found major device number 251
[ 28.081] ukiDynamicMajor: found major device number 251
[ 28.081] ukiOpenByBusid: Searching for BusID PCI:1:0:0
[ 28.081] ukiOpenDevice: node name is /dev/ati/card0
[ 28.081] ukiOpenDevice: open result is 17, (OK)
[ 28.081] ukiOpenByBusid: ukiOpenMinor returns 17
[ 28.081] ukiOpenByBusid: ukiGetBusid reports PCI:1:0:0
[ 28.808] (II) AIGLX: Loaded and initialized OpenGL driver(II) GLX: Initialized DRI GL provider for screen 0
[ 28.932] (II) fglrx(0): Enable the clock gating!
[ 28.977] (II) fglrx(0): Desktop Vsync is enabled.
[ 28.977] (II) fglrx(0): Setting screen physical size to 508 x 285
[ 29.247] (II) config/udev: Adding input device Power Button (/dev/input/event1)
[ 29.247] (**) Power Button: Applying InputClass "system-keyboard"
[ 29.247] (**) Power Button: Applying InputClass "evdev keyboard catchall"
[ 29.247] (II) LoadModule: "evdev"
[ 29.247] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.261] (II) Module evdev: vendor="X.Org Foundation"
[ 29.261] compiled for 1.10.99.902, module version = 2.6.0
[ 29.261] Module class: X.Org XInput Driver
[ 29.261] ABI class: X.Org XInput driver, version 13.0
[ 29.261] (II) Using input driver 'evdev' for 'Power Button'
[ 29.261] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.261] (**) Power Button: always reports core events
[ 29.261] (**) Power Button: Device: "/dev/input/event1"
[ 29.261] (--) Power Button: Found keys
[ 29.261] (II) Power Button: Configuring as keyboard
[ 29.261] (**) Option "config_info" "udev:/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1/event1"
[ 29.261] (II) XINPUT: Adding extended input device "Power Button" (type: KEYBOARD, id 6)
[ 29.261] (**) Option "xkb_rules" "evdev"
[ 29.261] (**) Option "xkb_model" "pc105+inet"
[ 29.261] (**) Option "xkb_layout" "us"
[ 29.261] (**) Option "xkb_options" "terminate:ctrl_alt_bksp"
[ 29.305] (II) config/udev: Adding input device Power Button (/dev/input/event0)
[ 29.305] (**) Power Button: Applying InputClass "system-keyboard"
[ 29.305] (**) Power Button: Applying InputClass "evdev keyboard catchall"
[ 29.305] (II) Using input driver 'evdev' for 'Power Button'
[ 29.305] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.306] (**) Power Button: always reports core events
[ 29.306] (**) Power Button: Device: "/dev/input/event0"
[ 29.306] (--) Power Button: Found keys
[ 29.306] (II) Power Button: Configuring as keyboard
[ 29.306] (**) Option "config_info" "udev:/sys/devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input0/event0"
[ 29.306] (II) XINPUT: Adding extended input device "Power Button" (type: KEYBOARD, id 7)
[ 29.306] (**) Option "xkb_rules" "evdev"
[ 29.306] (**) Option "xkb_model" "pc105+inet"
[ 29.306] (**) Option "xkb_layout" "us"
[ 29.306] (**) Option "xkb_options" "terminate:ctrl_alt_bksp"
[ 29.307] (II) config/udev: Adding input device HDA ATI HDMI HDMI/DP,pcm=3 (/dev/input/event15)
[ 29.307] (II) No input driver specified, ignoring this device.
[ 29.307] (II) This device may have been added with another device file.
[ 29.308] (II) config/udev: Adding input device Wacom Cintiq 12WX (/dev/input/event3)
[ 29.308] (**) Wacom Cintiq 12WX: Applying InputClass "evdev tablet catchall"
[ 29.308] (**) Wacom Cintiq 12WX: Applying InputClass "Wacom class"
[ 29.308] (II) LoadModule: "wacom"
[ 29.308] (II) Loading /usr/lib/xorg/modules/input/wacom_drv.so
[ 29.313] (II) Module wacom: vendor="X.Org Foundation"
[ 29.313] compiled for 1.11.3, module version = 0.13.0
[ 29.313] Module class: X.Org XInput Driver
[ 29.313] ABI class: X.Org XInput driver, version 13.0
[ 29.313] (II) Using input driver 'wacom' for 'Wacom Cintiq 12WX'
[ 29.313] (II) Loading /usr/lib/xorg/modules/input/wacom_drv.so
[ 29.313] (**) Wacom Cintiq 12WX: always reports core events
[ 29.313] (**) Option "Device" "/dev/input/event3"
[ 29.314] (II) Wacom Cintiq 12WX: type not specified, assuming 'stylus'.
[ 29.314] (II) Wacom Cintiq 12WX: other types will be automatically added.
[ 29.314] (--) Wacom Cintiq 12WX stylus: using pressure threshold of 27 for button 1
[ 29.314] (--) Wacom Cintiq 12WX stylus: Wacom USB CintiqV5 tablet maxX=53020 maxY=33440 maxZ=1023 resX=200000 resY=200000 tilt=enabled
[ 29.314] (II) Wacom Cintiq 12WX stylus: hotplugging dependent devices.
[ 29.314] (EE) Wacom Cintiq 12WX stylus: Invalid type 'cursor' for this device.
[ 29.314] (EE) Wacom Cintiq 12WX stylus: Invalid type 'touch' for this device.
[ 29.314] (II) Wacom Cintiq 12WX stylus: hotplugging completed.
[ 29.315] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.0/usb3/3-2/3-2:1.0/input/input3/event3"
[ 29.315] (II) XINPUT: Adding extended input device "Wacom Cintiq 12WX stylus" (type: STYLUS, id 8)
[ 29.316] (**) Wacom Cintiq 12WX stylus: (accel) keeping acceleration scheme 1
[ 29.316] (**) Wacom Cintiq 12WX stylus: (accel) acceleration profile 0
[ 29.316] (**) Wacom Cintiq 12WX stylus: (accel) acceleration factor: 2.000
[ 29.316] (**) Wacom Cintiq 12WX stylus: (accel) acceleration threshold: 4
[ 29.317] (II) config/udev: Adding input device Wacom Cintiq 12WX (/dev/input/mouse0)
[ 29.317] (II) No input driver specified, ignoring this device.
[ 29.317] (II) This device may have been added with another device file.
[ 29.317] (II) config/udev: Adding input device Microsoft Microsoft® SideWinder™ X5 Mouse (/dev/input/event6)
[ 29.317] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: Applying InputClass "system-keyboard"
[ 29.317] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: Applying InputClass "evdev pointer catchall"
[ 29.318] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: Applying InputClass "evdev keyboard catchall"
[ 29.318] (II) Using input driver 'evdev' for 'Microsoft Microsoft® SideWinder™ X5 Mouse'
[ 29.318] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.318] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: always reports core events
[ 29.318] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: Device: "/dev/input/event6"
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found 9 mouse buttons
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found scroll wheel(s)
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found relative axes
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found x and y relative axes
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found absolute axes
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found x and y absolute axes
[ 29.318] (--) Microsoft Microsoft® SideWinder™ X5 Mouse: Found keys
[ 29.318] (II) Microsoft Microsoft® SideWinder™ X5 Mouse: Configuring as mouse
[ 29.318] (II) Microsoft Microsoft® SideWinder™ X5 Mouse: Configuring as keyboard
[ 29.318] (II) Microsoft Microsoft® SideWinder™ X5 Mouse: Adding scrollwheel support
[ 29.318] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: YAxisMapping: buttons 4 and 5
[ 29.318] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: EmulateWheelButton: 4, EmulateWheelInertia: 10, EmulateWheelTimeout: 200
[ 29.318] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.0/usb3/3-3/3-3:1.0/input/input6/event6"
[ 29.318] (II) XINPUT: Adding extended input device "Microsoft Microsoft® SideWinder™ X5 Mouse" (type: KEYBOARD, id 9)
[ 29.318] (**) Option "xkb_rules" "evdev"
[ 29.318] (**) Option "xkb_model" "pc105+inet"
[ 29.318] (**) Option "xkb_layout" "us"
[ 29.318] (**) Option "xkb_options" "terminate:ctrl_alt_bksp"
[ 29.319] (II) Microsoft Microsoft® SideWinder™ X5 Mouse: initialized for relative axes.
[ 29.319] (WW) Microsoft Microsoft® SideWinder™ X5 Mouse: ignoring absolute axes.
[ 29.319] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: (accel) keeping acceleration scheme 1
[ 29.319] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: (accel) acceleration profile 0
[ 29.319] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: (accel) acceleration factor: 2.000
[ 29.319] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: (accel) acceleration threshold: 4
[ 29.320] (II) config/udev: Adding input device Microsoft Microsoft® SideWinder™ X5 Mouse (/dev/input/js0)
[ 29.320] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: Applying InputClass "system-keyboard"
[ 29.320] (II) No input driver specified, ignoring this device.
[ 29.320] (II) This device may have been added with another device file.
[ 29.321] (II) config/udev: Adding input device Microsoft Microsoft® SideWinder™ X5 Mouse (/dev/input/mouse1)
[ 29.321] (**) Microsoft Microsoft® SideWinder™ X5 Mouse: Applying InputClass "system-keyboard"
[ 29.321] (II) No input driver specified, ignoring this device.
[ 29.321] (II) This device may have been added with another device file.
[ 29.321] (II) config/udev: Adding input device Logitech USB Keyboard (/dev/input/event4)
[ 29.321] (**) Logitech USB Keyboard: Applying InputClass "system-keyboard"
[ 29.321] (**) Logitech USB Keyboard: Applying InputClass "evdev keyboard catchall"
[ 29.321] (II) Using input driver 'evdev' for 'Logitech USB Keyboard'
[ 29.321] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.321] (**) Logitech USB Keyboard: always reports core events
[ 29.321] (**) Logitech USB Keyboard: Device: "/dev/input/event4"
[ 29.322] (--) Logitech USB Keyboard: Found keys
[ 29.322] (II) Logitech USB Keyboard: Configuring as keyboard
[ 29.322] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.1/usb4/4-1/4-1:1.0/input/input4/event4"
[ 29.322] (II) XINPUT: Adding extended input device "Logitech USB Keyboard" (type: KEYBOARD, id 10)
[ 29.322] (**) Option "xkb_rules" "evdev"
[ 29.322] (**) Option "xkb_model" "pc105+inet"
[ 29.322] (**) Option "xkb_layout" "us"
[ 29.322] (**) Option "xkb_options" "terminate:ctrl_alt_bksp"
[ 29.323] (II) config/udev: Adding input device Logitech USB Keyboard (/dev/input/event5)
[ 29.323] (**) Logitech USB Keyboard: Applying InputClass "system-keyboard"
[ 29.323] (**) Logitech USB Keyboard: Applying InputClass "evdev keyboard catchall"
[ 29.323] (II) Using input driver 'evdev' for 'Logitech USB Keyboard'
[ 29.323] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.323] (**) Logitech USB Keyboard: always reports core events
[ 29.323] (**) Logitech USB Keyboard: Device: "/dev/input/event5"
[ 29.323] (--) Logitech USB Keyboard: Found absolute axes
[ 29.323] (--) Logitech USB Keyboard: Found keys
[ 29.323] (II) Logitech USB Keyboard: Configuring as mouse
[ 29.323] (II) Logitech USB Keyboard: Configuring as keyboard
[ 29.323] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.1/usb4/4-1/4-1:1.1/input/input5/event5"
[ 29.323] (II) XINPUT: Adding extended input device "Logitech USB Keyboard" (type: KEYBOARD, id 11)
[ 29.323] (**) Option "xkb_rules" "evdev"
[ 29.323] (**) Option "xkb_model" "pc105+inet"
[ 29.323] (**) Option "xkb_layout" "us"
[ 29.323] (**) Option "xkb_options" "terminate:ctrl_alt_bksp"
[ 29.324] (II) Logitech USB Keyboard: initialized for absolute axes.
[ 29.324] (**) Logitech USB Keyboard: (accel) keeping acceleration scheme 1
[ 29.324] (**) Logitech USB Keyboard: (accel) acceleration profile 0
[ 29.324] (**) Logitech USB Keyboard: (accel) acceleration factor: 2.000
[ 29.324] (**) Logitech USB Keyboard: (accel) acceleration threshold: 4
[ 29.325] (II) config/udev: Adding input device USB 2.0 Camera (/dev/input/event16)
[ 29.325] (**) USB 2.0 Camera: Applying InputClass "system-keyboard"
[ 29.325] (**) USB 2.0 Camera: Applying InputClass "evdev keyboard catchall"
[ 29.325] (II) Using input driver 'evdev' for 'USB 2.0 Camera'
[ 29.325] (II) Loading /usr/lib/xorg/modules/input/evdev_drv.so
[ 29.325] (**) USB 2.0 Camera: always reports core events
[ 29.325] (**) USB 2.0 Camera: Device: "/dev/input/event16"
[ 29.325] (--) USB 2.0 Camera: Found keys
[ 29.325] (II) USB 2.0 Camera: Configuring as keyboard
[ 29.325] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.2/usb1/1-1/1-1:1.0/input/input16/event16"
[ 29.325] (II) XINPUT: Adding extended input device "USB 2.0 Camera" (type: KEYBOARD, id 12)
[ 29.325] (**) Option "xkb_rules" "evdev"
[ 29.325] (**) Option "xkb_model" "pc105+inet"
[ 29.325] (**) Option "xkb_layout" "us"
[ 29.325] (**) Option "xkb_options" "terminate:ctrl_alt_bksp"
[ 29.326] (II) config/udev: Adding input device HDA ATI SB Front Headphone (/dev/input/event10)
[ 29.326] (II) No input driver specified, ignoring this device.
[ 29.326] (II) This device may have been added with another device file.
[ 29.326] (II) config/udev: Adding input device HDA ATI SB Line Out Side (/dev/input/event11)
[ 29.326] (II) No input driver specified, ignoring this device.
[ 29.326] (II) This device may have been added with another device file.
[ 29.327] (II) config/udev: Adding input device HDA ATI SB Line Out CLFE (/dev/input/event12)
[ 29.327] (II) No input driver specified, ignoring this device.
[ 29.327] (II) This device may have been added with another device file.
[ 29.327] (II) config/udev: Adding input device HDA ATI SB Line Out Surround (/dev/input/event13)
[ 29.327] (II) No input driver specified, ignoring this device.
[ 29.327] (II) This device may have been added with another device file.
[ 29.327] (II) config/udev: Adding input device HDA ATI SB Line Out Front (/dev/input/event14)
[ 29.327] (II) No input driver specified, ignoring this device.
[ 29.327] (II) This device may have been added with another device file.
[ 29.327] (II) config/udev: Adding input device HDA ATI SB Line (/dev/input/event7)
[ 29.327] (II) No input driver specified, ignoring this device.
[ 29.327] (II) This device may have been added with another device file.
[ 29.327] (II) config/udev: Adding input device HDA ATI SB Front Mic (/dev/input/event8)
[ 29.327] (II) No input driver specified, ignoring this device.
[ 29.327] (II) This device may have been added with another device file.
[ 29.327] (II) config/udev: Adding input device HDA ATI SB Rear Mic (/dev/input/event9)
[ 29.327] (II) No input driver specified, ignoring this device.
[ 29.327] (II) This device may have been added with another device file.
[ 29.328] (II) config/udev: Adding input device PC Speaker (/dev/input/event2)
[ 29.328] (II) No input driver specified, ignoring this device.
[ 29.328] (II) This device may have been added with another device file.
[ 29.343] (**) Wacom Cintiq 12WX eraser: Applying InputClass "evdev tablet catchall"
[ 29.343] (**) Wacom Cintiq 12WX eraser: Applying InputClass "Wacom class"
[ 29.343] (II) Using input driver 'wacom' for 'Wacom Cintiq 12WX eraser'
[ 29.343] (II) Loading /usr/lib/xorg/modules/input/wacom_drv.so
[ 29.343] (**) Wacom Cintiq 12WX eraser: always reports core events
[ 29.343] (**) Option "Device" "/dev/input/event3"
[ 29.343] (**) Option "Type" "eraser"
[ 29.343] (--) Wacom Cintiq 12WX eraser: Wacom USB CintiqV5 tablet maxX=53020 maxY=33440 maxZ=1023 resX=200000 resY=200000 tilt=enabled
[ 29.360] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.0/usb3/3-2/3-2:1.0/input/input3/event3"
[ 29.360] (II) XINPUT: Adding extended input device "Wacom Cintiq 12WX eraser" (type: ERASER, id 13)
[ 29.360] (**) Wacom Cintiq 12WX eraser: (accel) keeping acceleration scheme 1
[ 29.360] (**) Wacom Cintiq 12WX eraser: (accel) acceleration profile 0
[ 29.360] (**) Wacom Cintiq 12WX eraser: (accel) acceleration factor: 2.000
[ 29.360] (**) Wacom Cintiq 12WX eraser: (accel) acceleration threshold: 4
[ 29.360] (**) Wacom Cintiq 12WX pad: Applying InputClass "evdev tablet catchall"
[ 29.360] (**) Wacom Cintiq 12WX pad: Applying InputClass "Wacom class"
[ 29.360] (II) Using input driver 'wacom' for 'Wacom Cintiq 12WX pad'
[ 29.360] (II) Loading /usr/lib/xorg/modules/input/wacom_drv.so
[ 29.360] (**) Wacom Cintiq 12WX pad: always reports core events
[ 29.360] (**) Option "Device" "/dev/input/event3"
[ 29.360] (**) Option "Type" "pad"
[ 29.360] (--) Wacom Cintiq 12WX pad: Wacom USB CintiqV5 tablet maxX=53020 maxY=33440 maxZ=1023 resX=200000 resY=200000 tilt=enabled
[ 29.360] (**) Option "config_info" "udev:/sys/devices/pci0000:00/0000:00:12.0/usb3/3-2/3-2:1.0/input/input3/event3"
[ 29.360] (II) XINPUT: Adding extended input device "Wacom Cintiq 12WX pad" (type: PAD, id 14)
[ 29.360] (**) Wacom Cintiq 12WX pad: (accel) keeping acceleration scheme 1
[ 29.360] (**) Wacom Cintiq 12WX pad: (accel) acceleration profile 0
[ 29.360] (**) Wacom Cintiq 12WX pad: (accel) acceleration factor: 2.000
[ 29.360] (**) Wacom Cintiq 12WX pad: (accel) acceleration threshold: 4
[ 29.361] (II) fglrx(0): Restoring Recent Mode via PCS is not supported in RANDR 1.2 capable environments
[ 33.296] (II) fglrx(0): EDID vendor "ACR", prod id 135
[ 33.296] (II) fglrx(0): Using hsync ranges from config file
[ 33.296] (II) fglrx(0): Using vrefresh ranges from config file
[ 33.296] (II) fglrx(0): Printing DDC gathered Modelines:
[ 33.296] (II) fglrx(0): Modeline "1920x1080"x0.0 138.50 1920 1968 2000 2080 1080 1083 1088 1110 -hsync -vsync (66.6 kHz)
[ 33.296] (II) fglrx(0): Modeline "800x600"x0.0 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz)
[ 33.296] (II) fglrx(0): Modeline "800x600"x0.0 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz)
[ 33.296] (II) fglrx(0): Modeline "640x480"x0.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz)
[ 33.296] (II) fglrx(0): Modeline "640x480"x0.0 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz)
[ 33.296] (II) fglrx(0): Modeline "640x480"x0.0 30.24 640 704 768 864 480 483 486 525 -hsync -vsync (35.0 kHz)
[ 33.296] (II) fglrx(0): Modeline "640x480"x0.0 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz)
[ 33.296] (II) fglrx(0): Modeline "720x400"x0.0 28.32 720 738 846 900 400 412 414 449 -hsync +vsync (31.5 kHz)
[ 33.296] (II) fglrx(0): Modeline "1280x1024"x0.0 135.00 1280 1296 1440 1688 1024 1025 1028 1066 +hsync +vsync (80.0 kHz)
[ 33.296] (II) fglrx(0): Modeline "1024x768"x0.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz)
[ 33.296] (II) fglrx(0): Modeline "1024x768"x0.0 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz)
[ 33.296] (II) fglrx(0): Modeline "1024x768"x0.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz)
[ 33.296] (II) fglrx(0): Modeline "832x624"x0.0 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz)
[ 33.296] (II) fglrx(0): Modeline "800x600"x0.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz)
[ 33.296] (II) fglrx(0): Modeline "800x600"x0.0 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz)
[ 33.296] (II) fglrx(0): Modeline "1152x864"x0.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz)
[ 33.296] (II) fglrx(0): Modeline "1280x1024"x0.0 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync (64.0 kHz)
[ 33.296] (II) fglrx(0): Modeline "1680x1050"x0.0 119.00 1680 1728 1760 1840 1050 1053 1059 1080 +hsync -vsync (64.7 kHz)
[ 33.296] (II) fglrx(0): Modeline "1920x1080"x60.0 172.80 1920 2040 2248 2576 1080 1081 1084 1118 -hsync +vsync (67.1 kHz)
[ 33.296] (II) fglrx(0): Modeline "1440x900"x0.0 88.75 1440 1488 1520 1600 900 903 909 926 +hsync -vsync (55.5 kHz)
[ 33.296] (II) fglrx(0): Modeline "1600x1200"x0.0 162.00 1600 1664 1856 2160 1200 1201 1204 1250 +hsync +vsync (75.0 kHz)
[ 33.296] (II) fglrx(0): Modeline "1280x960"x0.0 108.00 1280 1376 1488 1800 960 961 964 1000 +hsync +vsync (60.0 kHz)
[ 33.296] (II) fglrx(0): Modeline "1280x720"x60.0 74.48 1280 1336 1472 1664 720 721 724 746 -hsync +vsync (44.8 kHz)
[ 33.743] (WW) fglrx(0): Cannot get updated TV attributes.
[ 37.495] (II) fglrx(0): EDID vendor "ACR", prod id 135
[ 37.495] (II) fglrx(0): Using hsync ranges from config file
[ 37.495] (II) fglrx(0): Using vrefresh ranges from config file
[ 37.495] (II) fglrx(0): Printing DDC gathered Modelines:
[ 37.495] (II) fglrx(0): Modeline "1920x1080"x0.0 138.50 1920 1968 2000 2080 1080 1083 1088 1110 -hsync -vsync (66.6 kHz)
[ 37.495] (II) fglrx(0): Modeline "800x600"x0.0 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz)
[ 37.495] (II) fglrx(0): Modeline "800x600"x0.0 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz)
[ 37.495] (II) fglrx(0): Modeline "640x480"x0.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz)
[ 37.495] (II) fglrx(0): Modeline "640x480"x0.0 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz)
[ 37.495] (II) fglrx(0): Modeline "640x480"x0.0 30.24 640 704 768 864 480 483 486 525 -hsync -vsync (35.0 kHz)
[ 37.495] (II) fglrx(0): Modeline "640x480"x0.0 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz)
[ 37.495] (II) fglrx(0): Modeline "720x400"x0.0 28.32 720 738 846 900 400 412 414 449 -hsync +vsync (31.5 kHz)
[ 37.495] (II) fglrx(0): Modeline "1280x1024"x0.0 135.00 1280 1296 1440 1688 1024 1025 1028 1066 +hsync +vsync (80.0 kHz)
[ 37.495] (II) fglrx(0): Modeline "1024x768"x0.0 78.75 1024 1040 1136 1312 768 769 772 800 +hsync +vsync (60.0 kHz)
[ 37.495] (II) fglrx(0): Modeline "1024x768"x0.0 75.00 1024 1048 1184 1328 768 771 777 806 -hsync -vsync (56.5 kHz)
[ 37.495] (II) fglrx(0): Modeline "1024x768"x0.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz)
[ 37.495] (II) fglrx(0): Modeline "832x624"x0.0 57.28 832 864 928 1152 624 625 628 667 -hsync -vsync (49.7 kHz)
[ 37.495] (II) fglrx(0): Modeline "800x600"x0.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz)
[ 37.495] (II) fglrx(0): Modeline "800x600"x0.0 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz)
[ 37.495] (II) fglrx(0): Modeline "1152x864"x0.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz)
[ 37.495] (II) fglrx(0): Modeline "1280x1024"x0.0 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync (64.0 kHz)
[ 37.495] (II) fglrx(0): Modeline "1680x1050"x0.0 119.00 1680 1728 1760 1840 1050 1053 1059 1080 +hsync -vsync (64.7 kHz)
[ 37.495] (II) fglrx(0): Modeline "1920x1080"x60.0 172.80 1920 2040 2248 2576 1080 1081 1084 1118 -hsync +vsync (67.1 kHz)
[ 37.495] (II) fglrx(0): Modeline "1440x900"x0.0 88.75 1440 1488 1520 1600 900 903 909 926 +hsync -vsync (55.5 kHz)
[ 37.495] (II) fglrx(0): Modeline "1600x1200"x0.0 162.00 1600 1664 1856 2160 1200 1201 1204 1250 +hsync +vsync (75.0 kHz)
[ 37.495] (II) fglrx(0): Modeline "1280x960"x0.0 108.00 1280 1376 1488 1800 960 961 964 1000 +hThe latest entry in the readout from "$ journalctl":
Nov 02 10:39:12 philip-linux pulseaudio[500]: [pulseaudio] bluetooth-util.c: org.bluez.Manager.ListAdapters() failed: org.freedesktop.system
Nov 02 10:39:15 philip-linux pulseaudio[544]: [pulseaudio] pid.c: Daemon already running.
Nov 02 10:39:18 philip-linux goa[569]: goa-daemon version 3.6.0 starting [main.c:112, main()]
Nov 02 10:39:20 philip-linux gnome-keyring-daemon[420]: keyring alias directory: /home/philip/.local/share/keyrings
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
and from "$ sudo journalctl":
...skipping...
Nov 02 10:39:20 philip-linux systemd[1]: Started Accounts Service.
Nov 02 10:39:20 philip-linux gnome-keyring-daemon[420]: keyring alias directory: /home/philip/.local/share/keyrings
Nov 02 10:39:20 philip-linux polkitd[268]: Registered Authentication Agent for unix-session:2 (system bus name :1.55 [/usr/bin/gnome-shell],
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:41:27 philip-linux dbus-daemon[251]: dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='db
Nov 02 10:41:27 philip-linux dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop
Nov 02 10:41:27 philip-linux systemd[1]: Starting Hostname Service...
Nov 02 10:41:27 philip-linux dbus-daemon[251]: dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 10:41:27 philip-linux dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 10:41:27 philip-linux systemd[1]: Started Hostname Service.
Nov 02 10:42:30 philip-linux sudo[876]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/journalctl
Nov 02 10:42:30 philip-linux sudo[876]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
Nov 02 10:42:35 philip-linux sudo[876]: pam_unix(sudo:session): session closed for user root
Nov 02 10:53:18 philip-linux systemd[1]: Starting Cleanup of Temporary Directories...
Nov 02 10:53:18 philip-linux systemd-tmpfiles[958]: stat(/run/user/1000/gvfs) failed: Permission denied
Nov 02 10:53:18 philip-linux systemd[1]: Started Cleanup of Temporary Directories.
Nov 02 11:01:01 philip-linux /usr/sbin/crond[966]: pam_unix(crond:session): session opened for user root by (uid=0)
Nov 02 11:01:01 philip-linux /USR/SBIN/CROND[967]: (root) CMD (run-parts /etc/cron.hourly)
Nov 02 11:01:01 philip-linux /USR/SBIN/CROND[966]: pam_unix(crond:session): session closed for user root
Nov 02 11:23:13 philip-linux dbus-daemon[251]: dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='db
Nov 02 11:23:13 philip-linux dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop
Nov 02 11:23:13 philip-linux systemd[1]: Starting Hostname Service...
Nov 02 11:23:13 philip-linux dbus-daemon[251]: dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 11:23:13 philip-linux dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 11:23:13 philip-linux systemd[1]: Started Hostname Service.
Nov 02 11:33:58 philip-linux sudo[1163]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/systemctl status smbd
Nov 02 11:33:58 philip-linux sudo[1163]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
Nov 02 11:33:59 philip-linux sudo[1163]: pam_unix(sudo:session): session closed for user root
Nov 02 11:34:23 philip-linux sudo[1165]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/systemctl status nmbd
Nov 02 11:34:23 philip-linux sudo[1165]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
Nov 02 11:34:24 philip-linux sudo[1165]: pam_unix(sudo:session): session closed for user root
Nov 02 11:45:38 philip-linux dbus-daemon[251]: dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.
Nov 02 11:45:38 philip-linux dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.1" (uid=0 pid=249
Nov 02 11:53:27 philip-linux dbus-daemon[251]: dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.
Nov 02 11:53:27 philip-linux dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.1" (uid=0 pid=249
Nov 02 12:01:01 philip-linux /usr/sbin/crond[1356]: pam_unix(crond:session): session opened for user root by (uid=0)
Nov 02 12:01:01 philip-linux /USR/SBIN/CROND[1357]: (root) CMD (run-parts /etc/cron.hourly)
Nov 02 12:01:01 philip-linux /USR/SBIN/CROND[1356]: pam_unix(crond:session): session closed for user root
Nov 02 12:13:25 philip-linux sudo[1475]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/journalctl
Nov 02 12:13:25 philip-linux sudo[1475]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
...skipping...
Nov 02 10:39:18 philip-linux systemd[1]: Starting Disk Manager...
Nov 02 10:39:18 philip-linux udisksd[577]: udisks daemon version 2.0.0 starting
Nov 02 10:39:18 philip-linux dbus-daemon[251]: dbus[251]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Nov 02 10:39:18 philip-linux dbus[251]: [system] Successfully activated service 'org.freedesktop.UDisks2'
Nov 02 10:39:18 philip-linux udisksd[577]: Acquired the name org.freedesktop.UDisks2 on the system message bus
Nov 02 10:39:18 philip-linux systemd[1]: Started Disk Manager.
Nov 02 10:39:20 philip-linux dbus-daemon[251]: dbus[251]: [system] Activating via systemd: service name='org.freedesktop.Accounts' unit='acc
Nov 02 10:39:20 philip-linux dbus[251]: [system] Activating via systemd: service name='org.freedesktop.Accounts' unit='accounts-daemon.servi
Nov 02 10:39:20 philip-linux systemd[1]: Starting Accounts Service...
Nov 02 10:39:20 philip-linux accounts-daemon[598]: started daemon version 0.6.25
Nov 02 10:39:20 philip-linux dbus[251]: [system] Successfully activated service 'org.freedesktop.Accounts'
Nov 02 10:39:20 philip-linux dbus-daemon[251]: dbus[251]: [system] Successfully activated service 'org.freedesktop.Accounts'
Nov 02 10:39:20 philip-linux systemd[1]: Started Accounts Service.
Nov 02 10:39:20 philip-linux gnome-keyring-daemon[420]: keyring alias directory: /home/philip/.local/share/keyrings
Nov 02 10:39:20 philip-linux polkitd[268]: Registered Authentication Agent for unix-session:2 (system bus name :1.55 [/usr/bin/gnome-shell],
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:39:23 philip-linux gnome-keyring-daemon[420]: Gkm: unsupported key algorithm in certificate: 1.2.840.10045.2.1
Nov 02 10:41:27 philip-linux dbus-daemon[251]: dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='db
Nov 02 10:41:27 philip-linux dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop
Nov 02 10:41:27 philip-linux systemd[1]: Starting Hostname Service...
Nov 02 10:41:27 philip-linux dbus-daemon[251]: dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 10:41:27 philip-linux dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 10:41:27 philip-linux systemd[1]: Started Hostname Service.
Nov 02 10:42:30 philip-linux sudo[876]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/journalctl
Nov 02 10:42:30 philip-linux sudo[876]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
Nov 02 10:42:35 philip-linux sudo[876]: pam_unix(sudo:session): session closed for user root
Nov 02 10:53:18 philip-linux systemd[1]: Starting Cleanup of Temporary Directories...
Nov 02 10:53:18 philip-linux systemd-tmpfiles[958]: stat(/run/user/1000/gvfs) failed: Permission denied
Nov 02 10:53:18 philip-linux systemd[1]: Started Cleanup of Temporary Directories.
Nov 02 11:01:01 philip-linux /usr/sbin/crond[966]: pam_unix(crond:session): session opened for user root by (uid=0)
Nov 02 11:01:01 philip-linux /USR/SBIN/CROND[967]: (root) CMD (run-parts /etc/cron.hourly)
Nov 02 11:01:01 philip-linux /USR/SBIN/CROND[966]: pam_unix(crond:session): session closed for user root
Nov 02 11:23:13 philip-linux dbus-daemon[251]: dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='db
Nov 02 11:23:13 philip-linux dbus[251]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop
Nov 02 11:23:13 philip-linux systemd[1]: Starting Hostname Service...
Nov 02 11:23:13 philip-linux dbus-daemon[251]: dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 11:23:13 philip-linux dbus[251]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 02 11:23:13 philip-linux systemd[1]: Started Hostname Service.
Nov 02 11:33:58 philip-linux sudo[1163]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/systemctl status smbd
Nov 02 11:33:58 philip-linux sudo[1163]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
Nov 02 11:33:59 philip-linux sudo[1163]: pam_unix(sudo:session): session closed for user root
Nov 02 11:34:23 philip-linux sudo[1165]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/systemctl status nmbd
Nov 02 11:34:23 philip-linux sudo[1165]: pam_unix(sudo:session): session opened for user root by philip(uid=0)
Nov 02 11:34:24 philip-linux sudo[1165]: pam_unix(sudo:session): session closed for user root
Nov 02 11:45:38 philip-linux dbus-daemon[251]: dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.
Nov 02 11:45:38 philip-linux dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.1" (uid=0 pid=249
Nov 02 11:53:27 philip-linux dbus-daemon[251]: dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.
Nov 02 11:53:27 philip-linux dbus[251]: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.1" (uid=0 pid=249
Nov 02 12:01:01 philip-linux /usr/sbin/crond[1356]: pam_unix(crond:session): session opened for user root by (uid=0)
Nov 02 12:01:01 philip-linux /USR/SBIN/CROND[1357]: (root) CMD (run-parts /etc/cron.hourly)
Nov 02 12:01:01 philip-linux /USR/SBIN/CROND[1356]: pam_unix(crond:session): session closed for user root
Nov 02 12:13:25 philip-linux sudo[1475]: philip : TTY=pts/0 ; PWD=/home/philip ; USER=root ; COMMAND=/usr/bin/journalctl
Nov 02 12:13:25 philip-linux sudo[1475]: pam_unix(sudo:session): session opened for user root by philip(uid=0) -
[Solved] Help me, please with D-Link DWA-125
Hi everybody!
Firstly, sorry for my english. I'm from Russia .
Recently i bought D-Link DWA-125 and Prestigio MultiPad 9.7 Pro. I want to make D-Link DWA-125 work like access point.
lsusb | grep -i wireless
Bus 002 Device 002: ID 2001:3c19 D-Link Corp. DWA-125 Wireless N 150 Adapter(rev.A3) [Ralink RT5370]
What i tried to do:
1)
netcfg up bridge
:: bridge up [DONE]
My /etc/network.d/bridge:
cat /etc/network.d/bridge
INTERFACE="br0"
CONNECTION="bridge"
DESCRIPTION="Bridge connection"
BRIDGE_INTERFACES="eth0"
#POST_UP="ifconfig br0 inet 192.168.0.1 netmask 255.255.255.0 up"
IP="dhcp"
#ADDR='192.168.0.1'
#GATEWAY='192.168.0.0'
#DNS=('192.168.0.1')
## sets forward delay time
#FWD_DELAY=0
## sets max age of hello message
#MAX_AGE=10
2)
/etc/rc.d/hostapd start
:: Starting hostapd [DONE]
My /etc/hostapd/hostapd.conf:
cat /etc/hostapd/hostapd.conf
#wireless interface to use as AP
interface=wlan0
#bridge device (needed for madwifi & nl80211 drivers)
bridge=br0
#driver interface type (hostapd/wired/madwifi/prism54/test/none/nl80211/bsd)
# Use nl80211 for wifi drivers that implement MAC80211 interface
#You should set this to your relevant driver interface type
driver=nl80211
#Enables logging to standard output (useful for debugging)
logger_stdout=-1
logger_stdout_level=2
#Set SSID to use
ssid=MS_WiFi_AP
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g)
# note your card may not support every mode.
hw_mode=g
#Channel to use (1-13)
channel=1
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
auth_algs=3
#maximum number of stations (clients connecting to AP) allowed
# Maximum number of stations allowed in station table. New stations will be
# rejected after the station table is full. IEEE 802.11 has a limit of 2007
# different association IDs, so this number should not be larger than that.
max_num_sta=5
#Enable WPA2
# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
wpa=1
#Set passphrase for WPA
wpa_passphrase=my_password
wpa_key_mgmt=WPA-PSK
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
# Group cipher suite (encryption algorithm for broadcast and multicast frames)
# is automatically selected based on this configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
# TKIP will be used as the group cipher.
# (dot11RSNAConfigPairwiseCiphersTable)
# Pairwise cipher for WPA (v1) (default: TKIP)
wpa_pairwise=TKIP CCMP
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
rsn_pairwise=CCMP
3)
/etc/rc.d/dnsmasq start
:: Starting DNS/DHCP daemon [DONE]
My /etc/dnsmasq.conf:
cat /etc/dnsmasq.conf
# Configuration file for dnsmasq.
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
#resolv-file=
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
#strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1
# --address (and --server) work with IPv6 addresses too.
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
# You can control how dnsmasq talks to a server: this forces
# queries to 10.1.2.3 to be routed via eth1
# server=10.1.2.3@eth1
# and this sets the source (ie local) address used to talk to
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
# IP on the machine, obviously).
# [email protected]#55
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
user=arch
#group=
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=br0
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
#no-dhcp-interface=
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
#expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=local
#domain=thekelleys.org.uk
# Set a different domain for a particular subnet
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
# Same idea, but range rather then subnet
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=192.168.0.50,192.168.0.150,12h
#dhcp-range=192.168.0.10,192.168.0.255,12h
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
dhcp-range=10.70.100.50,10.70.100.150,255.255.255.0,24h
# This is an example of a DHCP range which sets a tag, so that
# some DHCP options may be set only for this network.
#dhcp-range=set:red,192.168.0.50,192.168.0.150
# Use this DHCP range only when the tag "green" is set.
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
# Specify a subnet which can't be used for dynamic address allocation,
# is available for hosts with matching --dhcp-host lines. Note that
# dhcp-host declarations will be ignored unless there is a dhcp-range
# of some type for the subnet in question.
# In this case the netmask is implied (it comes from the network
# configuration on the machine running dnsmasq) it is possible to give
# an explicit netmask instead.
#dhcp-range=192.168.0.5,static
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h
# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm.
#dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overriden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
#enable-ra
# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissible to give name, address and MAC in any
# order.
# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
# Always give the host with Ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give a host with Ethernet address 11:22:33:44:55:66 or
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
# that these two Ethernet interfaces will never be in use at the same
# time, and give the IP address to the second, even if it is already
# in use by the first. Useful for laptops with wired and wireless
# addresses.
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
# Give the machine which says its name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose Ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# Ignore any client-id presented by the machine with Ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with Ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,set:red
# Send extra options which are tagged as "red" to
# any machine with Ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,set:red
# Give a fixed IPv6 address and name to client with
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
# Note also the they [] around the IPv6 address are obilgatory.
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
# Ignore any clients which are not specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#dhcp-ignore=tag:!known
# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=set:red,Linux
# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=set:red,accounts
# Send extra options which are tagged as "red" to any machine whose
# MAC address matches the pattern.
#dhcp-mac=set:red,00:60:8C:*:*:*
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
# Override the default route supplied by dnsmasq and send no default
# route at all. Note that this only works for the options sent by
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
# for all other option numbers.
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Send DHCPv6 option. Note [] around IPv6 addresses.
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
# Send DHCPv6 option for namservers as the machine running
# dnsmasq and another.
#dhcp-option=option6:dns-server,[::],[1234::88]
# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
# Note that the tag: part must precede the option: part.
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment some or all of them if you use
# Windows clients and Samba.
#dhcp-option=19,0 # option ip-forwarding off
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
#dhcp-option=46,8 # netbios node type
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
#dhcp-option=252,"\n"
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# Send vendor-class specific options encapsulated in DHCP option 43.
# The meaning of the options is defined by the vendor-class so
# options are sent only when the client supplied vendor class
# matches the class given here. (A substring match is OK, so "MSFT"
# matches "MSFT" and "MSFT 5.0"). This example sets the
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
#dhcp-option=vendor:MSFT,2,1i
# Send the Encapsulated-vendor-class ID needed by some configurations of
# Etherboot to allow is to recognise the DHCP server.
#dhcp-option=vendor:Etherboot,60,"Etherboot"
# Send options to PXELinux. Note that we need to send the options even
# though they don't appear in the parameter request list, so we need
# to use dhcp-option-force here.
# See http://syslinux.zytor.com/pxe.php#special for details.
# Magic number - needed before anything else is recognised
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for netboot/PXE. You will only need
# this is you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# The same as above, but use custom tftp-server instead machine running dnsmasq
#dhcp-boot=pxelinux,server.name,192.168.1.100
# Boot for Etherboot gPXE. The idea is to send two different
# filenames, the first loads gPXE, and the second tells gPXE what to
# load. The dhcp-match sets the gpxe tag for requests from gPXE.
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
#dhcp-boot=tag:!gpxe,undionly.kpxe
#dhcp-boot=mybootimage
# Encapsulated options for Etherboot gPXE. All the options are
# encapsulated within option 175
#dhcp-option=encap:175, 1, 5b # priority code
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
#dhcp-option=encap:175, 177, string # bus-id
#dhcp-option=encap:175, 189, 1b # BIOS drive code
#dhcp-option=encap:175, 190, user # iSCSI username
#dhcp-option=encap:175, 191, pass # iSCSI password
# Test for the architecture of a netboot client. PXE clients are
# supposed to send their architecture as option 93. (See RFC 4578)
#dhcp-match=peecees, option:client-arch, 0 #x86-32
#dhcp-match=itanics, option:client-arch, 2 #IA64
#dhcp-match=hammers, option:client-arch, 6 #x86-64
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
# Do real PXE, rather than just booting a single file, this is an
# alternative to dhcp-boot.
#pxe-prompt="What system shall I netboot?"
# or with timeout before first available action is taken:
#pxe-prompt="Press F8 for menu.", 60
# Available boot services. for PXE.
#pxe-service=x86PC, "Boot from local disk"
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
#pxe-service=x86PC, "Install Linux", pxelinux
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
# Beware this fails on old PXE ROMS.
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
# Use bootserver on network, found my multicast or broadcast.
#pxe-service=x86PC, "Install windows from RIS server", 1
# Use bootserver at a known IP address.
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
# If you have multicast-FTP available,
# information for that can be passed in a similar way using options 1
# to 5. See page 19 of
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.
#tftp-no-blocksize
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=net:red,pxelinux.red-net
# An example of dhcp-boot with an external TFTP server: the name and IP
# address of the server are given after the filename.
# Can fail with old PXE ROMS. Overridden by --pxe-service.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
# If there are multiple external tftp servers having a same name
# (using /etc/hosts) then that name can be specified as the
# tftp_servername (the third option to dhcp-boot) and in that
# case dnsmasq resolves this name and returns the resultant IP
# addresses in round robin fasion. This facility can be used to
# load balance the tftp load among a set of servers.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slightest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
#dhcp-authoritative
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
# Normally responses which come form /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# Provide an alias for a "local" DNS name. Note that this _only_ works
# for targets which are names from DHCP or /etc/hosts. Give host
# "bert" another name, bertrand
#cname=bertand,bert
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
#conf-dir=/etc/dnsmasq.d
4)
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A INPUT -i wlan0 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p 41 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -t nat -A POSTOUTING -o eth0 -j MASQUERADE
rc.d save iptables
/etc/rc.d/iptables start
:: Starting IP Tables [DONE]
In sum:
ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 10.70.100.161 netmask 255.255.0.0 broadcast 10.70.255.255
inet6 fe80::92e6:baff:fe83:1f33 prefixlen 64 scopeid 0x20<link>
ether 90:e6:ba:83:1f:33 txqueuelen 0 (Ethernet)
RX packets 29337 bytes 8111048 (7.7 MiB)
RX errors 0 dropped 1784 overruns 0 frame 0
TX packets 5568 bytes 756908 (739.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 metric 1
ether 90:e6:ba:83:1f:33 txqueuelen 1000 (Ethernet)
RX packets 285252 bytes 323627813 (308.6 MiB)
RX errors 0 dropped 37 overruns 0 frame 0
TX packets 133067 bytes 10924478 (10.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 174 bytes 5542 (5.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 174 bytes 5542 (5.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
mon.wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
unspec CC-B2-55-00-B0-F6-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 2 bytes 262 (262.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet6 fe80::ceb2:55ff:fe00:b0f6 prefixlen 64 scopeid 0x20<link>
ether cc:b2:55:00:b0:f6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20653 bytes 2063361 (1.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
iwconfig
br0 no wireless extensions.
mon.wlan0 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:on
eth0 no wireless extensions.
lo no wireless extensions.
wlan0 IEEE 802.11bgn Mode:Master Frequency:2.412 GHz Tx-Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:on
In wifi settings MultiPad 9.7 Pro written "connected", but i can't open any web site (timed out).
I don't know what's wrong.
Thanks in advice.
PS: my D-Link DWA-125 working in access point mode very well on Windows 7
Last edited by 32reg (2012-08-12 10:07:47)1) I deleted bridge-utils, netcfg
2) I edited /etc/hostapd/hostapd.conf:
interface=wlan0
#bridge=br0
edited /etc/dnsmasq.conf:
interface=wlan0
dhcp-range=192.168.0.2,192.168.0.255,255.255.255.0,24h
and edited /etc/rc.local:
ifconfig wlan0 192.168.0.1 netmask 255.255.255.0
ifconfig wlan0 up
3) I added in autostart these daemons: hostapd, dnsmasq and iptables.
Profit! -
IpSec VPN and NAT don't work togheter on HP MSR 20 20
Hi People,
I'm getting several issues, let me explain:
I have a Router HP MSR with 2 ethernet interfaces, Eth 0/0 - WAN (186.177.159.98) and Eth 0/1 LAN (192.168.100.0 /24). I have configured a VPN site to site thru the internet, and it works really well. The other site has the subnet 10.10.10.0 and i can reache the network thru the VPN Ipsec. The issue is that the network 192.168.100.0 /24 needs to reach internet with the same public address, so I have set a basic NT configuration, when I put the nat configuration into Eth 0/0 all network 192.168.100.0 can go to internet, but the VPN goes down, when I remove the NAT from Eth 0/0 the VPN goes Up, but the network 192.168.100.0 Can't go to internet.
I'm missing something but i don't know what it is !!!!, See below the configuration.
Can anyone help me qith that, I need to send te traffic with target 10.10.10.0 thru the VPN, and all other traffic to internet, Basically I need that NAT and VPN work fine at same time.
Note: I just have only One public Ip address.
version 5.20, Release 2207P41, Standard
sysname HP
nat address-group 1 186.177.159.93 186.177.159.93
domain default enable system
dns proxy enable
telnet server enable
dar p2p signature-file cfa0:/p2p_default.mtd
port-security enable
acl number 2001
rule 0 permit source 192.168.100.0 0.0.0.255
rule 5 deny
acl number 3000
rule 0 permit ip source 192.168.100.0 0.0.0.255 destination 10.10.10.0 0.0.0.255
vlan 1
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
ike proposal 10
encryption-algorithm 3des-cbc
dh group2
ike peer vpn-test
proposal 1
pre-shared-key cipher wrWR2LZofLx6g26QyYjqBQ==
remote-address <Public Ip from VPN Peer>
local-address 186.177.159.93
nat traversal
ipsec proposal vpn-test
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ipsec policy vpntest 30 isakmp
connection-name vpntest.30
security acl 3000
pfs dh-group2
ike-peer vpn-test
proposal vpn-test
dhcp server ip-pool vlan1 extended
network mask 255.255.255.0
user-group system
group-attribute allow-guest
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
service-type web
cwmp
undo cwmp enable
interface Aux0
async mode flow
link-protocol ppp
interface Cellular0/0
async mode protocol
link-protocol ppp
interface Ethernet0/0
port link-mode route
nat outbound 2001 address-group 1
nat server 1 protocol tcp global current-interface 3389 inside 192.168.100.20 3389
ip address dhcp-alloc
ipsec policy vpntest
interface Ethernet0/1
port link-mode route
ip address 192.168.100.1 255.255.255.0
interface NULL0
interface Vlan-interface1
undo dhcp select server global-pool
dhcp server apply ip-pool vlan1ewaller wrote:
What is under the switches tab?
Oh -- By the way, that picture is over the size limit defined in the forum rules in tems of pixels, but the file size is okay. I'll let it slide. Watch the bumping as well.
If you want to post the switches tab, upload it to someplace like http://img3.imageshack.us/, copy the thumbnail (which has the link to the original) back here, and you are golden.
I had a bear of a time getting the microphone working on my HP DV4, but it does work. I'll look at the set up when I get home tonight [USA-PDT].
Sorry for the picture and the "bumping"... I have asked in irc in arch and alsa channels and no luck yet... one guy from alsa said I had to wait for the alsa-driver-1.0.24 package (currently I have alsa-driver-1.0.23) but it is weird because the microphone worked some months ago...
So here is what it is under the switches tab -
Hello,
I'm trying to set up a site to site VPN. I've never done this before and can't get it to work. I've watched training vids online and thought it looked straight forward enough. My problem appears to be that th ASA is not trying to create a tunnel. It doesn't seem to know that this traffic should be sent over the tunnel. Both the outside interfaces can ping one another and are on the same subnet.
I've pasted the two configs below. They're just base configs with all the VPN commands having been created by the wizard. I've not put any routes in as the two devices are on the same subnet. If you can see my mistake I'd be very grateful to you if you could point it out or even point me in the right direction.
Cheers,
Tormod
ciscoasa1
: Saved
: Written by enable_15 at 05:11:30.489 UTC Wed Jun 19 2013
ASA Version 8.2(5)13
hostname ciscoasa1
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
access-list outside_1_cryptomap extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 1.1.1.2
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
tunnel-group 1.1.1.2 type ipsec-l2l
tunnel-group 1.1.1.2 ipsec-attributes
pre-shared-key ciscocisco
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:29e3cdb2d704736b7fbbc477e8418d65
: end
ciscoasa2
: Saved
: Written by enable_15 at 15:40:31.509 UTC Wed Jun 19 2013
ASA Version 8.2(5)13
hostname ciscoasa2
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif outside
security-level 0
ip address 1.1.1.2 255.255.255.0
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
access-list outside_1_cryptomap extended permit ip 10.1.2.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.1.2.0 255.255.255.0 10.1.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 1.1.1.1
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared-key ciscocisco
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:92dca65f5c2cf16486aa7d564732b0e1
: endThanks very much for your help Jouni. I came in this morning and ran the crypto map outside_map 1 set reverse-route command and everything started to work. I'm surprised the wizard didn't include that command but maybe it's because I didn't have a default route set.
However, I now have a new problem. We're working towards migrating from ASA8.2 to 9.1. In order to prepare for this I've created a mock of our environment and am testing that everything works prior to making the changes. I can't get this site to site VPN to work. (The one I posted yesterday was just to get a basic site to site VPN working so that I could go from there)
I've posted the debug from the ASA to which I'm trying to connect. To my undtrained eye it looks like it completes phase one but fails to match a vpn tunnel map. I'm coming from 10.99.99.99 going to 10.1.1.57
Hope you can help as I'm going nuts here. Although I will of course understand if you've something better to do with your time than bail me out.
access-list 1111_cryptomap extended permit ip 10.1.1.0 255.255.255.0 Private1 255.255.255.0
access-list 1111_cryptomap extended permit ip 10.99.99.0 255.255.255.0 10.1.1.0 255.255.255.0
crypto map vpntunnelmap 1 match address 1111_cryptomap
crypto map vpntunnelmap 1 set pfs
crypto map vpntunnelmap 1 set peer 1.1.1.1
crypto map vpntunnelmap 1 set transform-set ESP-3DES-MD5
ciscoasa# debug crypto isakmp 255
IKE Recv RAW packet dump
db 86 ce 3f 3a a9 e7 0a 00 00 00 00 00 00 00 00 | ...?:...........
01 10 02 00 00 00 00 00 00 00 00 f4 0d 00 00 84 | ................
00 00 00 01 00 00 00 01 00 00 00 78 01 01 00 03 | ...........x....
03 00 00 24 01 01 00 00 80 04 00 02 80 01 00 05 | ...$............
80 02 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 00 70 80 03 00 00 28 02 01 00 00 80 04 00 02 | ..p....(........
80 01 00 07 80 0e 00 c0 80 02 00 02 80 03 00 01 | ................
80 0b 00 01 00 0c 00 04 00 00 70 80 00 00 00 24 | ..........p....$
03 01 00 00 80 04 00 02 80 01 00 05 80 02 00 01 | ................
80 03 00 01 80 0b 00 01 00 0c 00 04 00 01 51 80 | ..............Q.
0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ........>.in.c..
ec 42 7b 1f 0d 00 00 14 7d 94 19 a6 53 10 ca 6f | .B{.....}...S..o
2c 17 9d 92 15 52 9d 56 0d 00 00 14 4a 13 1c 81 | ,....R.V....J...
07 03 58 45 5c 57 28 f2 0e 95 45 2f 00 00 00 18 | ..XE\W(...E/....
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | @H..n...%.....
c0 00 00 00 | ....
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 244
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 132
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 120
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 3
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 00 70 80
Payload Transform
Next Payload: Transform
Reserved: 00
Payload Length: 40
Transform #: 2
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: AES-CBC
Key Length: 192
Hash Algorithm: SHA1
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 00 70 80
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 3
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: 3DES-CBC
Hash Algorithm: MD5
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 01 51 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 244
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing SA payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Oakley proposal is acceptable
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received NAT-Traversal ver 02 VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received NAT-Traversal ver 03 VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received NAT-Traversal RFC VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received Fragmentation VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing IKE SA payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 1
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing ISAKMP SA payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing Fragmentation VID + extended capabilities payload
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 104
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 104
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 52
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 40
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 32
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 70 80
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
IKE Recv RAW packet dump
db 86 ce 3f 3a a9 e7 0a 6c 4d 2c ce 68 03 55 58 | ...?:...lM,.h.UX
04 10 02 00 00 00 00 00 00 00 01 00 0a 00 00 84 | ................
00 c8 2a 4d bf 63 9f 5c d3 b6 e9 fb 1e c9 61 b3 | ..*M.c.\......a.
f9 09 19 75 63 23 3f 59 ef c2 57 4b 59 9f 60 53 | ...uc#?Y..WKY.`S
0d d2 b5 2b b5 31 e8 75 46 57 ed 5b 4c f3 96 aa | ...+.1.uFW.[L...
a5 c9 4a e7 62 68 e3 55 4c 54 ac 79 73 be ba f0 | ..J.bh.ULT.ys...
09 fe d0 5a 3f 9c 9c 2e 90 88 4d db b0 7b 7c f4 | ...Z?.....M..{|.
cc b4 07 1a 11 30 5b 2f 4f bd 56 b5 07 a3 9a cb | .....0[/O.V.....
b3 e3 c8 10 20 a5 41 3a f9 fe 1b ed f0 d7 fa 05 | .... .A:........
fa df ef 8a 03 e9 4a 1c 09 ad 05 e6 02 f1 0a fa | ......J.........
0d 00 00 18 bc d2 18 cc 37 f5 cb 77 b6 e2 0a 04 | ........7..w....
de c9 d3 1a b0 6f ee a8 0d 00 00 14 12 f5 f2 8c | .....o..........
45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 0c | Eqh.p-..t.......
09 00 26 89 df d6 b7 12 0d 00 00 14 2e 41 69 22 | ..&..........Ai"
3a a8 e7 0a cd 38 ba 43 ed f2 db 2c 00 00 00 14 | :....8.C...,....
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00 | .....e.....T*P..
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 256
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
00 c8 2a 4d bf 63 9f 5c d3 b6 e9 fb 1e c9 61 b3
f9 09 19 75 63 23 3f 59 ef c2 57 4b 59 9f 60 53
0d d2 b5 2b b5 31 e8 75 46 57 ed 5b 4c f3 96 aa
a5 c9 4a e7 62 68 e3 55 4c 54 ac 79 73 be ba f0
09 fe d0 5a 3f 9c 9c 2e 90 88 4d db b0 7b 7c f4
cc b4 07 1a 11 30 5b 2f 4f bd 56 b5 07 a3 9a cb
b3 e3 c8 10 20 a5 41 3a f9 fe 1b ed f0 d7 fa 05
fa df ef 8a 03 e9 4a 1c 09 ad 05 e6 02 f1 0a fa
Payload Nonce
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
bc d2 18 cc 37 f5 cb 77 b6 e2 0a 04 de c9 d3 1a
b0 6f ee a8
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
2e 41 69 22 3a a8 e7 0a cd 38 ba 43 ed f2 db 2c
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 256
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing ke payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing ISA_KE payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing nonce payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received Cisco Unity client VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received xauth V6 VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Processing VPN3000/ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Received Altiga/Cisco VPN3000/Cisco ASA GW VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing ke payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing nonce payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing Cisco Unity VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing xauth V6 VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Send IOS VID
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, constructing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, Generating keys for Responder...
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 256
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 256
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
27 62 7f 00 84 06 59 07 28 a1 05 9f 2a 13 ad ff
47 10 99 27 68 01 2a c8 06 52 b8 55 0c 7d 82 3d
31 94 0d 68 aa 98 5e 60 ee 2b 37 a5 0f ca 06 5c
2a f7 83 bb 2e 8b 53 13 49 8b 4e 4c bf d1 34 67
df ff 50 5b ab e9 f2 12 cb bd c2 0c ab 95 3a 39
ca 60 31 7a d4 80 80 b6 0c 85 3e f5 16 fb f5 f8
27 5d 28 b9 b1 2e b3 35 79 1a 9e f7 fd 13 8f f4
5f 5d 53 93 74 6d d1 60 97 ca d2 bc b3 b4 e6 03
Payload Nonce
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
a7 f8 48 c1 98 b4 cb 02 79 de ae 6e 59 3d 23 cb
4c a1 7b 44
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
99 8a 8b d3 68 02 55 58 44 16 79 1c 51 be 23 8f
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00
IKE Recv RAW packet dump
db 86 ce 3f 3a a9 e7 0a 6c 4d 2c ce 68 03 55 58 | ...?:...lM,.h.UX
05 10 02 01 00 00 00 00 00 00 00 64 8f a8 6e 03 | ...........d..n.
81 b9 24 e5 f0 ba ca 1a 0f fa 5a a1 3c 2d 61 1a | ..$.......Z.<-a.
7d 48 b0 0c 7f 09 bc 82 9b b1 25 b4 f6 04 45 a0 | }H......%...E.
13 12 27 ff 7a 41 9f e9 8e 96 c2 80 b9 59 b0 ec | ..'.zA.......Y..
40 e3 95 4d 96 ef eb ce e2 fb d9 45 83 50 0d e7 | @..M.......E.P..
9c c7 70 7f | ..
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 100
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 100
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: 1.1.1.2
Payload Hash
Next Payload: IOS Proprietary Keepalive or CHRE
Reserved: 00
Payload Length: 24
Data:
f4 40 eb 6b 55 f0 19 cd 10 81 e6 53 cf 23 75 c5
45 ab 7f 3d
Payload IOS Proprietary Keepalive or CHRE
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Default Interval: 32767
Retry Interval: 32767
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 96
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jun 20 16:29:42 [IKEv1 DECODE]: Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR ID received
1.1.1.2
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Processing IOS keep alive payload: proposal=32767/32767 sec.
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing VID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, Received DPD VID
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, Connection landed on tunnel_group 1.1.1.2
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, constructing ID payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, constructing hash payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, Computing hash for ISAKMP
Jun 20 16:29:42 [IKEv1 DEBUG]: IP = 1.1.1.2, Constructing IOS keep alive payload: proposal=32767/32767 sec.
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, constructing dpd vid payload
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + IOS KEEPALIVE (128) + VENDOR (13) + NONE (0) total length : 96
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
db 86 ce 3f 3a a9 e7 0a 6c 4d 2c ce 68 03 55 58 | ...?:...lM,.h.UX
05 10 02 00 00 00 00 00 1c 00 00 00 08 00 00 0c | ................
01 11 01 f4 c2 9f 09 02 80 00 00 18 58 00 80 06 | ............X...
e9 66 ba 20 1e ba 79 c8 16 85 2d 2f a0 96 b4 e5 | .f. ..y...-/....
0d 00 00 0c 80 00 7f ff 80 00 7f ff 00 00 00 14 | ............
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | ....h...k...wW..
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 469762048
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: 1.1.1.1
Payload Hash
Next Payload: IOS Proprietary Keepalive or CHRE
Reserved: 00
Payload Length: 24
Data:
58 00 80 06 e9 66 ba 20 1e ba 79 c8 16 85 2d 2f
a0 96 b4 e5
Payload IOS Proprietary Keepalive or CHRE
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Default Interval: 32767
Retry Interval: 32767
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
SENDING PACKET to 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 100
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, PHASE 1 COMPLETED
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, Keep-alive type for this connection: DPD
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, Starting P1 rekey timer: 27360 seconds.
IKE Recv RAW packet dump
db 86 ce 3f 3a a9 e7 0a 6c 4d 2c ce 68 03 55 58 | ...?:...lM,.h.UX
08 10 20 01 56 e5 a4 1e 00 00 01 4c d2 44 3e 24 | .. .V......L.D>$
87 96 a1 fe d1 a3 d3 a3 ed 59 45 2d 53 be 17 9f | .........YE-S...
42 72 2b a3 5f f8 5e 41 5a 62 25 0c 5d bf 6c 2a | Br+._.^AZb%.].l*
e6 e0 1f 77 d5 ed c8 1c 06 cb ef f2 58 07 1d 35 | ...w........X..5
a9 d5 7b 86 24 05 88 32 e7 33 6f f2 f7 9d 70 07 | ..{.$..2.3o...p.
18 40 51 77 7d 7e 6c 77 55 d9 18 7a 57 5d b9 88 | .@Qw}~lwU..zW]..
6c a6 d5 f3 60 5e 14 4f da cb 42 65 88 d6 75 0e | l...`^.O..Be..u.
22 1c bb 89 1f 57 bd c2 f2 46 30 31 30 9c 63 e6 | "....W...F010.c.
e2 e9 5b 68 71 f2 ed 69 f1 eb a7 65 2d b2 31 85 | ..[hq..i...e-.1.
31 93 0a c1 21 44 57 de ad 8b 79 5e 3d 36 5c 44 | 1...!DW...y^=6\D
88 23 a8 44 76 2c d6 c2 ed 31 2d 69 b1 50 26 9f | .#.Dv,...1-i.P&.
ee 48 3e c4 dd 0d 40 8f 65 d2 fb 82 19 42 b7 0f | .H>[email protected]..
a0 74 b3 e6 df dd 16 c4 fa ca bf d2 b6 33 b0 5f | .t...........3._
d6 59 4f 6a 84 9e 0d 76 a4 d6 d3 94 67 bc 9c df | .YOj...v....g...
33 20 48 61 d7 80 b6 97 0d a9 32 48 7d 5b 79 8b | 3 Ha......2H}[y.
7b bc e0 9b b4 5d ed 49 04 6b 5d 72 d7 5b 82 90 | {....].I.k]r.[..
47 e5 65 64 a9 25 ce 2f 3f a2 ca 98 b1 0b ff 01 | G.ed.%./?.......
9c 32 64 5c dd 9c 26 71 c4 59 cd 52 da 1f b9 23 | .2d\..&q.Y.R...#
32 dd d8 a5 d1 1c 2a d0 0f ef 2b 26 66 c0 14 48 | 2.....*...+&f..H
52 35 3a ee 36 a6 00 df a5 d6 6b 42 | R5:.6.....kB
RECV PACKET from 1.1.1.2
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 56E5A41E
Length: 332
Jun 20 16:29:42 [IKEv1 DECODE]: IP = 1.1.1.2, IKE Responder starting QM: msg id = 56e5a41e
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: db 86 ce 3f 3a a9 e7 0a
Responder COOKIE: 6c 4d 2c ce 68 03 55 58
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 56E5A41E
Length: 332
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
78 09 81 d2 54 22 37 a1 b0 a8 53 cf df d4 1e fb
4a 7b 99 f7
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 64
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 52
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: b2 c1 66 6e
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 40
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 70 80
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: MD5
Group Description: Group 2
Payload Nonce
Next Payload: Key Exchange
Reserved: 00
Payload Length: 24
Data:
1e 43 34 fa cc 9f 77 65 45 7c b6 18 2f 18 fd a9
86 e6 58 42
Payload Key Exchange
Next Payload: Identification
Reserved: 00
Payload Length: 132
Data:
3c 26 4c 94 68 33 4b 2d ce 37 4a d2 8c 62 ab 6b
e6 d4 d2 8a df 70 bc 67 62 ca 96 8c 3b 30 cd 58
54 55 71 0f 9e bc da 63 a9 68 86 fd ba 7a 13 f3
e9 51 e9 a4 13 b0 b0 20 45 cf 1f 36 1e 95 95 c9
dd 92 c9 cd 2b 33 2d 4b 7e bd ed d4 ec bf 54 b9
6e 13 7f 17 dc 28 61 5d 46 fe 1d ba 88 e5 ca 70
40 59 12 c1 0c 3a 51 7f ae 5f e2 95 73 bc c9 16
67 ce 38 82 e7 b3 1b 6a 39 05 46 71 b8 da c3 57
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 10.99.99.0/255.255.255.0
Payload Identification
Next Payload: Notification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 10.1.1.0/255.255.255.0
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
db 86 ce 3f 3a a9 e7 0a 6c 4d 2c ce 68 03 55 58
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE RECEIVED Message (msgid=56e5a41e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + KE (4) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 332
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing hash payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing SA payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing nonce payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing ke payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing ISA_KE for PFS in phase 2
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jun 20 16:29:42 [IKEv1 DECODE]: Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--10.99.99.0--255.255.255.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Received remote IP Proxy Subnet data in ID Payload: Address 10.99.99.0, Mask 255.255.255.0, Protocol 0, Port 0
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing ID payload
Jun 20 16:29:42 [IKEv1 DECODE]: Group = 1.1.1.2, IP = 1.1.1.2, ID_IPV4_ADDR_SUBNET ID received--10.1.1.0--255.255.255.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Received local IP Proxy Subnet data in ID Payload: Address 10.1.1.0, Mask 255.255.255.0, Protocol 0, Port 0
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, processing notify payload
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, QM IsRekeyed old sa not found by addr
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = vpntunnelmap, seq = 1...
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map = vpntunnelmap, seq = 1, ACL does not match proxy IDs src:10.99.99.0 dst:10.1.1.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = vpntunnelmap, seq = 2...
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map = vpntunnelmap, seq = 2, ACL does not match proxy IDs src:10.99.99.0 dst:10.1.1.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = vpntunnelmap, seq = 3...
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map = vpntunnelmap, seq = 3, ACL does not match proxy IDs src:10.99.99.0 dst:10.1.1.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = vpntunnelmap, seq = 35...
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map = vpntunnelmap, seq = 35, ACL does not match proxy IDs src:10.99.99.0 dst:10.1.1.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = vpntunnelmap, seq = 40...
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map = vpntunnelmap, seq = 40, ACL does not match proxy IDs src:10.99.99.0 dst:10.1.1.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, checking map = vpntunnelmap, seq = 41...
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Static Crypto Map check, map = vpntunnelmap, seq = 41, ACL does not match proxy IDs src:10.99.99.0 dst:10.1.1.0
Jun 20 16:29:42 [IKEv1]: Group = 1.1.1.2, IP = 1.1.1.2, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 10.99.99.0/255.255.255.0/0/0 local proxy 10.1.1.0/255.255.255.0/0/0 on interface thus
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, sending notify message
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, constructing blank hash payload
Jun 20 16:29:42 [IKEv1 DEBUG]: Group = 1.1.1.2, IP = 1.1.1.2, constructing qm hash payload
Jun 20 16:29:42 [IKEv1]: IP = 1.1.1.2, IKE_DECODE SENDING Message (msgid=7ecccf15) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 384
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
db 86 ce 3f 3a a9 e7 0a 6c 4d 2c ce 68 03 55
IKE Recv RAW packet dump -
Hostapd - client sees network but can't connect
I have a mobile phone Samsung S5230W with WiFi capability, and a laptop HP Compaq nx7400 with Broadcom BCM4311 wireless card. I'm trying to share an Internet connection between those two devices, but I can't because i receive 'authentication failed' message, even that the password is right -
##### hostapd configuration file ##############################################
# Empty lines and lines starting with # are ignored
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
interface=wlan0
# In case of madwifi, atheros, and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
# interface is included in a bridge. This parameter is not used with Host AP
# driver. If the bridge parameter is not set, the drivers will automatically
# figure out the bridge interface (assuming sysfs is enabled and mounted to
# /sys) and this parameter may not be needed.
# For nl80211, this parameter can be used to request the AP interface to be
# added to the bridge automatically (brctl may refuse to do this before hostapd
# has been started to change the interface mode). If needed, the bridge
# interface is also created.
bridge=br0
# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
driver=nl80211
# hostapd event logger configuration
# Two output method: syslog and stdout (only usable if not forking to
# background).
# Module bitfield (ORed bitfield of modules that will be logged; -1 = all
# modules):
# bit 0 (1) = IEEE 802.11
# bit 1 (2) = IEEE 802.1X
# bit 2 (4) = RADIUS
# bit 3 (8) = WPA
# bit 4 (16) = driver interface
# bit 5 (32) = IAPP
# bit 6 (64) = MLME
# Levels (minimum value for logged events):
# 0 = verbose debugging
# 1 = debugging
# 2 = informational messages
# 3 = notification
# 4 = warning
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
# Dump file for state information (on SIGUSR1)
dump_file=/tmp/hostapd.dump
# Interface for separate control program. If this is specified, hostapd
# will create this directory and a UNIX domain socket for listening to requests
# from external programs (CLI/GUI, etc.) for status information and
# configuration. The socket file will be named based on the interface name, so
# multiple hostapd processes/interfaces can be run at the same time if more
# than one interface is used.
# /var/run/hostapd is the recommended directory for sockets and by default,
# hostapd_cli will use it when trying to connect with hostapd.
ctrl_interface=/var/run/hostapd
# Access control for the control interface can be configured by setting the
# directory to allow only members of a group to use sockets. This way, it is
# possible to run hostapd as root (since it needs to change network
# configuration and open raw sockets) and still allow GUI/CLI components to be
# run as non-root users. However, since the control interface can be used to
# change the network configuration, this access needs to be protected in many
# cases. By default, hostapd is configured to use gid 0 (root). If you
# want to allow non-root users to use the contron interface, add a new group
# and change this value to match with that group. Add users that should have
# control interface access to this group.
# This variable can be a group name or gid.
#ctrl_interface_group=wheel
#ctrl_interface_group=0
##### IEEE 802.11 related configuration #######################################
# SSID to be used in IEEE 802.11 management frames
ssid=network
# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
#country_code=US
# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
# country_code setting must be configured with the correct country for
# IEEE 802.11d functions.
# (default: 0 = disabled)
#ieee80211d=0
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# Default: IEEE 802.11b
hw_mode=g
# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers (e.g., madwifi) do not use this value from
# hostapd and the channel will need to be configuration separately with
# iwconfig.
channel=1
# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100
# DTIM (delivery trafic information message) period (range 1..255):
# number of beacons between DTIMs (1 = every beacon includes DTIM element)
# (default: 2)
dtim_period=2
# Maximum number of stations allowed in station table. New stations will be
# rejected after the station table is full. IEEE 802.11 has a limit of 2007
# different association IDs, so this number should not be larger than that.
# (default: 2007)
max_num_sta=5
# RTS/CTS threshold; 2347 = disabled (default); range 0..2347
# If this field is not included in hostapd.conf, hostapd will not control
# RTS threshold and 'iwconfig wlan# rts <val>' can be used to set it.
rts_threshold=2347
# Fragmentation threshold; 2346 = disabled (default); range 256..2346
# If this field is not included in hostapd.conf, hostapd will not control
# fragmentation threshold and 'iwconfig wlan# frag <val>' can be used to set
# it.
fragm_threshold=2346
# Rate configuration
# Default is to enable all rates supported by the hardware. This configuration
# item allows this list be filtered so that only the listed rates will be left
# in the list. If the list is empty, all rates are used. This list can have
# entries that are not in the list of rates the hardware supports (such entries
# are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110.
# If this item is present, at least one rate have to be matching with the rates
# hardware supports.
# default: use the most common supported rate setting for the selected
# hw_mode (i.e., this line can be removed from configuration file in most
# cases)
supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
# Basic rate set configuration
# List of rates (in 100 kbps) that are included in the basic rate set.
# If this item is not included, usually reasonable default set is used.
#basic_rates=10 20
#basic_rates=10 20 55 110
#basic_rates=60 120 240
# Short Preamble
# This parameter can be used to enable optional use of short preamble for
# frames sent at 2 Mbps, 5.5 Mbps, and 11 Mbps to improve network performance.
# This applies only to IEEE 802.11b-compatible networks and this should only be
# enabled if the local hardware supports use of short preamble. If any of the
# associated STAs do not support short preamble, use of short preamble will be
# disabled (and enabled when such STAs disassociate) dynamically.
# 0 = do not allow use of short preamble (default)
# 1 = allow use of short preamble
#preamble=1
# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
# Accept/deny lists are read from separate files (containing list of
# MAC addresses, one per line). Use absolute path name to make sure that the
# files can be read on SIGHUP configuration reloads.
#accept_mac_file=/etc/hostapd/hostapd.accept
#deny_mac_file=/etc/hostapd/hostapd.deny
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
# should be used with IEEE 802.1X.
# Bit fields of allowed authentication algorithms:
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
auth_algs=1
# Send empty SSID in beacons and ignore probe request frames that do not
# specify full SSID, i.e., require stations to know SSID.
# default: disabled (0)
# 1 = send empty (length=0) SSID in beacon and ignore probe request for
# broadcast SSID
# 2 = clear SSID (ASCII 0), but keep the original length (this may be required
# with some clients that do not support empty SSID) and ignore probe
# requests for broadcast SSID
ignore_broadcast_ssid=0
# TX queue parameters (EDCF / bursting)
# default for all these fields: not set, use hardware defaults
# tx_queue_<queue name>_<param>
# queues: data0, data1, data2, data3, after_beacon, beacon
# (data0 is the highest priority queue)
# parameters:
# aifs: AIFS (default 2)
# cwmin: cwMin (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023)
# cwmax: cwMax (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023); cwMax >= cwMin
# burst: maximum length (in milliseconds with precision of up to 0.1 ms) for
# bursting
# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
# These parameters are used by the access point when transmitting frames
# to the clients.
# Low priority / AC_BK = background
#tx_queue_data3_aifs=7
#tx_queue_data3_cwmin=15
#tx_queue_data3_cwmax=1023
#tx_queue_data3_burst=0
# Note: for IEEE 802.11b mode: cWmin=31 cWmax=1023 burst=0
# Normal priority / AC_BE = best effort
#tx_queue_data2_aifs=3
#tx_queue_data2_cwmin=15
#tx_queue_data2_cwmax=63
#tx_queue_data2_burst=0
# Note: for IEEE 802.11b mode: cWmin=31 cWmax=127 burst=0
# High priority / AC_VI = video
#tx_queue_data1_aifs=1
#tx_queue_data1_cwmin=7
#tx_queue_data1_cwmax=15
#tx_queue_data1_burst=3.0
# Note: for IEEE 802.11b mode: cWmin=15 cWmax=31 burst=6.0
# Highest priority / AC_VO = voice
#tx_queue_data0_aifs=1
#tx_queue_data0_cwmin=3
#tx_queue_data0_cwmax=7
#tx_queue_data0_burst=1.5
# Note: for IEEE 802.11b mode: cWmin=7 cWmax=15 burst=3.3
# Special queues; normally not user configurable
#tx_queue_after_beacon_aifs=2
#tx_queue_after_beacon_cwmin=15
#tx_queue_after_beacon_cwmax=1023
#tx_queue_after_beacon_burst=0
#tx_queue_beacon_aifs=2
#tx_queue_beacon_cwmin=3
#tx_queue_beacon_cwmax=7
#tx_queue_beacon_burst=1.5
# 802.1D Tag (= UP) to AC mappings
# WMM specifies following mapping of data frames to different ACs. This mapping
# can be configured using Linux QoS/tc and sch_pktpri.o module.
# 802.1D Tag 802.1D Designation Access Category WMM Designation
# 1 BK AC_BK Background
# 2 - AC_BK Background
# 0 BE AC_BE Best Effort
# 3 EE AC_BE Best Effort
# 4 CL AC_VI Video
# 5 VI AC_VI Video
# 6 VO AC_VO Voice
# 7 NC AC_VO Voice
# Data frames with no priority information: AC_BE
# Management frames: AC_VO
# PS-Poll frames: AC_BE
# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
# for 802.11a or 802.11g networks
# These parameters are sent to WMM clients when they associate.
# The parameters will be used by WMM clients for frames transmitted to the
# access point.
# note - txop_limit is in units of 32microseconds
# note - acm is admission control mandatory flag. 0 = admission control not
# required, 1 = mandatory
# note - here cwMin and cmMax are in exponent form. the actual cw value used
# will be (2^n)-1 where n is the value given here
wmm_enabled=1
# WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]
# Enable this flag if U-APSD supported outside hostapd (eg., Firmware/driver)
#uapsd_advertisement_enabled=1
# Low priority / AC_BK = background
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
# Note: for IEEE 802.11b mode: cWmin=5 cWmax=10
# Normal priority / AC_BE = best effort
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
# Note: for IEEE 802.11b mode: cWmin=5 cWmax=7
# High priority / AC_VI = video
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
# Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188
# Highest priority / AC_VO = voice
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
# Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102
# Static WEP key configuration
# The key number to use when transmitting.
# It must be between 0 and 3, and the corresponding key must be set.
# default: not set
#wep_default_key=0
# The WEP keys to use.
# A key may be a quoted string or unquoted hexadecimal digits.
# The key length should be 5, 13, or 16 characters, or 10, 26, or 32
# digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or
# 128-bit (152-bit) WEP is used.
# Only the default key must be supplied; the others are optional.
# default: not set
#wep_key0=123456789a
#wep_key1="vwxyz"
#wep_key2=0102030405060708090a0b0c0d
#wep_key3=".2.4.6.8.0.23"
# Station inactivity limit
# If a station does not send anything in ap_max_inactivity seconds, an
# empty data frame is sent to it in order to verify whether it is
# still in range. If this frame is not ACKed, the station will be
# disassociated and then deauthenticated. This feature is used to
# clear station table of old entries when the STAs move out of the
# range.
# The station can associate again with the AP if it is still in range;
# this inactivity poll is just used as a nicer way of verifying
# inactivity; i.e., client will not report broken connection because
# disassociation frame is not sent immediately without first polling
# the STA with a data frame.
# default: 300 (i.e., 5 minutes)
#ap_max_inactivity=300
# Maximum allowed Listen Interval (how many Beacon periods STAs are allowed to
# remain asleep). Default: 65535 (no limit apart from field size)
#max_listen_interval=100
# WDS (4-address frame) mode with per-station virtual interfaces
# (only supported with driver=nl80211)
# This mode allows associated stations to use 4-address frames to allow layer 2
# bridging to be used.
#wds_sta=1
##### IEEE 802.11n related configuration ######################################
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full HT functionality.
ieee80211n=0
# ht_capab: HT capabilities (list of flags)
# LDPC coding capability: [LDPC] = supported
# Supported channel width set: [HT40-] = both 20 MHz and 40 MHz with secondary
# channel below the primary channel; [HT40+] = both 20 MHz and 40 MHz
# with secondary channel below the primary channel
# (20 MHz only if neither is set)
# Note: There are limits on which channels can be used with HT40- and
# HT40+. Following table shows the channels that may be available for
# HT40- and HT40+ use per IEEE 802.11n Annex J:
# freq HT40- HT40+
# 2.4 GHz 5-13 1-7 (1-9 in Europe/Japan)
# 5 GHz 40,48,56,64 36,44,52,60
# (depending on the location, not all of these channels may be available
# for use)
# Please note that 40 MHz channels may switch their primary and secondary
# channels if needed or creation of 40 MHz channel maybe rejected based
# on overlapping BSSes. These changes are done automatically when hostapd
# is setting up the 40 MHz channel.
# Spatial Multiplexing (SM) Power Save: [SMPS-STATIC] or [SMPS-DYNAMIC]
# (SMPS disabled if neither is set)
# HT-greenfield: [GF] (disabled if not set)
# Short GI for 20 MHz: [SHORT-GI-20] (disabled if not set)
# Short GI for 40 MHz: [SHORT-GI-40] (disabled if not set)
# Tx STBC: [TX-STBC] (disabled if not set)
# Rx STBC: [RX-STBC1] (one spatial stream), [RX-STBC12] (one or two spatial
# streams), or [RX-STBC123] (one, two, or three spatial streams); Rx STBC
# disabled if none of these set
# HT-delayed Block Ack: [DELAYED-BA] (disabled if not set)
# Maximum A-MSDU length: [MAX-AMSDU-7935] for 7935 octets (3839 octets if not
# set)
# DSSS/CCK Mode in 40 MHz: [DSSS_CCK-40] = allowed (not allowed if not set)
# PSMP support: [PSMP] (disabled if not set)
# L-SIG TXOP protection support: [LSIG-TXOP-PROT] (disabled if not set)
#ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40]
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
ieee8021x=0
# IEEE 802.1X/EAPOL version
# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
# version 2. However, there are many client implementations that do not handle
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
#eapol_version=2
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
# separate network info (comma separated list of attribute=value pairs); see,
# e.g., RFC 4284.
#eap_message=hello
#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com
# WEP rekeying (disabled if key lengths are not set or are set to 0)
# Key lengths for default/broadcast and individual/unicast keys:
# 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits)
# 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits)
#wep_key_len_broadcast=5
#wep_key_len_unicast=5
# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
#wep_rekey_period=300
# EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if
# only broadcast keys are used)
eapol_key_index_workaround=0
# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
# reauthentication).
#eap_reauth_period=3600
# Use PAE group address (01:80:c2:00:00:03) instead of individual target
# address when sending EAPOL frames with driver=wired. This is the most common
# mechanism used in wired authentication, but it also requires that the port
# is only used by one station.
#use_pae_group_addr=1
##### Integrated EAP server ###################################################
# Optionally, hostapd can be configured to use an integrated EAP server
# to process EAP authentication locally without need for an external RADIUS
# server. This functionality can be used both as a local authentication server
# for IEEE 802.1X/EAPOL and as a RADIUS server for other devices.
# Use integrated EAP server instead of external RADIUS authentication
# server. This is also needed if hostapd is configured to act as a RADIUS
# authentication server.
eap_server=0
# Path for EAP server user database
#eap_user_file=/etc/hostapd/hostapd.eap_user
# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
#ca_cert=/etc/hostapd/hostapd.ca.pem
# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
#server_cert=/etc/hostapd/hostapd.server.pem
# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
#private_key=/etc/hostapd/hostapd.server.prv
# Passphrase for private key
#private_key_passwd=secret
# Enable CRL verification.
# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a
# valid CRL signed by the CA is required to be included in the ca_cert file.
# This can be done by using PEM format for CA certificate and CRL and
# concatenating these into one file. Whenever CRL changes, hostapd needs to be
# restarted to take the new CRL into use.
# 0 = do not verify CRLs (default)
# 1 = check the CRL of the user certificate
# 2 = check all CRLs in the certificate path
#check_crl=1
# dh_file: File path to DH/DSA parameters file (in PEM format)
# This is an optional configuration file for setting parameters for an
# ephemeral DH key exchange. In most cases, the default RSA authentication does
# not use this configuration. However, it is possible setup RSA to use
# ephemeral DH key exchange. In addition, ciphers with DSA keys always use
# ephemeral DH keys. This can be used to achieve forward secrecy. If the file
# is in DSA parameters format, it will be automatically converted into DH
# params. This parameter is required if anonymous EAP-FAST is used.
# You can generate DH parameters file with OpenSSL, e.g.,
# "openssl dhparam -out /etc/hostapd/hostapd.dh.pem 1024"
#dh_file=/etc/hostapd/hostapd.dh.pem
# Configuration data for EAP-SIM database/authentication gateway interface.
# This is a text string in implementation specific format. The example
# implementation in eap_sim_db.c uses this as the UNIX domain socket name for
# the HLR/AuC gateway (e.g., hlr_auc_gw). In this case, the path uses "unix:"
# prefix.
#eap_sim_db=unix:/tmp/hlr_auc_gw.sock
# Encryption key for EAP-FAST PAC-Opaque values. This key must be a secret,
# random value. It is configured as a 16-octet value in hex format. It can be
# generated, e.g., with the following command:
# od -tx1 -v -N16 /dev/random | colrm 1 8 | tr -d ' '
#pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f
# EAP-FAST authority identity (A-ID)
# A-ID indicates the identity of the authority that issues PACs. The A-ID
# should be unique across all issuing servers. In theory, this is a variable
# length field, but due to some existing implementations requiring A-ID to be
# 16 octets in length, it is strongly recommended to use that length for the
# field to provid interoperability with deployed peer implementations. This
# field is configured in hex format.
#eap_fast_a_id=101112131415161718191a1b1c1d1e1f
# EAP-FAST authority identifier information (A-ID-Info)
# This is a user-friendly name for the A-ID. For example, the enterprise name
# and server name in a human-readable format. This field is encoded as UTF-8.
#eap_fast_a_id_info=test server
# Enable/disable different EAP-FAST provisioning modes:
#0 = provisioning disabled
#1 = only anonymous provisioning allowed
#2 = only authenticated provisioning allowed
#3 = both provisioning modes allowed (default)
#eap_fast_prov=3
# EAP-FAST PAC-Key lifetime in seconds (hard limit)
#pac_key_lifetime=604800
# EAP-FAST PAC-Key refresh time in seconds (soft limit on remaining hard
# limit). The server will generate a new PAC-Key when this number of seconds
# (or fewer) of the lifetime remains.
#pac_key_refresh_time=86400
# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
# Trusted Network Connect (TNC)
# If enabled, TNC validation will be required before the peer is allowed to
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other
# EAP method is enabled, the peer will be allowed to connect without TNC.
#tnc=1
##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
# Interface to be used for IAPP broadcast packets
#iapp_interface=eth0
##### RADIUS client configuration #############################################
# for IEEE 802.1X with external Authentication Server, IEEE 802.11
# authentication with external ACL for MAC addresses, and accounting
# The own IP address of the access point (used as NAS-IP-Address)
own_ip_addr=127.0.0.1
# Optional NAS-Identifier string for RADIUS messages. When used, this should be
# a unique to the NAS within the scope of the RADIUS server. For example, a
# fully qualified domain name can be used here.
# When using IEEE 802.11r, nas_identifier must be set and must be between 1 and
# 48 octets long.
#nas_identifier=ap.example.com
# RADIUS authentication server
#auth_server_addr=127.0.0.1
#auth_server_port=1812
#auth_server_shared_secret=secret
# RADIUS accounting server
#acct_server_addr=127.0.0.1
#acct_server_port=1813
#acct_server_shared_secret=secret
# Secondary RADIUS servers; to be used if primary one does not reply to
# RADIUS packets. These are optional and there can be more than one secondary
# server listed.
#auth_server_addr=127.0.0.2
#auth_server_port=1812
#auth_server_shared_secret=secret2
#acct_server_addr=127.0.0.2
#acct_server_port=1813
#acct_server_shared_secret=secret2
# Retry interval for trying to return to the primary RADIUS server (in
# seconds). RADIUS client code will automatically try to use the next server
# when the current server is not replying to requests. If this interval is set,
# primary server will be retried after configured amount of time even if the
# currently used secondary server is still working.
#radius_retry_primary_interval=600
# Interim accounting update interval
# If this is set (larger than 0) and acct_server is configured, hostapd will
# send interim accounting updates every N seconds. Note: if set, this overrides
# possible Acct-Interim-Interval attribute in Access-Accept message. Thus, this
# value should not be configured in hostapd.conf, if RADIUS server is used to
# control the interim interval.
# This value should not be less 600 (10 minutes) and must not be less than
# 60 (1 minute).
#radius_acct_interim_interval=600
# Dynamic VLAN mode; allow RADIUS authentication server to decide which VLAN
# is used for the stations. This information is parsed from following RADIUS
# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN),
# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value
# VLANID as a string). vlan_file option below must be configured if dynamic
# VLANs are used. Optionally, the local MAC ACL list (accept_mac_file) can be
# used to set static client MAC address to VLAN ID mapping.
# 0 = disabled (default)
# 1 = option; use default interface if RADIUS server does not include VLAN ID
# 2 = required; reject authentication if RADIUS server does not include VLAN ID
#dynamic_vlan=0
# VLAN interface list for dynamic VLAN mode is read from a separate text file.
# This list is used to map VLAN ID from the RADIUS server to a network
# interface. Each station is bound to one interface in the same way as with
# multiple BSSIDs or SSIDs. Each line in this text file is defining a new
# interface and the line must include VLAN ID and interface name separated by
# white space (space or tab).
#vlan_file=/etc/hostapd/hostapd.vlan
# Interface where 802.1q tagged packets should appear when a RADIUS server is
# used to determine which VLAN a station is on. hostapd creates a bridge for
# each VLAN. Then hostapd adds a VLAN interface (associated with the interface
# indicated by 'vlan_tagged_interface') and the appropriate wireless interface
# to the bridge.
#vlan_tagged_interface=eth0
##### RADIUS authentication server configuration ##############################
# hostapd can be used as a RADIUS authentication server for other hosts. This
# requires that the integrated EAP server is also enabled and both
# authentication services are sharing the same configuration.
# File name of the RADIUS clients configuration for the RADIUS server. If this
# commented out, RADIUS server is disabled.
#radius_server_clients=/etc/hostapd/hostapd.radius_clients
# The UDP port number for the RADIUS authentication server
#radius_server_auth_port=1812
# Use IPv6 with RADIUS server (IPv4 will also be supported using IPv6 API)
#radius_server_ipv6=1
##### WPA/IEEE 802.11i configuration ##########################################
# Enable WPA. Setting this variable configures the AP to require WPA (either
# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
# RADIUS authentication server must be configured, and WPA-EAP must be included
# in wpa_key_mgmt.
# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
wpa=3
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
# (8..63 characters) that will be converted to PSK. This conversion uses SSID
# so the PSK changes when ASCII passphrase is used and the SSID is changed.
# wpa_psk (dot11RSNAConfigPSKValue)
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=---
wpa_passphrase=---
# Optionally, WPA PSKs can be read from a separate text file (containing list
# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.
# Use absolute path name to make sure that the files can be read on SIGHUP
# configuration reloads.
#wpa_psk_file=/etc/hostapd/hostapd.wpa_psk
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
wpa_key_mgmt=WPA-PSK
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
# Group cipher suite (encryption algorithm for broadcast and multicast frames)
# is automatically selected based on this configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
# TKIP will be used as the group cipher.
# (dot11RSNAConfigPairwiseCiphersTable)
# Pairwise cipher for WPA (v1) (default: TKIP)
wpa_pairwise=CCMP
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
rsn_pairwise=CCMP
# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
# seconds. (dot11RSNAConfigGroupRekeyTime)
wpa_group_rekey=600
# Rekey GTK when any STA that possesses the current GTK is leaving the BSS.
# (dot11RSNAConfigGroupRekeyStrict)
#wpa_strict_rekey=1
# Time interval for rekeying GMK (master key used internally to generate GTKs
# (in seconds).
wpa_gmk_rekey=86400
# Maximum lifetime for PTK in seconds. This can be used to enforce rekeying of
# PTK to mitigate some attacks against TKIP deficiencies.
#wpa_ptk_rekey=600
# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
# authentication and key handshake before actually associating with a new AP.
# (dot11RSNAPreauthenticationEnabled)
rsn_preauth=1
# Space separated list of interfaces from which pre-authentication frames are
# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all
# interface that are used for connections to other APs. This could include
# wired interfaces and WDS links. The normal wireless data interface towards
# associated stations (e.g., wlan0) should not be added, since
# pre-authentication is only used with APs other than the currently associated
# one.
#rsn_preauth_interfaces=eth0
# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is
# allowed. This is only used with RSN/WPA2.
# 0 = disabled (default)
# 1 = enabled
#peerkey=1
# ieee80211w: Whether management frame protection (MFP) is enabled
# 0 = disabled (default)
# 1 = optional
# 2 = required
#ieee80211w=0
# Association SA Query maximum timeout (in TU = 1.024 ms; for MFP)
# (maximum time to wait for a SA Query response)
# dot11AssociationSAQueryMaximumTimeout, 1...4294967295
#assoc_sa_query_max_timeout=1000
# Association SA Query retry timeout (in TU = 1.024 ms; for MFP)
# (time between two subsequent SA Query requests)
# dot11AssociationSAQueryRetryTimeout, 1...4294967295
#assoc_sa_query_retry_timeout=201
# okc: Opportunistic Key Caching (aka Proactive Key Caching)
# Allow PMK cache to be shared opportunistically among configured interfaces
# and BSSes (i.e., all configurations within a single hostapd process).
# 0 = disabled (default)
# 1 = enabled
#okc=1
##### IEEE 802.11r configuration ##############################################
# Mobility Domain identifier (dot11FTMobilityDomainID, MDID)
# MDID is used to indicate a group of APs (within an ESS, i.e., sharing the
# same SSID) between which a STA can use Fast BSS Transition.
# 2-octet identifier as a hex string.
#mobility_domain=a1b2
# PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID)
# 1 to 48 octet identifier.
# This is configured with nas_identifier (see RADIUS client section above).
# Default lifetime of the PMK-RO in minutes; range 1..65535
# (dot11FTR0KeyLifetime)
#r0_key_lifetime=10000
# PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
# 6-octet identifier as a hex string.
#r1_key_holder=000102030405
# Reassociation deadline in time units (TUs / 1.024 ms; range 1000..65535)
# (dot11FTReassociationDeadline)
#reassociation_deadline=1000
# List of R0KHs in the same Mobility Domain
# format: <MAC address> <NAS Identifier> <128-bit key as hex string>
# This list is used to map R0KH-ID (NAS Identifier) to a destination MAC
# address when requesting PMK-R1 key from the R0KH that the STA used during the
# Initial Mobility Domain Association.
#r0kh=02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f
#r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445566778899aabbccddeeff
# And so on.. One line per R0KH.
# List of R1KHs in the same Mobility Domain
# format: <MAC address> <R1KH-ID> <128-bit key as hex string>
# This list is used to map R1KH-ID to a destination MAC address when sending
# PMK-R1 key from the R0KH. This is also the list of authorized R1KHs in the MD
# that can request PMK-R1 keys.
#r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f
#r1kh=02:01:02:03:04:06 02:11:22:33:44:66 00112233445566778899aabbccddeeff
# And so on.. One line per R1KH.
# Whether PMK-R1 push is enabled at R0KH
# 0 = do not push PMK-R1 to all configured R1KHs (default)
# 1 = push PMK-R1 to all configured R1KHs whenever a new PMK-R0 is derived
#pmk_r1_push=1
##### Neighbor table ##########################################################
# Maximum number of entries kept in AP table (either for neigbor table or for
# detecting Overlapping Legacy BSS Condition). The oldest entry will be
# removed when adding a new entry that would make the list grow over this
# limit. Note! WFA certification for IEEE 802.11g requires that OLBC is
# enabled, so this field should not be set to 0 when using IEEE 802.11g.
# default: 255
#ap_table_max_size=255
# Number of seconds of no frames received after which entries may be deleted
# from the AP table. Since passive scanning is not usually performed frequently
# this should not be set to very small value. In addition, there is no
# guarantee that every scan cycle will receive beacon frames from the
# neighboring APs.
# default: 60
#ap_table_expiration_time=3600
##### Wi-Fi Protected Setup (WPS) #############################################
# WPS state
# 0 = WPS disabled (default)
# 1 = WPS enabled, not configured
# 2 = WPS enabled, configured
#wps_state=0
# AP can be configured into a locked state where new WPS Registrar are not
# accepted, but previously authorized Registrars (including the internal one)
# can continue to add new Enrollees.
#ap_setup_locked=1
# Universally Unique IDentifier (UUID; see RFC 4122) of the device
# This value is used as the UUID for the internal WPS Registrar. If the AP
# is also using UPnP, this value should be set to the device's UPnP UUID.
# If not configured, UUID will be generated based on the local MAC address.
#uuid=12345678-9abc-def0-1234-56789abcdef0
# Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs
# that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the
# default PSK (wpa_psk/wpa_passphrase) will be delivered to Enrollees. Use of
# per-device PSKs is recommended as the more secure option (i.e., make sure to
# set wpa_psk_file when using WPS with WPA-PSK).
# When an Enrollee requests access to the network with PIN method, the Enrollee
# PIN will need to be entered for the Registrar. PIN request notifications are
# sent to hostapd ctrl_iface monitor. In addition, they can be written to a
# text file that could be used, e.g., to populate the AP administration UI with
# pending PIN requests. If the following variable is set, the PIN requests will
# be written to the configured file.
#wps_pin_requests=/var/run/hostapd_wps_pin_requests
# Device Name
# User-friendly description of device; up to 32 octets encoded in UTF-8
#device_name=Wireless AP
# Manufacturer
# The manufacturer of the device (up to 64 ASCII characters)
#manufacturer=Company
# Model Name
# Model of the device (up to 32 ASCII characters)
#model_name=WAP
# Model Number
# Additional device description (up to 32 ASCII characters)
#model_number=123
# Serial Number
# Serial number of the device (up to 32 characters)
#serial_number=12345
# Primary Device Type
# Used format: <categ>-<OUI>-<subcateg>
# categ = Category as an integer value
# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for
# default WPS OUI
# subcateg = OUI-specific Sub Category as an integer value
# Examples:
# 1-0050F204-1 (Computer / PC)
# 1-0050F204-2 (Computer / Server)
# 5-0050F204-1 (Storage / NAS)
# 6-0050F204-1 (Network Infrastructure / AP)
#device_type=6-0050F204-1
# OS Version
# 4-octet operating system version number (hex string)
#os_version=01020300
# Config Methods
# List of the supported configuration methods
# Available methods: usba ethernet label display ext_nfc_token int_nfc_token
# nfc_interface push_button keypad
#config_methods=label display push_button keypad
# Static access point PIN for initial configuration and adding Registrars
# If not set, hostapd will not allow external WPS Registrars to control the
# access point. The AP PIN can also be set at runtime with hostapd_cli
# wps_ap_pin command. Use of temporary (enabled by user action) and random
# AP PIN is much more secure than configuring a static AP PIN here. As such,
# use of the ap_pin parameter is not recommended if the AP device has means for
# displaying a random PIN.
#ap_pin=12345670
# Skip building of automatic WPS credential
# This can be used to allow the automatically generated Credential attribute to
# be replaced with pre-configured Credential(s).
#skip_cred_build=1
# Additional Credential attribute(s)
# This option can be used to add pre-configured Credential attributes into M8
# message when acting as a Registrar. If skip_cred_build=1, this data will also
# be able to override the Credential attribute that would have otherwise been
# automatically generated based on network configuration. This configuration
# option points to an external file that much contain the WPS Credential
# attribute(s) as binary data.
#extra_cred=hostapd.cred
# Credential processing
# 0 = process received credentials internally (default)
# 1 = do not process received credentials; just pass them over ctrl_iface to
# external program(s)
# 2 = process received credentials internally and pass them over ctrl_iface
# to external program(s)
# Note: With wps_cred_processing=1, skip_cred_build should be set to 1 and
# extra_cred be used to provide the Credential data for Enrollees.
# wps_cred_processing=1 will disabled automatic updates of hostapd.conf file
# both for Credential processing and for marking AP Setup Locked based on
# validation failures of AP PIN. An external program is responsible on updating
# the configuration appropriately in this case.
#wps_cred_processing=0
# AP Settings Attributes for M7
# By default, hostapd generates the AP Settings Attributes for M7 based on the
# current configuration. It is possible to override this by providing a file
# with pre-configured attributes. This is similar to extra_cred file format,
# but the AP Settings attributes are not encapsulated in a Credential
# attribute.
#ap_settings=hostapd.ap_settings
# WPS UPnP interface
# If set, support for external Registrars is enabled.
#upnp_iface=br0
# Friendly Name (required for UPnP)
# Short description for end use. Should be less than 64 characters.
#friendly_name=WPS Access Point
# Manufacturer URL (optional for UPnP)
#manufacturer_url=http://www.example.com/
# Model Description (recommended for UPnP)
# Long description for end user. Should be less than 128 characters.
#model_description=Wireless Access Point
# Model URL (optional for UPnP)
#model_url=http://www.example.com/model/
# Universal Product Code (optional for UPnP)
# 12-digit, all-numeric code that identifies the consumer package.
#upc=123456789012
##### Multiple BSSID support ##################################################
# Above configuration is using the default interface (wlan#, or multi-SSID VLAN
# interfaces). Other BSSIDs can be added by using separator 'bss' with
# default interface name to be allocated for the data packets of the new BSS.
# hostapd will generate BSSID mask based on the BSSIDs that are
# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is
# not the case, the MAC address of the radio must be changed before starting
# hostapd (ifconfig wlan0 hw ether <MAC addr>). If a BSSID is configured for
# every secondary BSS, this limitation is not applied at hostapd and other
# masks may be used if the driver supports them (e.g., swap the locally
# administered bit)
# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is
# specified using the 'bssid' parameter.
# If an explicit BSSID is specified, it must be chosen such that it:
# - results in a valid MASK that covers it and the dev_addr
# - is not the same as the MAC address of the radio
# - is not the same as any other explicitly specified BSSID
# Please note that hostapd uses some of the values configured for the first BSS
# as the defaults for the following BSSes. However, it is recommended that all
# BSSes include explicit configuration of all relevant configuration items.
#bss=wlan0_0
#ssid=test2
# most of the above items can be used here (apart from radio interface specific
# items, like channel)
#bss=wlan0_1
#bssid=00:13:10:95:fe:0b
I tried to access this network through the other device - same problem. What's the problem? Thanks in advance.Retracting the question...no one seems to know.
LarryMcJ -
How can I get a list of BSSIDs without using netsh?
I'm looking for an object that would have contents similar to the output of
netsh wlan show networks mode=bssid
I don't want to use unreliable parsing of text output, so using netsh is out. The WMI interface that worked in windows xp doesn't work now. There's an API, but there is no NET interface so it's pretty difficult to work with in powershell.
I know of a couple of adapters, but I'd like to keep this contained in one script. I don't think I could find or write a type for the API that I could invoke in powershell.
Is there anything else I'm missing?Oh, sorry, you have said that you don't want to use netsh.
I will involve someone familiar with this to further look at this issue. Hope there is a way for you to use without the usage of netsh.
There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Regards,
Yan Li
Cataleya Li
TechNet Community Support
Thanks, but I think I got it all figured out. I used the C# code from the managed wifi api project (http://managedwifi.codeplex.com/) though it needed a little tweaking - had to get everything in one
namespace so powershell could easily consume it without external files. Had to do a little manual type conversion with the output because yay unmanaged and untyped API output. This still needs some tweaking to present it better, but this will do
the basics.
Note that this is two parts. String all the code from this post and the next into one ps1.
$NativeWifiCode = @'
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Net.NetworkInformation;
using System.Threading;
using System.Text;
using System.Diagnostics;
namespace NativeWifi
/// <summary>
/// Represents a client to the Zeroconf (Native Wifi) service.
/// </summary>
/// <remarks>
/// This class is the entrypoint to Native Wifi management. To manage WiFi settings, create an instance
/// of this class.
/// </remarks>
public static class Wlan
#region P/Invoke API
/// <summary>
/// Defines various opcodes used to set and query parameters for an interface.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>WLAN_INTF_OPCODE</c> type.
/// </remarks>
public enum WlanIntfOpcode
/// <summary>
/// Opcode used to set or query whether auto config is enabled.
/// </summary>
AutoconfEnabled = 1,
/// <summary>
/// Opcode used to set or query whether background scan is enabled.
/// </summary>
BackgroundScanEnabled,
/// <summary>
/// Opcode used to set or query the media streaming mode of the driver.
/// </summary>
MediaStreamingMode,
/// <summary>
/// Opcode used to set or query the radio state.
/// </summary>
RadioState,
/// <summary>
/// Opcode used to set or query the BSS type of the interface.
/// </summary>
BssType,
/// <summary>
/// Opcode used to query the state of the interface.
/// </summary>
InterfaceState,
/// <summary>
/// Opcode used to query information about the current connection of the interface.
/// </summary>
CurrentConnection,
/// <summary>
/// Opcose used to query the current channel on which the wireless interface is operating.
/// </summary>
ChannelNumber,
/// <summary>
/// Opcode used to query the supported auth/cipher pairs for infrastructure mode.
/// </summary>
SupportedInfrastructureAuthCipherPairs,
/// <summary>
/// Opcode used to query the supported auth/cipher pairs for ad hoc mode.
/// </summary>
SupportedAdhocAuthCipherPairs,
/// <summary>
/// Opcode used to query the list of supported country or region strings.
/// </summary>
SupportedCountryOrRegionStringList,
/// <summary>
/// Opcode used to set or query the current operation mode of the wireless interface.
/// </summary>
CurrentOperationMode,
/// <summary>
/// Opcode used to query driver statistics.
/// </summary>
Statistics = 0x10000101,
/// <summary>
/// Opcode used to query the received signal strength.
/// </summary>
RSSI,
SecurityStart = 0x20010000,
SecurityEnd = 0x2fffffff,
IhvStart = 0x30000000,
IhvEnd = 0x3fffffff
/// <summary>
/// Specifies the origin of automatic configuration (auto config) settings.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>WLAN_OPCODE_VALUE_TYPE</c> type.
/// </remarks>
public enum WlanOpcodeValueType
/// <summary>
/// The auto config settings were queried, but the origin of the settings was not determined.
/// </summary>
QueryOnly = 0,
/// <summary>
/// The auto config settings were set by group policy.
/// </summary>
SetByGroupPolicy = 1,
/// <summary>
/// The auto config settings were set by the user.
/// </summary>
SetByUser = 2,
/// <summary>
/// The auto config settings are invalid.
/// </summary>
Invalid = 3
public const uint WLAN_CLIENT_VERSION_XP_SP2 = 1;
public const uint WLAN_CLIENT_VERSION_LONGHORN = 2;
[DllImport("wlanapi.dll")]
public static extern int WlanOpenHandle(
[In] UInt32 clientVersion,
[In, Out] IntPtr pReserved,
[Out] out UInt32 negotiatedVersion,
[Out] out IntPtr clientHandle);
[DllImport("wlanapi.dll")]
public static extern int WlanCloseHandle(
[In] IntPtr clientHandle,
[In, Out] IntPtr pReserved);
[DllImport("wlanapi.dll")]
public static extern int WlanEnumInterfaces(
[In] IntPtr clientHandle,
[In, Out] IntPtr pReserved,
[Out] out IntPtr ppInterfaceList);
[DllImport("wlanapi.dll")]
public static extern int WlanQueryInterface(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] WlanIntfOpcode opCode,
[In, Out] IntPtr pReserved,
[Out] out int dataSize,
[Out] out IntPtr ppData,
[Out] out WlanOpcodeValueType wlanOpcodeValueType);
[DllImport("wlanapi.dll")]
public static extern int WlanSetInterface(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] WlanIntfOpcode opCode,
[In] uint dataSize,
[In] IntPtr pData,
[In, Out] IntPtr pReserved);
/// <param name="pDot11Ssid">Not supported on Windows XP SP2: must be a <c>null</c> reference.</param>
/// <param name="pIeData">Not supported on Windows XP SP2: must be a <c>null</c> reference.</param>
[DllImport("wlanapi.dll")]
public static extern int WlanScan(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] IntPtr pDot11Ssid,
[In] IntPtr pIeData,
[In, Out] IntPtr pReserved);
/// <summary>
/// Defines flags passed to <see cref="WlanGetAvailableNetworkList"/>.
/// </summary>
[Flags]
public enum WlanGetAvailableNetworkFlags
/// <summary>
/// Include all ad-hoc network profiles in the available network list, including profiles that are not visible.
/// </summary>
IncludeAllAdhocProfiles = 0x00000001,
/// <summary>
/// Include all hidden network profiles in the available network list, including profiles that are not visible.
/// </summary>
IncludeAllManualHiddenProfiles = 0x00000002
/// <summary>
/// The header of an array of information about available networks.
/// </summary>
[StructLayout(LayoutKind.Sequential)]
internal struct WlanAvailableNetworkListHeader
/// <summary>
/// Contains the number of <see cref="WlanAvailableNetwork"/> items following the header.
/// </summary>
public uint numberOfItems;
/// <summary>
/// The index of the current item. The index of the first item is 0.
/// </summary>
public uint index;
/// <summary>
/// Defines the flags which specify characteristics of an available network.
/// </summary>
[Flags]
public enum WlanAvailableNetworkFlags
/// <summary>
/// This network is currently connected.
/// </summary>
Connected = 0x00000001,
/// <summary>
/// There is a profile for this network.
/// </summary>
HasProfile = 0x00000002
/// <summary>
/// Contains information about an available wireless network.
/// </summary>
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
public struct WlanAvailableNetwork
/// <summary>
/// Contains the profile name associated with the network.
/// If the network doesn't have a profile, this member will be empty.
/// If multiple profiles are associated with the network, there will be multiple entries with the same SSID in the visible network list. Profile names are case-sensitive.
/// </summary>
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 256)]
public string profileName;
/// <summary>
/// Contains the SSID of the visible wireless network.
/// </summary>
public Dot11Ssid dot11Ssid;
/// <summary>
/// Specifies whether the network is an infrastructure or an ad-hoc one.
/// </summary>
public Dot11BssType dot11BssType;
/// <summary>
/// Indicates the number of BSSIDs in the network.
/// </summary>
public uint numberOfBssids;
/// <summary>
/// Indicates whether the network is connectable.
/// </summary>
public bool networkConnectable;
/// <summary>
/// Indicates why a network cannot be connected to. This member is only valid when <see cref="networkConnectable"/> is <c>false</c>.
/// </summary>
public WlanReasonCode wlanNotConnectableReason;
/// <summary>
/// The number of PHY types supported on available networks.
/// The maximum value of this field is 8. If more than 8 PHY types are supported, <see cref="morePhyTypes"/> must be set to <c>true</c>.
/// </summary>
private uint numberOfPhyTypes;
/// <summary>
/// Contains an array of <see cref="Dot11PhyType"/> values that represent the PHY types supported by the available networks.
/// When <see cref="numberOfPhyTypes"/> is greater than 8, this array contains only the first 8 PHY types.
/// </summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
private Dot11PhyType[] dot11PhyTypes;
/// <summary>
/// Gets the <see cref="Dot11PhyType"/> values that represent the PHY types supported by the available networks.
/// </summary>
public Dot11PhyType[] Dot11PhyTypes
get
Dot11PhyType[] ret = new Dot11PhyType[numberOfPhyTypes];
Array.Copy(dot11PhyTypes, ret, numberOfPhyTypes);
return ret;
/// <summary>
/// Specifies if there are more than 8 PHY types supported.
/// When this member is set to <c>true</c>, an application must call <see cref="WlanClient.WlanInterface.GetNetworkBssList"/> to get the complete list of PHY types.
/// <see cref="WlanBssEntry.phyId"/> contains the PHY type for an entry.
/// </summary>
public bool morePhyTypes;
/// <summary>
/// A percentage value that represents the signal quality of the network.
/// This field contains a value between 0 and 100.
/// A value of 0 implies an actual RSSI signal strength of -100 dbm.
/// A value of 100 implies an actual RSSI signal strength of -50 dbm.
/// You can calculate the RSSI signal strength value for values between 1 and 99 using linear interpolation.
/// </summary>
public uint wlanSignalQuality;
/// <summary>
/// Indicates whether security is enabled on the network.
/// </summary>
public bool securityEnabled;
/// <summary>
/// Indicates the default authentication algorithm used to join this network for the first time.
/// </summary>
public Dot11AuthAlgorithm dot11DefaultAuthAlgorithm;
/// <summary>
/// Indicates the default cipher algorithm to be used when joining this network.
/// </summary>
public Dot11CipherAlgorithm dot11DefaultCipherAlgorithm;
/// <summary>
/// Contains various flags specifying characteristics of the available network.
/// </summary>
public WlanAvailableNetworkFlags flags;
/// <summary>
/// Reserved for future use. Must be set to NULL.
/// </summary>
uint reserved;
[DllImport("wlanapi.dll")]
public static extern int WlanGetAvailableNetworkList(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] WlanGetAvailableNetworkFlags flags,
[In, Out] IntPtr reservedPtr,
[Out] out IntPtr availableNetworkListPtr);
[Flags]
public enum WlanProfileFlags
/// <remarks>
/// The only option available on Windows XP SP2.
/// </remarks>
AllUser = 0,
GroupPolicy = 1,
User = 2
[DllImport("wlanapi.dll")]
public static extern int WlanSetProfile(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] WlanProfileFlags flags,
[In, MarshalAs(UnmanagedType.LPWStr)] string profileXml,
[In, Optional, MarshalAs(UnmanagedType.LPWStr)] string allUserProfileSecurity,
[In] bool overwrite,
[In] IntPtr pReserved,
[Out] out WlanReasonCode reasonCode);
/// <summary>
/// Defines the access mask of an all-user profile.
/// </summary>
[Flags]
public enum WlanAccess
/// <summary>
/// The user can view profile permissions.
/// </summary>
ReadAccess = 0x00020000 | 0x0001,
/// <summary>
/// The user has read access, and the user can also connect to and disconnect from a network using the profile.
/// </summary>
ExecuteAccess = ReadAccess | 0x0020,
/// <summary>
/// The user has execute access and the user can also modify and delete permissions associated with a profile.
/// </summary>
WriteAccess = ReadAccess | ExecuteAccess | 0x0002 | 0x00010000 | 0x00040000
/// <param name="flags">Not supported on Windows XP SP2: must be a <c>null</c> reference.</param>
[DllImport("wlanapi.dll")]
public static extern int WlanGetProfile(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In, MarshalAs(UnmanagedType.LPWStr)] string profileName,
[In] IntPtr pReserved,
[Out] out IntPtr profileXml,
[Out, Optional] out WlanProfileFlags flags,
[Out, Optional] out WlanAccess grantedAccess);
[DllImport("wlanapi.dll")]
public static extern int WlanGetProfileList(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] IntPtr pReserved,
[Out] out IntPtr profileList
[DllImport("wlanapi.dll")]
public static extern void WlanFreeMemory(IntPtr pMemory);
[DllImport("wlanapi.dll")]
public static extern int WlanReasonCodeToString(
[In] WlanReasonCode reasonCode,
[In] int bufferSize,
[In, Out] StringBuilder stringBuffer,
IntPtr pReserved
/// <summary>
/// Defines the mask which specifies where a notification comes from.
/// </summary>
[Flags]
public enum WlanNotificationSource
None = 0,
/// <summary>
/// All notifications, including those generated by the 802.1X module.
/// </summary>
All = 0X0000FFFF,
/// <summary>
/// Notifications generated by the auto configuration module.
/// </summary>
ACM = 0X00000008,
/// <summary>
/// Notifications generated by MSM.
/// </summary>
MSM = 0X00000010,
/// <summary>
/// Notifications generated by the security module.
/// </summary>
Security = 0X00000020,
/// <summary>
/// Notifications generated by independent hardware vendors (IHV).
/// </summary>
IHV = 0X00000040
/// <summary>
/// Defines the types of ACM (<see cref="WlanNotificationSource.ACM"/>) notifications.
/// </summary>
/// <remarks>
/// The enumeration identifiers correspond to the native <c>wlan_notification_acm_</c> identifiers.
/// On Windows XP SP2, only the <c>ConnectionComplete</c> and <c>Disconnected</c> notifications are available.
/// </remarks>
public enum WlanNotificationCodeAcm
AutoconfEnabled = 1,
AutoconfDisabled,
BackgroundScanEnabled,
BackgroundScanDisabled,
BssTypeChange,
PowerSettingChange,
ScanComplete,
ScanFail,
ConnectionStart,
ConnectionComplete,
ConnectionAttemptFail,
FilterListChange,
InterfaceArrival,
InterfaceRemoval,
ProfileChange,
ProfileNameChange,
ProfilesExhausted,
NetworkNotAvailable,
NetworkAvailable,
Disconnecting,
Disconnected,
AdhocNetworkStateChange
/// <summary>
/// Defines the types of an MSM (<see cref="WlanNotificationSource.MSM"/>) notifications.
/// </summary>
/// <remarks>
/// The enumeration identifiers correspond to the native <c>wlan_notification_msm_</c> identifiers.
/// </remarks>
public enum WlanNotificationCodeMsm
Associating = 1,
Associated,
Authenticating,
Connected,
RoamingStart,
RoamingEnd,
RadioStateChange,
SignalQualityChange,
Disassociating,
Disconnected,
PeerJoin,
PeerLeave,
AdapterRemoval,
AdapterOperationModeChange
/// <summary>
/// Contains information provided when registering for WLAN notifications.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>WLAN_NOTIFICATION_DATA</c> type.
/// </remarks>
[StructLayout(LayoutKind.Sequential)]
public struct WlanNotificationData
/// <summary>
/// Specifies where the notification comes from.
/// </summary>
/// <remarks>
/// On Windows XP SP2, this field must be set to <see cref="WlanNotificationSource.None"/>, <see cref="WlanNotificationSource.All"/> or <see cref="WlanNotificationSource.ACM"/>.
/// </remarks>
public WlanNotificationSource notificationSource;
/// <summary>
/// Indicates the type of notification. The value of this field indicates what type of associated data will be present in <see cref="dataPtr"/>.
/// </summary>
public int notificationCode;
/// <summary>
/// Indicates which interface the notification is for.
/// </summary>
public Guid interfaceGuid;
/// <summary>
/// Specifies the size of <see cref="dataPtr"/>, in bytes.
/// </summary>
public int dataSize;
/// <summary>
/// Pointer to additional data needed for the notification, as indicated by <see cref="notificationCode"/>.
/// </summary>
public IntPtr dataPtr;
/// <summary>
/// Gets the notification code (in the correct enumeration type) according to the notification source.
/// </summary>
public object NotificationCode
get
switch (notificationSource)
case WlanNotificationSource.MSM:
return (WlanNotificationCodeMsm)notificationCode;
case WlanNotificationSource.ACM:
return (WlanNotificationCodeAcm)notificationCode;
default:
return notificationCode;
/// <summary>
/// Defines the callback function which accepts WLAN notifications.
/// </summary>
public delegate void WlanNotificationCallbackDelegate(ref WlanNotificationData notificationData, IntPtr context);
[DllImport("wlanapi.dll")]
public static extern int WlanRegisterNotification(
[In] IntPtr clientHandle,
[In] WlanNotificationSource notifSource,
[In] bool ignoreDuplicate,
[In] WlanNotificationCallbackDelegate funcCallback,
[In] IntPtr callbackContext,
[In] IntPtr reserved,
[Out] out WlanNotificationSource prevNotifSource);
/// <summary>
/// Defines flags which affect connecting to a WLAN network.
/// </summary>
[Flags]
public enum WlanConnectionFlags
/// <summary>
/// Connect to the destination network even if the destination is a hidden network. A hidden network does not broadcast its SSID. Do not use this flag if the destination network is an ad-hoc network.
/// <para>If the profile specified by <see cref="WlanConnectionParameters.profile"/> is not <c>null</c>, then this flag is ignored and the nonBroadcast profile element determines whether to connect to a hidden network.</para>
/// </summary>
HiddenNetwork = 0x00000001,
/// <summary>
/// Do not form an ad-hoc network. Only join an ad-hoc network if the network already exists. Do not use this flag if the destination network is an infrastructure network.
/// </summary>
AdhocJoinOnly = 0x00000002,
/// <summary>
/// Ignore the privacy bit when connecting to the network. Ignoring the privacy bit has the effect of ignoring whether packets are encryption and ignoring the method of encryption used. Only use this flag when connecting to an infrastructure network using a temporary profile.
/// </summary>
IgnorePrivacyBit = 0x00000004,
/// <summary>
/// Exempt EAPOL traffic from encryption and decryption. This flag is used when an application must send EAPOL traffic over an infrastructure network that uses Open authentication and WEP encryption. This flag must not be used to connect to networks that require 802.1X authentication. This flag is only valid when <see cref="WlanConnectionParameters.wlanConnectionMode"/> is set to <see cref="WlanConnectionMode.TemporaryProfile"/>. Avoid using this flag whenever possible.
/// </summary>
EapolPassthrough = 0x00000008
/// <summary>
/// Specifies the parameters used when using the <see cref="WlanConnect"/> function.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>WLAN_CONNECTION_PARAMETERS</c> type.
/// </remarks>
[StructLayout(LayoutKind.Sequential)]
public struct WlanConnectionParameters
/// <summary>
/// Specifies the mode of connection.
/// </summary>
public WlanConnectionMode wlanConnectionMode;
/// <summary>
/// Specifies the profile being used for the connection.
/// The contents of the field depend on the <see cref="wlanConnectionMode"/>:
/// <list type="table">
/// <listheader>
/// <term>Value of <see cref="wlanConnectionMode"/></term>
/// <description>Contents of the profile string</description>
/// </listheader>
/// <item>
/// <term><see cref="WlanConnectionMode.Profile"/></term>
/// <description>The name of the profile used for the connection.</description>
/// </item>
/// <item>
/// <term><see cref="WlanConnectionMode.TemporaryProfile"/></term>
/// <description>The XML representation of the profile used for the connection.</description>
/// </item>
/// <item>
/// <term><see cref="WlanConnectionMode.DiscoverySecure"/>, <see cref="WlanConnectionMode.DiscoveryUnsecure"/> or <see cref="WlanConnectionMode.Auto"/></term>
/// <description><c>null</c></description>
/// </item>
/// </list>
/// </summary>
[MarshalAs(UnmanagedType.LPWStr)]
public string profile;
/// <summary>
/// Pointer to a <see cref="Dot11Ssid"/> structure that specifies the SSID of the network to connect to.
/// This field is optional. When set to <c>null</c>, all SSIDs in the profile will be tried.
/// This field must not be <c>null</c> if <see cref="wlanConnectionMode"/> is set to <see cref="WlanConnectionMode.DiscoverySecure"/> or <see cref="WlanConnectionMode.DiscoveryUnsecure"/>.
/// </summary>
public IntPtr dot11SsidPtr;
/// <summary>
/// Pointer to a <c>Dot11BssidList</c> structure that contains the list of basic service set (BSS) identifiers desired for the connection.
/// </summary>
/// <remarks>
/// On Windows XP SP2, must be set to <c>null</c>.
/// </remarks>
public IntPtr desiredBssidListPtr;
/// <summary>
/// A <see cref="Dot11BssType"/> value that indicates the BSS type of the network. If a profile is provided, this BSS type must be the same as the one in the profile.
/// </summary>
public Dot11BssType dot11BssType;
/// <summary>
/// Specifies ocnnection parameters.
/// </summary>
/// <remarks>
/// On Windows XP SP2, must be set to 0.
/// </remarks>
public WlanConnectionFlags flags;
/// <summary>
/// The connection state of an ad hoc network.
/// </summary>
public enum WlanAdhocNetworkState
/// <summary>
/// The ad hoc network has been formed, but no client or host is connected to the network.
/// </summary>
Formed = 0,
/// <summary>
/// A client or host is connected to the ad hoc network.
/// </summary>
Connected = 1
[DllImport("wlanapi.dll")]
public static extern int WlanConnect(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] ref WlanConnectionParameters connectionParameters,
IntPtr pReserved);
[DllImport("wlanapi.dll")]
public static extern int WlanDeleteProfile(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In, MarshalAs(UnmanagedType.LPWStr)] string profileName,
IntPtr reservedPtr
[DllImport("wlanapi.dll")]
public static extern int WlanGetNetworkBssList(
[In] IntPtr clientHandle,
[In, MarshalAs(UnmanagedType.LPStruct)] Guid interfaceGuid,
[In] IntPtr dot11SsidInt,
[In] Dot11BssType dot11BssType,
[In] bool securityEnabled,
IntPtr reservedPtr,
[Out] out IntPtr wlanBssList
[StructLayout(LayoutKind.Sequential)]
internal struct WlanBssListHeader
internal uint totalSize;
internal uint numberOfItems;
/// <summary>
/// Contains information about a basic service set (BSS).
/// </summary>
[StructLayout(LayoutKind.Sequential)]
public struct WlanBssEntry
/// <summary>
/// Contains the SSID of the access point (AP) associated with the BSS.
/// </summary>
public Dot11Ssid dot11Ssid;
/// <summary>
/// The identifier of the PHY on which the AP is operating.
/// </summary>
public uint phyId;
/// <summary>
/// Contains the BSS identifier.
/// </summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 6)]
public byte[] dot11Bssid;
/// <summary>
/// Specifies whether the network is infrastructure or ad hoc.
/// </summary>
public Dot11BssType dot11BssType;
public Dot11PhyType dot11BssPhyType;
/// <summary>
/// The received signal strength in dBm.
/// </summary>
public int rssi;
/// <summary>
/// The link quality reported by the driver. Ranges from 0-100.
/// </summary>
public uint linkQuality;
/// <summary>
/// If 802.11d is not implemented, the network interface card (NIC) must set this field to TRUE. If 802.11d is implemented (but not necessarily enabled), the NIC must set this field to TRUE if the BSS operation complies with the configured regulatory domain.
/// </summary>
public bool inRegDomain;
/// <summary>
/// Contains the beacon interval value from the beacon packet or probe response.
/// </summary>
public ushort beaconPeriod;
/// <summary>
/// The timestamp from the beacon packet or probe response.
/// </summary>
public ulong timestamp;
/// <summary>
/// The host timestamp value when the beacon or probe response is received.
/// </summary>
public ulong hostTimestamp;
/// <summary>
/// The capability value from the beacon packet or probe response.
/// </summary>
public ushort capabilityInformation;
/// <summary>
/// The frequency of the center channel, in kHz.
/// </summary>
public uint chCenterFrequency;
/// <summary>
/// Contains the set of data transfer rates supported by the BSS.
/// </summary>
public WlanRateSet wlanRateSet;
/// <summary>
/// The offset of the information element (IE) data blob.
/// </summary>
public uint ieOffset;
/// <summary>
/// The size of the IE data blob, in bytes.
/// </summary>
public uint ieSize;
/// <summary>
/// Contains the set of supported data rates.
/// </summary>
[StructLayout(LayoutKind.Sequential)]
public struct WlanRateSet
/// <summary>
/// The length, in bytes, of <see cref="rateSet"/>.
/// </summary>
private uint rateSetLength;
/// <summary>
/// An array of supported data transfer rates.
/// </summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 126)]
private ushort[] rateSet;
/// <summary>
/// Gets an array of supported data transfer rates.
/// If the rate is a basic rate, the first bit of the rate value is set to 1.
/// A basic rate is the data transfer rate that all stations in a basic service set (BSS) can use to receive frames from the wireless medium.
/// </summary>
public ushort[] Rates
get
ushort[] rates = new ushort[rateSetLength / sizeof(ushort)];
Array.Copy(rateSet, rates, rates.Length);
return rates;
/// <summary>
/// Calculates the data transfer rate in mbit/s for a supported rate.
/// </summary>
/// <param name="rateIndex">The WLAN rate index (0-based).</param>
/// <returns>The data transfer rate in mbit/s.</returns>
/// <exception cref="ArgumentOutOfRangeException">Thrown if <param name="rateIndex"/> does not specify an existing rate.</exception>
public double GetRateInMbps(int rateIndex)
if ((rateIndex < 0) || (rateIndex > rateSet.Length))
throw new ArgumentOutOfRangeException("rateIndex");
return (rateSet[rateIndex] & 0x7FFF) * 0.5;
/// <summary>
/// Represents an error occuring during WLAN operations which indicate their failure via a <see cref="WlanReasonCode"/>.
/// </summary>
public class WlanException : Exception
private readonly WlanReasonCode reasonCode;
public WlanException(WlanReasonCode reasonCode)
this.reasonCode = reasonCode;
/// <summary>
/// Gets the WLAN reason code.
/// </summary>
/// <value>The WLAN reason code.</value>
public WlanReasonCode ReasonCode
get { return reasonCode; }
/// <summary>
/// Gets a message that describes the reason code.
/// </summary>
/// <value></value>
/// <returns>The error message that explains the reason for the exception, or an empty string("").</returns>
public override string Message
get
StringBuilder sb = new StringBuilder(1024);
return
WlanReasonCodeToString(reasonCode, sb.Capacity, sb, IntPtr.Zero) == 0 ?
sb.ToString() :
string.Empty;
// TODO: .NET-ify the WlanReasonCode enum (naming convention + docs).
/// <summary>
/// Defines reasons for a failure of a WLAN operation.
/// </summary>
/// <remarks>
/// Corresponds to the native reason code identifiers (<c>WLAN_REASON_CODE_xxx</c> identifiers).
/// </remarks>
public enum WlanReasonCode
Success = 0,
// general codes
UNKNOWN = 0x10000 + 1,
RANGE_SIZE = 0x10000,
BASE = 0x10000 + RANGE_SIZE,
// range for Auto Config
AC_BASE = 0x10000 + RANGE_SIZE,
AC_CONNECT_BASE = (AC_BASE + RANGE_SIZE / 2),
AC_END = (AC_BASE + RANGE_SIZE - 1),
// range for profile manager
// it has profile adding failure reason codes, but may not have
// connection reason codes
PROFILE_BASE = 0x10000 + (7 * RANGE_SIZE),
PROFILE_CONNECT_BASE = (PROFILE_BASE + RANGE_SIZE / 2),
PROFILE_END = (PROFILE_BASE + RANGE_SIZE - 1),
// range for MSM
MSM_BASE = 0x10000 + (2 * RANGE_SIZE),
MSM_CONNECT_BASE = (MSM_BASE + RANGE_SIZE / 2),
MSM_END = (MSM_BASE + RANGE_SIZE - 1),
// range for MSMSEC
MSMSEC_BASE = 0x10000 + (3 * RANGE_SIZE),
MSMSEC_CONNECT_BASE = (MSMSEC_BASE + RANGE_SIZE / 2),
MSMSEC_END = (MSMSEC_BASE + RANGE_SIZE - 1),
// AC network incompatible reason codes
NETWORK_NOT_COMPATIBLE = (AC_BASE + 1),
PROFILE_NOT_COMPATIBLE = (AC_BASE + 2),
// AC connect reason code
NO_AUTO_CONNECTION = (AC_CONNECT_BASE + 1),
NOT_VISIBLE = (AC_CONNECT_BASE + 2),
GP_DENIED = (AC_CONNECT_BASE + 3),
USER_DENIED = (AC_CONNECT_BASE + 4),
BSS_TYPE_NOT_ALLOWED = (AC_CONNECT_BASE + 5),
IN_FAILED_LIST = (AC_CONNECT_BASE + 6),
IN_BLOCKED_LIST = (AC_CONNECT_BASE + 7),
SSID_LIST_TOO_LONG = (AC_CONNECT_BASE + 8),
CONNECT_CALL_FAIL = (AC_CONNECT_BASE + 9),
SCAN_CALL_FAIL = (AC_CONNECT_BASE + 10),
NETWORK_NOT_AVAILABLE = (AC_CONNECT_BASE + 11),
PROFILE_CHANGED_OR_DELETED = (AC_CONNECT_BASE + 12),
KEY_MISMATCH = (AC_CONNECT_BASE + 13),
USER_NOT_RESPOND = (AC_CONNECT_BASE + 14),
// Profile validation errors
INVALID_PROFILE_SCHEMA = (PROFILE_BASE + 1),
PROFILE_MISSING = (PROFILE_BASE + 2),
INVALID_PROFILE_NAME = (PROFILE_BASE + 3),
INVALID_PROFILE_TYPE = (PROFILE_BASE + 4),
INVALID_PHY_TYPE = (PROFILE_BASE + 5),
MSM_SECURITY_MISSING = (PROFILE_BASE + 6),
IHV_SECURITY_NOT_SUPPORTED = (PROFILE_BASE + 7),
IHV_OUI_MISMATCH = (PROFILE_BASE + 8),
// IHV OUI not present but there is IHV settings in profile
IHV_OUI_MISSING = (PROFILE_BASE + 9),
// IHV OUI is present but there is no IHV settings in profile
IHV_SETTINGS_MISSING = (PROFILE_BASE + 10),
// both/conflict MSMSec and IHV security settings exist in profile
CONFLICT_SECURITY = (PROFILE_BASE + 11),
// no IHV or MSMSec security settings in profile
SECURITY_MISSING = (PROFILE_BASE + 12),
INVALID_BSS_TYPE = (PROFILE_BASE + 13),
INVALID_ADHOC_CONNECTION_MODE = (PROFILE_BASE + 14),
NON_BROADCAST_SET_FOR_ADHOC = (PROFILE_BASE + 15),
AUTO_SWITCH_SET_FOR_ADHOC = (PROFILE_BASE + 16),
AUTO_SWITCH_SET_FOR_MANUAL_CONNECTION = (PROFILE_BASE + 17),
IHV_SECURITY_ONEX_MISSING = (PROFILE_BASE + 18),
PROFILE_SSID_INVALID = (PROFILE_BASE + 19),
TOO_MANY_SSID = (PROFILE_BASE + 20),
// MSM network incompatible reasons
UNSUPPORTED_SECURITY_SET_BY_OS = (MSM_BASE + 1),
UNSUPPORTED_SECURITY_SET = (MSM_BASE + 2),
BSS_TYPE_UNMATCH = (MSM_BASE + 3),
PHY_TYPE_UNMATCH = (MSM_BASE + 4),
DATARATE_UNMATCH = (MSM_BASE + 5),
// MSM connection failure reasons, to be defined
// failure reason codes
// user called to disconnect
USER_CANCELLED = (MSM_CONNECT_BASE + 1),
// got disconnect while associating
ASSOCIATION_FAILURE = (MSM_CONNECT_BASE + 2),
// timeout for association
ASSOCIATION_TIMEOUT = (MSM_CONNECT_BASE + 3),
// pre-association security completed with failure
PRE_SECURITY_FAILURE = (MSM_CONNECT_BASE + 4),
// fail to start post-association security
START_SECURITY_FAILURE = (MSM_CONNECT_BASE + 5),
// post-association security completed with failure
SECURITY_FAILURE = (MSM_CONNECT_BASE + 6),
// security watchdog timeout
SECURITY_TIMEOUT = (MSM_CONNECT_BASE + 7),
// got disconnect from driver when roaming
ROAMING_FAILURE = (MSM_CONNECT_BASE + 8),
// failed to start security for roaming
ROAMING_SECURITY_FAILURE = (MSM_CONNECT_BASE + 9),
// failed to start security for adhoc-join
ADHOC_SECURITY_FAILURE = (MSM_CONNECT_BASE + 10),
// got disconnection from driver
DRIVER_DISCONNECTED = (MSM_CONNECT_BASE + 11),
// driver operation failed
DRIVER_OPERATION_FAILURE = (MSM_CONNECT_BASE + 12),
// Ihv service is not available
IHV_NOT_AVAILABLE = (MSM_CONNECT_BASE + 13),
// Response from ihv timed out
IHV_NOT_RESPONDING = (MSM_CONNECT_BASE + 14),
// Timed out waiting for driver to disconnect
DISCONNECT_TIMEOUT = (MSM_CONNECT_BASE + 15),
// An internal error prevented the operation from being completed.
INTERNAL_FAILURE = (MSM_CONNECT_BASE + 16),
// UI Request timed out.
UI_REQUEST_TIMEOUT = (MSM_CONNECT_BASE + 17),
// Roaming too often, post security is not completed after 5 times.
TOO_MANY_SECURITY_ATTEMPTS = (MSM_CONNECT_BASE + 18),
// MSMSEC reason codes
MSMSEC_MIN = MSMSEC_BASE,
// Key index specified is not valid
MSMSEC_PROFILE_INVALID_KEY_INDEX = (MSMSEC_BASE + 1),
// Key required, PSK present
MSMSEC_PROFILE_PSK_PRESENT = (MSMSEC_BASE + 2),
// Invalid key length
MSMSEC_PROFILE_KEY_LENGTH = (MSMSEC_BASE + 3),
// Invalid PSK length
MSMSEC_PROFILE_PSK_LENGTH = (MSMSEC_BASE + 4),
// No auth/cipher specified
MSMSEC_PROFILE_NO_AUTH_CIPHER_SPECIFIED = (MSMSEC_BASE + 5),
// Too many auth/cipher specified
MSMSEC_PROFILE_TOO_MANY_AUTH_CIPHER_SPECIFIED = (MSMSEC_BASE + 6),
// Profile contains duplicate auth/cipher
MSMSEC_PROFILE_DUPLICATE_AUTH_CIPHER = (MSMSEC_BASE + 7),
// Profile raw data is invalid (1x or key data)
MSMSEC_PROFILE_RAWDATA_INVALID = (MSMSEC_BASE + 8),
// Invalid auth/cipher combination
MSMSEC_PROFILE_INVALID_AUTH_CIPHER = (MSMSEC_BASE + 9),
// 802.1x disabled when it's required to be enabled
MSMSEC_PROFILE_ONEX_DISABLED = (MSMSEC_BASE + 10),
// 802.1x enabled when it's required to be disabled
MSMSEC_PROFILE_ONEX_ENABLED = (MSMSEC_BASE + 11),
MSMSEC_PROFILE_INVALID_PMKCACHE_MODE = (MSMSEC_BASE + 12),
MSMSEC_PROFILE_INVALID_PMKCACHE_SIZE = (MSMSEC_BASE + 13),
MSMSEC_PROFILE_INVALID_PMKCACHE_TTL = (MSMSEC_BASE + 14),
MSMSEC_PROFILE_INVALID_PREAUTH_MODE = (MSMSEC_BASE + 15),
MSMSEC_PROFILE_INVALID_PREAUTH_THROTTLE = (MSMSEC_BASE + 16),
// PreAuth enabled when PMK cache is disabled
MSMSEC_PROFILE_PREAUTH_ONLY_ENABLED = (MSMSEC_BASE + 17),
// Capability matching failed at network
MSMSEC_CAPABILITY_NETWORK = (MSMSEC_BASE + 18),
// Capability matching failed at NIC
MSMSEC_CAPABILITY_NIC = (MSMSEC_BASE + 19),
// Capability matching failed at profile
MSMSEC_CAPABILITY_PROFILE = (MSMSEC_BASE + 20),
// Network does not support specified discovery type
MSMSEC_CAPABILITY_DISCOVERY = (MSMSEC_BASE + 21),
// Passphrase contains invalid character
MSMSEC_PROFILE_PASSPHRASE_CHAR = (MSMSEC_BASE + 22),
// Key material contains invalid character
MSMSEC_PROFILE_KEYMATERIAL_CHAR = (MSMSEC_BASE + 23),
// Wrong key type specified for the auth/cipher pair
MSMSEC_PROFILE_WRONG_KEYTYPE = (MSMSEC_BASE + 24),
// "Mixed cell" suspected (AP not beaconing privacy, we have privacy enabled profile)
MSMSEC_MIXED_CELL = (MSMSEC_BASE + 25),
// Auth timers or number of timeouts in profile is incorrect
MSMSEC_PROFILE_AUTH_TIMERS_INVALID = (MSMSEC_BASE + 26),
// Group key update interval in profile is incorrect
MSMSEC_PROFILE_INVALID_GKEY_INTV = (MSMSEC_BASE + 27),
// "Transition network" suspected, trying legacy 802.11 security
MSMSEC_TRANSITION_NETWORK = (MSMSEC_BASE + 28),
// Key contains characters which do not map to ASCII
MSMSEC_PROFILE_KEY_UNMAPPED_CHAR = (MSMSEC_BASE + 29),
// Capability matching failed at profile (auth not found)
MSMSEC_CAPABILITY_PROFILE_AUTH = (MSMSEC_BASE + 30),
// Capability matching failed at profile (cipher not found)
MSMSEC_CAPABILITY_PROFILE_CIPHER = (MSMSEC_BASE + 31),
// Failed to queue UI request
MSMSEC_UI_REQUEST_FAILURE = (MSMSEC_CONNECT_BASE + 1),
// 802.1x authentication did not start within configured time
MSMSEC_AUTH_START_TIMEOUT = (MSMSEC_CONNECT_BASE + 2),
// 802.1x authentication did not complete within configured time
MSMSEC_AUTH_SUCCESS_TIMEOUT = (MSMSEC_CONNECT_BASE + 3),
// Dynamic key exchange did not start within configured time
MSMSEC_KEY_START_TIMEOUT = (MSMSEC_CONNECT_BASE + 4),
// Dynamic key exchange did not succeed within configured time
MSMSEC_KEY_SUCCESS_TIMEOUT = (MSMSEC_CONNECT_BASE + 5),
// Message 3 of 4 way handshake has no key data (RSN/WPA)
MSMSEC_M3_MISSING_KEY_DATA = (MSMSEC_CONNECT_BASE + 6),
// Message 3 of 4 way handshake has no IE (RSN/WPA)
MSMSEC_M3_MISSING_IE = (MSMSEC_CONNECT_BASE + 7),
// Message 3 of 4 way handshake has no Group Key (RSN)
MSMSEC_M3_MISSING_GRP_KEY = (MSMSEC_CONNECT_BASE + 8),
// Matching security capabilities of IE in M3 failed (RSN/WPA)
MSMSEC_PR_IE_MATCHING = (MSMSEC_CONNECT_BASE + 9),
// Matching security capabilities of Secondary IE in M3 failed (RSN)
MSMSEC_SEC_IE_MATCHING = (MSMSEC_CONNECT_BASE + 10),
// Required a pairwise key but AP configured only group keys
MSMSEC_NO_PAIRWISE_KEY = (MSMSEC_CONNECT_BASE + 11),
// Message 1 of group key handshake has no key data (RSN/WPA)
MSMSEC_G1_MISSING_KEY_DATA = (MSMSEC_CONNECT_BASE + 12),
// Message 1 of group key handshake has no group key
MSMSEC_G1_MISSING_GRP_KEY = (MSMSEC_CONNECT_BASE + 13),
// AP reset secure bit after connection was secured
MSMSEC_PEER_INDICATED_INSECURE = (MSMSEC_CONNECT_BASE + 14),
// 802.1x indicated there is no authenticator but profile requires 802.1x
MSMSEC_NO_AUTHENTICATOR = (MSMSEC_CONNECT_BASE + 15),
// Plumbing settings to NIC failed
MSMSEC_NIC_FAILURE = (MSMSEC_CONNECT_BASE + 16),
// Operation was cancelled by caller
MSMSEC_CANCELLED = (MSMSEC_CONNECT_BASE + 17),
// Key was in incorrect format
MSMSEC_KEY_FORMAT = (MSMSEC_CONNECT_BASE + 18),
// Security downgrade detected
MSMSEC_DOWNGRADE_DETECTED = (MSMSEC_CONNECT_BASE + 19),
// PSK mismatch suspected
MSMSEC_PSK_MISMATCH_SUSPECTED = (MSMSEC_CONNECT_BASE + 20),
// Forced failure because connection method was not secure
MSMSEC_FORCED_FAILURE = (MSMSEC_CONNECT_BASE + 21),
// ui request couldn't be queued or user pressed cancel
MSMSEC_SECURITY_UI_FAILURE = (MSMSEC_CONNECT_BASE + 22),
MSMSEC_MAX = MSMSEC_END
/// <summary>
/// Contains information about connection related notifications.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>WLAN_CONNECTION_NOTIFICATION_DATA</c> type.
/// </remarks>
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct WlanConnectionNotificationData
/// <remarks>
/// On Windows XP SP 2, only <see cref="WlanConnectionMode.Profile"/> is supported.
/// </remarks>
public WlanConnectionMode wlanConnectionMode;
/// <summary>
/// The name of the profile used for the connection. Profile names are case-sensitive.
/// </summary>
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 32)]
public string profileName;
/// <summary>
/// The SSID of the association.
/// </summary>
public Dot11Ssid dot11Ssid;
/// <summary>
/// The BSS network type.
/// </summary>
public Dot11BssType dot11BssType;
/// <summary>
/// Indicates whether security is enabled for this connection.
/// </summary>
public bool securityEnabled;
/// <summary>
/// Indicates the reason for an operation failure.
/// This field has a value of <see cref="WlanReasonCode.Success"/> for all connection-related notifications except <see cref="WlanNotificationCodeAcm.ConnectionComplete"/>.
/// If the connection fails, this field indicates the reason for the failure.
/// </summary>
public WlanReasonCode wlanReasonCode;
/// <summary>
/// This field contains the XML presentation of the profile used for discovery, if the connection succeeds.
/// </summary>
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 1)]
public string profileXml;
/// <summary>
/// Indicates the state of an interface.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>WLAN_INTERFACE_STATE</c> type.
/// </remarks>
public enum WlanInterfaceState
/// <summary>
/// The interface is not ready to operate.
/// </summary>
NotReady = 0,
/// <summary>
/// The interface is connected to a network.
/// </summary>
Connected = 1,
/// <summary>
/// The interface is the first node in an ad hoc network. No peer has connected.
/// </summary>
AdHocNetworkFormed = 2,
/// <summary>
/// The interface is disconnecting from the current network.
/// </summary>
Disconnecting = 3,
/// <summary>
/// The interface is not connected to any network.
/// </summary>
Disconnected = 4,
/// <summary>
/// The interface is attempting to associate with a network.
/// </summary>
Associating = 5,
/// <summary>
/// Auto configuration is discovering the settings for the network.
/// </summary>
Discovering = 6,
/// <summary>
/// The interface is in the process of authenticating.
/// </summary>
Authenticating = 7
/// <summary>
/// Contains the SSID of an interface.
/// </summary>
public struct Dot11Ssid
/// <summary>
/// The length, in bytes, of the <see cref="SSID"/> array.
/// </summary>
public uint SSIDLength;
/// <summary>
/// The SSID.
/// </summary>
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 32)]
public byte[] SSID;
/// <summary>
/// Defines an 802.11 PHY and media type.
/// </summary>
/// <remarks>
/// Corresponds to the native <c>DOT11_PHY_TYPE</c> type.
/// </remarks>
public enum Dot11PhyType : uint
/// <summary>
/// Specifies an unknown or uninitialized PHY type.
/// </summary>
Unknown = 0,
/// <summary>
/// Specifies any PHY type.
/// </summary>
Any = Unknown,
/// <summary>
/// Specifies a frequency-hopping spread-spectrum (FHSS) PHY. Bluetooth devices can use FHSS or an adaptation of FHSS.
/// </summary>
FHSS = 1,
/// <summary>
/// Specifies a direct sequence spread spectrum (DSSS) PHY.
/// </summary>
DSSS = 2,
/// <summary>
/// Specifies an infrared (IR) baseband PHY.
/// </summary>
IrBaseband = 3,
/// <summary>
/// Specifies an orthogonal frequency division multiplexing (OFDM) PHY. 802.11a devices can use OFDM.
/// </summary>
OFDM = 4,
/// <summary>
/// Specifies a high-rate DSSS (HRDSSS) PHY.
/// </summary>
HRDSSS = 5,
/// <summary>
/// Specifies an extended rate PHY (ERP). 802.11g devices can use ERP.
/// </summary>
ERP = 6,
/// <summary>
/// Specifies the start of the range that is used to define PHY types that are developed by an independent hardware vendor (IHV).
/// </summary>
IHV_Start = 0x80000000,
/// <summary>
/// Specifies the end of the range that is used to define PHY types that are developed by an independent hardware vendor (IHV).
/// </summary>
IHV_End = 0xffffffff -
How can I improve performance over a Branch Office IPsec vpn tunnel between and SA540 and an SA520
Hello,
I just deployed one Cisco SA540 and three SA520s.
The SA540 is at the Main Site.
The three SA520s are the the spoke sites.
Main Site:
Downstream Speed: 32 Mbps
Upstream Speed: 9.4 Mbps
Spoke Site#1:
Downstream Speed: 3.6 Mbps
Upstream Speed: 7.2 Mbps (yes, the US is faster than the DS at the time the speed test was taken).
The SA tunnels are "Established"
I see packets being tranmsitted and received.
Pinging across the tunnel has an average speed of 32 ms (which is good).
DNS resolves names to ip addresses flawlessly and quickly across the Inter-network.
But it takes from 10 to 15 minutes to log on to the domain from the Spoke Site#1 to the Main Site across the vpn tunnel.
It takes about 15 minutes to print across the vpn tunnel.
The remedy this, we have implemented Terminal Services across the Internet.
Printing takes about 1 minute over the Terminal Service Connection, while it takes about 15 minutes over the VPN.
Logging on to the network takes about 10 minutes over the vpn tunnel.
Using an LOB application takes about 2 minutes per transaction across the vpn tunnel; it takes seconds using Terminal Services.
I have used ASAs before in other implementation without any issues at all.
I am wondering if I replaced the SAs with ASAs, that they may fix my problem.
I wanted to go Small Business Pro, to take advantage of the promotions and because I am a Select Certified Partner, but from my experience, these SA vpn tunnels are unuseable.
I opened a case with Small Business Support on Friday evening, but they couldnt even figure out how to rename an IKE Policy Name (I figured out that you had to delete the IKE Policy; you cannot rename them once they are created).
Maybe the night weekend shift has a skeleton crew, and the best engineers are available at that time or something....i dont know.
I just know that my experience with the Cisco TAC has been great for the last 10 years.
My short experience with the Cisco Small Business Support Center has not been as great at all.
Bottom Line:
I am going to open another case with the Day Shift tomorrow and see if they can find a way to speed things up.
Now this is not just happening between the Main Site and Spoke Site #1 above. It is also happeninng between the Main Site and Spoke #2 (I think Spoke#2 has a Download Speed of about 3Mbps and and Upload Speed of about 0.5 Mbps.
Please help.
I would hate to dismiss SA5xx series without making sure it is not just a simple configuration setting.Hi Anthony,
I agree!. My partner wants to just replace the SA5xxs with ASAs, as we have never had problems with ASA vpn performance.
But I want to know WHY this is happening too.
I will definitely run a sniffer trace to see what is happening.
Here are some other things I have learned from the Cisco Small Business Support Center (except for Item 1 which I learned from you!)
1. Upgrade the SA540 at the Main Site to 2.1.45.
2a. For cable connections, use the standard MTU of 1500 bytes.
2.b For DSL, use the following command to determine the largets MTU that will be sent without packet fragmentation:
ping -f -l packetsize
Perform the items below to see if this increases performance:
I was told by the Cisco Small Business Support Center that setting up a Manual Policy is not recommended; I am not sure why they stated this.
3a. Lower the IKE encryption algorithm from "AES-128" to DES.
3b. Lower the IKE authentication algorithm to MD5
3c. Also do the above for the VPN Policy
Any input is welcome! -
Cisco ISE 1.2 & Cisco WLC 5508 v7.6
Hi all,
we are planning to upgrade our WLC to 7.6 to fix a bug with FlexConnect Client ACLs but I have just seen on the Cisco ISE Compatibility table that the it only recommends up to v7.5 of the WLC 5508...
Cisco have told me to steer clear of 7.5 as it is in a defferred status, so does anyone know, or have running in a lab or production, ISE1.2 with a 5508 WLC v7.6 NAD ?
I would much rather know of any issues people are experiencing before hand than to have to go through a software upgrade and then rollback.
Thanks all
Mario De RosaHi Neno,
right I have this almost working now.
I have simplified the setup. I am not going to do any client provisioning at the moment.
So I can connect to the corporate SSID using EAP-TLS and I can successfully push the branch data VLAN upon successful authorisation.
Now I am trying to introduce the posture element & per user ACLs.
I have defined the redirect ACL & Flex ACL on the vWLC however the NAC agent will not pop-up. The client is in the right VLAN and the redirect ACL seems to be getting applied as the client does get an IP through DHCP. However, the client cannot ping the ISE or access the guest portal when I open the browser.
DNS resolution seems to be working fine.
VLAN220 is my datacentre VLAN which the Management Interface on the controller is plugged in to.
VLAN10 is the branch DATA VLAN.
below is some output to give you some more details...
(Cisco Controller) >show client detail 00:24:d6:97:b3:be
Client MAC Address............................... 00:24:d6:97:b3:be
Client Username ................................. [email protected]
AP MAC Address................................... 18:33:9d:f0:21:80
AP Name.......................................... test-flex-ap
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 18:33:9d:f0:21:81
Connected For ................................... 128 secs
Channel.......................................... 6
IP Address....................................... 10.130.130.120
Gateway Address.................................. 10.130.130.1
Netmask.......................................... 255.255.255.0
IPv6 Address..................................... fe80::f524:1910:69f0:9482
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... 4
Client E2E version............................... 1
--More-- or (q)uit
Re-Authentication Timeout........................ 1651
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... OFF
Current Rate..................................... m13
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
............................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ No
Policy Manager State............................. POSTURE_REQD
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ POSTURE_REDIRECT_ACL
AAA Override ACL Applied Status.................. Yes
--More-- or (q)uit
AAA Override Flex ACL Name....................... POSTURE_REDIRECT_ACL
AAA Override Flex ACL Applied Status............. Yes
AAA URL redirect................................. https://pdc-ise-man01.kier.group:8443/guestportal/gateway?sessionId=c8dc800a00000005b3e7e953&action=cpp
Audit Session ID................................. c8dc800a00000005b3e7e953
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Yes
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... EAP-TLS
FlexConnect Data Switching....................... Local
--More-- or (q)uit
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 220
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 33698
Number of Bytes Sent....................... 19397
Total Number of Bytes Sent................. 19397
--More-- or (q)uit
Total Number of Bytes Recv................. 33698
Number of Bytes Sent (last 90s)............ 19397
Number of Bytes Recv (last 90s)............ 33698
Number of Packets Received................. 283
Number of Packets Sent..................... 147
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 53
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 2
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -42 dBm
Signal to Noise Ratio...................... 41 dB
Client Rate Limiting Statistics:
--More-- or (q)uit
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
test-flex-ap(slot 0)
antenna0: 14 secs ago.................... -51 dBm
antenna1: 14 secs ago.................... -37 dBm
test-flex-ap(slot 1)
antenna0: 14 secs ago.................... -51 dBm
antenna1: 14 secs ago.................... -54 dBm
--More-- or (q)uit
DNS Server details:
DNS server IP ............................. 10.0.17.31
DNS server IP ............................. 10.0.17.43
Assisted Roaming Prediction List details:
Client Dhcp Required: False
Allowed (URL)IP Addresses
(Cisco Controller) >
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Demo1x
Network Name (SSID).............................. Demo1x
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Enabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
--More-- or (q)uit
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... mario-test-flex-vwlc
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
--More-- or (q)uit
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
--More-- or (q)uit
Radius Servers
Authentication................................ 10.0.16.111 1812
Accounting.................................... 10.131.16.111 1813
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
--More-- or (q)uit
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
--More-- or (q)uit
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Disabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
--More-- or (q)uit
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
Priority Policy Name
(Cisco Controller) >
when debugging the client during redirect, this is the output and I cannot spot anything wrong here...
(Cisco Controller) >*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Adding mobile on LWAPP AP 18:33:9d:f0:21:80(1)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Association received from mobile on BSSID 18:33:9d:f0:21:8e
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Max Client Trap Threshold: 0 cur: 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Re-applying interface policy for client
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying site-specific Local Bridging override for station 00:24:d6:97:b3:be - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Local Bridging Interface Policy for station 00:24:d6:97:b3:be - vlan 220, interface id 0, interface 'management'
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Processing RSN IE type 48, length 22 for mobile 00:24:d6:97:b3:be
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Received RSN IE with 0 PMKIDs from mobile 00:24:d6:97:b3:be
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Updating AID for REAP AP Client 18:33:9d:f0:21:80 - AID ===> 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Central switch is FALSE
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfMsAssoStateInc
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Idle to Associated
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2:session timeout forstation 00:24:d6:97:b3:be - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Sending Assoc Response to station on BSSID 18:33:9d:f0:21:8e (status 0) ApVapId 2 Slot 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Associated to Associated
*spamApTask6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sent 1x initiate message to multi thread task for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Connecting state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sending EAP-Request/Identity to mobile 00:24:d6:97:b3:be (EAP Id 1)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received Identity Response (count=1) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Resetting reauth count 1 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be EAP State update from Connecting to Authenticating for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticating state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=214) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be WARNING: updated EAP-Identifier 1 ===> 214 for STA 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 214)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Allocating EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 214, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=215) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 215)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 215, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=216) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 216)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 216, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=217) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 217)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 217, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=218) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 218)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 218, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=219) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 219)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 219, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=220) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 220)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 220, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=221) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 221)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 221, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=222) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 222)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 222, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=223) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 223)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 223, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=224) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 224)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 224, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=225) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 225)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 225, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Processing Access-Accept for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created for mobile, length = 253
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 220
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Re-applying interface policy for client
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 1 on mobile
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Inserting AAA Override struct for mobile
MAC: 00:24:d6:97:b3:be, source 4
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Creating a PKC PMKID Cache entry for station 00:24:d6:97:b3:be (RSN 2)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting MSCB PMK Cache Entry 0 for station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Adding BSSID 18:33:9d:f0:21:8e to PMKID cache at index 0 for station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Client in Posture Reqd state. PMK cache not updated.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAP-Success to mobile 00:24:d6:97:b3:be (EAP Id 225)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Freeing AAACB from Dot1xCB as AAA auth is done for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be EAPOL Header:
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Starting key exchange to mobile 00:24:d6:97:b3:be, data packets will be dropped
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Entering Backend Auth Success state (id=225) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Received Auth Success while in Authenticating state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticated state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-key in PTK_START state (message 2) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be PMK: Sending cache add
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be EAPOL Header:
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Freeing EAP Retransmit Bufer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central switch is FALSE
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Sending the Central Auth Info
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central Auth Info Allocated PMKLen = 32
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be PMK: pmkActiveIndex = 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 apfMsEapType = 13
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:POSTURE_REDIRECT_ACL
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6166, Adding TMP rule
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5761, Adding TMP rule
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 pmkLen = 32
*DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 325,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP setting server from ACK (server 10.0.17.85, yiaddr 10.130.130.120)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 DHCP_REQD (7) Change state to WEBAUTH_REQD (8) last state DHCP_REQD (7)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) pemAdvanceState2 6671, Adding TMP rule
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Replacing Fast Path rule
type = Airespace AP Client - ACL passthru
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 A
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 1, IPv6 ACL ID 255, L2 ACL ID 255)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Plumbing web-auth redirect rule due to user logout
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Assigning Address 10.130.130.120 to mobile
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
*pemReceiveTask: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 Added NPU entry of type 2, dtlFlags 0x0
*IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Pushing IPv6 Vlan Intf ID 0: fe80:0000:0000:0000:f524:1910:69f0:9482 , and MAC: 00:24:D6:97:B3:BE , Binding to Data Plane. SUCCESS !! dhcpv6bitmap 0
*IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Link Local address fe80::f524:1910:69f0:9482 updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
*DHCP Socket Task: Aug 12 10:58:28.581: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 10:58:28.589: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:00:07.959: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:00:07.967: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:01:59.153: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
Can you see any obvious reason why the NAC agent wont pop up?
Thanks
Mario -
WLC 5508, SW 6.0.199.4, 1142 AP: Clients getting dropped intermittently
We have deployed a WLC 5508 w/ SW version 6.0.199.4, 1142 AP's & open authentication w/ MAC filtering. Clients are randomly getting dropped with "Limited Access" shown in Win 7. In this state, the client machine is unable to ping the gateway and sometimes lose their DHCP assigned IP as well. A manual disconnect/re-connect to the SSID is required everytime.
I ran a debug on one the clients stuck in the "Limited Access" state (debug client xx:xx:xx:xx):
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Adding mobile on LWAPP AP 3c:ce:73:c5:1e:b0(0)
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 23) in 5 seconds
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 apfProcessProbeReq (apf_80211.c:4722) Changing state for mobile e0:91:53:60:1f:e4 on AP 3c:ce:73:c5:1e:b0 from Idle to Probe
*Apr 15 16:59:23.205: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.225: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.646: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:23.666: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 24) in 5 seconds
*Apr 15 16:59:28.553: e0:91:53:60:1f:e4 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
*Apr 15 16:59:28.554: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [3c:ce:73:c5:1e:b0]
*Apr 15 16:59:28.554: e0:91:53:60:1f:e4 Deleting mobile on AP 3c:ce:73:c5:1e:b0(0)
On doing a manual re-connect, got the following logs:
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Association received from mobile on AP b8:62:1f:e9:9f:30
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific IPv6 override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying IPv6 Interface Policy for station e0:91:53:60:1f:e4 - vlan 15, interface id 14, interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 Applying site-specific override for station e0:91:53:60:1f:e4 - vapId 7, site 'Academy', interface 'students'
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1276)
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*Apr 15 17:01:38.143: e0:91:53:60:1f:e4 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [b8:62:1f:e5:6a:90]
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Updated location for station old AP b8:62:1f:e5:6a:90-0, new AP b8:62:1f:e9:9f:30-0
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfProcessAssocReq (apf_80211.c:4268) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Probe to AAA Pending
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 20) in 10 seconds
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Initializing policy
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP b8:62:1f:e9:9f:30 vapId 7 apVapId 2
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)
*Apr 15 17:01:38.144: e0:91:53:60:1f:e4 apfPemAddUser2 (apf_policy.c:213) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from AAA Pending to Associated
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Including FT Mobility Domain IE (length 5) in Initial assoc Resp to mobile
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 Sending Assoc Response to station on BSSID b8:62:1f:e9:9f:30 (status 0) Vap Id 2 Slot 0
*Apr 15 17:01:38.145: e0:91:53:60:1f:e4 apfProcessRadiusAssocResp (apf_80211.c:1957) Changing state for mobile e0:91:53:60:1f:e4 on AP b8:62:1f:e9:9f:30 from Associated to Associated
*Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:38.189: e0:91:53:60:1f:e4 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*Apr 15 17:01:39.953: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4166, Adding TMP rule
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
ACL Id = 255, Jumbo F
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*Apr 15 17:01:39.954: e0:91:53:60:1f:e4 Sent an XID frame
*Apr 15 17:01:40.807: e0:91:53:60:1f:e4 Orphan Packet from STA - IP 169.254.201.128
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP DISCOVER (1)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP processing DHCP OFFER (2)
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
*Apr 15 17:01:43.234: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 10.6.2.160
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.235: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
*Apr 15 17:01:43.240: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 316, port 13, encap 0xec03)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP REQUEST (3)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 1280, flags: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP requested ip: 10.6.2.160
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP xid: 0x9b24c896 (2602879126), secs: 0, flags: 0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP ciaddr: 0.0.0.0, yiaddr: 10.6.2.160
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:43.241: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 DHCP_REQD (7) Change state to RUN (20) last state RUN (20)
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Reached PLUMBFASTPATH: from line 4972
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP b8:62:1f:e9:9f:30, slot 0, interface = 13, QOS = 0
ACL Id = 255, Jumbo Frames = NO,
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 RUN (20) Successfully plumbed mobile rule (ACL ID 255)
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Assigning Address 10.6.2.160 to mobile
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 DHCP successfully bridged packet to STA
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 10.6.2.160 Added NPU entry of type 1, dtlFlags 0x0
*Apr 15 17:01:43.242: e0:91:53:60:1f:e4 Sending a gratuitous ARP for 10.6.2.160, VLAN Id 15
*Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP received op BOOTREQUEST (1) (len 308, port 13, encap 0xec03)
*Apr 15 17:01:46.428: e0:91:53:60:1f:e4 DHCP processing DHCP INFORM (8)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP ciaddr: 10.6.2.160, yiaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP successfully bridged packet to DS
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP received op BOOTREPLY (2) (len 308, port 13, encap 0xec00)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP processing DHCP ACK (5)
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP xid: 0xbb0d5d87 (3138215303), secs: 0, flags: 0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP chaddr: e0:91:53:60:1f:e4
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP ciaddr: 10.6.2.160, yiaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP siaddr: 0.0.0.0, giaddr: 0.0.0.0
*Apr 15 17:01:46.429: e0:91:53:60:1f:e4 DHCP server id: 10.6.15.254 rcvd server id: 10.6.15.254
show client e0:91:53:60:1f:e4 (after re-connect)
(Cisco Controller) >show client detail e0:91:53:60:1f:e4
Client MAC Address............................... e0:91:53:60:1f:e4
Client Username ................................. N/A
AP MAC Address................................... b8:62:1f:e9:9f:30
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 7
BSSID............................................ b8:62:1f:e9:9f:31
Connected For ................................... 105 secs
Channel.......................................... 11
IP Address....................................... 10.6.2.160
Association Id................................... 8
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 65535
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Diff Serv Code Point (DSCP)...................... disabled
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
U-APSD Support................................... Disabled
Power Save....................................... OFF
Current Rate..................................... m7
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
............................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ students
VLAN............................................. 15
Quarantine VLAN.................................. 0
Access VLAN...................................... 15
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 1
Fast BSS Transition........................ Not implemented
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 36509
Number of Bytes Sent....................... 32902
Number of Packets Received................. 300
Number of Packets Sent..................... 66
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Key Msg Timeouts............. 0
Number of Data Retries..................... 95
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 1
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -66 dBm
Signal to Noise Ratio...................... 29 dB
Nearby AP Statistics:
APSOEBFF_COR3(slot 0) .....................
antenna0: 50 seconds ago -91 dBm................. antenna1: 50 seconds ago -76 dBm
APSOEAFF_FAC(slot 0) ......................
antenna0: 108 seconds ago -89 dBm................ antenna1: 108 seconds ago -87 dBm
APSOEBGF_FAC(slot 0) ......................
antenna0: 50 seconds ago -82 dBm................. antenna1: 50 seconds ago -71 dBm
APSOEBGF_STAFF(slot 0) ....................
antenna0: 49 seconds ago -74 dBm................. antenna1: 49 seconds ago -58 dBm
WLAN config
WLAN Identifier.................................. 9
Profile Name..................................... STAFF
Network Name (SSID).............................. STAFF
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 32
Exclusionlist.................................... Disabled
Session Timeout.................................. Infinity
CHD per WLAN..................................... Disabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ staff
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
HELPPPP!We have 75 evenly distributed AP's servicing the 500 odd users. Found the below traps on WLC. I was making some changes in the WLAN settings at the time:
Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:8c:a9:82:5d:d2:dc Base Radio MAC :3c:ce:73:c6:fe:00 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
106 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:58:94:6b:f2:24:c8 Base Radio MAC :c8:f9:f9:4c:01:30 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
107 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:bc:77:37:72:dc:0b Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
108 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:00:26:c7:7d:12:76 Base Radio MAC :3c:ce:73:c4:79:80 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
109 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:bc:77:37:75:1f:93 Base Radio MAC :c8:f9:f9:2b:85:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
110 Tue Apr 16 00:03:45 2013 Client Excluded: MACAddress:ac:72:89:58:8e:b9 Base Radio MAC :3c:ce:73:c6:53:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
111 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:bc:77:37:26:cd:e3 Base Radio MAC :3c:ce:73:c5:1f:10 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
112 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:ac:72:89:25:ea:e0 Base Radio MAC :3c:ce:73:c6:77:70 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
113 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:00:24:2c:6a:85:3d Base Radio MAC :3c:ce:73:c6:6a:50 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
114 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:68:5d:43:61:16:51 Base Radio MAC :3c:ce:73:f6:0c:20 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2
115 Tue Apr 16 00:03:44 2013 Client Excluded: MACAddress:7c:d1:c3:8a:64:f6 Base Radio MAC :3c:ce:73:c4:74:20 Slot: 1 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 2 -
I cannot establish VPN connection with rv120w to shrew soft client
1. I bought 2 rv120w router and install one direct to WAN and one behind router-hub.
2. one behind router is set DMZ, and each are conneted Site to Site vpn
3. I need to connect each site with my mobile devices(1 notebook, 2 Win8 tablets, 2 android devices )
4. i use wibro mobile router, win8 devices're behind router, and their fort is fowarded(DMZ)
5. I'll take care of Android devices later, here now, my trouble is Win8 devices
6. i installed cisco QuickVPN software. frankly,that software is shit. i don't know why but it even cannot reach router, no log generated on rv120w. and i dont want PPTP connection. sorry for criticism but I'm sure many of QuickVPN users(and people who fail to be a user) agree with me. it's 2014. not 1998.
Cisco should be shamed for that software. it looks like a second grade collage student's 2nd semester project(Many of them're batter nowadays.) and doesn't work.
more amazing fact is that's only software that RV series provides officialy. What the...so in conclusion, Cisco does not provide any IPSec client connection tool at all. does that makes any sense?
7. i tried 10 or more hours to make IPSec client connection with many vpn client soft ware, this is my closest shot.
RV120W log :
2014-10-02 15:03:05: [rv120w][IKE] INFO: Configuration found for 175.xxx.xxx.xxx[500].
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received request for new phase 1 negotiation: 11x.xxx.xxx.xxx[500]<=>175.xxx.xxx.xxx[500]
2014-10-02 15:03:05: [rv120w][IKE] INFO: Beginning Aggressive mode.
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: RFC 3947
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: DPD
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: DPD
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received Vendor ID: CISCO-UNITY
2014-10-02 15:03:05: [rv120w][IKE] INFO: Received unknown Vendor ID
2014-10-02 15:03:05: [rv120w][IKE] INFO: For 175.xxx.xxx.xxx[500], Selected NAT-T version: RFC 39472014-10-02 15:03:06: [rv120w][IKE] INFO: Floating ports for NAT-T with peer 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: NAT-D payload does not match for 11x.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: NAT-D payload does not match for 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device
2014-10-02 15:03:06: [rv120w][IKE] INFO: Sending Xauth request to 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: ISAKMP-SA established for 11x.xxx.xxx.xxx[4500]-175.xxx.xxx.xxx[4500] with spi:90dd9f6bf4d51d95:70f7c62456edef9e
2014-10-02 15:03:06: [rv120w][IKE] INFO: Received attribute type "ISAKMP_CFG_REPLY" from 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] INFO: Login succeeded for user "fxxxxxxxxX1"
2014-10-02 15:03:06: [rv120w][IKE] INFO: Received attribute type "ISAKMP_CFG_REQUEST" from 175.xxx.xxx.xxx[4500]
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] WARNING: Ignored attribute 5
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] WARNING: Ignored attribute 28678
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] ERROR: Local configuration for 175.xxx.xxx.xxx[4500] does not have mode config
2014-10-02 15:03:06: [rv120w][IKE] INFO: Purged ISAKMP-SA with proto_id=ISAKMP and spi=90dd9f6bf4d51d95:70f7c62456edef9e.
2014-10-02 15:03:07: [rv120w][IKE] INFO: ISAKMP-SA deleted for 11x.xxx.xxx.xxx[4500]-175.xxx.xxx.xxx[4500] with spi:90dd9f6bf4d51d95:70f7c62456edef9e
Phase 1 Setting
Selected IKE Policy View
General
Policy Name
FDCStD
Direction / Type
Responder
Exchange Mode
Aggresive
Enable XAUTH Client
Local Identification
Identifier Type
Local Wan IP
FQDN
112.167.xxx.xxx
Peer IKE Identification
Identifier Type
Remote Wan IP
FQDN
175.xxx.xxx.xxx
IKE SA Parameters
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-Shared Key
Pre-Shared Key
qpwoeiruty
Diffie-Hellman (DH) Group
Group 2 (1024bit )
SA-Lifetime
28800 Seconds
Phase2 setting
Add / Edit VPN Policy Configuration
Policy Name
Policy Type
Auto Policy Manual Policy
Remote Endpoint
IP Address FQDN
NETBIOS
Enable
Local Traffic Selection
Local IP
Any Single Range Subnet
Start Address
End Address
Subnet Mask
Remote Traffic Selection
Remote IP
Any Single Range Subnet
This field is not editable, because netbios is selected.
Start Address
End Address
Subnet Mask
Split DNS
Split DNS
Enable
Domain Name Server 1
Domain Name Server 2
(Optional)
Domain Name 1
Domain Name 2
(Optional)
Manual Policy Parameters
SPI-Incoming
SPI-Outgoing
Encryption Algorithm
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Key-In
Key-Out
Integrity Algorithm
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
Key-In
Key-Out
Auto Policy Parameters
SA-Lifetime
Seconds KBytes
Encryption Algorithm
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Integrity Algorithm
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
PFS Key Group
Enable
DH-Group 1 (768 bit) DH-Group 2 (1024 bit) DH-Group 5 (1536 bit)
Select IKE Policy
FDCStSFKS FDCStD
Shres client setting
Phase 1 Setting
Selected IKE Policy View
General
Policy Name
FDCStD
Direction / Type
Responder
Exchange Mode
Aggresive
Enable XAUTH Client
Local Identification
Identifier Type
Local Wan IP
FQDN
112.167.xxx.xxx
Peer IKE Identification
Identifier Type
Remote Wan IP
FQDN
175.xxx.xxx.xxx
IKE SA Parameters
Encryption Algorithm
3DES
Authentication Algorithm
SHA-1
Authentication Method
Pre-Shared Key
Pre-Shared Key
qpwoeiruty
Diffie-Hellman (DH) Group
Group 2 (1024bit )
SA-Lifetime
28800 Seconds
Phase2 setting
Add / Edit VPN Policy Configuration
Policy Name
Policy Type
Auto Policy Manual Policy
Remote Endpoint
IP Address FQDN
NETBIOS
Enable
Local Traffic Selection
Local IP
Any Single Range Subnet
Start Address
End Address
Subnet Mask
Remote Traffic Selection
Remote IP
Any Single Range Subnet
This field is not editable, because netbios is selected.
Start Address
End Address
Subnet Mask
Split DNS
Split DNS
Enable
Domain Name Server 1
Domain Name Server 2
(Optional)
Domain Name 1
Domain Name 2
(Optional)
Manual Policy Parameters
SPI-Incoming
SPI-Outgoing
Encryption Algorithm
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Key-In
Key-Out
Integrity Algorithm
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
Key-In
Key-Out
Auto Policy Parameters
SA-Lifetime
Seconds KBytes
Encryption Algorithm
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Integrity Algorithm
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
PFS Key Group
Enable
DH-Group 1 (768 bit) DH-Group 2 (1024 bit) DH-Group 5 (1536 bit)
Select IKE Policy
FDCStSFKS FDCStD
Shres client setting
8. in rv120w setting for advanced seup> Policy Type>
there's two option FQDN and IP Adress
when I'm in none static IP Adress environment, how should I set that field?
RV120w do not support none static IP Adress?Hi kastwf001,
My name is Mehdi from Cisco Technical Support, just want to inform you regarding QuickVPN is an light software using IPsec service of windows, so here it depend of windows and firewall ... IPsec setting on windows, encryption ...
anyhow for RV120W it's open for 3rd party software as ShrewVPN , TheGreenBow ... and working as expected since those software are using their ip sec services ..
Please follow configuration steps on RV120W and ShrewVPN (screenshots taken from you post) :
Please let me know if you have any question
Please rate the post or mark as answered to help other Cisco Customers
Regards
Mehdi -
Can't get VPN to work on RV220W
I am a home office user who bought a RV220W router for the speed advertised on smallnetbuilder. I am trying to set up the VPN but can't get it to work with the Quick VPN client. I am using dyndns to manage the dynamic IP and have entered that into the setup noted below. I can access the router remotely (remote administration) when enabled using the dyndns address so I know that is working.
IKE Policy Table
General
Policy Name: krafty001vpn
Direction / Type Responder
Exchange Mode: Aggresive
Enable XAUTH Client: None
Local Identification
Identifier Type: FQDN
FQDN: krafty001.dyndns.org
Peer IKE Identification
Identifier Type: Remote Wan IP
FQDN: krafty001.dyndns.org
IKE SA Parameters
Encryption Algorithm: 3DES
Authentication Algorithm: SHA-1
Authentication Method: Pre-Shared Key
Pre-Shared Key: xxxxxxxxx
Diffie-Hellman (DH) Group: Group 2 (1024bit )
SA-Lifetime: 28800 Seconds
VPN Policy Table
Add / Edit VPN Policy Configuration
Policy Name:
krafty001vpn
Policy Type:
Auto Policy
Remote Endpoint:
FQDN
krafty001.dyndns.org
NETBIOS:
Enable
Local Traffic Selection
Local IP:
ANY
Start Address:
End Address:
Subnet Mask:
Remote Traffic Selection
Remote IP:
ANY
Start Address:
End Address:
Subnet Mask:
Split DNS
Split DNS:
Enable
Domain Name Server 1:
Domain Name Server 2:
(Optional)
Domain Name 1:
Domain Name 2:
(Optional)
Manual Policy Parameters
SPI-Incoming:
SPI-Outgoing:
Encryption Algorithm:
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Key-In:
Key-Out:
Integrity Algorithm:
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
Key-In:
Key-Out:
Auto Policy Parameters
SA-Lifetime:
3600
Seconds KBytes
Encryption Algorithm:
3DES None DES AES-128 AES-192 AES-256 AES-CCM AES-GCM
Integrity Algorithm:
SHA-1 SHA2-256 SHA2-384 SHA2-512 MD5
PFS Key Group:
Enable
DH-Group 1 (768 bit) DH-Group 2 (1024 bit) DH-Group 5 (1536 bit)
Select IKE Policy:
krafty001vpn
Quick VPN Setip
User Profile: homevpn
User Name krafty001vpn
Password: xxxxx
Server Address: krafty001.dyndns.org
Port for QuickVPN: Auto
Any help in identifying what setup component I have configured incorrectly would be appreciated
ThanksI am not sure this will help but make sure the following is set correctly:
Currently VPN is somewhat broken on all versions of firmware of the RV220W including beta where VPN will ONLY negotiate on 443. If you are port forwarding 443 to a server or something else it will fail. You must allow the VPN to authenticate on 443. The router SHOULD be able to connect on 60443 as indicated on the QUICKVPN software however it doesn't this has been confirmed by a CISCO engineeer I have been speaking with regarding my VPN woes. Currently there is NO ETA on this fix.
But since you didn't mention if your 443 ports were being routed elsewhere I figured i would lay out that information here incase you where. Also I strongly recommend contacting Cisco Support for the beta firmware it makes the RV220W much better.
Also the reason for the update to the beta firmware it resolves the hair pinning problem which could also lead to VPN issues.
Maybe you are looking for
-
Will iTunes support playing or converting music to the new open source "Opus" codec? The codec has many advantages compared to AAC and MP3 and it is royalty free. It could be used easily in podcasts but also implemented in the iTunes store for better
-
Asking for credit to make a call
I have called this persons skype name a number of times but i keep getting that I need credits to make the call all of a sudden. I have even had to sign out a few times before to make it work but now thats not working also. Attachments: Screen Shot
-
Moving files from Create PDF to Adobe Pack
Any ideas. I bought the pack and it looks like my saved files on Create PDF are stranded. Help!
-
Context.xml configuration for database connetion in struts
here is the content of context.xml <Context antiJARLocking="true" path="/WebApplication5"> <!-- Specify a JDBC datasource --> <Resource name="jdbc/aaa" auth="Container" type="javax.sql.DataSource" use
-
Slide show crashes after 9.3 upgrade
After the upgrade when I try to run a slide show the program hangs and then crashes. Tried restart and rebuliding but no effect. What now?