WLC 2504 client only connects at 5.5Mbps for Single SSID
Hi,
I have a WLC2504 with three SSIDs configured and I have noticed that when my laptop connects to the main one it will only connect at 5.5Mbs. When I connect to the other two I get the full 72Mbps that my wireless card will allow. I have checked the SSID configuration but I cannot see anything that would cause this behaviour. Do you have any ideas/suggestions?
Thanks.
Gerry.
Hi,
Sometime it also happen due to co-channel interference, try by using setting up any other channel on 1st SSID and then check the connection speed.
Similar Messages
-
Macbook Air only connects to the internet for a few seconds at a time.
My 2013 Macbook Air (10.8.5) will only connect to the internet for a few seconds. It recognizes the wifi, but will just timeout when trying to access a website. If I turn Wifi off and then back on, it will work for another few seconds, only for the same issue to come up. I've tried EVERY SINGLE troubleshooting tip I could find and nothing works. I've renewed DCHP, rebooted my Mac, rebooted the router, network diagnostics, everything. I've scanned with Sophos multiple times and nothing has been detected. My 2007 MacBook Pro works just fine on the network as well as my roommates Macbook and my Apple TV. I have no clue how to fix it and am praying someone knows what to do. Please help!
Start by getting rid of "Sophos," which is worse than useless.
Remove the Sophos product by following the instructions on this page, and also this one, if applicable. If you have a different version, the procedure may be different.
Back up all data before making any changes. -
I am running Mac OSX 10.6.8, but this problem has occurred also while I was running OSX 10.5. This problem happens about once every two or three months, but seems to occur randomly. When I try to connect to a wifi network on this computer, it will only connect for approx. 5 seconds before disconnecting, either telling me the password is wrong (which it is not) or a "connection timeout" message. During this 5 second window, I can access the internet just fine until it disconnects me. I don't understand why it is doing this. My router/modem is working fine, my husband is using our other computer without problem. In the past, restarting my computer a few times seems to do the trick. But at the time of my typing this, it has not made any difference. I am currently connected via an ethernet cable, but I would like to go back to being wireless. Any advice for me?
Welcome to Apple Discussions!
I probably can't help much, but I have occasionally had the same problem. You might try going to System Preferences>Network and look at your Airport connection. See if the diagnostics can help.
Good luck! -
IOS4 mail client only showing 2-line preview for some emails
The only account tied into my iPhone 4 right now is my Gmail account. I was able to set it up quickly and it's been mostly trouble-free.
However, I noticed that even though I have "Preview" set to "2 lines", it is not showing the preview for every email. Some emails, in the inbox view, properly show the sender, subject, and the first 2 lines of the message. Others only show the sender and subject. If I click on the ones that don't show a preview and view them individually, I am able to see the body of the message properly.
This never occurred on my 3G running iOS 3.x. Has anyone else experienced this?I'm having the same exact issue in addition to the no subject emails. If I do a hard reset of the phone it seems to resolve the issue temporarily. My email is coming from gmail via the IMAP server. Any ideas of what seems to be the root cause anyone?
-
Guest wireless with WLC 2504, Catalyst 4510R+E and ASA 5510
I need to add guest (internet only) wireless to our existing internal wireless and am looking for advice as to the best practice configuration. Existing infrastructure as follows:
WLC 2504
1142 LAPs
4510R+E
ASA 5510
Existing configuration as follows:
WLC management interface and APs addressed on the 192.168.126.0 /25 network
Internal WLAN mapped to the management interface
Management interface VLAN ID 0 (untagged) and dynamic AP management enabled
WLC port 1 (only) connected to 4510 via trunk with native VLAN set to 7 and allowed VLAN set to 7
4510 connected to ASA inside interface (security level 100)
Switchport on 4510 connected to ASA configured as switchport access VLAN 99 (our internet VLAN)
ASA inside interface NOT configured for subinterfaces and is addressed on the 192.168.121.0 /25 network
What is the best way to add guest wireless to our existing configuration?
Note: I need the guest wireless to be filtered by Websense as our internal wireless is
Any advice would be greatly appreciated!Thank for the reply Scott. The configuration recommendations from Yahya did not work. I set up as he recommended and also added a dhcp scope on the wlc. Client gets dhcp but cannot even ping the wlc much less anything else. Yahya stated above to configure port 2 on the wlc to an access port on my 4510. Aren't all connections from the wlc supposed to be trunk links to the switch? Shouldn't I just leave the management interface on the wlc untagged and add a dynamic interface for each wlan and tag it with the approriate vlan id? And then leave the (one) physical connection on the wlc (port 1) connected to a trunk link on the 4510 that allows the required vlans?
Any input would be greatly appreciated...
JW -
Client got not connection to wlan over wlc 2504 on 802.11b/g
Hi everybody,
We are using a wlc 2504 with 7.6.100.0 and AP 1532e.
I have the strange observacion that only clients with 802.11n (2.4GHz) can connect to the WLAN. Clients thats works only with 802.11b/g, they can't connect to the WLAN. Affected are all machines which want to connect with 802.11b/g.
This is a MESH WLAN with 5GHz backhaul and 2.4GHz for the user.
During the debugging found the following:
*apfMsConnTask_4: May 09 11:44:40.581: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:44:40.581: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:40.584: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:44:40.585: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:42.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:42.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:44.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:44.649: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:44.650: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:46.649: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 1
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: May 09 11:44:46.649: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:44:52.083: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:44:52.084: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:44:52.087: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:54.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:54.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:56.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:44:56.249: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:44:58.249: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 2
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:44:58.249: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: May 09 11:44:58.250: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:03.768: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:45:03.768: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:45:03.769: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:45:03.770: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:45:03.772: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 Allocating EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:45:03.773: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:05.849: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:05.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:07.848: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:07.849: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:09.848: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 3
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Blacklisting (if enabled) mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Reached FAILURE: from line 5274
*dot1xMsgTask: May 09 11:45:09.849: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 9) in 10 seconds
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:45:15.689: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:45:15.690: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:45:15.691: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:45:15.693: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:45:15.694: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Reassociation received from mobile on BSSID 18:9c:5d:71:34:50
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Max Client Trap Threshold: 0 cur: 1
*apfMsConnTask_4: May 09 11:45:15.875: 00:1b:77:b4:34:e0 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 1
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Re-applying interface policy for client
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2202)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2223)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 In processSsidIE:4795 setting Central switched to TRUE
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 In processSsidIE:4798 apVapId = 1 and Split Acl Id = 65535
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying site-specific Local Bridging override for station 00:1b:77:b4:34:e0 - vapId 1, site 'default-group', interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Applying Local Bridging Interface Policy for station 00:1b:77:b4:34:e0 - vlan 1, interface id 12, interface 'catodos'
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Processing RSN IE type 48, length 20 for mobile 00:1b:77:b4:34:e0
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Central switch is TRUE
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:9c:5d:71:34:50 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_4: May 09 11:45:15.876: 00:1b:77:b4:34:e0 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 apfPemAddUser2:session timeout forstation 00:1b:77:b4:34:e0 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 Sending Assoc Response to station on BSSID 18:9c:5d:71:34:50 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_4: May 09 11:45:15.877: 00:1b:77:b4:34:e0 apfProcessAssocReq (apf_80211.c:8292) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Associated
*spamApTask6: May 09 11:45:15.878: 00:1b:77:b4:34:e0 Sent 1x initiate message to multi thread task for mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Creating a PKC PMKID Cache entry for station 00:1b:77:b4:34:e0 (RSN 2)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Adding BSSID 18:9c:5d:71:34:50 to PMKID cache at index 0 for station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: New PMKID: (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Initiating RSN PSK to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 dot1x - moving mobile 00:1b:77:b4:34:e0 into Force Auth state
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 EAPOL Header:
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00000000: 02 03 00 5f ..._
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Found an cache entry for BSSID 18:9c:5d:71:34:50 in PMKID cache at index 0 of station 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: [0000] f6 3d 52 9f 2a de 52 90 1d a2 46 49 0f 14 f6 69
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Starting key exchange to mobile 00:1b:77:b4:34:e0, data packets will be dropped
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Sending EAPOL-Key Message to mobile 00:1b:77:b4:34:e0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:1b:77:b4:34:e0
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*Dot1x_NW_MsgTask_0: May 09 11:45:15.879: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:18.048: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:18.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:20.049: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappLradNhMac = 78:da:6e:59:c9:8c mscb->apfMsLradSlotId = 0 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsBssid = 18:9c:5d:71:34:50 mscb->apfMsAddress = 00:1b:77:b4:34:e0 mscb->apfMsApVapId = 1
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 0 mscb->apfMsLwappMwarInet.ipv4.addr = -1062679171
*dot1xMsgTask: May 09 11:45:20.049: 00:1b:77:b4:34:e0 mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = -1062679163 mscb->apfMsLwappLradPort = 40089
*osapiBsnTimer: May 09 11:45:22.048: 00:1b:77:b4:34:e0 802.1x 'timeoutEvt' Timer expired for station 00:1b:77:b4:34:e0 and for message = M2
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Retransmit failure for EAPOL-Key M1 to mobile 00:1b:77:b4:34:e0, retransmit count 3, mscb deauth count 0
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Resetting MSCB PMK Cache Entry 0 for station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Removing BSSID 18:9c:5d:71:34:50 from PMKID cache of station 00:1b:77:b4:34:e0
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Setting active key cache index 0 ---> 8
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Sent Deauthenticate to mobile on BSSID 18:9c:5d:71:34:50 slot 0(caller 1x_ptsm.c:598)
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Setting active key cache index 8 ---> 8
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Deleting the PMK cache when de-authenticating the client.
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Global PMK Cache deletion failed.
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*dot1xMsgTask: May 09 11:45:22.049: 00:1b:77:b4:34:e0 Freeing EAP Retransmit Bufer for mobile 00:1b:77:b4:34:e0
*osapiBsnTimer: May 09 11:45:32.048: 00:1b:77:b4:34:e0 apfMsExpireCallback (apf_ms.c:625) Expiring Mobile!
*apfReceiveTask: May 09 11:45:32.049: 00:1b:77:b4:34:e0 apfMsExpireMobileStation (apf_ms.c:6632) Changing state for mobile 00:1b:77:b4:34:e0 on AP 18:9c:5d:71:34:50 from Associated to Disassociated
*apfReceiveTask: May 09 11:45:32.049: 00:1b:77:b4:34:e0 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
Thanks for any adviceIn some of the big name brands of wireless, there is "no such thing" as 802.11n on a 2.4 Ghz. No such thing because Cisco won't allow you (any more) to do channel bonding of 2.4 Ghz. It doesn't make any sense to bond an already restricted 2.4 Ghz non-overlapping channel (three) and squeeze this number down to two.
Can you check to ensure that the data rates for 802.11b are enabled? Maybe someone disabled data rates from 1 Mbps to 11 Mbps. -
WLC 4402 Multiple clients can connect to AP but only one gets an IP
I have a 4402 which is connected to a 4506 Switch int Gig 3/1 via a trunk port. The Managment and AP-manger interfaces are on vlan 6
interface GigabitEthernet3/1
description Trunk Port to WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-6
switchport mode trunk
end
I have a 1142N AP also connected to the switch and it pulls a DHCP IP Address and configs etc and registers to the WLC. It too is on Vlan 6 and it is connected to the 4506 on int gig 4/33 which is an access port.
interface GigabitEthernet4/33
description Access port to Cisco LAP 1142
switchport access vlan 6
switchport mode access
end
My router is my dhcp server;
ip dhcp pool wlanmantraffic
network 10.6.0.0 255.255.255.0
default-router 10.6.0.1
dns-server 66.109.38.250 10.7.0.8
option 43 hex f104.3130.2e36.2e30.2e33
interface FastEthernet0/1.6
description Vlan6
encapsulation dot1Q 6
ip address 10.6.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
I am doing local authentication, so i have added users to the WLC
My problem is that the first client that connected was able to get an IP address and connect to anything internal and external.
I then connected another client on another laptop and that client could connect but not get an IP address, it just self assigned.
When i look at the clients i can see the MAC address of both Clients on the WLC, but doing a show mac address-table dynamic i only see the MAC of the client that works properly. The client that doesnt get an IP has no entry in the 4506 switch.
I am stumped, from what I understand, is that the 2nd clients traffic is being trunked to the WLC , hence it has the MAC address. But I dont know why its not getting a DHCP assigned IP address.
Thanks in advance for your help.Here is some of the WLC config,
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:25 APs"
PID: AIR-WLC4402-25-K9, VID: V02, SN: FOCblankedbyme
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.3
RTOS Version..................................... 7.0.235.3
Bootloader Version............................... 7.0.235.3
Emergency Image Version.......................... 7.0.235.3
Build Type....................................... DATA + WPS
System Name...................................... CISCO-LWAPP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.6.0.3
System Up Time................................... 0 days 21 hrs 7 mins 20 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US a
nd Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 3
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
AP Bundle Information
Primary AP Image Size
ap3g1 6672
ap801 5180
ap802 5220
c1100 3092
c1130 4960
c1140 4980
c1200 3360
c1240 4800
c1250 5500
c1310 3132
c1520 6400
c3201 4312
c602i 3712
Secondary AP Image Size
ap801 4952
c1100 3040
--More or (q)uit current module or to abort
c1130 4880
c1140 4492
c1200 3312
c1240 4712
c1250 5060
c1310 3080
c1520 5240
c3201 4260
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. RFMobile
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Apple Talk ................................. Disable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link Mcast
Pr Type Stat Mode Mode Status Status Trap Appliance POE
1 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
2 Normal Forw Enable Auto 1000 Full Up Enable Enable N/A
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
NOSC-N-B1917-AP01 2 AIR-LAP1142N-A-K9 00:22:bd:1b:34:5a Route
23B 1 US 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
NOSC-N-B1917-AP01 disabled -
Press Enter to continue or to abort
AP Location
Total Number of AP Groups........................ 0
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control Radio Pol
icy
1 management Disabled None
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
NOSC-N-B1917-AP01 2 AIR-LAP1142N-A-K9 00:22:bd:1b:34:5a Route
23B 1 US 1
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort... Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
--More or (q)uit current module or to abort
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:27:0d:07:cb:e0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
--More or (q)uit current module or to abort
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 11
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 8
Tx Power Level 1 .......................... 20 dBm
Tx Power Level 2 .......................... 17 dBm
Tx Power Level 3 .......................... 14 dBm
Tx Power Level 4 .......................... 11 dBm
Tx Power Level 5 .......................... 8 dBm
Tx Power Level 6 .......................... 5 dBm
Tx Power Level 7 .......................... 2 dBm
Tx Power Level 8 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or to abort
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 1
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
--More or (q)uit current module or to abort
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
--More or (q)uit current module or to abort
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address...............Secondary Cisco Switch Name.......
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
--More or (q)uit current module or to abort
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
--More or (q)uit current module or to abort
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 1
Radio Type................................... RADIO_TYPE_80211n-5
Radio Subband................................ RADIO_SUBBAND_ALL
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
CellId ...................................... 0
Station Configuration
Configuration ............................. AUTOMATIC
Number Of WLANs ........................... 1
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 00:27:0d:07:cb:e0
Operation Rate Set
--More or (q)uit current module or to abort
6000 Kilo Bits........................... MANDATORY
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... MANDATORY
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... MANDATORY
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12................................... SUPPORTED
MCS 13................................... SUPPORTED
--More or (q)uit current module or to abort
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ US
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 36
Number Of Channels ........................ 21
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 7
Tx Power Level 1 .......................... 17 dBm
Tx Power Level 2 .......................... 14 dBm
Tx Power Level 3 .......................... 11 dBm
--More or (q)uit current module or to abort
Tx Power Level 4 .......................... 8 dBm
Tx Power Level 5 .......................... 5 dBm
Tx Power Level 6 .......................... 2 dBm
Tx Power Level 7 .......................... -1 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 1
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 161
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
......................................... 104,108,112,116,132,136,140,
......................................... 149,153,157,161,165
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... AUTOMATIC
Legacy Tx Beamforming ..................... DISABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
--More or (q)uit current module or to abort
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 16 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................ 0
CleanAir Management Information
CleanAir Capable......................... No -
Hi All,
I'm having a strange issue whereby client association to my corporate or guest wifi ssid are not consistent. Sometimes I have no issues connecting repeatedly and other times I cannot connect and receive the "Windows was unable to connect to *SSID*"
I'm unable to determine whether it is a wireless association issue or if its a authentication issue as I have troubles connecting to both my secure (WPA2, AES, 802.1x) corporate wifi or my guest (Open Auth) wifi.
Currently per day I have about 15 users using the wifi on both SSID's. The access points are right in the vicinity of the users. I have 2 LAP1142 access points on separate 802.11a/b/g/n channels and signal strenght is always high.. I'm certain its not co-channel interference or interference whatsoever. RSSI values are -60dBm and SNR 30+ dB. On average I will have 10 users on the wireless fine but one or two people are unable to connect.
I have had wireshark run and when it does not connect I do not see anything in the logs. No traffic is captured!
I cannot see the AAA capturing anything. Signal strength as stated above is high ( I have the AP on my desk!)
Sometimes I can instantly connect with no troubles and other times its not association at all. I've recently updated to version 7.5 and these issues started to occur. Previous version 7.3 had no problems at all for years!.
The logs in the WLC show
*Dot1x_NW_MsgTask_0: Nov 27 04:42:09.956: #DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:864 Received invalid EAPOL-key M2 msg in START state - invalid secure bit; KeyLen 24, Key type 1, client 3c:a9:f4:4x:xx:xx
Does anyone have an idea what could this issue could be?
Many thanksThanks for your reply Sandeep. Been working on it all afternoon with debugging.
To answer your question, sometimes I can connect and sometimes I cannot. This afternoon I haven't been able to connect much at all. 2 out of 20 times perhaps. Other users I can see are connected to the two access points in this office. This isn't just happening on my laptop but several laptops. Same symptom.
Heres the dot1x output I have captured from the debug of a FAILED association attempt.
(Cisco Controller) >show debug
MAC Addr 1.................................. 3C:A9:F4:36:1C:48
Debug Flags Enabled:
dot1x aaa enabled.
dot1x packet enabled.
dot1x events enabled.
dot1x states enabled.
(Cisco Controller) >*DHCP Socket Task: Nov 27 07:44:49.842: 3c:a9:f4:36:1c:48 apfMsRunStateInc
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 Processing RSN IE type 48, length 22 for mobile 3c:a9:f4:36:1c:48
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 Received RSN IE with 0 PMKIDs from mobile 3c:a9:f4:36:1c:48
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 Found an cache entry for BSSID 20:bb:c0:c9:26:92 in PMKID cache at index 0 of station 3c:a9:f4:36:1c:48
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 Removing BSSID 20:bb:c0:c9:26:92 from PMKID cache of station 3c:a9:f4:36:1c:48
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 Resetting MSCB PMK Cache Entry 0 for station 3c:a9:f4:36:1c:48
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 Setting active key cache index 0 ---> 8
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 apfMsRunStateDec
*apfMsConnTask_4: Nov 27 07:45:15.284: 3c:a9:f4:36:1c:48 apfMs1xStateDec
*dot1xMsgTask: Nov 27 07:45:15.287: 3c:a9:f4:36:1c:48 Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Nov 27 07:45:15.288: 3c:a9:f4:36:1c:48 dot1x - moving mobile 3c:a9:f4:36:1c:48 into Connecting state
*dot1xMsgTask: Nov 27 07:45:15.288: 3c:a9:f4:36:1c:48 Sending EAP-Request/Identity to mobile 3c:a9:f4:36:1c:48 (EAP Id 1)
*dot1xMsgTask: Nov 27 07:45:15.288: 3c:a9:f4:36:1c:48 Sending 802.11 EAPOL message to mobile 3c:a9:f4:36:1c:48 WLAN 3, AP WLAN 3
*dot1xMsgTask: Nov 27 07:45:15.288: 00000000: 02 00 00 3c 01 01 00 3c 01 00 6e 65 74 77 6f 72 ...<...<..networ
*dot1xMsgTask: Nov 27 07:45:15.288: 00000010: 6b 69 64 3d 54 50 49 2d 57 49 46 49 2c 6e 61 73 kid=PI-WIFI,nas
*dot1xMsgTask: Nov 27 07:45:15.288: 00000020: 69 64 3d 4d 2d 54 50 49 2d 51 4c 44 2d 44 43 30 id=M-PI-QLD-DC0
*dot1xMsgTask: Nov 27 07:45:15.288: 00000030: 30 31 2d 57 43 30 31 2c 70 6f 72 74 69 64 3d 31 01-WC01,portid=1
*dot1xMsgTask: Nov 27 07:45:29.326: 3c:a9:f4:36:1c:48 Failure sending WPA EAPOL-Key due to invalid state 0 to mobile 3c:a9:f4:36:1c:48
*dot1xMsgTask: Nov 27 07:45:29.326: 3c:a9:f4:36:1c:48 Unable to send WPA key to mobile 3c:a9:f4:36:1c:48
(Cisco Controller) >*dot1xMsgTask: Nov 27 07:45:29.326: 3c:a9:f4:36:1c:48 Unable to update broadcast key to mobile 3C:A9:F4:36:1C:48
*osapiBsnTimer: Nov 27 07:45:45.126: 3c:a9:f4:36:1c:48 802.1x 'txWhen' Timer expired for station 3c:a9:f4:36:1c:48 and for message = M0
*dot1xMsgTask: Nov 27 07:45:45.126: 3c:a9:f4:36:1c:48 dot1x - moving mobile 3c:a9:f4:36:1c:48 into Connecting state
*dot1xMsgTask: Nov 27 07:45:45.126: 3c:a9:f4:36:1c:48 Sending EAP-Request/Identity to mobile 3c:a9:f4:36:1c:48 (EAP Id 2)
*dot1xMsgTask: Nov 27 07:45:45.126: 3c:a9:f4:36:1c:48 Sending 802.11 EAPOL message to mobile 3c:a9:f4:36:1c:48 WLAN 3, AP WLAN 3
*dot1xMsgTask: Nov 27 07:45:45.126: 00000000: 02 00 00 3c 01 02 00 3c 01 00 6e 65 74 77 6f 72 ...<...<..networ
*dot1xMsgTask: Nov 27 07:45:45.126: 00000010: 6b 69 64 3d 54 50 49 2d 57 49 46 49 2c 6e 61 73 kid=PI-WIFI,nas
*dot1xMsgTask: Nov 27 07:45:45.126: 00000020: 69 64 3d 4d 2d 54 50 49 2d 51 4c 44 2d 44 43 30 id=M-PI-QLD-DC0
I can see that the WLC has tried to send a EAP-Request/Identity request to the client but no response back. I just don't understand why it works at times and why it doesn't.
It has the same issues on my guest network which is open authentication. Nothing has changed in regards to configuration and it has been working for years. Only thing that changed was a version upgrade to 7.5 three weeks ago.
Here is the debug output of the client MAC when attempting to association to the GUEST network.
(Cisco Controller) >debug client 3C:A9:F4:36:1C:48
(Cisco Controller) >*apfProbeThread: Nov 27 07:53:48.059: aggregated probe IE: TIMESTAMP
*apfMsConnTask_4: Nov 27 07:58:02.021: 3c:a9:f4:36:1c:48 Adding mobile on LWAPP AP 20:bb:c0:c9:26:90(0)
*apfMsConnTask_4: Nov 27 07:58:02.021: 3c:a9:f4:36:1c:48 Association received from mobile on BSSID 20:bb:c0:c9:26:91
*apfMsConnTask_4: Nov 27 07:58:02.021: 3c:a9:f4:36:1c:48 Global 200 Clients are allowed to AP radio
*apfMsConnTask_4: Nov 27 07:58:02.021: 3c:a9:f4:36:1c:48 Max Client Trap Threshold: 0 cur: 5
*apfMsConnTask_4: Nov 27 07:58:02.021: 3c:a9:f4:36:1c:48 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Re-applying interface policy for client
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 In processSsidIE:4565 setting Central switched to TRUE
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 In processSsidIE:4568 apVapId = 2 and Split Acl Id = 65535
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Applying site-specific Local Bridging override for station 3c:a9:f4:36:1c:48 - vapId 2, site 'default-group', interface 'guest'
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Applying Local Bridging Interface Policy for station 3c:a9:f4:36:1c:48 - vlan 650, interface id 12, interface 'guest'
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 STA - rates (8): 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 20:bb:c0:c9:26:90 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 apfMsAssoStateInc
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 3c:a9:f4:36:1c:48 on AP 20:bb:c0:c9:26:90 from Idle to Associated
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 apfPemAddUser2:session timeout forstation 3c:a9:f4:36:1c:48 - Session Tout 65535, apfMsTimeOut '65535' and sessionTimerRunning flag is 0
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Scheduling deletion of Mobile Station: (callerId: 49) in 65535 seconds
*apfMsConnTask_4: Nov 27 07:58:02.022: 3c:a9:f4:36:1c:48 Func: apfPemAddUser2, Ms Timeout = 65535, Session Timeout = 65535
*apfMsConnTask_4: Nov 27 07:58:02.023: 3c:a9:f4:36:1c:48 Sending Assoc Response to station on BSSID 20:bb:c0:c9:26:91 (status 0) ApVapId 2 Slot 0
*apfMsConnTask_4: Nov 27 07:58:02.023: 3c:a9:f4:36:1c:48 apfProcessAssocReq (apf_80211.c:7957) Changing state for mobile 3c:a9:f4:36:1c:48 on AP 20:bb:c0:c9:26:90 from Associated to Associated
*apfMsConnTask_4: Nov 27 07:58:02.026: 3c:a9:f4:36:1c:48 Updating AID for REAP AP Client 20:bb:c0:c9:26:90 - AID ===> 4
*apfReceiveTask: Nov 27 07:58:04.998: 3c:a9:f4:36:1c:48 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Nov 27 07:58:04.998: 3c:a9:f4:36:1c:48 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5716, Adding TMP rule
*apfReceiveTask: Nov 27 07:58:04.998: 3c:a9:f4:36:1c:48 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 20:bb:c0:c9:26:90, slot 0, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*apfReceiveTask: Nov 27 07:58:04.998: 3c:a9:f4:36:1c:48 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 650, Local Bridging intf id = 12
*apfReceiveTask: Nov 27 07:58:04.998: 3c:a9:f4:36:1c:48 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Nov 27 07:58:04.999: 3c:a9:f4:36:1c:48 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Nov 27 07:58:04.999: 3c:a9:f4:36:1c:48 Sent an XID frame
*IPv6_Msg_Task: Nov 27 07:58:05.000: 3c:a9:f4:36:1c:48 Pushing IPv6 Vlan Intf ID 12: fe80:0000:0000:0000:f0a7:e03b:151a:3af8 , and MAC: 3C:A9:F4:36:1C:48 , Binding to Data Plane. SUCCESS !! dhcpv6bitmap 0
*IPv6_Msg_Task: Nov 27 07:58:05.000: 3c:a9:f4:36:1c:48 Link Local address fe80::f0a7:e03b:151a:3af8 updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
(Cisco Controller) > -
WLC 2504 Connectivity Problems
This is a tricky one.
I installed a 2504 WLC with three AP's. Two SSID’s were configured, one with WPA2/AES-TIKIP and the other with Web Auth.
After installation, customers could connect to WLAN without problem and .
The problem that is occurring is that since the beginning of week, customers PDA's, cell phones and iPad and cannot access Internet with any of the two WLAN but clients who used laptop have no connection problems. Also the DHCP Server is assigning IP's correctly.
This problem also occurs with test SSID I created which is Open Auth. I see associated Cell phones and IPAD to the WLC but none of these answers ping from the WLC.
This is a WLC 2504 with IOS 7.4.100.Hello everyone!
Today I did a test with my Cell phone Samsung Note 2 and I have the same conectivity problem.
I have installed the APK ipconfig from the Play Store for Android in my cell phone and y see that I getting IP Address, Mask and Gateway.
This is what I´ve got from the APK:
IP ADDRESS 192.168.8.181
MASK: 255.255.255.0
GATEWAY: 192.168.8.2
DHCP SERVER: 192.168.8.16
DNS1: 192.168.6.16
DNS2: 192.168.2.16
I have connected my laptop to the WLAN with no issue and I´m getting this:
The IP address of the DHCP Server is 192.168.8.16 and 192.168.6.16 and is a Microsoft Server.
I´ve created a test WLAN with OPEN AUTH but the problem remains.
Here is the OUTPUT you requested:
show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... APS-PT-01
Network Name (SSID).............................. APS-PT-01
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 16
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... APS-Admin-WLC-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show w?
wgb wlan wps
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... APS-Visitas-PT
Network Name (SSID).............................. APS-Visitas-PT
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... APS-Admin-WLC-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
IPv4 ACL........................................ Unconfigured
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Disabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
(Cisco Controller) >
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... Prueba
Network Name (SSID).............................. Prueba
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
DHCP ......................................... Disabled
HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ 300 seconds
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... APS-Admin-WLC-01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Enabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Disabled
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Enabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Disabled
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Disabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled -
Remote tuxedo domain rejects connection from client only Tuxedo JCA Adapter
I am trying to use a client only configured Oracle Tuxedo JCA Adapter 11.1.1.2.1 to connect to a remote tuxedo 10.3 domain. The connector is deployed to a JDeveloper 10.1.3.4 embedded OC4J container. The connector is failing silently when attempting to establish a connection with the remote domain. Locally, the JCA Adapter ntrace logs the following:
1/20/11:9:41:49 PM:10:TRACE[DMLocalAccessPoint,DMLocalAccessPoint]> (ypjspNQ5QIPKmOyk1DlAgw==)
1/20/11:9:41:49 PM:10:DBG[DMLocalAccessPoint,DMLocalAccessPoint]_useSSL = false
1/20/11:9:41:49 PM:10:TRACE[DMLocalAccessPoint,DMLocalAccessPoint]< return(10)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createLocalAccessPoint]TJA_0233:Info: Default local access point for factory null created, access point id ypjspNQ5QIPKmOyk1DlAgw==.
1/20/11:9:41:49 PM:10:DBG[TuxedoAdapterSupervisor,createLocalAccessPoint]features = 159
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,startListeners]> ()
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,startListeners]< (20) return
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]> (__sess_0_0)
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_lap_name:ypjspNQ5QIPKmOyk1DlAgw==
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_rap_name:e1tst_tdtux02
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_pro_name:__default_session_profile__
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _lap: com.oracle.tuxedo.adapter.config.DMLocalAccessPoint@1f6bc1a
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _rap: com.oracle.tuxedo.adapter.config.DMRemoteAccessPoint@1b75e54
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _pro: com.oracle.tuxedo.adapter.config.DMSessionProfile@191f64b
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]sec = NONE
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]< return(60)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createDefaultSession]TJA_0193:INFO: Default session created between LocalAccessPoint ypjspNQ5QIPKmOyk1DlAgw== and RemoteAccessPoint e1tst_tdtux02.
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]> (__sess_0_1)
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_lap_name:ypjspNQ5QIPKmOyk1DlAgw==
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_rap_name:e1tst_tdtux01
1/20/11:9:41:49 PM:10:DBG[DMSession,myInit]_pro_name:__default_session_profile__
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _lap: com.oracle.tuxedo.adapter.config.DMLocalAccessPoint@1f6bc1a
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _rap: com.oracle.tuxedo.adapter.config.DMRemoteAccessPoint@1c0f654
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]got _pro: com.oracle.tuxedo.adapter.config.DMSessionProfile@191f64b
1/20/11:9:41:49 PM:10:DBG[DMSession,DMSession]sec = NONE
1/20/11:9:41:49 PM:10:TRACE[DMSession,DMSession]< return(60)
1/20/11:9:41:49 PM:10:INFO[TuxedoAdapterSupervisor,createDefaultSession]TJA_0193:INFO: Default session created between LocalAccessPoint ypjspNQ5QIPKmOyk1DlAgw== and RemoteAccessPoint e1tst_tdtux01.
1/20/11:9:41:49 PM:10:TRACE[TuxedoAdapterSupervisor,registerClientSideResourceAdapter]create default import
1/20/11:9:41:49 PM:10:TRACE[ServiceManager,registerImportedService]> (*)
1/20/11:9:41:49 PM:10:INFO[,]factory = null
1/20/11:9:41:49 PM:10:INFO[,]name = *
1/20/11:9:41:49 PM:10:INFO[,]iname = *
1/20/11:9:41:49 PM:10:TRACE[ServiceManager,registerImportedService]register Default Import
1/20/11:9:41:49 PM:10:TRACE[Route,Route]> (*)
I can't determine if there are any problems from these log entries, but the remote tuxedo domain logs the following in the ULOG:
155138.tdtux01!GWTDOMAIN.3495.4.0: LIBGWT_CAT:1073: ERROR: Unable to obtain remote domain id (ypjspNQ5QIPKmOyk1DlAgw==) information from shared memory
155138.tdtux01!GWTDOMAIN.3495.4.0: LIBGWT_CAT:1509: ERROR: Error occurred during security negotiation - closing connection
My understanding is that the client only configuration should connect to a remote tuxedo domain as an anonymous client instead of a peer tuxedo domain, but the remote tuxedo gateway domain listener is acting like the client has to be configured in its dmconfig file before it will allow the connection request. Is there a different kind of listener the client only configuration should connect to instead of the tuxedo gateway domain listener? How can a remote tuxedo domain accept a connection from an anonymous client if the client must first be specified in the remote domain's dmconfig file? Is this a tuxedo 11g only feature? I'm trying to connect to a tuxedo 10.3 server.
The local ra.xml is reproduced here:
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/connector_1_5.xsd"
version="1.5">
<display-name>Tuxedo JCA Adapter</display-name>
<vendor-name>Oracle</vendor-name>
<eis-type>Tuxedo</eis-type>
<resourceadapter-version>11gR1(11.1.1.2.1)</resourceadapter-version>
<license>
<description>Tuxedo SALT license</description>
<license-required>false</license-required>
</license>
<resourceadapter>
<resourceadapter-class>com.oracle.tuxedo.adapter.TuxedoClientSideResourceAdapter</resourceadapter-class>
<config-property>
<config-property-name>debugConfig</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>true</config-property-value>
</config-property>
<config-property>
<config-property-name>traceLevel</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>100000</config-property-value>
</config-property>
<config-property>
<config-property-name>xaAffinity</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>true</config-property-value>
</config-property>
<config-property>
<config-property-name>remoteAccessPointSpec</config-property-name>
<config-property-type>java.lang.String</config-property-type>
<config-property-value>//tdtux01:9601/domainId=e1tst_tdtux01,//tdtux02:9601/domainId=e1tst_tdtux02</config-property-value>
</config-property>
<outbound-resourceadapter>
<connection-definition>
<managedconnectionfactory-class>com.oracle.tuxedo.adapter.spi.TuxedoManagedConnectionFactory</managedconnectionfactory-class>
<connectionfactory-interface>javax.resource.cci.ConnectionFactory</connectionfactory-interface>
<connectionfactory-impl-class>com.oracle.tuxedo.adapter.cci.TuxedoConnectionFactory</connectionfactory-impl-class>
<connection-interface>javax.resource.cci.Connection</connection-interface>
<connection-impl-class>com.oracle.tuxedo.adapter.cci.TuxedoJCAConnection</connection-impl-class>
</connection-definition>
<transaction-support>NoTransaction</transaction-support>
<authentication-mechanism>
<authentication-mechanism-type>BasicPassword</authentication-mechanism-type>
<credential-interface>javax.resource.spi.security.PasswordCredential</credential-interface>
</authentication-mechanism>
<reauthentication-support>false</reauthentication-support>
</outbound-resourceadapter>
</resourceadapter>
</connector>
Thanks for any help.
SteveLooks like this is an RTFM question. From:
[http://download.oracle.com/docs/cd/E18050_01/jca/docs11gr1/users/jca_usersguide.html]
Is the following:
Dynamic RemoteAccessPoint (RAP) Insertion
In order to make default LocalAccessPoint to work, Oracle Tuxedo GWTDOMAIN gateway configuration is required in order to make this simplified /Domain configuration to work.
GWTDOMAIN gateway must be modified to allow Dynamic RemoteAccessPoint (RAP) Registration. If DYNAMIC_RAP is set to YES, it will also update the in-memory database of the status of the connection from those dynamically registered RAP. If the connection from those dynamically registered RAP lost then the information about that RAP will be removed from the SHM database.
GWADM must be modified to process the DM MIB correctly to reflect the connection status of those dynamically registered RAP. When the connection from those dynamically registered RAP lost their entries in the SHM database will also be removed so that the DM MIB query can return the connection status correctly.
The dynamically registered RAP will be added to /DOMAIN configuration permanently. Their existence will only be known when the Session is established. Their existence will be lost when the connection is lost.
The DM_CONNECTION Oracle Tuxedo /Domain DMIB call returns all the connected dynamically registered RemoteAccessPoint. All other dynamically registered RemoteAccessPoint that are not connected will not be shown.
The OPENCONNECTION DMIB request will not be supported to connect to those dynamically registered RAP.
The CLOSECONNECTION Oracle Tuxedo /DMIB request closes the connection and remove the session from those dynamically registered RemoteAccessPoint, and returns its connection status as 'UNKNOWN.
The PERSISTENT_DISCONNECT type of CONNECTION_POLICY will be honored that means when PERSISTENT_DISCONNECT is in effect all connections request from any RAP, whether they are dynamically or non-dynamically registered, will be rejected.
I must have overlooked this section when reading it. Looks like I've got more configuration to do.
Thanks,
Steve -
WLC 5508 disable wlan client still connected
I have one wlc 5508 running on latest IOS 7.116, there is one wlan abc which i have disable status and disable broadcast, but randomly still i can see from wlc dashboard there is one client connected to this wlan abc. The moment i check on the client details, there is no client connected to that wlan and when return to dashboard, no more client connected to that wlan abc. This happened in randomly, it is bug or something else?
I would guess that the client entry also indicates "probing" as status. It means that the client is not connected. It is actually probing, so it"s looking for that SSID that it probably associated to in the past (so it remembers about it)
-
WLC only connects to MACs, Androids, but not to Windows PCs since today
Since today we have a curious "feature":
Only MAC and Android clients are able to connect to the WLAN, locked by WPA2-enterprise/Radius (Windows domain server with NAS). Windows clients are denied.
Does anyone have the same epxeriences?
MarkusI found the solution after sveral hours of searching in google and the log-files of the NPS:
http://support.microsoft.com/kb/933430/en-us
Our NPS-Server contains to many entries in the trusted root certification list!!!
I tried to delete several certificates, but as you can see in http://support.microsoft.com/kb/293781 this can be very critical, since I don#t know, which certificates are needed for the system
So I used Method #3 in http://support.microsoft.com/kb/933430/en-us afterwards and now it seems, that all clients can connect again.
Markus -
WLC 2504 sudden network instability
Hello,
we're running a WLC 2504 with two SSIDs on it. It is connected to to a small PoE switch. Standard untagged vlan. A handfull APs connected to it. No DHCP, the APs have all static IP addresses.
All of a sudden we're having a number of issues with the network connection:
APs restarting
The APs restart every now and then reporting that their IP is being used by another device. Looking through the logs there are two MAC addresses that are reported as using the APs IP address. These two MAC addresses have unknown vendor IDs.
Warning: AP with Base Radio MAC f8:72:ea:7c:9d:e3 has found its IP Address 0.2.146.0 being used by a machine with MAC
Address 04:c6:f8:40:00:00 (The other mac that is reported is 04:cc:90:40:00:00)
AP 'AP5', MAC: 0c:68:03:dd:1b:80 disassociated previously due to Link Failure. Uptime: 4 days, 00 h 48 m 50 s . Reason: Capwap WTP Event request.
So: There are two MACs that use the IP addresses of 7 APs?!?! And there is no vendor to be found for these MACs?
Ping timouts on the webGUI and CLI
I have a ping running on the IP for managing the device. This is running fine for ages. As soon as I connect via webGUI or CLI I lose packets. Get timeouts etc. some packets get through some don't. More of the latter. So ping is fine but any other traffic seems to be impacted heavily.
What we have done for troubleshooting
Checked duplex/speed settings of the interfaces. Everything ok.
Connected to another switchport. Same.
Changed the IP address of the management port. Same.
Swapped places with a laptop with the same IP address --> Worked fine.
Plugged in a completely new device, installed the latest firmware (7.6) and uploaded the config from the other one. Same.
Restarted the default gateway for the subnet the controler is on.
So now we're at the end of our knowledge. It seems to be a non-physical network issue, but we're a small team and no one has changed anything they say :-/
Any ideas what we could check next?
KatHello,
thanks for your suggestions. It's hard to find those two MAC addresses. As they seem to be virtual I cannot get a hint from the vendor ID. A show mac-address table on the switch the WLC is connected to doesn't show those two
I found an error in the WLC AP config. AP1 had the same IP as AP5 and a wrong netmask. I changed that. Unfortunately that doesn't solve our problem.
Here are some more messages from the WLC's log:
AP 'AP3', MAC: 0c:68:03:dd:34:00 disassociated previously due to Link Failure. Uptime: 4 days, 15 h 04 m 15 s . Reason: Capwap WTP Event request.
AP Disassociated. Base Radio MAC:0c:68:03:dd:34:00
AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:0c:68:03:dd:34:00 Cause=Heartbeat Timeout Status:NA
AP 'AP3', MAC: 0c:68:03:dd:34:00 disassociated previously due to Link Failure. Uptime: 4 days, 15 h 00 m 45 s . Reason: Capwap WTP Event request.
RF Manager updated TxPower for Base Radio MAC: 0c:68:03:dd:34:00 and slotNo: 0. New Tx Power is: 2
AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:0c:68:03:dd:16:e0 Cause=Max Retransmission Status:NA
IDS Signature attack detected. Signature Type: Standard, Name: Deauth flood, Description: Deauthentication flood, Track: per-signature, Detecting AP Name: AP7, Radio Type: 802.11b/g, Preced: 9, Hits: 500, Channel: 6, srcMac: C2:9F:DB:21:47:60
This is the sh run-config of our WLC including one AP:
>show run-config
System Inventory
NAME: "Chassis" , DESCR: "Cisco 2500 Series Wireless LAN Controller"
PID: AIR-CT2504-K9, VID: V01, SN: PSZ17381EPZ
Burned-in MAC Address............................ 50:17:FF:27:12:80
Maximum number of APs supported.................. 15
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.18
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0
Build Type....................................... DATA + WPS
System Name...................................... UK-BRI-WFAPC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 172.17.128.12
Last Reset....................................... Power on reset
System Up Time................................... 4 days 0 hrs 46 mins 6 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... GB - United Kingdom
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +20 C
External Temperature............................. +25 C
Fan Status....................................... 4000 rpm
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 3
Number of Active Clients......................... 6
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 50:17:FF:27:12:80
Maximum number of APs supported.................. 15
AP Bundle Information
Primary AP Image Size
ap1g2 9568
ap3g1 11288
ap3g2 11196
ap801 7164
ap802 8568
c1130 5072
c1140 9416
c1250 6944
c1520 8044
c602i 3736
Secondary AP Image Size
ap3g1 5792
ap801 5192
ap802 5232
c1100 3084
c1130 4964
c1140 4992
c1200 3364
c1240 4812
c1250 5504
c1310 3136
c1520 6404
c3201 4324
c602i 3716
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
case-check ...........Enabled
consecutive-check ....Enabled
default-check .......Enabled
username-check ......Enabled
Network Information
RF-Network Name............................. RFGROUP
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Multicast Address : 0.0.0.0
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE
1 Normal Forw Enable Auto 1000 Full Up Enable N/A
2 Normal Forw Enable Auto 100 Full Up Enable N/A
3 Normal Forw Enable Auto 1000 Full Up Enable Enable (Power Off)
4 Normal Disa Enable Auto Auto Down Enable Enable (Power Off)
AP Summary
Number of APs.................................... 7
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
AP7 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9a:81 default location 1 GB 1
AP1 2 AIR-CAP1602I-E-K9 f8:72:ea:7c:9d:e3 default location 1 GB 1
AP3 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9c:57 default location 1 GB 1
AP6 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9a:90 default location 1 GB 1
AP2 2 AIR-CAP1602I-E-K9 f8:72:ea:7c:9b:63 default location 1 GB 1
AP4 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9a:9b default location 1 GB 1
AP5 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9a:cb default location 1 GB 1
AP Tcp-Mss-Adjust Info
AP Name TCP State MSS Size
AP7 disabled -
AP1 disabled -
AP3 disabled -
AP6 disabled -
AP2 disabled -
AP4 disabled -
AP5 disabled -
AP Location
Total Number of AP Groups........................ 0
Site Name........................................ default-group
Site Description.................................
NAS-identifier................................... UK-BRI-WFAPC
AP Operating Class............................... Not-configured
RF Profile
2.4 GHz band.....................................
5 GHz band.......................................
WLAN ID Interface Network Admission Control Radio Policy
1 corporate Disabled None
2 dirtynetwork Disabled None
3 dirtynetwork Disabled None
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
AP7 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9a:81 default location 1 GB 1
AP1 2 AIR-CAP1602I-E-K9 f8:72:ea:7c:9d:e3 default location 1 GB 1
AP3 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9c:57 default location 1 GB 1
AP6 2 AIR-CAP1602I-E-K9 f8:72:ea:e4:9a:90 default location 1 GB 1
AP2 2 AIR-CAP1602I-E-K9 f8:72:ea:7c:9b:63 default location 1 GB 1
AP4 2 AIR-CAP1602I-E-K9 f8:
RF Profile
Number of RF Profiles............................ 0
Out Of Box State................................. Disabled
RF Profile Name Band Description 11n-client-only
AP Config
Cisco AP Identifier.............................. 15
Cisco AP Name.................................... AP7
Country code..................................... GB - United Kingdom
Regulatory Domain allowed by Country............. 802.11bg:-E 802.11a:-E
AP Country code..................
................ GB - United Kingdom
AP Regulatory Domain............................. -E
Switch Port Number .............................. 1
MAC Address...................................... f8:72:ea:e4:9a:81
IP Address Configuration......................... Static IP assigned
IP Address....................................... 172.17.128.24
IP NetMask....................................... 255.255.128.0
Gateway IP Addr.................................. 172.17.128.1
Domain...............
Name Server......................................
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Disabled
Ssh State........................................ Disabled
Cisco AP Location................................ default location
Cisco AP Floor Label............................. 0
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ....
............................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... Local
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ..
....................... kern
S/W Version .................................... 7.4.110.0
Boot Version ................................... 15.2.2.0
Mini IOS Version ................................ 7.4.1.37
Stats Reporting Period .......................... 180
Stats Collection Mode ........................... normal
LED State........................................
Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-CAP1602I-E-K9
AP Image...............................
.......... C1600-K9W8-M
IOS Version...................................... 15.2(2)JB2$
Reset Button..................................... Enabled
AP Serial Number................................. FGL1725W7F7
AP Certificate Type.............................. Manufacture Installed
AP User Mode..................................... AUTOMATIC
AP User Name..................................... Not Configured
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
Cisco AP system loggi
ng host..................... 255.255.255.255
AP Up Time....................................... 3 days, 23 h 26 m 50 s
AP LWAPP Up Time................................. 0 days, 00 h 14 m 12 s
Join Date and Time............................... Tue Jan 28 18:11:43 2014
Join Taken Time.................................. 0 days, 00 h 11 m 41 s
Attributes for Slot 0
Radio Type................................... RADIO_TYPE_80211n-2.4
Administrative State ........................ ADMIN_ENABLED
Operation State ............................. UP
Radio Role .................................. ACCESS
Radio Mode .................................. Local
CellId ...................................... 0
Station Configuration
Configuration ............................. AU
TOMATIC
Number Of WLANs ........................... 3
Medium Occupancy Limit .................... 100
CFP Period ................................ 4
CFP MaxDuration ........................... 60
BSSID ..................................... 0c:68:03:dd:16:e0
Operation Rate Set
1000 Kilo Bits........................... MANDATORY
2000 Kilo Bits........................... MANDATORY
5500 Kilo Bits........................... MANDATORY
11000 Kilo Bits.......................... MANDATORY
6000 Kilo Bits........................... SUPPORTED
9000 Kilo Bits........................... SUPPORTED
12000 Kilo Bits.......................... SUPPORTED
18000 Kilo Bits.......................... SUPPORTED
24000 Kilo Bits.......................... SUPPORTED
36000 Kilo Bits.......................... SUPPORTED
48000 Kilo Bits.......................... SUPPORTED
54000 Kilo Bits.......................... SUPPORTED
MCS Set
MCS 0.................................... SUPPORTED
MCS 1.................................... SUPPORTED
MCS 2.................................... SUPPORTED
MCS 3.................................... SUPPORTED
MCS 4.................................... SUPPORTED
MCS 5.................................... SUPPORTED
MCS 6.................................... SUPPORTED
MCS 7.................................... SUPPORTED
MCS 8.................................... SUPPORTED
MCS 9.................................... SUPPORTED
MCS 10................................... SUPPORTED
MCS 11................................... SUPPORTED
MCS 12..
................................. SUPPORTED
MCS 13................................... SUPPORTED
MCS 14................................... SUPPORTED
MCS 15................................... SUPPORTED
MCS 16................................... DISABLED
MCS 17................................... DISABLED
MCS 18................................... DISABLED
MCS 19................................... DISABLED
MCS 20................................... DISABLED
MCS 21................................... DISABLED
MCS 22................................... DISABLED
MCS 23................................... DISABLED
Beacon Period ............................. 100
Fragmentation Threshold ................... 2346
Multi Domain Capability Implemented ....... TRUE
Multi Domain Capability Enabled ........... TRUE
Country String ............................ GB
Multi Domain Capability
Configuration ............................. AUTOMATIC
First Chan Num ............................ 1
Number Of Channels ........................ 13
MAC Operation Parameters
Configuration ............................. AUTOMATIC
Fragmentation Threshold ................... 2346
Packet Retry Limit ........................ 64
Tx Power
Num Of Supported Power Levels ............. 4
Tx Power Level 1 .......................... 16 dBm
Tx Power Level 2 .......................... 13 dBm
Tx Power Level 3 .......................... 10 dBm
Tx Power Level 4 .......................... 7 dBm
Tx Power Configuration .................... AUTOMATIC
Current Tx Power Level .................... 3
Tx Power Assigned By ...................... DTPC
Phy OFDM parameters
Configuration ............................. AUTOMATIC
Current Channel ........................... 6
Channel Assigned By ....................... DCA
Extension Channel ......................... NONE
Channel Width.............................. 20 Mhz
Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11,12,
......................................... 13
TI Threshold .............................. -50
Legacy Tx Beamforming Configuration ....... CUSTOMIZED
Legacy Tx Beamforming ..................... ENABLED
Antenna Type............................... INTERNAL_ANTENNA
Internal Antenna Gain (in .5 dBi units).... 8
Diversity.................................. DIVERSITY_ENABLED
802.11n Antennas
A....................................... ENABLED
B....................................... ENABLED
C....................................... ENABLED
Performance Profile Parameters
Configuration ............................. AUTOMATIC
Interference threshold..................... 10 %
Noise threshold............................ -70 dBm
RF utilization threshold................... 80 %
Data-rate threshold........................ 1000000 bps
Client threshold........................... 12 clients
Coverage SNR threshold..................... 12 dB
Coverage exception level................... 25 %
Client minimum exception level............. 3 clients
Rogue Containment Information
Containment Count............................
CleanAir Management Information
CleanAir Capable......................... No
Radio Extended Configurations
Beacon period.............................. 100 milliseconds
Beacon range............................... AUTO
Multicast buffer........................... AUTO
Multicast data-rate........................ AUTO
RX SOP threshold........................... AUTO
CCA threshold.............................. AUTO -
WLC 2504 don't work with mode trunking dot1Q with 3560cg and 2960cg?
Hi
I have a proble with the 3560cg and 2960cg, when i configure the port with "switchport trunk encapsulation doi1q " and "switchport mode trunk" on the interface for the connection with the WLC2504, don't have connection.
I configure others WLC and others switch catalyst (2960, 3550, etc) with the same configuration and this connection work very well.
this is the date from the terminals:
Model SW Version SW Image
WS-C2960CG-8TC-L 12.2(55)EX2 C2960c405ex-UNIVERSALK9-M
Model SW Version SW Image
WS-C3560CG-8TC-S 12.2(55)EX2 C3560c405ex-UNIVERSALK9-M
WLC 2504 IOS-> 7.3.
I don't know what its hapend, or if i need use another command for the 3560cg and 2960cg
RegardsHi scot
in my case, i configure the 3560 with the vlan 1 for administration and the vlan 100 and 200 for my clients (i use the 2 vlans with 2 wlans from the wlc) and i know that the port must be Trunk, my management interface its taggin with the vlan 1 for the administration and the dynamic interfaces with the respective vlan.
when i configure the 3560 and 2960 i use these command (switchport mode trunk) and i loose the connection with the wlc (i use the same comand with other switch and work very well), the wlc loose the conection with the net.
i dont know the reason for this failure, and i know if the wlc have management interface untugged, only work with this vlan (vlan native or vlan access) and don't work with the others vlans for the wlans.
I wish to know if the IOS or if exist another configuration for the 3560 and 2960 works with the WLC correctly or its problem of the IOS
Thaks for the help
Regards -
Acs 5.3 and wlc 2504 config with restricted network access
Hello,
i submit you the following issue that i'm actually facing:
i must configure a secured wireless network with access restriction based on SSID. the equipements are : cisco wlc 2504 (soft 7.3) cisco secure acs aplliance 1121 (soft 5.4) .
the users that will connect to the network are regrouped by identity groups, each identity group having it's own SSID. Clearly each group of users must access only one SSID.
i followed the procedure below to configure it:
-- creating user identity groups;
-- creating users and assigning them to the groups;
--- creating authorization profiles for each SSID under policy element/ authorization and permission/network access/authorization profiles and putting the Airespace-Wlan-Id(the SSID number) in the radius tab.
--- assigning the authorization profiles to the identity groups under access policies.
after all these config the users can access the network using there userid/password configured. But the problem is Every user can access every SSID, seems like the restriction is so not very well configured.
i found some documentation on this kind of config but the version of ACS used seems older than the one that i use, so menu are very different.
Please can someone provide with the right steps to follow to achieve this kind of config.
tkx in advanceYes.. you only have to add the end filter like what I posted... as far as the calling station id in the WLC security tab, it doesn't matter because that is not used when using 802.1x. I would also try to not enable everything that you have just to start from the basic and make sure it works first. The WAP Authentication Method might or might not work for you. Uncheck that for now and when you have a successful authentication, look at the monitor log and see what radius attributes are being sent, because those attributes is what you can use to build your policies.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Maybe you are looking for
-
How to create sso login for webcenter application
Hi, i have created a webcenter portal application with a login page.i have to create a sso login for that application . can anyone suggest me how to do?
-
Error when creating a Proxy Object from WSDL
Hi, when creating a proxy object in abap based on the [WSDL|http://download.mapandguide.com/EN/dev/xserver/XLocate-1.6.0.3.wsdl] i get the error 'Incorrect value: Unknown Type Referencens0:ArrayOfString'. 1- Is there a conflict with the type 'String'
-
A strange query of queries bug in CF11?
Hi, I have this strange query of queries result that could be a bug in CF11. The result is fine in CF10. Basically, I have 2 queries, qrA and qrB. I do a join of the two in joinQr, after which I do a query of qrA. Since I didn't alter qrA in any w
-
JCo using class cl_gui_frontend_services
Hello! I have a problem with using JCo. For my purposes, I need transfer files from computer, where SAP GUI is working. But no one could argue that when I use JCO on the server, I don't have any SAP GUI. How can I find files on this computer? Using F
-
Could someone explain the concept of 1. Entity manager. 2. Types and Purpose of Entity manager 3. How they are injected Thanks in advance.