WLC 4402 Update 7.0.253.3: all 17 APs use channel 1
Since the update of our WLC 4402 to v 7.0.253.3 all 17 accesspoints are using channel 1 !!
Has anyone an idea to solve this channel-fixing?
Thx
Markus
Thanks Scott,
your were right: Channel Assignment Method of RRM was turned OFF since the update of the firmware! I have now changed the setting to AUTOMATIC and now, the APs are again using different channels :-)
THX
Markus
Similar Messages
-
hello everybody,
actually i'm confused so i want to upgrade my WLC 4402 from 6.0.199.4 to last version available and i have my AP 1242G with version 12.4(21a)JHB1 I just want to know what's the version compatibility beween my WLC and AP,thank you for your helpsHi,
Go for 7.0.250.0(It is the last supoort version for this WLC). You can directly upgarde from 6.0.199.0 to 7.0.250.0.
http://software.cisco.com/download/release.html?mdfid=279911193&flowid=7586&softwareid=280926587&release=7.0.250.0&relind=AVAILABLE&rellifecycle=ED&reltype=latest
And 1242 AP supported this software.
Cisco Wireless Solutions Software Compatibility Matrix
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
Regards
Dont forget to rate helpful posts -
Hi,
We want to use ACS to authenticate an ssh or http connection to a WLC 4403-50 4.2.99 using TACACS+. On our ACS 4.2 test server it works fine. Configured identically on an ACS 3.3 appliance we are not able to log in although we do see a successful login in the Passed Authentications report withing ACS.
Is there an incompatability between the WLC 4402-50 with ACS 3.3?
thanks
BobThe Cisco Secure Access Control Server (ACS) provides authentication, authorization, and accounting (AAA) services for users of the wireless network.
It is also possible to employ a WLC controller strategy that uses an N+1 approach. When using N+1 architecture, each WLC is configured with a WLC that is designated as a backup WLC in the event of a failure. This controller is not used until there is a failure event upon which all APs using the failed controller switch to the backup WLC. This cost-effective approach provides a high level of availability in the event of a single WLC failure scenario. -
Hi,
I have a WLC 4402 Wireless LAN Controller with multiple 1231 AP on LWAPP. WLAN has security setting on WPA+WPA2 with PSK share key. All computers in domain are fine, wireless connections are steady. I have a group of students use Netbook on Windows XP Home SP3 got connection and drop situation. Event ID on XP has continuous 4201 and 4202 cases, and on WLC log I have also continuous log as
*Apr 19 10:35:44.046: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 00:26:5e:eb:fd:0a
I understand XP Home has no certificate from Domain environment therefore I didn't setup any AAA server service. How can this problem be resolved? Keep trying on security combination, but no luck. Please Help. Thanks.
Attachment is WLC configuration file without encryption.Hi, Kayle
Thanks for quick reply. Its not ASUS EeePC but ASUS s10e. The wireless LAN device is Broadcom 802.11g. I check with Lenono System Update, no newer driver available. Thanks. -
Problem with certificate authentication at wlc 4402
Hi,
we have a problem to get a connection from the client to the WLC.
we are using Cisco Aironet 1130 AG and a Cisco 4402 WLC in our network. The certificate service is installed on a Windows 2008 R2 server. We use a standalone Root CA with a Enterprise Sub CA hierarchy. Issueing certificates to clients works fine. The vendor and ca certificates are installed on the WLC and the user have his user certificate. During implementation we used following document: "http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008093f1b9.shtml#wlc". Instead of Anonymous Bind, we use a service user to read in AD (works fine, too).
We use the Intel/PRO wireless utility on our Testclient and configured it for EAP-FAST and TLS. We can select the installed certificate in the utility, but when we try to connect, the utility throw the message: "Authentication failed due to an invalid certificate".
We´ve logged the WLC and thats a part of the logfile (i´ve greyed out all enterprise data):
*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (...)))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="..." (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=... (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: ...(0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1 Flags:S Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422: Payload: 00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST ID:0x 2 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP
Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event
'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP
Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP
Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : ...
*EAP Framework: Jan 18
12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th,
17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP
Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject :
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=...
*EAP
Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from
'2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422: Payload: 0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422: Payload: 03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake Version:0301 Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422: Payload: 0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422: Payload: 03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake Version:0301 Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake Version:0301 Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422: Payload: 0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1 Flags:LM Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422: Payload: 160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST ID:0x 3 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP
Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received
TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert Version:0301 Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1 Flags:L Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST ID:0x 7 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
We think that the reason why it didn´t work, is the part:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
But we aren´t sure.
Maybe anyone can help us. Many thanks in advance.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.01.18 12:08:18 =~=~=~=~=~=~=~=~=~=~=~=
debug aaa all disable debug aaa all enable(Cisco Controller) >*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc Audit Session ID added to the mscb: 0a63081e000000994f16a825
*Dot1x_NW_MsgTask_0: Jan 18 12:08:21.917: Creating audit session ID (dot1x_aaa_eapresp_supp) and Radius Request
*aaaQueueReader: Jan 18 12:08:21.917: AuthenticationRequest: 0x30b52e90
*aaaQueueReader: Jan 18 12:08:21.917: Callback.....................................0x10b7803c*aaaQueueReader: Jan 18 12:08:21.917: protocolType.................................0x00140001*aaaQueueReader: Jan 18 12:08:21.917: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.917: Packet contains 16 AVPs (not shown)*aaaQueueReader: Jan 18 12:08:21.917: 18:3d:a2:0a:ec:bc [Error] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*aaaQueueReader: Jan 18 12:08:21.918: 18:3d:a2:0a:ec:bc Returning AAA Error 'No Server' (-7) for mobile 18:3d:a2:0a:ec:bc
*aaaQueueReader: Jan 18 12:08:21.918: AuthorizationResponse: 0x3e04bd08
*aaaQueueReader: Jan 18 12:08:21.918: structureSize................................32*aaaQueueReader: Jan 18 12:08:21.918: resultCode...................................-7*aaaQueueReader: Jan 18 12:08:21.918: protocolUsed.................................0xffffffff*aaaQueueReader: Jan 18 12:08:21.918: proxyState...................................18:3D:A2:0A:EC:BC-02:00*aaaQueueReader: Jan 18 12:08:21.918: Packet contains 0 AVPs:*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:21.918: LOCAL_AUTH: Creating new context
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received context create from lower layer (0x0000013F)
*aaaQueueReader: Jan 18 12:08:21.918: id_manager.c-AUTH-SM: Got new ID 78000041 - id_get
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Received credential profile name: "(null)" from LL
*aaaQueueReader: Jan 18 12:08:21.918: EAP-EVENT: Allocated new EAP context (handle = 0x78000041)
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: Created new context eap session handle 78000041
*aaaQueueReader: Jan 18 12:08:21.919: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 1) to EAP subsys
*EAP Framework: Jan 18 12:08:21.919: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1484: Code:RESPONSE ID:0x 1 Length:0x002b Type:IDENTITY
*EAP Framework: Jan 18 12:08:21.920: eap_core.c:1422: Payload: 416E6472652E54736368656E74736368 ...
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: EAP Response type = Identity
*EAP Framework: Jan 18 12:08:21.920: EAP-AUTH-EVENT: Received peer identity: [email protected]
*EAP Framework: Jan 18 12:08:21.920: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_USERNAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.920: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.921: LOCAL_AUTH: (EAP) Sending user credential request username '[email protected]' to LDAP
*aaaQueueReader: Jan 18 12:08:21.921: AuthenticationRequest: 0x33a6ae18
*aaaQueueReader: Jan 18 12:08:21.921: Callback.....................................0x10765234*aaaQueueReader: Jan 18 12:08:21.921: protocolType.................................0x00100002*aaaQueueReader: Jan 18 12:08:21.921: proxyState...................................18:3D:A2:0A:EC:BC-00:00*aaaQueueReader: Jan 18 12:08:21.921: Packet contains 2 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.921: EAP-AUTH-EVENT: Waiting for asynchronous reply from LL
*LDAP DB Task 1: Jan 18 12:08:21.921: ldapTask [1] received msg 'REQUEST' (2) in state 'IDLE' (1)
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP server 1 changed state to INIT
*LDAP DB Task 1: Jan 18 12:08:21.922: LDAP_OPT_REFERRALS = -1*LDAP DB Task 1: Jan 18 12:08:21.922: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP server 1 changed state to CONNECTED
*LDAP DB Task 1: Jan 18 12:08:21.925: disabled LDAP_OPT_REFERRALS*LDAP DB Task 1: Jan 18 12:08:21.925: LDAP_CLIENT: UID Search (base=DC=group,DC=jenoptik,DC=corp, pattern=(&(objectclass=Person)([email protected])))
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: ldap_search_ext_s returns 0 85
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned 2 msgs including 0 references
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Returned msg 1 type 0x64
*LDAP DB Task 1: Jan 18 12:08:21.926: LDAP_CLIENT: Received 1 attributes in search entry msg
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Returned msg 2 type 0x65
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : No matched DN
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT : Check result error 0 rc 1013
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP_CLIENT: Received no referrals in search result msg
*LDAP DB Task 1: Jan 18 12:08:21.927: ldapAuthRequest [1] called lcapi_query base="DC=group,DC=jenoptik,DC=corp" type="Person" attr="userPrincipalName" user="[email protected]" (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.927: LDAP ATTR> dn = CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (size 76)
*LDAP DB Task 1: Jan 18 12:08:21.927: Handling LDAP response Success
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc [Response] Client requested no retries for mobile 18:3D:A2:0A:EC:BC
*LDAP DB Task 1: Jan 18 12:08:21.927: 18:3d:a2:0a:ec:bc Returning AAA Success for mobile 18:3d:a2:0a:ec:bc
*LDAP DB Task 1: Jan 18 12:08:21.927: AuthorizationResponse: 0x33a5affc
*LDAP DB Task 1: Jan 18 12:08:21.927: structureSize................................180*LDAP DB Task 1: Jan 18 12:08:21.927: resultCode...................................0*LDAP DB Task 1: Jan 18 12:08:21.927: protocolUsed.................................0x00000002*LDAP DB Task 1: Jan 18 12:08:21.927: proxyState...................................18:3D:A2:0A:EC:BC-00:00*LDAP DB Task 1: Jan 18 12:08:21.928: Packet contains 2 AVPs:*LDAP DB Task 1: Jan 18 12:08:21.928: AVP[01] Unknown Attribute 0......................CN=Tschentscher\, Andre,OU=Users,OU=SSC,OU=JOAG,DC=group,DC=jenoptik,DC=corp (76 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: AVP[02] User-Name................................Andre.Tschentscher@group.jenoptik.corp (38 bytes)*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: Found context matching MAC address - 319
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: (EAP:319) User credential callback invoked
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find password in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: LOCAL_AUTH: EAP Unable to find wlan in credentials. Skipped
*LDAP DB Task 1: Jan 18 12:08:21.928: Authenticated bind : Closing the binded session*LDAP DB Task 1: Jan 18 12:08:21.928: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jan 18 12:08:21.929: LDAP server 1 changed state to IDLE
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Received event 'EAP_LL_REPLY' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Using credential profile name: [email protected] (0x78000041)
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Maximum EAP packet size: 1000
*EAP Framework: Jan 18 12:08:21.930: EAP-AUTH-EVENT: Sending method new context directive for EAP context 0x78000041
*EAP Framework: Jan 18 12:08:21.930: EAP-EVENT: Sending method directive 'New Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.930: eap_fast.c-EVENT: New context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: id_manager.c-AUTH-SM: Got new ID f700000e - id_get
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-EVENT: Allocated new EAP-FAST context (handle = 0xF700000E)
*EAP Framework: Jan 18 12:08:21.931: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:21.931: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Received Identity
*EAP Framework: Jan 18 12:08:21.931: eap_fast_tlv.c-AUTH-EVENT: Adding PAC A-ID TLV (436973636f0000000000000000000000)
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-EVENT: Sending Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast_auth.c-AUTH-SM: Changing state: Reset -> Start
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c:138: Version: 1 Flags:S Length:0x0014
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1422: Payload: 00040010436973636F00000000000000 ...
*EAP Framework: Jan 18 12:08:21.931: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:21.931: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1484: Code:REQUEST ID:0x 2 Length:0x001a Type:FAST
*EAP Framework: Jan 18 12:08:21.932: eap_core.c:1422: Payload: 2100040010436973636F000000000000 ...
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:21.932: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:21.932: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:21.932: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:21.933: structureSize................................74*EAP Framework: Jan 18 12:08:21.933: resultCode...................................255*EAP Framework: Jan 18 12:08:21.933: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:21.933: proxyState...................................18:3D:A2:0A:EC:BC-02:00*EAP Framework: Jan 18 12:08:21.934: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 1a
*EAP Framework: Jan 18 12:08:21.934: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.290: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 2) to EAP subsys
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.291: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.291: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.291: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1484: Code:RESPONSE ID:0x 2 Length:0x0042 Type:FAST
*EAP Framework: Jan 18 12:08:22.292: eap_core.c:1422: Payload: 810000003816030100330100002F0301 ...
*EAP Framework: Jan 18 12:08:22.292: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Start
*EAP Framework: Jan 18 12:08:22.292: EAP-EVENT: Sending lower layer event 'EAP_GET_CREDENTIAL_PROFILE_FROM_PROFILE_NAME' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.292: LOCAL_AUTH: (EAP:319) Returning profile '[email protected]' (username '[email protected]')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - New session 0x335ee108 started (TP = 'vendor')
*EAP Framework: Jan 18 12:08:22.293: IOS_PKI_SHIM: [StartSession] - Trustpoint identity (cert) set to 'Vendor'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Subject : C=DE, ST=Thuringia, L=Jena, O=Jenoptik AG, OU=Jenoptik SSC GmbH, CN=Cisco WLC 1st, [email protected]
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Issuer : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Valid from '2012 Jan 12th, 17:06:50 GMT' to '2016 Jan 11th, 17:06:50 GMT'
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: [ID-CERT] Is not a CA cert
*EAP Framework: Jan 18 12:08:22.297: IOS_PKI_SHIM: Added cert (type 1) to chain (1 present on chain)
*EAP Framework: Jan 18 12:08:22.300: IOS_PKI_SHIM: [CA-CERT] Subject : DC=corp, DC=jenoptik, CN=Jenoptik WLAN Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Issuer : CN=Jenoptik Certificate Authority
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Valid from '2012 Jan 12th, 16:54:49 GMT' to '2020 Jan 12th, 17:04:49 GMT'
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [CA-CERT] Is a CA cert
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: Added cert (type 2) to chain (2 present on chain)
*EAP Framework: Jan 18 12:08:22.301: IOS_PKI_SHIM: [StartSession] - Getting older style priv key
*EAP Framework: Jan 18 12:08:22.338: IOS_PKI_SHIM: Session 0x335ee108 init'd OK
*EAP Framework: Jan 18 12:08:22.338: eap_fast_auth.c-AUTH-EVENT: Local certificate found
*EAP Framework: Jan 18 12:08:22.339: eap_fast_auth.c-AUTH-EVENT: Reading Client Hello handshake
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.339: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0033
*EAP Framework: Jan 18 12:08:22.339: eap_core.c:1422: Payload: 0100002F03014F16A8262631FC9DC042 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast.c:202: Handshake type:Client Hello Length:0x002F
*EAP Framework: Jan 18 12:08:22.340: eap_core.c:1422: Payload: 03014F16A8262631FC9DC042253D3E24 ...
*EAP Framework: Jan 18 12:08:22.340: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_AES_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_RSA_WITH_RC4_128 proposed...
*EAP Framework: Jan 18 12:08:22.341: eap_fast_auth.c-AUTH-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA proposed...
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: Proposed ciphersuite(s):
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.342: eap_fast.c-EVENT: TLS_RSA_WITH_RC4_128_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DH_anon_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: Selected ciphersuite:
*EAP Framework: Jan 18 12:08:22.343: eap_fast.c-EVENT: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*EAP Framework: Jan 18 12:08:22.343: eap_fast_auth.c-AUTH-EVENT: Building Provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:255: Content:Handshake Version:0301 Length:0x002A
*EAP Framework: Jan 18 12:08:22.344: eap_core.c:1422: Payload: 0200002603015F3325EADF12E6296F91 ...
*EAP Framework: Jan 18 12:08:22.344: eap_fast.c:202: Handshake type:Server Hello Length:0x0026
*EAP Framework: Jan 18 12:08:22.345: eap_core.c:1422: Payload: 03015F3325EADF12E6296F91530FE67F ...
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.345: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0B54
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 0B000B50000B4D00059F3082059B3082 ...
*EAP Framework: Jan 18 12:08:22.346: eap_fast.c:202: Handshake type:Certificate Length:0x0B50
*EAP Framework: Jan 18 12:08:22.346: eap_core.c:1422: Payload: 000B4D00059F3082059B30820483A003 ...
*EAP Framework: Jan 18 12:08:22.347: eap_fast_crypto.c-EVENT: Starting Diffie Hellman phase 1 ...
*EAP Framework: Jan 18 12:08:22.661: eap_fast_crypto.c-EVENT: Diffie Hellman phase 1 complete
*EAP Framework: Jan 18 12:08:22.677: IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret SUCCESS.. op_len 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast_auth.c-AUTH-EVENT: DH signature length = 128
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.678: eap_fast.c:255: Content:Handshake Version:0301 Length:0x028D
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0C0002890100FFFFFFFFFFFFFFFFC90F ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:202: Handshake type:Server Key Exchange Length:0x0289
*EAP Framework: Jan 18 12:08:22.679: eap_core.c:1422: Payload: 0100FFFFFFFFFFFFFFFFC90FDAA22168 ...
*EAP Framework: Jan 18 12:08:22.679: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:255: Content:Handshake Version:0301 Length:0x000B
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 0D00000704030401020000
*EAP Framework: Jan 18 12:08:22.680: eap_fast.c:202: Handshake type:Certificate Request Length:0x0007
*EAP Framework: Jan 18 12:08:22.680: eap_core.c:1422: Payload: 04030401020000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0004
*EAP Framework: Jan 18 12:08:22.681: eap_core.c:1422: Payload: 0E000000
*EAP Framework: Jan 18 12:08:22.681: eap_fast.c:202: Handshake type:Server Done Length:0x0000
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-EVENT: Sending Provisioning Serving Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast_auth.c-AUTH-SM: Changing state: Start -> Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.682: eap_fast.c-EVENT: Tx packet fragmentation required
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.683: eap_fast.c:138: Version: 1 Flags:LM Length:0x03DE
*EAP Framework: Jan 18 12:08:22.683: eap_core.c:1422: Payload: 160301002A0200002603015F3325EADF ...
*EAP Framework: Jan 18 12:08:22.684: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.684: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.684: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.685: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.685: eap_core.c:1484: Code:REQUEST ID:0x 3 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.686: eap_core.c:1422: Payload: C100000E33160301002A020000260301 ...
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.686: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.686: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.687: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.687: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.687: structureSize................................1048*EAP Framework: Jan 18 12:08:22.687: resultCode...................................255*EAP Framework: Jan 18 12:08:22.687: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.688: proxyState...................................18:3D:A2:0A:EC:BC-02:01*EAP Framework: Jan 18 12:08:22.688: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.688: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.700: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.701: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 3) to EAP subsys
*EAP Framework: Jan 18 12:08:22.701: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.701: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1484: Code:RESPONSE ID:0x 3 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.702: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.702: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.703: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.704: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.704: eap_fast.c:138: Version: 1 Flags:M Length:0x03E2
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422: Payload: 3A2F2F2F434E3D4A656E6F7074696B25 ...
*EAP Framework: Jan 18 12:08:22.705: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.705: eap_core.c:1422: Payload: 413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.706: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.707: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1484: Code:REQUEST ID:0x 4 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.707: eap_core.c:1422: Payload: 413A2F2F2F434E3D4A656E6F7074696B ...
*EAP Framework: Jan 18 12:08:22.707: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.708: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.708: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.709: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.709: structureSize................................1048*EAP Framework: Jan 18 12:08:22.709: resultCode...................................255*EAP Framework: Jan 18 12:08:22.709: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.710: proxyState...................................18:3D:A2:0A:EC:BC-02:02*EAP Framework: Jan 18 12:08:22.710: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.710: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.711: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.723: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.724: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 4) to EAP subsys
*EAP Framework: Jan 18 12:08:22.724: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.725: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1484: Code:RESPONSE ID:0x 4 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.725: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.725: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.726: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.726: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.727: eap_fast.c:138: Version: 1 Flags:M Length:0x03E2
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422: Payload: BD84CC4BF49A766267DA94429BEBE087 ...
*EAP Framework: Jan 18 12:08:22.728: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.728: eap_core.c:1422: Payload: 41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.729: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.730: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1484: Code:REQUEST ID:0x 5 Length:0x03e8 Type:FAST
*EAP Framework: Jan 18 12:08:22.730: eap_core.c:1422: Payload: 41BD84CC4BF49A766267DA94429BEBE0 ...
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.731: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.731: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.732: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.732: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.732: structureSize................................1048*EAP Framework: Jan 18 12:08:22.732: resultCode...................................255*EAP Framework: Jan 18 12:08:22.733: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.733: proxyState...................................18:3D:A2:0A:EC:BC-02:03*EAP Framework: Jan 18 12:08:22.733: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 3e8
*EAP Framework: Jan 18 12:08:22.734: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.746: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.747: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 5) to EAP subsys
*EAP Framework: Jan 18 12:08:22.747: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.747: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1484: Code:RESPONSE ID:0x 5 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.748: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.748: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.749: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.750: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.750: eap_fast.c:138: Version: 1 Flags: Length:0x0291
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422: Payload: 34C4C6628B80DC1CD129024E088A67CC ...
*EAP Framework: Jan 18 12:08:22.751: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0297 Type:FAST
*EAP Framework: Jan 18 12:08:22.751: eap_core.c:1422: Payload: 0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.751: EAP-AUTH-EVENT: EAP method decision: Unknown
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.752: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1484: Code:REQUEST ID:0x 6 Length:0x0297 Type:FAST
*EAP Framework: Jan 18 12:08:22.752: eap_core.c:1422: Payload: 0134C4C6628B80DC1CD129024E088A67 ...
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.753: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.753: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.754: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.754: structureSize................................711*EAP Framework: Jan 18 12:08:22.754: resultCode...................................255*EAP Framework: Jan 18 12:08:22.754: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.754: proxyState...................................18:3D:A2:0A:EC:BC-02:04*EAP Framework: Jan 18 12:08:22.754: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 297
*EAP Framework: Jan 18 12:08:22.755: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.830: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 6) to EAP subsys
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.831: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.831: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.831: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.832: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.832: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1484: Code:RESPONSE ID:0x 6 Length:0x015c Type:FAST
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 810000015216030100070B0000030000 ...
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Received TLS record type: Handshake in state: Sent provisioning Server Hello
*EAP Framework: Jan 18 12:08:22.832: eap_fast_auth.c-AUTH-EVENT: Reading Client Certificate handshake
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:286: EAP-FAST-AUTH-RX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:255: Content:Handshake Version:0301 Length:0x0007
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 0B000003000000
*EAP Framework: Jan 18 12:08:22.832: eap_fast.c:202: Handshake type:Certificate Length:0x0003
*EAP Framework: Jan 18 12:08:22.832: eap_core.c:1422: Payload: 000000
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-EVENT: Client Certificate handshake empty
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-EVENT: Rx'd I-ID: "EAP-FAST I-ID" from Peer Cert
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-ERROR: Required cert not provided by client
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:286: EAP-FAST-AUTH-TX-TLS-RECORD:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:255: Content:Alert Version:0301 Length:0x0002
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 0228
*EAP Framework: Jan 18 12:08:22.833: eap_fast_auth.c-AUTH-SM: Changing state: Sent provisioning Server Hello -> Alert
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:2367: eap-fast tx packet:
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c:138: Version: 1 Flags:L Length:0x0007
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 15030100020228
*EAP Framework: Jan 18 12:08:22.833: eap_fast.c-TX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1484: Code:REQUEST ID:0x 0 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.833: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.833: EAP-AUTH-EVENT: EAP method state: Continue
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Current method = 43
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-EVENT: Sending packet to lower layer for context 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-AUTH-TX-PAK:
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1484: Code:REQUEST ID:0x 7 Length:0x0011 Type:FAST
*EAP Framework: Jan 18 12:08:22.834: eap_core.c:1422: Payload: 810000000715030100020228
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started 'Authenticator Retransmit' timer (60) for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Started EAP tick timer
*EAP Framework: Jan 18 12:08:22.834: EAP-EVENT: Sending lower layer event 'EAP_TX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: Found matching context for id - 319
*EAP Framework: Jan 18 12:08:22.834: LOCAL_AUTH: (EAP:319) transmit event
*EAP Framework: Jan 18 12:08:22.834: AuthorizationResponse: 0x13c713fc
*EAP Framework: Jan 18 12:08:22.834: structureSize................................65*EAP Framework: Jan 18 12:08:22.834: resultCode...................................255*EAP Framework: Jan 18 12:08:22.835: protocolUsed.................................0x00000080*EAP Framework: Jan 18 12:08:22.835: proxyState...................................18:3D:A2:0A:EC:BC-02:05*EAP Framework: Jan 18 12:08:22.835: Packet contains 1 AVPs (not shown)*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH EAP PKT AVP attribute 4f length 11
*EAP Framework: Jan 18 12:08:22.835: LOCAL_AUTH: AAA LOCAL AUTH TX PKT DUMP code cc id 00 type 2b
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: EAP: Received an auth request
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: Found context matching MAC address - 319
*aaaQueueReader: Jan 18 12:08:22.838: LOCAL_AUTH: (EAP:319) Sending the Rxd EAP packet (id 7) to EAP subsys
*EAP Framework: Jan 18 12:08:22.838: EAP-EVENT: Received event 'EAP_RX_PACKET' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-RX-PAK:
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1484: Code:RESPONSE ID:0x 7 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.839: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Stopping 'Authenticator Retransmit' timer for EAP session handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response received by context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: EAP Response type = Method (43)
*EAP Framework: Jan 18 12:08:22.839: EAP-AUTH-EVENT: Sending method data for context 0x78000041
*EAP Framework: Jan 18 12:08:22.839: EAP-EVENT: Sending method directive 'Receive Packet' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.839: eap_fast.c-AUTH-EVENT: eap_fast_rx_packet(): EAP Fast NoData (0x2b)
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-AUTH-EVENT: Process Response, type: 0x2b
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Process Response (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-RX-AUTH-PAK:
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1484: Code:RESPONSE ID:0x 7 Length:0x0006 Type:FAST
*EAP Framework: Jan 18 12:08:22.840: eap_core.c:1422: Payload: 01
*EAP Framework: Jan 18 12:08:22.840: eap_fast_auth.c-AUTH-EVENT: Received ACK from peer
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method state: Done
*EAP Framework: Jan 18 12:08:22.840: EAP-AUTH-EVENT: EAP method decision: Fail
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Received get canned status from lower layer (0x78000041)
*EAP Framework: Jan 18 12:08:22.840: EAP-EVENT: Sending method directive 'Free Context' on handle 0x78000041
*EAP Framework: Jan 18 12:08:22.840: eap_fast.c-EVENT: Free context (EAP handle = 0x78000041)
*EAP Framework: Jan 18 12:08:22.840: id_manager.c-AUTH-SM: Entry deleted fine id f700000e - id_delete
*EAP Framework: Jan 18 12:08:22.840: IOS_PKI_SHIM: Session 0x335ee108 deleted
*EAP Framework: Jan 18 12:08:2Now we found the reason.
The WLC doesn´t work with the Sub CA respectively with chain certificates for device authentication.
"Support for Chained Certificate
In controller versions earlier than 5.1.151.0, web authentication certificates can be only device certificates and should not contain the CA roots chained to the device certificate (no chained certificates).
With controller version 5.1.151.0 and later, the controller allows for the device certificate to be downloaded as a chained certificate for web authentication.
Certificate Levels
Level 0—Use of only a server certificate on WLC.
Level 1—Use of server certificate on WLC and a CA root certificate.
Level 2—Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate.
Level 3—Use of server certificate on WLC, two CA intermediate certificates, and a CA root certificate.
WLC does not support chained certificates more than 10KB size on the WLC.
Note: Chained certificates are supported for web authentication only; they are not supported for the management certificate."
So the WLC can´t decode the peer certificate. -
Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0
Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q. -
Hello all,
I've got a following problem with bringing up simple wireless configuration. There is a WLC-4402 controller and several remote locations (I am testing one so far). Two WLAN configured (one for employee and the other for guest access - no mobility anchoring used, guest is just mapper to VLAN restricted on the firewall). WLC serves DHCP pools for wireless clients. Problem I am experiencing at the moment is that user with laptop is able to connect to guest WLAN, got an IP but can communicate (ping) only its own IP, the controller IP in guest subnet and default gateway (which is the firewall interface). Traffic to any other destinations never hit gateway (I am running tcpdump on it to confirm). I double checked controller config but no luck so far. Could that be caused by missconfigured tunnel? No ACL or restriction set on WLC - see attached config.
Thank you in advance,
PeterIs this an open network or have you enabled layer 3 security? Web Auth? I can see you have created a lobby admin account so expect that you use this for guest account creation with web auth..
When you associate/receieve IP address to the open guest network have you then opened a web browser and authenticated? Until you enter your login details created on the WLC I would imagine that you wouldn't be able to send any data.
If you have authenticated already, can you check on the WLC that the client is associated/authenticated and is the Corp network ok? Also what is the topology between the WLC/Firewall/Remote sites.
Cheers
Mat -
Wireless controller ha between wlc5508 and wlc 4402
We have 2 wlc: a wlc 5508 ( license 100 AP ) and wlc 4402 ( license 12AP).
We try to setup when 5508 down, 12 identify AP (important AP -Group A) will join 4402 and all other AP (not improtan AP -Group B)
wont joint wlc 4402.
First, all AP join wlc 5508, 2 WLC have same mobility group.
After that, we config 12 APs belongto group A have primary and secondary wlc, group B only has primary wlc.
When wlc 5508 down, some of APs of GroupA and some of APs of GroupB join wlc 4402. We test many times and we have differnet result each times.
is theare any way to resolve our problem?
Thanks.Just to add, make sure that the WLC is running the same code, if not, then make sure the ap is supported on the code that is running on the 5508. The issue with mixed code is the ap will upgrade and downgrade very time they switch to a different WLC.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Sent from Cisco Technical Support iPhone App -
Bonjour / iChat working across wlc 4402
I have a L3 switched LAN (Cat4510 at the core with 3560 to the edge), and a WLC 4402 [s/w 4.0.217.0] providing wireless access. There is a multitude a PC's and MACs that sit on the wired and wireless network.
I currently am having issues getting a Apple tool called Bonjour working across the wireless network.
I have done some reading and from what I can gather it uses mdns (which uses udp 5353 / 5354). I have enabled Multicast Routing on the Cat4510 and enabled on the WLC 4402 Ethernet Multicast Mode with a group address of 224.0.0.1, however still cannot get Bonjour clients talking.
Admittedly the blogs I have read and Tech pages on Apple do not give up anymore info than this. Has anyone had experience or come across this before?Found something interesting on this.
Apparently, apples do not like multicast using IANA Administratively Scoped Block range of 239.0.0.0-239.255.255.255.
I was using 239.0.1.100 and nothing was connecting, I then changed it to 235.0.0.1 and all is well.
Go figure.
ref: http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00802d4643.shtml#wp1011111 -
Need Information For Connecting Access point to WLC 4402
Hi Friends
I need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) Controller
In our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC
My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective)
I need to Know what I need to do in AP to connect to the Controller
Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
Do i Need to Configure my AP with default gateway(the switch to which is connected ?) & DO i need to configure the AP with Controller Ip address ??
Pls Assist
Regards
SafwanHi Scot...
We tried Connecting the Access Point yesterday, but it failed....
We are using Cisco 3500 Access point ...
when we connected , first it automatically got an ip address using DHCP but following error occurred
P70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
Not in Bound state.
*Mar 1 00:13:56.539: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
*Mar 1 00:13:56.555: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
d DHCP address 10.50.11.26, mask 255.255.0.0, hostname AP70ca.9bd5.77c6
*Mar 1 00:14:04.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:14.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:24.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported
version 6.0
.182.0
version 6.0
.182.0
on WLC USSTLController01
version 6.0
.182.0
Then I COnfigured Ap with Static ip address & default gateway & controller Ip but tht too didnt work...
.182.0 on WLC USSTLController01
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
P70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
I also Need to Know Cisco Access point 3500 can be associated with WLC 4402 ( version 6.0.182.0) ??
Pls Advice How to proceed further -
Hellp on Nokia E61i associating with Cisco WLC 4402
I met some problem with associate Nokia's dual mode mobile phone E61i with Cisco WLC 4402, hope someone can help me on it:
I setup a VOICE WLAN in 4402(v5.0.148), Layer2 security is WPA1+WPA2, Key management using 802.1x, WPA1 policy enable both TKIP and AES, Radius server using ACS engine(v4.1.1.23)(enable PEAP-MSCHAPv2);
I can use my laptop to join this WLAN(my laptop configure with PEAP/MSCHAPv2, WPA-TKIP, not validate server certificate), but can't let E61i join it, each time it will remind me âunable to connect, WPA authenticate failed).
In E61i, I select WPA/WPA2 as WLAN security mode, enable EAP-PEAP, under EAP-PEAP, I enable EAP-MSCHAPv2; however under Cipher, there's a lot of options such as âRSA,3EDS,SHAâ, âRSA,AES,SHAâ, but there's no TKIP, I have tried to enable all of them and tried only enable those items which include AES, but I failed each time with the same reminder âunable to connect, WPA authenticate failedâ. I checked ACS's failed log, there's no record; In 4402, there also have no record.
If I change the security to open or static WEP for VOICE WLAN, then the E61i can connect to the WLAN.
I think the problem maybe relate to encryption or certificate, right now I just do the test in lab, not in customer's real environment, so I use ACS to generate a self signed certificate and installed it in ACS.
Pls. help to point me what I need to adjust to make it work. Thanks!Hello,
CCKM Key Management mode on Nokia E61i phone can be used
against Cisco LWAPP AP's with TKIP encryption
Nokia E61i (and other E-series WLAN enabled phones) are supporting CCKM key management method with both dynamic WEP and TKIP ciphers.
On the phone configuration, 802.1X security mode needs to be in use in order to enable CCKM support. WPA/WPA2 security mode on the phone is dedicated to standards based WPA and WPA2 methods and it does not allow usage of proprietary CCKM key management method.
Phone's 802.1X security mode does not mean that phone would only support dynamic WEP encryption method in this mode although in contexts term "802.1X" may be attached to pure dynamic WEP (legacy / pre WPA era)security methods.
 802.1X security mode can be seen on Nokia Eseries phones as sort of an "everything with EAP based authentication is allowed" mode, meaning that following key management and cipher configurations are supported:
- WPA-Enterprise = WPA Key Management (EAP based authentication) with TKIP encryption
- WPA2-Enterprise = WPA2 Key Management (EAP based authentication) with AES encryption
- Mixed WPA/WPA2-Enterprise = I.e. WPA/WPA2 Mode Migration WPA2 Key Management (EAP based authentication) with AES (for unicast data) and TKIP (for multicast data) ciphers
- 802.1X dynamic WEP = legacy (pre-WPA era) 802.1XÂ based dynamic WEP (EAP based authentication with dynamic WEP encryption)
Supported:
- CCKM with WEP = CCKM Key Management (EAP based authentication) with dynamic WEP encryption
- CCKM with TKIP = CCKM Key Management (EAP based authentication) with TKIP encryption
Not supported:
- CCKM with AES = CCKM Key Management (EAP based authentication) with AES encryption
Please note that CCKM-AES mode (CCKM Key Management with AES cipher) is not working properly due to some incompatibilities between Cisco and Nokia implementations thus it must not be listed as a supported combination on the current Nokia E-series devices. We are also seeing CCKM-Fast
Re-authentication failures with Cisco autonomous AP's when AES encryption is used although initial authentication to autonomous AP's is successful. Nokia is currently working with Cisco to get CCKM-AES based authentications and roaming working properly with both LWAPP and autonomous Cisco AP's.
 Also note that Nokia E-Series does not support Cisco proprietary CKIP/CMIC encryption/data integrity methods. CKIP/CMIC is supported at least by Cisco autonomous AP's and it seems to be available also
at least on LWAPP AP version 4.1.171.0.
 CCKM on E-Series devices has been tested against Cisco LWAPP (ver. 4.1.171.0) and it works when TKIP encryption is in use (WPA Policy + TKIP encryption in Cisco LWAPP configuration terms).
In practice this means Cisco LWAPP is configured in a following manner: WLAN -> Edit -> Security->Â
Layer 2 Security = WPA+WPA2
WPA+WPA2 Parameters:
-WPA Policy = enabled
-WPA Encryption = TKIP enabled, AES disabled
-WPA2 policy = disabled
-Auth.Key Mgmt = CCKM
Br,
-Pasi- -
WLAN override option not available for WLC 4402 - 6.0.196.
Hi All,
Its kind of weird BUT it seems that the option for WLAN override is missing.u.
I could find it on the lower version BUT not on the 6.0.196.
Please help.
Does this mean I could only set it up via the WCS and not the WLC directly.
Thank you.
Warmest Regards,
Azzafir Ariff Patel.Hi Scott,
Thank you so much for the clarification.
Thanks again.
Quoting fella5 :
azzafir,
>
A new message was posted in the Discussion thread "WLAN override
option not available for WLC 4402 - 6.0.196.":
>
https://supportforums.cisco.com/message/3042635#3042635
>
Author : Scott Fella
Email : [email protected]
Profile : https://supportforums.cisco.com/people/fella5
>
Message: -
I have w elc 5508, whit this version
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.110.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
if is recommend to update to the version.
Release 8.0.115.0
i see in a blog a psible bug
http://mrncciew.com/2014/02/28/are-you-on-right-wlc-software-version/
Thanks you1. Upgrade your boot loader to 1.9.0;
2. Upgrade your WLC firmware to 7.6.130.X
All instructions can be found HERE. Use the same process to upgrade the bootloader and the firmware. Each files need a complete appliance reboot before proceeding to the next file. -
Rolling upgrade of WLC 4402 controllers and APs
In need to upgrade the software on two WLC 4402 controller in a hospital. Both WLCs have the same config and one is primary (has all APs connected) and the other backup (no APs connected.) The APs are placed so there is still coverage if one goes down in an area. My question - is it possible to do a rolling upgrade to have no downtime for the wireless clients? My plan would be to upgrade the backup WLC then selectively move APs to it. If I swap the primary and secondary controllers in the high availability tab on each AP, do I need to do a reset (General - Hardware Reset) or will it automatically reboot and connect to the upgraded backup controller? When I'm done, I'd upgrade the primary controller and now call that backup. Does this make sense?
I've done this same sort of thing on a slightly larger scale about 5 times now at the hospital I work at. Quick answer is "Yes, it is possible to do a rolling upgrade and have no downtime for wireless clients."
I've got 5 WLC's, and I use the high availability tab to move all the AP's off one, upgrade it, and move all the AP's from the next WLC over to it, upgrade that one, etc.
The thing you need to be careful of is your timing and your choice of APs to move.
It generally takes about a minute to move an AP between WLCs running the same version. But if there's a version change that makes the AP upgrade, you're looking at about 6 minutes.
I do them one at a time, and when they show up in the WLC as being up, running and happy for 1 minute, I do the next one. And so on. Takes me about 3 days to go through all 5 WLCs and 375 APs. Not once have I had a user notice the move.
Also, in order to test, after I do the first upgrade, I move just one area's APs into that WLC for a day and then test the various flavors of gear we have (phones, infusion pumps, laptops, etc.) to confirm that the new version doesn't have any trouble. Sometimes it does and I work with TAC to get things resolved before I do the whole hospital.
jh -
WiFi Devices not connecting to WLC 4402
Hi All,
I have a WLC 4402 running on s/w version 7.0.240.0. Currently devices are reluctant to join the controller.
I am getting continuous log shown below
%DHCP-3-SEND_OFFER_FAIL,
%DOT1X-3-MAX_EAPOL_KEY_RETRANS:
and Decrypt errors occurred for client
Could't find a proper solution anywhere. Pls suggest...Need more info than that... can you post your show wlan <wlan id>
Make sure that if your using WPA, that you only either use WPA/TKIP or WPA2/AES, not both or a mix of one or the other.
Maybe you are looking for
-
Issue in provisioning user to lotus notes
Hi, We are integrating Lotus notes with OIM 11g R2 using Lotus Notes 11.1.1 connector . Lookup value reconciliation is working fine, but facing the below error with user provisioning. Apr 29, 2013 3:55:29 PM org.identityconnectors.framework.api.opera
-
Cannot Drag any items, nor unzip to desktop
I can highlight icons, but I cannot move anything, either in the finder window or on the desktop. I also cannot unzip a package on my desktop, I get operation not allowed. Any help would be GREATLY appreciated!
-
0% idle time of cpu states from top command in oracle 8i /solaris 5.9
Hi, for long time idle time is 0% in top command : database version:oracle 8.1.7.4.0 operating system : sun solaris 5.9 load averages: 9.32, 5.78, 6.13 15:22:13 404 processes: 387 sleeping, 13 running, 4 on cpu CPU states: 0.0% idle, 78.2% user, 21.8
-
Bridge CS5 pdf slideshow problem
My problem is that when I create a pdf slideshow, it loops even though I do not check the box next to "loop after last page". I have tried multiple times with no success. Any advice will be greatly appreciated. Thanks! Tom
-
One last transcoding question.
Since I shoot in XDCAM EX (JVC 700U camera) FCP X sees that footage as acceptable in its native format and does not give me the option to transcode. Does FCP X transcode anyway? Since the files do not show in the high quality folder, I assume that is