WLC 5760 - show client ccx roam-history
Hi,
We're running an WLC 5760 with the latests version (3.3.1). We have several wlans, with diferent authentication methods, and they are all working fine.
However we noticed that the roaming is working correctly but no information is displayed if the "show ccx roam-history".
WLC1#sh wireless client mac-address 8853.2e9e.f70a det | i CCX
Client CCX version : 4
WLC1#debug dot11 ccx-roam all
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Mobile 8853.2e9e.f70a associated
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile 8853.2e9e.f70a
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile 8853.2e9e.f70a
Dec 12 17:11:40.963: 00000000: 1 wcm: 01 1a 33 81 88 53 2e 9e f7 0a c0 25 5c 68 50 50 ..3..S.....%\hPP
Dec 12 17:11:40.963: 00000010: 1 wcm: 28 11 c0 25 5c 68 50 50 01 00 02 01 06 ab 0d 0d (..%\hPP........
Dec 12 17:11:40.963: 00000020: 1 wcm: 03 b8 05 28 11 c0 25 5c ec 05 a0 0b 00 07 01 06 ...(..%\........
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11 0c 68 03 ea 52 10 06 00 ......(..h..R...
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 03 d6 e4 .........(..h...
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 ............(..h
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01 06 ab 0d 0d 03 b8 05 28 .M.`...........(
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01 00 07 01 06 ab 0d 0d 03 ..h..@p.........
Dec 12 17:11:40.963: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea 4b 10 01 00 07 01 06 ab ..(..h..K.......
Dec 12 17:11:40.963: 00000090: 1 wcm: 0d 0d 03 b8 05 28 11 c0 25 5c 68 50 5f 3c 01 04 .....(..%\hP_<..
Dec 12 17:11:40.964: 000000a0: 1 wcm: 01 06 ab 12 12 03 b8 05 28 11 c0 25 5c ec 05 af ........(..%\...
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 $..........(..h.
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06 ab 12 12 03 b8 05 28 11 .R.$..........(.
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01 07 01 06 ab 12 12 03 b8 .h..K.8.........
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4 0f 38 01 07 01 06 ab 12 .(..h....8......
Dec 12 17:11:40.964: 000000f0: 1 wcm: 12 03 b8 05 28 11 c0 25 5c a3 f4 8f 30 01 07 01 ....(..%\...0...
WLC1#
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28 11 0c 68 03 ea 40 7f 30 .......([email protected]
Dec 12 17:11:40.964: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03 b8 05 ..........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile 8853.2e9e.f70a
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile 8853.2e9e.f70a
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile 8853.2e9e.f70a
Dec 12 17:12:51.006: 00000000: 1 wcm: 01 1a 33 81 88 53 2e 9e f7 0a c0 25 5c 68 50 50 ..3..S.....%\hPP
Dec 12 17:12:51.006: 00000010: 1 wcm: 28 11 c0 25 5c 68 50 50 01 00 02 01 06 ab 0d 0d (..%\hPP........
Dec 12 17:12:51.006: 00000020: 1 wcm: 03 b8 05 28 11 c0 25 5c ec 05 a0 0b 00 07 01 06 ...(..%\........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11 0c 68 03 ea 52 10 06 00 ......(..h..R...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 03 d6 e4 .........(..h...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 00 0b 00 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 ............(..h
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 03 4d d0 60 01 00 07 01 06 ab 0d 0d 03 b8 05 28 .M.`...........(
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 ea 40 70 01 00 07 01 06 ab 0d 0d 03 ..h..@p.........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000080: b8 05 28 11 0c 68 03 ea 4b 10 01 00 07 01 06 ab ..(..h..K.......
Dec 12 17:12:51.006: 00000090: 1 wcm: 0d 0d 03 b8 05 28 11 c0 25 5c 68 50 5f 3c 01 04 .....(..%\hP_<..
Dec 12 17:12:51.006: 000000a0: 1 wcm: 01 06 ab 12 12 03 b8 05 28 11 c0 25 5c ec 05 af ........(..%\...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 24 01 07 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 $..........(..h.
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06 ab 12 12 03 b8 05 28 11 .R.$..........(.
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 ea 4b 1f 38 01 07 01 06 ab 12 12 03 b8 .h..K.8.........
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 000000e0: 05 28 11 0c 68 03 d6 e4 0f 38 01 07 01 06 ab 12 .(..h....8......
Dec 12 17:12:51.006: 000000f0: 1 wcm: 12 03 b8 05 28 11 c0 25 5c a3 f4 8f 30 01 07 01 ....(..%\...0...
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 28 11 0c 68 03 ea 40 7f 30 .......([email protected]
Dec 12 17:12:51.006: %IOSXE-7-PLATFORM: 1 process wcm: 00000110: 01 07 01 06 ab 12 12 03 b8 05 ..........
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Received Neighbor List Request from Mobile 8853.2e9e.f70a
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending Neighbor List packet to Mobile 8853.2e9e.f70a
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 8853.2e9e.f70a Sending L2Roam Packet to mobile 8853.2e9e.f70a
Dec 12 17:15:48.712: 00000000: 1 wcm: 01 07 33 81 88 53 2e 9e f7 0a c0 25 5c 68 81 20 ..3..S.....%\h..
Dec 12 17:15:48.712: 00000010: 1 wcm: 28 11 c0 25 5c 68 81 20 01 00 02 01 06 ab 0d 0d (..%\h..........
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000020: 03 b8 05 28 11 0c 68 03 ea 52 10 06 00 07 01 06 ...(..h..R......
Dec 12 17:15:48.712: %IOSXE-7-PLATFORM: 1 process wcm: 00000030: ab 0d 0d 03 b8 05 28 11 0c 68 03 ea 4a f0 0b 00 ......(..h..J...
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000040: 07 01 06 ab 0d 0d 03 b8 05 28 11 0c 68 03 d6 eb .........(..h...
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000050: 20 01 00 07 01 06 ab 0d 0d 03 b8 05 28 11 c0 25 ............(..
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000060: 5c ec 05 a0 0b 00 07 01 06 ab 0d 0d 03 b8 05 28 \..............(
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000070: 11 0c 68 03 d6 e4 00 0b 00 07 01 06 ab 0d 0d 03 ..h.............
Dec 12 17:15:48.713: 00000080: 1 wcm: b8 05 28 11 c0 25 5c 68 50 50 01 00 07 01 06 ab ..(..%\hPP......
Dec 12 17:15:48.713: 00000090: 1 wcm: 0d 0d 03 b8 05 28 11 c0 25 5c 68 81 2f 38 01 04 .....(..%\h./8..
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000a0: 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 ea 4a ff ........(..h..J.
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000b0: 2c 01 07 01 06 ab 12 12 03 b8 05 28 11 0c 68 03 ,..........(..h.
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000c0: ea 52 1f 24 01 07 01 06 ab 12 12 03 b8 05 28 11 .R.$..........(.
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000d0: 0c 68 03 d6 e4 0f 38 01 07 01 06 ab 12 12 03 b8 .h....8.........
Dec 12 17:15:48.713: 000000e0: 1 wcm: 05 28 11 c0 25 5c ec 05 af 24 01 07 01 06 ab 12 .(..%\...$......
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 000000f0: 12 03 b8 05 28 11 0c 68 03 d6 eb 2f 3c 01 07 01 ....(..h.../<...
Dec 12 17:15:48.713: %IOSXE-7-PLATFORM: 1 process wcm: 00000100: 06 ab 12 12 03 b8 05 .......
WLC1#show wireless client mac-address 8853.2e9e.f70a ccx roam-history
Shouldn't the output be the same as the AireOS command "show client roam-history client-mac"?
Kind regards,
Vasco Costa
Obtaining CCX Client Roaming Information (CLI)
Step 1
View the current RF parameters configured for client roaming for the 802.11a or 802.11b/g network by entering this command:show {802.11a | 802.11b} l2roam rf-param
Step 2
View the CCX Layer 2 client roaming statistics for a particular access point by entering this command:show {802.11a | 802.11b} l2roam statistics ap_mac
This command provides the following information:
The number of roam reason reports received
The number of neighbor list requests received
The number of neighbor list reports sent
The number of broadcast neighbor updates sent
Step 3
View the roaming history for a particular client by entering this command:show client roam-history client_mac
This command provides the following information:
The time when the report was received
The MAC address of the access point to which the client is currently associated
The MAC address of the access point to which the client was previously associated
The channel of the access point to which the client was previously associated
The SSID of the access point to which the client was previously associated
The time when the client disassociated from the previous access point
The reason for the client roam
Debugging CCX Client Roaming Issues (CLI)
If you experience any problems with CCX Layer 2 client roaming, enter this command:
debug l2roam [detail | error | packet | all] {enable | disable}
Similar Messages
-
WLC 5760 - MAC Filtering wireless clients
Hi,
Does anyone ever deployed mac-filtering authentication to wireless clients in the WLC 5760?
I've configured a WLAN for Mac-filtering authentication only (named it as "macauth"):
wlan RNVDOS 4 RNVDOS
aaa-override
no broadcast-ssid
client vlan RNVDOS
mac-filtering macauth
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
session-timeout 1800
no shutdown
Then, below Configuration->Security->MAC Filtering I've added several MAC addresses i.e. :
MAC Address: 88532e9ef70a Attribute List: macauth
Which turned out to be display in the CLI as:
username 88532e9ef70a mac aaa attribute list macauth
The problem is that whenever I try to associate the wireless client 88532e9ef70a, the client passes to the exclusion list.:
Sep 16 10:54:55.603: 8853.2E9E.F70A Adding mobile on LWAPP AP 0C68.03EA.4070 (1) 1 wcm: E9E.F70A (.t^GwtSessionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A Creating WL station entry for client - rc 0 1 wcm:
Sep 16 10:54:55.603: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: (.t^GwtSessionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: ssionID: 0afe01fbtQ^GwH^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw00dd) was added to ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.603: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: ^G$h\225v^K
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:55.603: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:55.603: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:55.603: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:55.603: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Idle to AAA Pending
Sep 16 10:54:55.603: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.604: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.604: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Idle to AAA Pending
Sep 16 10:54:55.604: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:55.604: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:55.813: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:55.813: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:55.813: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.813: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:55.813: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:55.813: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:55.813: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:55.813: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:55.813: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.814: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:55.814: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:55.814: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:55.814: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:56.520: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:56.520: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:56.520: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.520: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:56.520: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:56.520: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:56.520: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:56.520: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.520: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.521: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.521: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.521: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.521: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:56.729: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n 10 seconds
Sep 16 10:54:56.729: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:56.729: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.729: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: from AAA Pending to Authenticated
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:56.729: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:56.729: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:56.729: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:56.729: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.729: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.730: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.730: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.730: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.730: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:56.937: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:56.937: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:56.937: 8853.2E9E.F70A apChanged 0 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.937: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:56.937: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:56.937: 8853.2E9E.F70A STA - rates (8): 1 wcm: 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
Sep 16 10:54:56.937: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: - vapId 4, site 'renova', interface 'RNVDOS'
Sep 16 10:54:56.937: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.937: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.937: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:56.937: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 1 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:56.937: 8853.2E9E.F70A apfProcessRadiusAssocResp (apf_80211.c: 1 wcm: 2149) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Authenticated
Sep 16 10:54:56.937: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 18) in 10 seconds
Sep 16 10:54:57.143: 8853.2E9E.F70A Association received from mobile on AP 0C68.03EA.4070 1 wcm: n.t^Gwseconds
Sep 16 10:54:57.143: 8853.2E9E.F70A qos upstream policy is unknown and downstream policy is unknown 1 wcm: onds
Sep 16 10:54:57.143: 8853.2E9E.F70A apChanged 1 wlanChanged 0 mscb ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: H^Cnz^Gw 0C68.03EA.4070 f^G$h\225v^K
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying WLAN policy on MSCB. 1 wcm: ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying WLAN ACL policies to client 1 wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
Sep 16 10:54:57.143: 8853.2E9E.F70A No Interface ACL used for Wireless client in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying site-specific IPv6 override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: f^G$h\225v^K
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying local bridging Interface Policy for station 8853.2E9E.F70A - vlan 4, interface 'RNVDOS' 1 wcm: ce 'RNVDOS'
Sep 16 10:54:57.143: 8853.2E9E.F70A Applying site-specific override for station 8853.2E9E.F70A - vapId 4, site 'renova', interface 'RNVDOS' 1 wcm: DOS'
Sep 16 10:54:57.143: 8853.2E9E.F70A STA - rates (8): 1 wcm: 130 132 139 150 12 18 24 36 0 0 0 0 0 0 0 0
Sep 16 10:54:57.143: 8853.2E9E.F70A STA - rates (12): 1 wcm: 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
Sep 16 10:54:57.144: 8853.2E9E.F70A 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ 0C68.03EA.4070 ] 1 wcm: site 'renova', interface 'RNVDOS'
Sep 16 10:54:57.144: 8853.2E9E.F70A Updated location for station old AP 0C68.03EA.4070 -1, new AP 0C68.03EA.4070 -0 1 wcm: va', interface 'RNVDOS'
Sep 16 10:54:57.144: 8853.2E9E.F70A new capwap_wtp_iif_id a45d40000000a5, sm capwap_wtp_iif_id 0 1 wcm: P 0C68.03EA.4070 -0
Sep 16 10:54:57.144: 8853.2E9E.F70A apfProcessAssocReq (apf_80211.c: 1 wcm: 5137) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:57.144: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:57.144: 8853.2E9E.F70A
client incoming attribute size are 0 1 wcm: (callerId: 20) in 10 seconds
Sep 16 10:54:57.145: 8853.2E9E.F70A Sending Assoc Response to station on BSSID 0C68.03EA.4070 (status 256) ApVapId 2 Slot 0 1 wcm: 68.03EA.4070 from Authenticated to AAA Pending
Sep 16 10:54:57.145: 8853.2E9E.F70A apfBlacklistMobileStationEntry2 (apf_ms.c: 1 wcm: 6129) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from AAA Pending to Exclusion-list (1)
Sep 16 10:54:57.145: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 44) in 10 seconds
Sep 16 10:54:57.145: 8853.2E9E.F70A client is added to the exclusion list, reason 1 1 wcm: d: 44) in 10 seconds
Sep 16 10:54:57.145: *apfReceiveTask: 1 wcm: %APF-4-ADD_TO_BLACKLIST_REASON: Client 8853.2E9E.F70A (AuditSessionID: 0afe01fb5236e37f000000de) was added to exclusion list. Reason: 802.11 association failure
Sep 16 10:54:57.836: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:54:58.533: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:54:59.231: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:54:59.922: 8853.2E9E.F70A Ignoring assoc request due to mobile in exclusion list or marked for deletion 1 wcm: fbtQ^GwH^Cnz^Gw00de) was added to ^G$h\225v^K
Sep 16 10:55:06.972: 8853.2E9E.F70A apfMsExpireCallback (apf_ms.c: 1 wcm: 664) Expiring Mobile!
Sep 16 10:55:06.972: 8853.2E9E.F70A Scheduling deletion of Mobile Station: 1 wcm: (callerId: 46) in 60 seconds
Sep 16 10:55:06.972: 8853.2E9E.F70A apfMsExpireMobileStation (apf_ms.c: 1 wcm: 7067) Changing state for mobile 8853.2E9E.F70A on AP 0C68.03EA.4070 from Exclusion-list (1) to Exclusion-list (2)
Sep 16 10:55:06.972: 8853.2E9E.F70A 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ 0C68.03EA.4070 ] 1 wcm: 3.2E9E.F70A on AP 0C68.03EA.4070 from Exclusion-list (1) to Exclusion-list (2)
Sep 16 10:55:06.972: 8853.2E9E.F70A 0.0.0.0 START (0) FastSSID for the client [ 0C68.03EA.4070 ] NOTENABLED 1 wcm: E9E.F70A on AP 0C68.03EA.4070 from Exclusion-list (1) to Exclusion-list (2)
Sep 16 10:55:06.972: 8853.2E9E.F70A Incrementing the Reassociation Count 1 for client (of interface RNVDOS) 1 wcm: D
Sep 16 10:55:06.972: 8853.2E9E.F70A Clearing Dhcp state for station --- 1 wcm: for client (of interface RNVDOS)
WLC1#
WLC1#
Kind Regards,
VascoHi Patrick,
Thank you for sharing your solution. It didn't solved entirely the problem but you pointed to the right direction!
They are caused, because the system searches for an aaa authorization list, which is not configured.
To resolve this configure the following
aaa authorization network mac-filter local
where mac-filter is the name you defined in the SSID.
I've used your sugestion to create an aaa local authorization list but instead of naming it with the SSID, I've used the name of the attribute list ( macauth ) and it solved the problem:
aaa authorization network macauth local
username 88532e9ef70a mac aaa attribute list macauth
wlan RNVDOS 4 RNVDOS
client vlan RNVDOS
mac-filtering macauth
WLC1#sh wireless client summ
Number of Local Clients : 1
MAC Address AP Name WLAN State Protocol
8853.2e9e.f70a APf872.ead7.31da 4 UP 11n(5)
Cheers,
Vasco -
Scripting WLC show commands (ie show client detail) every x seconds/minutes
Is there a simple way to script using either a terminal client (putty, teraterm, etc.) or Prime Infrastructure whereby I could set up a set of commands to be run at a certain interval?
I want to conduct some client testing roaming across a site whilst some how performing a show client detail every 15 seconds and a show run-config every 30 minutes?
TIA,
NickIs there a simple way to script using either a terminal client (putty, teraterm, etc.) or Prime Infrastructure whereby I could set up a set of commands to be run at a certain interval?
Yes you can.
The easiest method is to use console. You can knock up a script to run the command at specific intervals and log the outputs. If you do this, you must ensure the console timeout is expanded.
Another option is to create a PERL script (using KRON) to telnet/SSH into the appliance and run the command and retrieve the results. -
Since i mentioned new to this tech,i deployed 2 WLC 5760 in network i connected one of Stack wise 480 cable in ring type.but my port is down state
when i give show switch stack-port summary both controllers are down state.
What could be the issue can any one suggest me.
Apart from the above issue i configured few of configuration please vlaidate it
wlan Guest-WbAuth 3 Guest-WbAuth
client vlan 100
mobility anchor 192.168.5.1
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
security web-auth
security web-auth authentication-list EXT_AUTH ---- need more information ?
security web-auth parameter-map webparalocal -need more information ?
no shutdown
2. Redudancy configuration
conf t
service internal
redundancy
main-cpu
standby console enable
end
session standby ios
please validate thisPlease follow the startup procedure:
http://www.cisco.com/c/en/us/td/docs/wireless/technology/5760_deploy/CT5760_Controller_Deployment_Guide/CT5760_Centralized_Configuration_eg.html#pgfId-1071864 -
I have a WLC 5760 and i did below configuration for WLAN:
wlan 3 85 GUESTS
client vlan 85
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
session-timeout 1800
no shutdown
the ap is joined with WLC:
EFFAT-WLC#show ap summary
Number of APs: 4
Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured
AP Name AP Model Ethernet MAC Radio MAC State
APAP16.0009.abdc 3702I 1616.9999.8888 3c12.f123.0000 Registered
* have changed the mac address
but still i am not able to get the WLAN on the wireless clients. SSID is been broadcasted but when scanned on the client i am not getting it.Are you using any radius server ???
if yes then use this commands: aaa-override
Check this config :
http://www.cisco.com/c/en/us/td/docs/wireless/technology/5760_deploy/CT5760_Controller_Deployment_Guide/Secure_WLAN_Configuration_on_Catalyst_3850WLC5508.html
Hope it ehlps.
Regards
Dont forget to arte helpful posts -
I am using the WLC 5760
My SSID use WPA2 PSK and i don't use ISE or Radius or AAA to authentication
Some client can connect to the AP,but can not ping the gateway
When i show logging from WLC,it will see the log like
%AUTHMGR-5-FAIL: Authorization failed or unapplied for client
How do i resolve this problem
Thank'sHi,
Have you made sure that the appropriate vlans are permitted on the trunk between the WLC and the switch?
Normally the gateway is an SVI on a core switch, so if the vlan is not permitted, you wouldn't be able to ping the gateway.
HTH
Mike -
%AUTHMGR-4-UNAUTH_MOVE messages in WLC 5760
Hi,
We're getting this messages on a WLC 5760:
Mar 7 14:24:32.136: %AUTHMGR-4-UNAUTH_MOVE: (fast) MAC address (0011.21c2.1f2f) from Ca7 to Ca44
Mar 7 14:24:53.148: %AUTHMGR-4-UNAUTH_MOVE: (slow) MAC address (0011.21c2.115f) from Ca15 to Ca22
Mar 7 14:47:40.142: %AUTHMGR-4-UNAUTH_MOVE: (fast) MAC address (0011.21c2.1fd9) from Ca9 to Ca44
Mar 7 14:50:40.290: %AUTHMGR-4-UNAUTH_MOVE: (fast) MAC address (0011.21c2.1f6e) from Ca43 to Ca31
Mar 7 14:50:46.398: %AUTHMGR-4-UNAUTH_MOVE: (slow) MAC address (0011.21c2.1f6e) from Ca31 to Ca43
Mar 7 14:51:02.109: %AUTHMGR-4-UNAUTH_MOVE: (fast) MAC address (0011.21c2.1f2f) from Ca44 to Ca43
Mar 7 14:54:34.961: %AUTHMGR-4-UNAUTH_MOVE: (slow) MAC address (0011.21c2.1f6e) from Ca22 to Ca41
We didn't found any information regarding the message in the 3800/5700 WLC documentation but in other products we've found this:.
# Error Message AUTHMGR-4-UNAUTH_MOVE, MSGDEF_LIMIT_MEDIUM: [chars] MAC address
([enet]) from [chars] to [chars]
Explanation There was an authenticated move on the old IDB. The first [chars] is slow or fast, the second [chars] is the source interface name, the third [chars] is the destination interface name, and [enet] is the MAC address.
Recommended Action No action is required.
Does anyone knows the meaning of these messages on the 5760 WLC? These clients are mounted in warehouse stackers, moving in the wharehouse with speeds between 10 and 40 Km/hour and sometimes we have complains of roaming issues. Are this messages related with roaming issues?
Kind regards,
VascoHi Vasco,
These messages are related to roaming and it's an expected behaviour.
%AUTHMGR-4-UNAUTH_MOVE is expected to occur when a mac address is moved to another interface by reconnecting network devices.
Thanks,
Ashish -
Any extra fine tuning / configuration to be done for Client / Voice Roaming .
Dear Folks,
Is there any additional configuration to be done on the 5508 WLC for Wireless Laptop / Voice Roaming ? I tested with Wireless IP Phone and found some blankness in voice , whereas i have other access point nearby , which wasn't switching over easily .
Regards,
SIDHi,
When working with Cisco IP phones as mention before, we need to comply with the following
configuration on the WLC to avoid connectivity issues as per the deployment
guide of the 7921 and 7925 IP phones.
Here is the link for the deployment guide of the 7921 and 7925.
http://www.cisco.com/web/strategy/docs/healthcare/7921dply.pdf
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deplo
yment/guide/7925dply.pdf
The WLC version must be 4.0 or higher (show sysinfo)
The current phone version is under: Status > Firmware Version
App Load ID CP7921G-1.0.2.LOADS 1.0.5 is available on the web & should be
used: http://www.cisco.com/cgi-bin/tablebuild.pl/ip-7900ser-crypto
The 11M rate should be set for 'basic' & the 18-54M rates as optional
This will show up in the "802.11B Configuration" "Operational Rates" section
of the 'show run' as:
802.11b/g 1M Rate & others............................ Disabled
802.11b/g 11M Rate........................... Mandatory
802.11g 54M Rate & others............................. Supported
If the rates lower than 11 (such as 5.5) are needed, the lowest rates should
be the 'Mandatory'
The 12M rate should be set for 'basic' & the 18-54M rates as optional
This will show up in the "802.11A Configuration" "Operational Rates" section
of the 'show run' as:
802.11a Operational Rates
802.11a 6M Rate.............................. Disabled
802.11a 9M Rate.............................. Disabled
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Supported
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
If 802.1X authentication is in use, CCKM should be employed.
This will show up in 'show wlan ' as:
CCKM.................................... Enabled
TKIP encryption is recommended.
This will show up in 'show wlan ' as:
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Disable
TKIP Cipher............................. Disabled
AES Cipher.............................. Disabled
The DTIM period should be set for '2' under the wireless/network settings.
This will show up in 'show run' as:
DTIM Period...................................... 2
The beacon interval should be set for '100' under the wireless/network
settings.
This will show up in 'show run' as:
Beacon Interval.................................. 100
WMM should be enabled on the wlan.
This will show up in 'show wlan ' as:
WMM.............................................. Allowed
The wlan QOS should be set to platinum.
This will show up in 'show wlan ' as:
Quality of Service............................... Platinum (voice)
Under Controller, arp unicast should be disabled
This will be in 'show network' as:
ARP Unicast Mode........Disabled
Under Controller > QOS, the platinum QOS setting should have 802.1p chosen
and the tag set to '6'
This will show up in 'show qos platinum' as:
protocol......................................... dot1p
dot1p............................................ 6
Per WLAN CAC is set under the wlan - 'AP CAC limit'.
This will show up in 'show wlan ' as:
Dot11-Phone Mode .......................... ap-cac-limit
LAN "dhcp address assignment required" should be 'disabled'.
This will show up in 'show wlan ' as:
DHCP Address Assignment Required................. Disabled
Aggressive load-balancing should be disabled (under 'network'
settings).
DTPC should be enabled under wireless > network
This will show up in 'show run' as:
DTPC Status..................................... Enabled
If no legacy clients need long preamble, set the preamble for 'short'
under wireless > network.
This will show up in 'show run' as:
Short Preamble mandatory......................... Enabled
If using eap-fast with the WLC, the 802.1x timeout is 2
seconds. This is not enough time for the IP phone to download and process
the PAC. The timeout can be increased:
"config advanced eap request-timeout 20"
"save config:
In the 7921 phone, unlike with the 7920 phone, 'auto' does not mean eap-fast
or leap, it means 'leap' with wpa2, leap with wpa2, or wpa-psk.
If you want to use EAP-FAST, then use EAP-FAST mode, not 'auto'.
For 7921-7921 conversations to work, 'peer-to-peer blocking' needs to be
'off' under the 'controller' tab (this is off by default).
In later code, the DFS settings under Wireless > 802.11A/N
DFS(802.11H) should be:
Power Constraint off
Channel Announcement on
Channel quiet mode on.
These values will appear in 'show 802.11h' as:
802.11h ......................................... powerconstraint : 0
802.11h ......................................... channelswitch : Enable
802.11h ......................................... channelswitch mode : 1
Do *not* turn on 802.11b/g/n > EDCA parameters 'low latency mac' -
make sure that is disabled.
This will appear in the output of 'show 802.11b|802.11a' as:
Voice MAC optimization status.................... Disabled
802.11b/g/n > EDCA parameters - set for WMM
'Single AP Mode' should be disabled on the phones (unless there *is*
only a single AP).
The RF values seen by the phone are under Settings > Status > Site Survey -
MSE Not Showing Clients After Upgrade to 7.6.100.0
I've upgraded our 5508 WLC's to ver 7.6.100.0. I've also upgraded our NCS to 2.0, and our MSE to 7.6.100.0. I now can no longer see clients on the MSE map for our sites. I've added the WLC to the MSE syncronization. When I select "show clients" it says 0 of 0 found. I know I have clients connected, since I can see them in the WLC. Is this a licensing issue? Thanks for your help!
Make sure that NMSP is up.
http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a0080bb497f.shtml#add-va-ncs
On WLC console, use the show auth-list command.
The following example shows from WLC console that there is no location server available:
In order to manually add the MSE and establish a NMSP connection to WLC, complete these steps:
On the MSE console, run the cmdshell command, and then the show server-auth-info command.
This example shows the MAC address and the keyhash to be used for adding to the WLC.
Run the config auth-list add ssc command, and then run the show auth-list.
This example shows that the MSE was added to the WLC (manually).
On the NCS, confirm that the NMSP connection shows Active.
Sent from Cisco Technical Support iPhone App -
WLC 5760 multiple SSIDs with MAC filtering
Dear All,
I am implementing a wireless network with 5760 WLCs. The client requires a few SSIDs with MAC-based authentication. So I created different MAC filters using the commands "aaa authorization network MAC_FILTER01 local", "aaa authorization network MAC_FILTER02 local" etc
These filters are bound to different SSIDs using the commands "mac-filtering MAC_FILTER01" "mac-filtering MAC_FILTER02" etc. and users are added to their required MAC filters using the commands "username <mac-address> mac aaa attribute list MAC_FILTER01", "username <mac-address> mac aaa attribute list MAC_FILTER02" etc.
Now I am facing a serious issue - users belonging to any one MAC filter can connect to the all SSIDs. It seems like the MAC addresses added to the controller under different filter names are going to a common database, thereby providing access to users to all SSIDs irrespective of their MAC filter.
Is it a limitation of local database of 5760? Has anyone faced the same issue? How can I implement independent MAC filters bound to different SSIDs?
Thanks,
Arun JohnHi Arun,
this feature currently does not exist on the 5760. it is due to release in one of the MR's of 3.6
-Joseph -
Prime Infrastructure to manage WLC 5760 with IOS XE 03.03.03
Hi there Is IOS XE 03.03.03 on WLC 5760 to be managed via Prime infrastructure 2.1 or what version do I need? It seems to be not fully supported with 2.1... Thanks and best regards Dominic
Hi Dominic,
The release notes http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-1/release/notes/cpi_rn.html#pgfId-43893 show support of up to 03.03.02
I have got a 3850 WLC running on IOS XE 03.03.03 managed by Prime 2.1
The release might not be up to date. When the release notes for Prime 2.1 came out, the highest supported is 03.02.03 and a few days later got changed to 03.03.02.
Regards,
Jeen Chew -
Hi, I have WLC 5760 on mode Centralized because I don't have Switch 3850. I need to implement dot1x authentication using external AAA Server which is in my case is Active Directory on Windows 2012 Server. You can see my configuration in pictures i attached bellow. My problem is authentication is always failed.
Can you give me a hint ?
AAA Server
Authentication
LDAP
WLAN Security L2
WLAN Security L3
ERROR Log
ThanksComplete these steps in order to add the WLC as an AAA client in the ACS.
From the ACS GUI, choose the Network Configuration tab.
Under AAA Clients, click Add Entry.
In the Add AAA Client window, enter the WLC host name, the IP address of the WLC, and a shared secret key. See the example diagram under step 5.
From the Authenticate Using drop-down menu, choose RADIUS .
Click Submit + Restart in order to save the configuration. -
I want to setup a custom webauth for my WLC 5760. I already downloaded the webauth bundle and put it in WLC via Command Download in WLC GUI. According to Guide, after the download completed, the custom page will appear in custom page dropdown for web parameter map.
But in my case it shows nothing. So where did I miss ?
Thank YouHi
Pls refer this document
http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117728-configure-wlc-00.html
HTH
Rasika
**** Pls rate all useful responses **** -
WLC Guest Tunnel - client ip address problem
I can't identify the real ip address from the local wlc if the client associated to the "guest-tunnel ssid", I can only see 0.0.0.0 from the local one. The real ip address appears only on the anchor wlc. Is it correct? And if there is any method that I can identify it from the local one?
The "real ip" will only show up in the anchor wlc along with other client related info. Since the traffic is tunneled to the anchor, the foreign wlc will not have that info.
Thanks,
Scott Fella
Sent from my iPhone -
I have noticed that some websites will show up in the history log and some website will not. I have a concern that there might be a security breach on my laptop that I am not aware of.
You probably need to "Publish All" to make all of the
pages republish and fix their nav bars.
Hi Allyson
I did as you said but oh oh.......... it didn't work. I have also been told that I must add the name of the second site to my first site, so that it would look like this:
http://web.mac.com/lorna6/secondsitename
I am told to then use this URL and make it a hyper-link to my first site and then my sites will be linked. I take it to mean that when I hyper link it to my first site, this new URL has to be in the Navigation bar at the top of the page.
Can I name the second site anything I want or am I constrained as I was in the naming of my first site? (the .Mac constraint of having us all use our .Mac name in the URL. BTW, I don't mind this at all, and in fact I think it's a good thing, because that way I can spot another .Mac person.
Lorna in Southern California
Maybe you are looking for
-
Hello, I reciently came across a g4 that has been wiped clean and I need to install an operating system. It has 800Mhz, 256MB, 30GB . Does anyone know which operating system(s) I will be able to install on this machine. Any help will be appreciated.
-
HR Master data display control.
Hi All, I have set up an HR admin with access such that he should not be able to view pay info of some users. However, when i tested it the user is able to partly view the pay info of a user A. However, he cannot view pay info of user B. The confusio
-
Hi Everyone, I have been developing DC in BPM.I have been following the BPM tutorial SAP NetWeaver Business Process Management Resource Center . Version : SAP NetWeaver 7.2 SP03 While deploying the DC i am getting the following error: Error: "
-
[SOLVED] Shuttle in PL SQL region (Apex 3.2)
Hi OTN, Is there an option of creating shuttle element in PL SQL region? I need to have a dynamic number of those elements on my page. I have copied HTML code of a static apex shuttle (with Never condition) on this page, but no double clicks or butto
-
I was able to access the following document via searching OTN. Article-ID: <Note:158367.1> Circulation: REVIEW_READY (INTERNAL) ***Oracle Confidential - Internal Use Only*** Folder: server.Internals.Corruption Topic: Articles to be Refiled Title: Ora