WLC 7.0.220 - USER_ADD_FAILED
Here is what I'm getting:
*Dot1x_NW_MsgTask_0: Apr 16 10:08:53.443: %APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create username mag12 for mobile00:21:5f:b2:f6:87.
I have WPA2 with 802.1X ties back to ACS 5.3. Works great, but I got a client having a problem today. Cisco doesn't say much about this error and it consider it an internal error? How to fix it? what does it mean exactly? Anybody?
Here is my CLI debug output last few lines:
*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 Stopping reauth timeout for 00:22:5f:b3:f6:87
*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state
*dot1xMsgTask: Apr 16 09:08:38.461: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Apr 16 09:08:38.465: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 Received EAPOL START from mobile 00:22:5f:b3:f6:87
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.489: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.493: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87
Looks like there may be a stuck/stale entry in the MSCB that is not allowing that client to be added.
You could try rebooting the WLC to see if it clears it.
Steve
Similar Messages
-
NCS 1.0.1.4 doesn't support WLC 7.0.220.0
FYI,
I have confirmed this with TAC and also been told that a NCS MR2 is going to be coming soon and will have support for the 7.0.220.0 code.New wireless matrix shows it being supported...
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp78062
Still waiting on NCS MR2 though being told sometime before end of November -
Mesh with WLC (7.0.220)
Dear Tech Gurus,
Can any one help me regarding channel assignament at root and mesh access points.
will the channel be same on all RAPS and MAPS (5Ghz).
With Regards,
Chaitanya.GYour RAP's should be on different channels. So it will depend on how far apart your RAP's will be apart from each other to get the channel separation you need. Your MAP's will be assigned the same channel as the parent RAP. Makes sense?
Thanks,
Scott Fella
Sent from my iPhone -
WLC IOS upgarde from 4.2.99.0 to 7.0.220.0
Hi
I have an WLC with below details:
Model No:- AIR-WLC4402-50-K9
Current IOS:- 4.2.99.0
Upgrade to :- 7.0.220.0
I wants to upgade WLC with7.0.220.0 IOS. My question is that should i go for direct upgarde from 4.2.99.0 to 7.0.220.0 or is there any IOS version i have to upgarde.You need to upgrade to
4.2.209.0 before upgrading to 7.0.220.0
Check the following link for more details:
http://www.cisco.com/en/US/partner/docs/wireless/controller/release/notes/crn7_0_220_0.html#wp796579
Please Don't Forget to rate correct answers -
Hi all and thank you in advance for any you help/advice you might be able to offer....
I'm having problems getting a WLC (7.0.220.0) working using LDAP (Windows 2008). This evening, in an effort to troubleshoot the problem further, I have configured the customer's ASA to use LDAP too and run a test....as you can see below, the test works flawlessly (on the ASA).
aaa-server LDAP_TEST protocol ldap
aaa-server LDAP_TEST host x.x.x.x
server-port 389
ldap-base-dn OU=Users,OU=IT Dept (South),DC=yyy,DC=co,DC=zzz
ldap-scope subtree
ldap-login-password *
ldap-login-dn CN=ldap,OU=Users,OU=IT Dept (South),DC=yyy,DC=co,DC=zzz
server-type microsoft
ASA/act# test aaa-server authentication LDAP_TEST host x.x.x.x username ldap password password
INFO: Attempting Authentication test to IP address <x.x.x.x> (timeout: 12 seconds)
INFO: Authentication Successful
ASA/act#
Now, my understanding is that the ASA only supports PAP (clear text) as Authentication method when communicating to an LDAP server....while on the Controller, I am using EAP-FAST....so my understanding would be that only EAP-FAST/GTC or EAP-FAST/MSCHAPv2 (IF the LDAP server is setup to return a clear text password) are supported.
On the Controller, I am using the very same settings as I have used on the ASA (for the LDAP server configuration). However, users are still unable to Authenticate....they Associate, but do not Authenticate. The clients are all Windows 7 and are setup to use the in-built Cisco EAP-FAST as Authentication method. We are not using certificates.
The thing is that I'm pretty sure that both the Windows 7 clients and the Controller are setup correctly but, as I said, the clients are still unable to authenticate.
I guess that my questions are these:
- on the client side, you can setup the laptops to use "Any method" as authentication method...but how does this exactly work? do they try both EAP-GTC and EAP-MSCHAPv2 (i.e. if it can't authenticate through EAP-GTC will then try EAP-MSCHAPv2?)
- is it better to hardcode the clients to use EAP-GTC or EAP-MSCHAPv2 (instead of default "Any method")....when working on an LDAP environment
- how can I check that the MS 2008 server is indeed setup to "return a clear text password" if using EAP-FAST/MSCHAPv2 (and I do realize that this is probably a question for a Microsoft forum)
- how can I check the the LDAP server is configured to support EAP-GTC and/or EAP-MSCHAPv2??
Thanks again.This is not an acceptable answer. Steve, do you work for Cisco, or are you commenting on personal experience & knowledge?
I have had a working RADIUS configuration for 2 years+ of an ASA 5510 for authentication of AnyConnect SSL & IPSEC VPN clients with AD, and a WLC 2106 for authentication of WPA2-Enterprise w/802.1x certificates with AD. Both were configured to communication to the same RADIUS server that is a Windows Server 2003 DC with IAS/RADIUS and a CA installed. During the planning for installing a new Windows Server 2008 R2 DC, I decided to attempt to remove my reliance on RADIUS since authenticating directly with LDAP is becoming more common. I was successfully able to configure our ASA to do direct LDAP queries to AD, but similar to "superduperlopez" and "rschwenderman", I have been unable to configure the WLC the same way.
I feel like the following line in Cisco's documentation is unsatisfactory: "For example, Microsoft Active Directory is not supported because it does not return a clear-text password."
I would take this to mean that the ASA is working correctly due to either:
A) The ASA is accepting clear-text passwords from AD, and AD is configured to pass clear-text passwords, or
B) The ASA is not accepting clear-text passwords from AD, and AD is not configured to pass clear-text passwords
Now this would lead me to the following:
A) Cisco has not properly updated the WLC documentation to instruct users how to correctly configured the WLC to do backend LDAP queries, or
B) Cisco has not implemented the technology changes that were made in the ASA to the WLC
This frustrates the average network admin, as it is seen by us as "If the ASA can do it, why can't the WLC". Also, don't get this confused with any "client" issues, as all that is being asked for is the WLC to using a different backend "authentication" server while not modifying the client side at all. The concept of "Local EAP" seems to fit, but doesn't work.
I would really appreciate someone giving some insight on this topic, as there are three customers on this forum post that have had the same problem withing the last 2 months.
The previous posters, and myself, are not looking for someone to retype the documentation, but rather explain how it is working on one of Cisco's security products, but not the other. -
I have a 5500 WLC 7.0.220.0 and NCS 1.0.2.29. I trying create schedule guest user.
Error(s): You must correct the following error(s) before proceeding:
Error:Unknown Exception Occured. If the problem persists please send logs to the Tech Support.
normal guest user is working well done.
Do you know where it could be a mistake?Hi , In this case the best option and path to take is to open a case with TAC requesting assistance with the NCS support team and let them know you are getting the following error message:Error(s): You must correct the following error(s) before proceeding: when trying to create a scheule guest user using the NCS.
Cisco Worldwide Contact link is below for further reference.
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html -
WLC 4402 7.0.220.0 compatability.
hello friends,
Could you please let me know if Windows 8 laptops machine are conpatible with the WLC IOS Version 7.0.220.0.
My client has WLC 4402 Version 7.0.220.0.
The message that appears is AAA authentication failed.
Your help will be highly appreciated.
Warm Regards
Nelson MathiasYou need 7.0.235.3 as a minimum. Here is a reference guide.
https://supportforums.cisco.com/docs/DOC-27213
Sent from Cisco Technical Support iPhone App -
%DOT1X-3-USER_LOGIN_DENY: 1x_auth_pae.c:2566 Authentication rejected for user ******** - user may already be logged in
%APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create username ******** for mobile
WLC Version: 7.0.220.0
intermittent problem
Help me please!Im also facing the same Issue right now.. I haven't rebooted the controller, My primary controller is deactivated from the global list and seconday controller is running. But i could able to reach my primary controller(pinged from controller-radius
server (which is over WAN connections, not local i.e differrent geograhical area)
*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3028 Max EAP identity request retries (3) exceeded for client 30:f7:c5:c4:43:6a
*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-USER_LOGIN_DENY: 1x_auth_pae.c:2566 Authentication rejected for user 00005115 - user may already be logged in
*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3028 Max EAP identity request retries (3) exceeded for client 30:f7:c5:c4:43:6a
*Dot1x_NW_MsgTask_2: Mar 22 13:23:31.372: %DOT1X-3-USER_LOGIN_DENY: 1x_auth_pae.c:2566 Authentication rejected for user 00005115 - user may already be logged in
concurrent logins is set to 0 (unlimited logins). what would be the reason behind this? Same issue we faced 2 months ago then we have rebooted the WLC and it worked Fine.
Again now we are facong the same issue. Reboot won't be permanent resolution to this, Please can you let me know the root cause.
Thank you in advance.. -
Issue with 2504 WLC and 2602 AP. need help please.
Somehow the AP does not associates with the 2504 controller.
What could possibily be the issue.
Thanks in advance.
Anyway, Here is the log from the AP.
AP log
===========================================================
*Mar 1 00:30:35.551: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.120.4 obtained through DHCP
*Mar 1 00:30:35.551: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'SNGNY-WLC1'running version 7.0.220.0 is rejected.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Mar 1 00:30:44.551: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.120.4
===========================================================
show version output from the Access Point
=========================================================
AP0006.f6ec.be2a#show ver
Cisco IOS Software, C2600 Software (AP3G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 00:07 by prod_rel_team
ROM: Bootstrap program is C2600 boot loader
BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
AP0006.f6ec.be2a uptime is 33 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
--More--
*Mar 1 00:33:46.071: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 00:33:46.171: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.120.98, mask 255.255.255.0, hostname AP0006.f6ec.be2a
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP2602I-A-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FGL1704ZC0Q
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:06:F6:EC:BE:2A
Part Number : 73-14588-02
PCA Assembly Number : 800-37899-01
PCA Revision Number : A0
PCB Serial Number : FOC165188Y4
Top Assembly Part Number : 800-38356-01
Top Assembly Serial Number : FGL1704ZC0Q
Top Revision Number : A0
Product/Model Number : AIR-CAP2602I-A-K9
Configuration register is 0xF
========================================================Blake's right. Your WLC is running 7.0.X code which does not support the AP2600. Check the Release Notes and look under Software Release Support for Access Points to determine what suitable firmware your WLC can support your AP.
-
Device issue with WLC (excluded client)
I have a single client that is having issues staying connected to my WLC running code 7.0.220.0
Here are the debugs, it just keeps on looping:
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Adding mobile on LWAPP AP 10:8c:cf:78:93:80(0)
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:06.352: 00:40:96:b8:78:7a 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfMsAssoStateInc
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Idle to Associated
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_0: Jul 18 10:41:06.353: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
*dot1xMsgTask: Jul 18 10:41:06.354: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:06.355: New PMKID: (16)
*dot1xMsgTask: Jul 18 10:41:06.355: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
*dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:06.355: Including PMKID in M1 (16)
*dot1xMsgTask: Jul 18 10:41:06.355: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
*dot1xMsgTask: Jul 18 10:41:06.355: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*osapiBsnTimer: Jul 18 10:41:07.362: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:07.362: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
*apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
*apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
*apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
*apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
*apfLbsTask: Jul 18 10:41:07.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
*osapiBsnTimer: Jul 18 10:41:08.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:08.361: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*osapiBsnTimer: Jul 18 10:41:09.361: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:09.362: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 0
*dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
*dot1xMsgTask: Jul 18 10:41:09.363: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*apfMsConnTask_0: Jul 18 10:41:12.953: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_0: Jul 18 10:41:12.954: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
*dot1xMsgTask: Jul 18 10:41:12.955: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:12.955: New PMKID: (16)
*dot1xMsgTask: Jul 18 10:41:12.956: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
*dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:12.956: Including PMKID in M1 (16)
*dot1xMsgTask: Jul 18 10:41:12.956: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
*dot1xMsgTask: Jul 18 10:41:12.956: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*osapiBsnTimer: Jul 18 10:41:13.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:13.965: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*osapiBsnTimer: Jul 18 10:41:14.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:14.962: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
*apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
*apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
*apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
*apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
*apfLbsTask: Jul 18 10:41:15.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
*osapiBsnTimer: Jul 18 10:41:15.961: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:15.965: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 1
*dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
*dot1xMsgTask: Jul 18 10:41:15.967: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
*apfMsConnTask_0: Jul 18 10:41:19.491: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_0: Jul 18 10:41:19.492: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:19.494: New PMKID: (16)
*dot1xMsgTask: Jul 18 10:41:19.494: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:19.494: Including PMKID in M1 (16)
*dot1xMsgTask: Jul 18 10:41:19.494: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
*dot1xMsgTask: Jul 18 10:41:19.494: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*osapiBsnTimer: Jul 18 10:41:20.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:20.561: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*osapiBsnTimer: Jul 18 10:41:21.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:21.561: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*osapiBsnTimer: Jul 18 10:41:22.561: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:22.562: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 2
*dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Sent Deauthenticate to mobile on BSSID 10:8c:cf:78:93:80 slot 0(caller 1x_ptsm.c:534)
*dot1xMsgTask: Jul 18 10:41:22.563: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 57) in 10 seconds
*apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
*apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
*apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
*apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 3
*apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy CCX LOCP 5
*apfLbsTask: Jul 18 10:41:23.762: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
*apfMsConnTask_0: Jul 18 10:41:26.116: 00:40:96:b8:78:7a Association received from mobile on AP 10:8c:cf:78:93:80
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific IPv6 override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying IPv6 Interface Policy for station 00:40:96:b8:78:7a - vlan 274, interface id 12, interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Applying site-specific override for station 00:40:96:b8:78:7a - vapId 11, site 'TWR-5', interface 'pharmwireless'
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1626)
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Processing RSN IE type 48, length 38 for mobile 00:40:96:b8:78:7a
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) DHCP Not required on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8for this client
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 10:8c:cf:78:93:80 vapId 11 apVapId 8
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfPemAddUser2 (apf_policy.c:223) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a Sending Assoc Response to station on BSSID 10:8c:cf:78:93:80 (status 0) ApVapId 8 Slot 0
*apfMsConnTask_0: Jul 18 10:41:26.117: 00:40:96:b8:78:7a apfProcessAssocReq (apf_80211.c:5237) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Associated
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Creating a PKC PMKID Cache entry for station 00:40:96:b8:78:7a (RSN 2)
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Adding BSSID 10:8c:cf:78:93:87 to PMKID cache for station 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:26.120: New PMKID: (16)
*dot1xMsgTask: Jul 18 10:41:26.120: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Initiating RSN PSK to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a dot1x - moving mobile 00:40:96:b8:78:7a into Force Auth state
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Skipping EAP-Success to mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:26.120: Including PMKID in M1 (16)
*dot1xMsgTask: Jul 18 10:41:26.120: [0000] 4a 0c ea 60 5c 8c 76 2a ee 47 50 bd ad 58 e0 d9
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Starting key exchange to mobile 00:40:96:b8:78:7a, data packets will be dropped
*dot1xMsgTask: Jul 18 10:41:26.120: 00:40:96:b8:78:7a Sending EAPOL-Key Message to mobile 00:40:96:b8:78:7a
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*osapiBsnTimer: Jul 18 10:41:27.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:27.162: 00:40:96:b8:78:7a Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*osapiBsnTimer: Jul 18 10:41:28.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:28.162: 00:40:96:b8:78:7a Retransmit 2 of EAPOL-Key M1 (length 121) for mobile 00:40:96:b8:78:7a
*osapiBsnTimer: Jul 18 10:41:29.161: 00:40:96:b8:78:7a 802.1x 'timeoutEvt' Timer expired for station 00:40:96:b8:78:7a and for message = M2
*dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Retransmit failure for EAPOL-Key M1 to mobile 00:40:96:b8:78:7a, retransmit count 3, mscb deauth count 3
*dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Blacklisting (if enabled) mobile 00:40:96:b8:78:7a
*dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a apfBlacklistMobileStationEntry2 (apf_ms.c:4294) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Associated to Exclusion-list (1)
*dot1xMsgTask: Jul 18 10:41:29.162: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 44) in 10 seconds
*dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3)
*dot1xMsgTask: Jul 18 10:41:29.163: 00:40:96:b8:78:7a 0.0.0.0 START (0) Reached FAILURE: from line 4025
*dot1xMsgTask: Jul 18 10:41:29.164: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 9) in 10 seconds
*apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy AP LOCP - mode:0 slotId:0, apMac 0x10:8c:cf:78:93:80
*apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy WLAN LOCP EssIndex:11 aid:1 ssid:RUMCWireless-S
*apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: START
*apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x1 protocol2:0x2 statuscode 0, reasoncode 1, status 8
*apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy CCX LOCP 5
*apfLbsTask: Jul 18 10:41:31.766: 00:40:96:b8:78:7a Copy MobilityData LOCP status:0, anchorip:0x0
*osapiBsnTimer: Jul 18 10:41:39.165: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
*apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a Scheduling deletion of Mobile Station: (callerId: 46) in 60 seconds
*apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a apfMsExpireMobileStation (apf_ms.c:5131) Changing state for mobile 00:40:96:b8:78:7a on AP 10:8c:cf:78:93:80 from Exclusion-list (1) to Exclusion-list (2)
*apfReceiveTask: Jul 18 10:41:39.166: 00:40:96:b8:78:7a 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [10:8c:cf:78:93:80]
*apfMsConnTask_0: Jul 18 10:41:51.799: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:41:52.313: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:41:53.316: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:41:54.320: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:41:55.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:41:56.326: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_6: Jul 18 10:41:59.292: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_6: Jul 18 10:41:59.339: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_6: Jul 18 10:42:00.342: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_6: Jul 18 10:42:01.346: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_6: Jul 18 10:42:02.349: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_6: Jul 18 10:42:03.352: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Received Idle-Timeout from AP 10:8c:cf:78:93:80, slot 0 for STA 00:40:96:b8:78:7a
*spamApTask0: Jul 18 10:42:07.907: 00:40:96:b8:78:7a Ignoring delete request from AP due to mobile in exclusion list or marked for deletion already
*apfMsConnTask_0: Jul 18 10:42:08.127: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:42:08.370: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:42:09.373: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:42:10.377: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:42:11.380: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_0: Jul 18 10:42:12.383: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_5: Jul 18 10:42:27.323: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_5: Jul 18 10:42:28.438: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_5: Jul 18 10:42:29.441: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_5: Jul 18 10:42:30.445: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_5: Jul 18 10:42:31.448: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_4: Jul 18 10:42:36.045: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_4: Jul 18 10:42:36.467: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_4: Jul 18 10:42:37.470: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfMsConnTask_4: Jul 18 10:42:38.474: 00:40:96:b8:78:7a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*osapiBsnTimer: Jul 18 10:42:39.169: 00:40:96:b8:78:7a apfMsExpireCallback (apf_ms.c:608) Expiring Mobile!
*apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a apfMsAssoStateDec
*apfReceiveTask: Jul 18 10:42:39.170: 00:40:96:b8:78:7a Deleting mobile on AP 10:8c:cf:78:93:80(0)
Can anyone tell me why this is happening?
Thank YouAuth succeeded from AAA server side but there is a problem with 4-way handshake. It is obvious the problem is with the client because it does not reply the message 2 of the handshake.
What is this client?
Try upgrading the driver or the firmware. That sort it out.
Sent from Cisco Technical Support iPad App -
Prime 1.3 and WLC 7.6 Can I push guest accounts?
Hi all
My Customer needs to update the WLC to 7.6 (from 7.4) due to 3700 APs, but does not use the ac or other new features (yet).
He has a Prime 1.3 update 4, where the guest Account are created.
Can he, after the WLC Upgrade to 7.6.130.0 still see the WLC from Prime 1.3 and Push guest accounts to the WLC?
The migration to PI 2.1 will be planned.
Thanks
WillemCisco Prime 1.3 doesn't support 7.6 please check the compatibility matrix
Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
Cisco Prime Infrastructure
Cisco WLC
Cisco MSE
ISE
Remarks
Update 4 for 1.3.0.20
Update 1 for 1.3.0.20
1.3.0.20
7.4.121.0
7.4.110.0
7.4.100.60
7.4.100.0
7.3.112.0
7.3.101.0
7.2.115.2
7.2.111.3
7.2.110.0
7.2.103.0
7.0.250.0
7.0.240.0
7.0.235.3
7.0.235.0
7.0.230.0
7.1.91.0
7.0.220.0
7.0.116.0
7.0.98.218
7.0.98.0
7.4.121.0
7.4.110.0
7.4.100.0
7.3.101.0
7.2.110.0
7.2.103.0
7.0.240.0
7.0.230.0
7.0.220.0
7.0.201.204
7.0.112.0
7.0.105.0
1.0
1.1
1.2 -
Cisco ISE 1.2 & Cisco WLC 5508 v7.6
Hi all,
we are planning to upgrade our WLC to 7.6 to fix a bug with FlexConnect Client ACLs but I have just seen on the Cisco ISE Compatibility table that the it only recommends up to v7.5 of the WLC 5508...
Cisco have told me to steer clear of 7.5 as it is in a defferred status, so does anyone know, or have running in a lab or production, ISE1.2 with a 5508 WLC v7.6 NAD ?
I would much rather know of any issues people are experiencing before hand than to have to go through a software upgrade and then rollback.
Thanks all
Mario De RosaHi Neno,
right I have this almost working now.
I have simplified the setup. I am not going to do any client provisioning at the moment.
So I can connect to the corporate SSID using EAP-TLS and I can successfully push the branch data VLAN upon successful authorisation.
Now I am trying to introduce the posture element & per user ACLs.
I have defined the redirect ACL & Flex ACL on the vWLC however the NAC agent will not pop-up. The client is in the right VLAN and the redirect ACL seems to be getting applied as the client does get an IP through DHCP. However, the client cannot ping the ISE or access the guest portal when I open the browser.
DNS resolution seems to be working fine.
VLAN220 is my datacentre VLAN which the Management Interface on the controller is plugged in to.
VLAN10 is the branch DATA VLAN.
below is some output to give you some more details...
(Cisco Controller) >show client detail 00:24:d6:97:b3:be
Client MAC Address............................... 00:24:d6:97:b3:be
Client Username ................................. [email protected]
AP MAC Address................................... 18:33:9d:f0:21:80
AP Name.......................................... test-flex-ap
AP radio slot Id................................. 0
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 18:33:9d:f0:21:81
Connected For ................................... 128 secs
Channel.......................................... 6
IP Address....................................... 10.130.130.120
Gateway Address.................................. 10.130.130.1
Netmask.......................................... 255.255.255.0
IPv6 Address..................................... fe80::f524:1910:69f0:9482
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... 4
Client E2E version............................... 1
--More-- or (q)uit
Re-Authentication Timeout........................ 1651
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... OFF
Current Rate..................................... m13
Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
............................................. 12.0,18.0,24.0,36.0,48.0,
............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ No
Policy Manager State............................. POSTURE_REQD
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ POSTURE_REDIRECT_ACL
AAA Override ACL Applied Status.................. Yes
--More-- or (q)uit
AAA Override Flex ACL Name....................... POSTURE_REDIRECT_ACL
AAA Override Flex ACL Applied Status............. Yes
AAA URL redirect................................. https://pdc-ise-man01.kier.group:8443/guestportal/gateway?sessionId=c8dc800a00000005b3e7e953&action=cpp
Audit Session ID................................. c8dc800a00000005b3e7e953
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Yes
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
Encryption Cipher................................ CCMP (AES)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... EAP-TLS
FlexConnect Data Switching....................... Local
--More-- or (q)uit
FlexConnect Dhcp Status.......................... Local
FlexConnect Vlan Based Central Switching......... No
FlexConnect Authentication....................... Central
Quarantine VLAN.................................. 0
Access VLAN...................................... 220
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 10
Fast BSS Transition........................ Not implemented
Client Wifi Direct Capabilities:
WFD capable................................ No
Manged WFD capable......................... No
Cross Connection Capable................... No
Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
Number of Bytes Received................... 33698
Number of Bytes Sent....................... 19397
Total Number of Bytes Sent................. 19397
--More-- or (q)uit
Total Number of Bytes Recv................. 33698
Number of Bytes Sent (last 90s)............ 19397
Number of Bytes Recv (last 90s)............ 33698
Number of Packets Received................. 283
Number of Packets Sent..................... 147
Number of Interim-Update Sent.............. 0
Number of EAP Id Request Msg Timeouts...... 0
Number of EAP Id Request Msg Failures...... 0
Number of EAP Request Msg Timeouts......... 0
Number of EAP Request Msg Failures......... 0
Number of EAP Key Msg Timeouts............. 0
Number of EAP Key Msg Failures............. 0
Number of Data Retries..................... 53
Number of RTS Retries...................... 0
Number of Duplicate Received Packets....... 2
Number of Decrypt Failed Packets........... 0
Number of Mic Failured Packets............. 0
Number of Mic Missing Packets.............. 0
Number of RA Packets Dropped............... 0
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -42 dBm
Signal to Noise Ratio...................... 41 dB
Client Rate Limiting Statistics:
--More-- or (q)uit
Number of Data Packets Recieved............ 0
Number of Data Rx Packets Dropped.......... 0
Number of Data Bytes Recieved.............. 0
Number of Data Rx Bytes Dropped............ 0
Number of Realtime Packets Recieved........ 0
Number of Realtime Rx Packets Dropped...... 0
Number of Realtime Bytes Recieved.......... 0
Number of Realtime Rx Bytes Dropped........ 0
Number of Data Packets Sent................ 0
Number of Data Tx Packets Dropped.......... 0
Number of Data Bytes Sent.................. 0
Number of Data Tx Bytes Dropped............ 0
Number of Realtime Packets Sent............ 0
Number of Realtime Tx Packets Dropped...... 0
Number of Realtime Bytes Sent.............. 0
Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
test-flex-ap(slot 0)
antenna0: 14 secs ago.................... -51 dBm
antenna1: 14 secs ago.................... -37 dBm
test-flex-ap(slot 1)
antenna0: 14 secs ago.................... -51 dBm
antenna1: 14 secs ago.................... -54 dBm
--More-- or (q)uit
DNS Server details:
DNS server IP ............................. 10.0.17.31
DNS server IP ............................. 10.0.17.43
Assisted Roaming Prediction List details:
Client Dhcp Required: False
Allowed (URL)IP Addresses
(Cisco Controller) >
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... Demo1x
Network Name (SSID).............................. Demo1x
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Enabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Enabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
--More-- or (q)uit
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 12 hours
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... mario-test-flex-vwlc
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
--More-- or (q)uit
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
--More-- or (q)uit
Radius Servers
Authentication................................ 10.0.16.111 1812
Accounting.................................... 10.131.16.111 1813
Interim Update............................. Disabled
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Disabled
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Enabled
PSK..................................... Disabled
CCKM.................................... Disabled
--More-- or (q)uit
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
WAPI.......................................... Disabled
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
--More-- or (q)uit
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None
Flow Monitor Name................................ None
Split Tunnel (Printers).......................... Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Disabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
--More-- or (q)uit
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID IP Address Status
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
Priority Policy Name
(Cisco Controller) >
when debugging the client during redirect, this is the output and I cannot spot anything wrong here...
(Cisco Controller) >*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Adding mobile on LWAPP AP 18:33:9d:f0:21:80(1)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Association received from mobile on BSSID 18:33:9d:f0:21:8e
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Global 200 Clients are allowed to AP radio
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Max Client Trap Threshold: 0 cur: 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Re-applying interface policy for client
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 255 on mobile
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be In processSsidIE:4850 setting Central switched to FALSE
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying site-specific Local Bridging override for station 00:24:d6:97:b3:be - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Applying Local Bridging Interface Policy for station 00:24:d6:97:b3:be - vlan 220, interface id 0, interface 'management'
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Processing RSN IE type 48, length 22 for mobile 00:24:d6:97:b3:be
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Received RSN IE with 0 PMKIDs from mobile 00:24:d6:97:b3:be
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Updating AID for REAP AP Client 18:33:9d:f0:21:80 - AID ===> 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Central switch is FALSE
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfMsAssoStateInc
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Idle to Associated
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfPemAddUser2:session timeout forstation 00:24:d6:97:b3:be - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be Sending Assoc Response to station on BSSID 18:33:9d:f0:21:8e (status 0) ApVapId 2 Slot 1
*apfMsConnTask_7: Aug 12 10:58:24.013: 00:24:d6:97:b3:be apfProcessAssocReq (apf_80211.c:8294) Changing state for mobile 00:24:d6:97:b3:be on AP 18:33:9d:f0:21:80 from Associated to Associated
*spamApTask6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sent 1x initiate message to multi thread task for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Connecting state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be Sending EAP-Request/Identity to mobile 00:24:d6:97:b3:be (EAP Id 1)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.016: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Received Identity Response (count=1) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Resetting reauth count 1 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be EAP State update from Connecting to Authenticating for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticating state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.083: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=214) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be WARNING: updated EAP-Identifier 1 ===> 214 for STA 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 214)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be Allocating EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.086: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 214, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.090: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=215) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 215)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.091: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 215, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.095: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=216) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 216)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.096: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 216, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.100: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=217) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 217)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.101: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 217, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.105: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=218) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 218)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.106: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 218, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.110: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=219) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 219)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.111: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 219, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.115: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=220) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 220)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.116: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 220, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.352: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=221) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 221)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.354: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 221, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.359: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=222) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 222)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.360: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 222, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.365: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=223) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 223)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.366: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 223, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.371: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=224) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 224)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.372: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 224, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.375: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Processing Access-Challenge for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Entering Backend Auth Req state (id=225) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Sending EAP Request from AAA to mobile 00:24:d6:97:b3:be (EAP Id 225)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.389: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAPOL EAPPKT from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Received EAP Response from mobile 00:24:d6:97:b3:be (EAP Id 225, EAP Type 13)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Resetting reauth count 0 to 0 for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.391: 00:24:d6:97:b3:be Entering Backend Auth Response state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Processing Access-Accept for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created for mobile, length = 253
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Username entry ([email protected]) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be override for default ap group, marking intgrp NULL
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 220
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Re-applying interface policy for client
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2219)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2240)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Retaining the ACL recieved in AAA attributes 1 on mobile
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Inserting AAA Override struct for mobile
MAC: 00:24:d6:97:b3:be, source 4
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Station 00:24:d6:97:b3:be setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Creating a PKC PMKID Cache entry for station 00:24:d6:97:b3:be (RSN 2)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Resetting MSCB PMK Cache Entry 0 for station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Adding BSSID 18:33:9d:f0:21:8e to PMKID cache at index 0 for station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Client in Posture Reqd state. PMK cache not updated.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAP-Success to mobile 00:24:d6:97:b3:be (EAP Id 225)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Freeing AAACB from Dot1xCB as AAA auth is done for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be EAPOL Header:
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Found an cache entry for BSSID 18:33:9d:f0:21:8e in PMKID cache at index 0 of station 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: [0000] 6f d1 ce 84 08 74 41 a5 06 6b 89 02 c9 e9 f8 c8
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Starting key exchange to mobile 00:24:d6:97:b3:be, data packets will be dropped
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Entering Backend Auth Success state (id=225) for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be Received Auth Success while in Authenticating state for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.410: 00:24:d6:97:b3:be dot1x - moving mobile 00:24:d6:97:b3:be into Authenticated state
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Received EAPOL-key in PTK_START state (message 2) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be PMK: Sending cache add
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be EAPOL Header:
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00000000: 02 03 5f 00 .._.
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Sending EAPOL-Key Message to mobile 00:24:d6:97:b3:be
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be Reusing allocated memory for EAP Pkt for retransmission to mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappLradNhMac = 00:00:0c:07:ac:dc mscb->apfMsLradSlotId = 1 mscb->apfMsLradJumbo = 0 mscb->apfMsintIfNum = 1
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsBssid = 18:33:9d:f0:21:80 mscb->apfMsAddress = 00:24:d6:97:b3:be mscb->apfMsApVapId = 2
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be dot1xcb->snapOrg = 00 00 00 dot1xcb->eapolWepBit = 0 mscb->apfMsLwappLradVlanId = 220 mscb->apfMsLwappMwarInet.ipv4.addr = 176217288
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.414: 00:24:d6:97:b3:be mscb->apfMsLwappMwarPort = 5246 mscb->apfMsLwappLradInet.ipv4.addr = 176325157 mscb->apfMsLwappLradPort = 9385
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-Key from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Stopping retransmission timer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Freeing EAP Retransmit Bufer for mobile 00:24:d6:97:b3:be
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central switch is FALSE
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Sending the Central Auth Info
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Central Auth Info Allocated PMKLen = 32
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be PMK: pmkActiveIndex = 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be EapolReplayCounter: 00 00 00 00 00 00 00 01
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 apfMsEapType = 13
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2for this client
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 18:33:9d:f0:21:80 vapId 2 apVapId 2 flex-acl-name:POSTURE_REDIRECT_ACL
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6166, Adding TMP rule
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 5761, Adding TMP rule
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*apfReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Aug 12 10:58:24.418: 00:24:d6:97:b3:be 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*spamApTask6: Aug 12 10:58:24.418: 00:24:d6:97:b3:be spamEncodeCentralAuthInoMsPayload: msAssocTypeFlagsMsb = 0 msAssocTypeFlagsLsb = 2
apfMsEntryType = 0 pmkLen = 32
*DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 325,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 10:58:24.546: 00:24:d6:97:b3:be DHCP setting server from ACK (server 10.0.17.85, yiaddr 10.130.130.120)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 DHCP_REQD (7) Change state to WEBAUTH_REQD (8) last state DHCP_REQD (7)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) pemAdvanceState2 6671, Adding TMP rule
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Replacing Fast Path rule
type = Airespace AP Client - ACL passthru
on AP 18:33:9d:f0:21:80, slot 1, interface = 1, QOS = 0
IPv4 A
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206 Local Bridging Vlan = 220, Local Bridging intf id = 0
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 WEBAUTH_REQD (8) Successfully plumbed mobile rule (IPv4 ACL ID 1, IPv6 ACL ID 255, L2 ACL ID 255)
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Plumbing web-auth redirect rule due to user logout
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be Assigning Address 10.130.130.120 to mobile
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Socket Task: Aug 12 10:58:24.548: 00:24:d6:97:b3:be DHCP success event for client. Clearing dhcp failure count for interface management.
*pemReceiveTask: Aug 12 10:58:24.548: 00:24:d6:97:b3:be 10.130.130.120 Added NPU entry of type 2, dtlFlags 0x0
*IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Pushing IPv6 Vlan Intf ID 0: fe80:0000:0000:0000:f524:1910:69f0:9482 , and MAC: 00:24:D6:97:B3:BE , Binding to Data Plane. SUCCESS !! dhcpv6bitmap 0
*IPv6_Msg_Task: Aug 12 10:58:25.330: 00:24:d6:97:b3:be Link Local address fe80::f524:1910:69f0:9482 updated to mscb. Not Advancing pem state.Current state: mscb in apfMsMmInitial mobility state and client state APF_MS_STATE_A
*DHCP Socket Task: Aug 12 10:58:28.581: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 10:58:28.589: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:00:07.959: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:00:07.967: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
*DHCP Socket Task: Aug 12 11:01:59.153: 00:24:d6:97:b3:be DHCP received op BOOTREPLY (2) (len 308,vlan 220, port 1, encap 0xec03)
Can you see any obvious reason why the NAC agent wont pop up?
Thanks
Mario -
WLC 2504 problems with one IP address range
I am having an interesting issue configuring a new 2504.
How it is setup:
Port 1 management with vlan tagging on vlan 111
Port 2 trunking with ap-manager2 on vlan 3, 102 on vlan 102 (Not ap-manager), and 1001 on vlan 1001.
All of the vlans have distinctive and unique IP ranges. Vlan 111 is running 172.16.128 /20, 102 is 172.19.252 /23 and vlan 1001 should be running 172.17 /16.
Here is my problem. I can setup all of the dynamic interfaces on the appropriate ip ranges, but for some reason when I configure the 1001 vlan dynamic interface with the /16 address space, I lose connectivity to the GUI managment interface. I have to go in through the CLI and remove the interface or change the IP range. I have tried other /16 address space on that vlan and do not have a problem with them. the 172.17 space appears to be the only one that will not work.
I have attached the config from the controller (Minus some site specific stuff like the SNMP community and wpa stuff.) The config is using a 172.20 /16 right now on the 1001 interface so that I could get into the controller and download the config. It should be 172.17 /16. The acutal IP info should be 172.17.4.253 255.255.0.0 172.17.0.254
My computer is on the 1001 vlan and I have verified the IP is not in use and am using the same subnet, gateway etc as I am trying to configure the wlc with.
Switch config:
Port 1 is plugged into g0/2 with the following config
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,3,102,111,1001
switchport mode trunk
spanning-tree portfast
Port 2 is plugged into fa0/47 and just has switchport mode trunk.
How can I get the interface to work with the proper IP range for vlan 1001?I finally had a chance to fiddle around with this issue again and have some more information on the problem. It appears to not be an issue with the IP address, but rather with the VLAN. The 172.17.0.0/16 subnet is on VLAN 1001 which it appears the WLC does not care for. This problem is repeatable on the following versions of code that I have tried:
7.0.220.0
7.1.91.0
7.4.110.0 (Not in use for production until we upgrade from WCS to Prime.)
Any thoughts? Moving the 1001 VLAN to another number would be a HUGE undertaking so if there is not an answer within the firmware on the WLC, I will have to bridge two VLANs with bpdufilter enabled... Not my first choice for sure... -
Hello all, i need your help, i have a WLC but AP's not joined with controller, this errors sends:
cisco AIR-CAP3602I-N-K9 (PowerPC) processor (revision A0) with 167926K/81920K bytes of memory.
Processor board ID FTX1734GJ9E
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.3.1.53
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 7C:69:F6:1A:2A:C4
Part Number : 73-14521-02
PCA Assembly Number : 800-37501-02
PCA Revision Number : A0
PCB Serial Number : FOC17306LVB
Top Assembly Part Number : 800-35852-02
Top Assembly Serial Number : FTX1734GJ9E
Top Revision Number : C0
Product/Model Number : AIR-CAP3602I-N-K9
% Please define a domain-name first.
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLAN_EstrellaR'running version 7.0.220.0 is rejected.
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.4.14.201
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLAN_EstrellaR'running version 7.0.220.0 is rejected.
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Aug 1 18:34:32.035: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLAN_EstrellaR'running version 7.0.220.0 is rejected.
*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.4.14.201
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)Hi Martin
Martin Velazquez wrote:Hello all, i need your help, i have a WLC but AP's not joined with controller, this errors sends:cisco AIR-CAP3602I-N-K9 (PowerPC) processor (revision A0) with 167926K/81920K bytes of memory.*Aug 1 18:34:42.035: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLAN_EstrellaR'running version 7.0.220.0 is rejected.
U need atleast 7.1.91.0 version on controoler .
3600 series AP first suppourt is
CAP3602I
7.1.91.0
Update firmaware on wlc.
also paster sh sysinfo from WLC.
matrix compatibiolity: http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Regards -
just need a straight answer, best if someone has had a similar configuration working, sorry pals I really need to be shure
then look at this...
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
table 1
Table 1 Wireless Software Compatibility Matrix
IOS Release
WLC
NCS
WCS
Navigator
2710 Location Appliance
MSE
12.4(25e)JA
7.2.103.0
1.1.0.58
7.2.103.0
12.4(23c)JA5
7.0.235.0
7.0.230.0
1.6.230.0
7.0.230.0
12.4(23c)JA4
7.0.230.0
7.0.230.0
1.6.230.0
7.0.230.0
12.4(23c)JY
7.1.91.0
7.0.220.0
1.6.220.0
7.0.220.0
this is the reason I asked if someone had tried it...
and...
Maybe you are looking for
-
Office Web Apps Server , Excel Web Apps , Error , Event ID 5226
There is an environment of install Office Web Apps 2013 for SharePoint 2013 – with PDF Preview. Having been able to use it without any problems. One day, a preview of the Excel does not work properly. Error or do not know the contents of the followin
-
I purchased the full version of CS6 and now suddenly get prompted to sign up for creative cloud membership. I am not able to open Illustrator without choosing (and paying for presumably) a cloud membership. I only want access to the program which I
-
Supplied video adapter cables?
In my box were 2 video adapter cables. One is a DVI to VGA adapter, the other looks like DVI to DVI. What is it for?
-
Impact of Enhancement Pack4 on BI 7.0
Hello Experts, We are currently in the process of installing Enhancement Pack 4 (ECC 6.0). I would like to know the details on how this would impact BI 7.0. Are there any notes or documents that I could refer to. Any help is greatly appreciated. Than
-
Hi how to write text file continuosly
hi i know how to write a text file but if i write something and close the whole program, then when i open the program and do the samething, i wanna write something contiguosly, write the next line of the very last saved line.. but..i tried couple of