(Cisco Controller) >show wlan 2 WLAN Identifier.................................. 2 Profile Name..................................... Interne-CAMPUS Network Name (SSID).............................. Interne-CAMPUS Status........................................... Enabled MAC Filtering.................................... Disabled Broadcast SSID................................... Enabled AAA Policy Override.............................. Disabled Network Admission Control Client Profiling Status Radius Profiling ............................ Disabled DHCP ....................................... Disabled HTTP ....................................... Disabled Local Profiling ............................. Disabled DHCP ....................................... Disabled HTTP ....................................... Disabled Radius-NAC State............................... Disabled SNMP-NAC State................................. Disabled Quarantine VLAN................................ 0 Maximum number of Associated Clients............. 0 Maximum number of Clients per AP Radio........... 200 --More-- or (q)uit Number of Active Clients......................... 1 Exclusionlist.................................... Disabled Session Timeout.................................. 1800 seconds User Idle Timeout................................ Disabled Sleep Client..................................... disable Sleep Client Timeout............................. 720 minutes User Idle Threshold.............................. 0 Bytes NAS-identifier................................... CTRL-LTI-B CHD per WLAN..................................... Enabled Webauth DHCP exclusion........................... Disabled Interface........................................ interne-mrx Multicast Interface.............................. interne-mrx WLAN IPv4 ACL.................................... unconfigured WLAN IPv6 ACL.................................... unconfigured WLAN Layer2 ACL.................................. unconfigured mDNS Status...................................... Enabled mDNS Profile Name................................ default-mdns-profile DHCP Server...................................... Default DHCP Address Assignment Required................. Disabled Static IP client tunneling....................... Disabled PMIPv6 Mobility Type............................. none PMIPv6 MAG Profile........................... Unconfigured PMIPv6 Default Realm......................... Unconfigured --More-- or (q)uit PMIPv6 NAI Type.............................. Hexadecimal PMIPv6 MAG location.......................... WLC Quality of Service............................... Silver Per-SSID Rate Limits............................. Upstream Downstream Average Data Rate................................ 0 0 Average Realtime Data Rate....................... 0 0 Burst Data Rate.................................. 0 0 Burst Realtime Data Rate......................... 0 0 Per-Client Rate Limits........................... Upstream Downstream Average Data Rate................................ 0 0 Average Realtime Data Rate....................... 0 0 Burst Data Rate.................................. 0 0 Burst Realtime Data Rate......................... 0 0 Scan Defer Priority.............................. 4,5,6 Scan Defer Time.................................. 100 milliseconds WMM.............................................. Allowed WMM UAPSD Compliant Client Support............... Disabled Media Stream Multicast-direct.................... Disabled CCX - AironetIe Support.......................... Enabled CCX - Gratuitous ProbeResponse (GPR)............. Disabled CCX - Diagnostics Channel Capability............. Disabled Dot11-Phone Mode (7920).......................... Disabled Wired Protocol................................... None --More-- or (q)uit Passive Client Feature........................... Disabled Peer-to-Peer Blocking Action..................... Disabled Radio Policy..................................... All DTIM period for 802.11a radio.................... 1 DTIM period for 802.11b radio.................... 1 Radius Servers Authentication................................ 172.20.3.78 1812 Accounting.................................... 172.20.3.78 1813 Interim Update............................. Enabled Interim Update Interval.................... 0 Framed IPv6 Acct AVP ...................... Prefix Dynamic Interface............................. Disabled Dynamic Interface Priority.................... wlan Local EAP Authentication......................... Disabled Radius NAI-Realm................................. Disabled Security 802.11 Authentication:........................ Open System FT Support.................................... Disabled Static WEP Keys............................... Disabled 802.1X........................................ Disabled Wi-Fi Protected Access (WPA/WPA2)............. Enabled WPA (SSN IE)............................... Enabled --More-- or (q)uit TKIP Cipher............................. Enabled AES Cipher.............................. Enabled WPA2 (RSN IE).............................. Enabled TKIP Cipher............................. Disabled AES Cipher.............................. Enabled Auth Key Management 802.1x.................................. Enabled PSK..................................... Disabled CCKM.................................... Disabled FT-1X(802.11r).......................... Disabled FT-PSK(802.11r)......................... Disabled PMF-1X(802.11w)......................... Disabled PMF-PSK(802.11w)........................ Disabled FT Reassociation Timeout................... 20 FT Over-The-DS mode........................ Disabled GTK Randomization.......................... Disabled SKC Cache Support.......................... Disabled CCKM TSF Tolerance......................... 1000 WAPI.......................................... Disabled Wi-Fi Direct policy configured................ Disabled EAP-Passthrough............................... Disabled CKIP ......................................... Disabled Web Based Authentication...................... Disabled --More-- or (q)uit Web Authentication Timeout.................... 300 Web-Passthrough............................... Disabled Mac-auth-server............................... 0.0.0.0 Web-portal-server............................. 0.0.0.0 Conditional Web Redirect...................... Disabled Splash-Page Web Redirect...................... Disabled Auto Anchor................................... Disabled FlexConnect Local Switching................... Disabled FlexConnect Central Association............... Disabled flexconnect Central Dhcp Flag................. Disabled flexconnect nat-pat Flag...................... Disabled flexconnect Dns Override Flag................. Disabled flexconnect PPPoE pass-through................ Disabled flexconnect local-switching IP-source-guar.... Disabled FlexConnect Vlan based Central Switching ..... Disabled FlexConnect Local Authentication.............. Disabled FlexConnect Learn IP Address.................. Enabled Client MFP.................................... Disabled PMF........................................... Disabled PMF Association Comeback Time................. 1 PMF SA Query RetryTimeout..................... 200 Tkip MIC Countermeasure Hold-down Timer....... 60 Eap-params.................................... Disabled --More-- or (q)uit AVC Visibilty.................................... Disabled AVC Profile Name................................. None Flow Monitor Name................................ None Split Tunnel Configuration Split Tunnel................................. Disabled Call Snooping.................................... Disabled Roamed Call Re-Anchor Policy..................... Disabled SIP CAC Fail Send-486-Busy Policy................ Enabled SIP CAC Fail Send Dis-Association Policy......... Disabled KTS based CAC Policy............................. Disabled Assisted Roaming Prediction Optimization......... Disabled 802.11k Neighbor List............................ Disabled 802.11k Neighbor List Dual Band.................. Disabled 802.11v Directed Multicast Service............... Disabled 802.11v BSS Max Idle Service..................... Enabled DMS DB is empty Band Select...................................... Disabled Load Balancing................................... Disabled Multicast Buffer................................. Disabled Universal Ap Admin............................... Disabled Mobility Anchor List WLAN ID IP Address Status --More-- or (q)uit ------- --------------- ------ 802.11u........................................ Disabled MSAP Services.................................. Disabled Local Policy ---------------- Priority Policy Name -------- --------------- (Cisco Controller) >debug client b0:10:41:b8:15:d5 (Cisco Controller) > *osapiBsnTimer: May 24 14:14:58.834: b0:10:41:b8:15:d5 802.1x 'txWhen' Timer expired for station b0:10:41:b8:15:d5 and for message = M0 *dot1xMsgTask: May 24 14:14:58.834: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *dot1xMsgTask: May 24 14:14:58.835: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 9) *dot1xMsgTask: May 24 14:14:58.835: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *osapiBsnTimer: May 24 14:15:28.834: b0:10:41:b8:15:d5 802.1x 'txWhen' Timer expired for station b0:10:41:b8:15:d5 and for message = M0 *dot1xMsgTask: May 24 14:15:28.834: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *dot1xMsgTask: May 24 14:15:28.835: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 10) *dot1xMsgTask: May 24 14:15:28.835: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *apfMsConnTask_0: May 24 14:15:30.441: b0:10:41:b8:15:d5 Processing assoc-req station:b0:10:41:b8:15:d5 AP:00:3a:99:f2:21:f0-01 thread:15117460 *apfMsConnTask_0: May 24 14:15:30.441: b0:10:41:b8:15:d5 Association received from mobile on BSSID 00:3a:99:f2:21:fe AP 099-LT334-AP01 *apfMsConnTask_0: May 24 14:15:30.441: b0:10:41:b8:15:d5 Global 200 Clients are allowed to AP radio *apfMsConnTask_0: May 24 14:15:30.441: b0:10:41:b8:15:d5 Max Client Trap Threshold: 0 cur: 1 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Rf profile 600 Clients are allowed to AP wlan *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 override for default ap group, marking intgrp NULL *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 317 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Re-applying interface policy for client *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2399) *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2420) *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 In processSsidIE:5682 setting Central switched to TRUE *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 In processSsidIE:5685 apVapId = 2 and Split Acl Id = 65535 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Setting the NAS Id to WLAN specific Id 'CTRL-LTI-B' *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Applying site-specific Local Bridging override for station b0:10:41:b8:15:d5 - vapId 2, site 'Campus-MRX', interface 'interne-mrx' *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Applying Local Bridging Interface Policy for station b0:10:41:b8:15:d5 - vlan 317, interface id 13, interface 'interne-mrx' *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 override from ap group, removing intf group from mscb *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Applying site-specific override for station b0:10:41:b8:15:d5 - vapId 2, site 'Campus-MRX', interface 'interne-mrx' *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 317 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 Re-applying interface policy for client *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2399) *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2420) *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 processSsidIE statusCode is 0 and status is 0 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 processSsidIE ssid_done_flag is 0 finish_flag is 0 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 STA - rates (8): 140 18 152 36 176 72 96 108 12 18 24 96 0 0 0 0 *apfMsConnTask_0: May 24 14:15:30.442: b0:10:41:b8:15:d5 suppRates statusCode is 0 and gotSuppRatesElement is 1 *apfMsConnTask_0: May 24 14:15:30.442: RSNIE in Assoc. Req.: (24) *apfMsConnTask_0: May 24 14:15:30.442: [0000] 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 *apfMsConnTask_0: May 24 14:15:30.442: [0016] 01 00 00 50 f2 01 0c 00 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Processing WPA IE type 221, length 24 for mobile b0:10:41:b8:15:d5 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Received 802.11i 802.1X key management suite, enabling dot1x Authentication *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 RSN Capabilities: 12 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 apfValidateDot11iCapabilities:1286 Received RSNIE with Capabilities with STA MFPC: 0, STA MFPR:0, & AP MFPC:0MFPR:0 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Marking Mobile as non-11w Capable *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Setting active key cache index 8 ---> 8 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 unsetting PmkIdValidatedByAp *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 apfValidateDot11wGroupMgmtCipher:1716, Received NULL 11w Group Mgmt Cipher Suite for STA, hence returning *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Initializing policy *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3) *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2) *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Encryption policy is set to 0x80000001 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Not Using WMM Compliance code qosCap 00 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Sending 11w Flag 0 for Client B0:10:41:B8:15:D5 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:99:f2:21:f0 vapId 2 apVapId 2 flex-acl-name: *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 apfPemAddUser2 (apf_policy.c:352) Changing state for mobile b0:10:41:b8:15:d5 on AP 00:3a:99:f2:21:f0 from Associated to Associated *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 apfPemAddUser2:session timeout forstation b0:10:41:b8:15:d5 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Sending assoc-resp with status 0 station:b0:10:41:b8:15:d5 AP:00:3a:99:f2:21:f0-01 on apVapId 2 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 Sending Assoc Response to station on BSSID 00:3a:99:f2:21:fe (status 0) ApVapId 2 Slot 1 *apfMsConnTask_0: May 24 14:15:30.443: b0:10:41:b8:15:d5 apfProcessAssocReq (apf_80211.c:9463) Changing state for mobile b0:10:41:b8:15:d5 on AP 00:3a:99:f2:21:f0 from Associated to Associated *spamApTask1: May 24 14:15:30.449: b0:10:41:b8:15:d5 Sent 1x initiate message to multi thread task for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.449: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_5: May 24 14:15:30.449: b0:10:41:b8:15:d5 EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries *Dot1x_NW_MsgTask_5: May 24 14:15:30.449: b0:10:41:b8:15:d5 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_5: May 24 14:15:30.449: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *Dot1x_NW_MsgTask_5: May 24 14:15:30.450: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 1) *Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 Reset the reauth counter since EAPOL START has been received!!! *Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 Received EAPOL START from mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 2) *Dot1x_NW_MsgTask_5: May 24 14:15:30.470: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Received EAPOL EAPPKT from mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Received Identity Response (count=1) from mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Resetting reauth count 1 to 0 for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 EAP State update from Connecting to Authenticating for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Authenticating state *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 Entering Backend Auth Response state for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.668: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 Processing Access-Reject for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 Sending EAP-Failure to mobile b0:10:41:b8:15:d5 (EAP Id -1) *Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 Entering Backend Auth Failure state (id=-1) for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.679: b0:10:41:b8:15:d5 Scheduling deletion of Mobile Station: (callerId: 84) in 1 seconds *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3) *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 0.0.0.0 START (0) Reached FAILURE: from line 5640 *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 Scheduling deletion of Mobile Station: (callerId: 9) in 10 seconds *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 Max AAA failure for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 Setting quiet timer for 5 seconds for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Unknown state *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:30.680: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Processing assoc-req station:b0:10:41:b8:15:d5 AP:00:3a:99:f2:21:f0-01 thread:15117460 *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Association received from mobile on BSSID 00:3a:99:f2:21:fe AP 099-LT334-AP01 *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Global 200 Clients are allowed to AP radio *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Max Client Trap Threshold: 0 cur: 1 *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Rf profile 600 Clients are allowed to AP wlan *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 override for default ap group, marking intgrp NULL *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 317 *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 Re-applying interface policy for client *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2399) *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2420) *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type *apfMsConnTask_0: May 24 14:15:31.609: b0:10:41:b8:15:d5 In processSsidIE:5682 setting Central switched to TRUE *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 In processSsidIE:5685 apVapId = 2 and Split Acl Id = 65535 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Setting the NAS Id to WLAN specific Id 'CTRL-LTI-B' *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Applying site-specific Local Bridging override for station b0:10:41:b8:15:d5 - vapId 2, site 'Campus-MRX', interface 'interne-mrx' *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Applying Local Bridging Interface Policy for station b0:10:41:b8:15:d5 - vlan 317, interface id 13, interface 'interne-mrx' *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 override from ap group, removing intf group from mscb *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Applying site-specific override for station b0:10:41:b8:15:d5 - vapId 2, site 'Campus-MRX', interface 'interne-mrx' *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 317 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Re-applying interface policy for client *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2399) *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2420) *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 processSsidIE statusCode is 0 and status is 0 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 processSsidIE ssid_done_flag is 0 finish_flag is 0 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 STA - rates (8): 140 18 152 36 176 72 96 108 12 18 24 96 0 0 0 0 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 suppRates statusCode is 0 and gotSuppRatesElement is 1 *apfMsConnTask_0: May 24 14:15:31.610: RSNIE in Assoc. Req.: (24) *apfMsConnTask_0: May 24 14:15:31.610: [0000] 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 *apfMsConnTask_0: May 24 14:15:31.610: [0016] 01 00 00 50 f2 01 0c 00 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Processing WPA IE type 221, length 24 for mobile b0:10:41:b8:15:d5 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Received 802.11i 802.1X key management suite, enabling dot1x Authentication *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 RSN Capabilities: 12 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 apfValidateDot11iCapabilities:1286 Received RSNIE with Capabilities with STA MFPC: 0, STA MFPR:0, & AP MFPC:0MFPR:0 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Marking Mobile as non-11w Capable *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 Setting active key cache index 8 ---> 8 *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 unsetting PmkIdValidatedByAp *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 apfValidateDot11wGroupMgmtCipher:1716, Received NULL 11w Group Mgmt Cipher Suite for STA, hence returning *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 0.0.0.0 START (0) Initializing policy *apfMsConnTask_0: May 24 14:15:31.610: b0:10:41:b8:15:d5 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0) *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2) *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Encryption policy is set to 0x80000001 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Not Using WMM Compliance code qosCap 00 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Sending 11w Flag 0 for Client B0:10:41:B8:15:D5 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 00:3a:99:f2:21:f0 vapId 2 apVapId 2 flex-acl-name: *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 apfPemAddUser2 (apf_policy.c:352) Changing state for mobile b0:10:41:b8:15:d5 on AP 00:3a:99:f2:21:f0 from Associated to Associated *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 apfPemAddUser2:session timeout forstation b0:10:41:b8:15:d5 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Sending assoc-resp with status 0 station:b0:10:41:b8:15:d5 AP:00:3a:99:f2:21:f0-01 on apVapId 2 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 Sending Assoc Response to station on BSSID 00:3a:99:f2:21:fe (status 0) ApVapId 2 Slot 1 *apfMsConnTask_0: May 24 14:15:31.611: b0:10:41:b8:15:d5 apfProcessAssocReq (apf_80211.c:9463) Changing state for mobile b0:10:41:b8:15:d5 on AP 00:3a:99:f2:21:f0 from Associated to Associated *spamApTask1: May 24 14:15:31.617: b0:10:41:b8:15:d5 Sent 1x initiate message to multi thread task for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:31.617: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_5: May 24 14:15:31.617: b0:10:41:b8:15:d5 EAP-PARAM Debug - eap-params for Wlan-Id :2 is disabled - applying Global eap timers and retries *Dot1x_NW_MsgTask_5: May 24 14:15:31.617: b0:10:41:b8:15:d5 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_5: May 24 14:15:31.617: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *Dot1x_NW_MsgTask_5: May 24 14:15:31.617: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 1) *Dot1x_NW_MsgTask_5: May 24 14:15:31.645: b0:10:41:b8:15:d5 Reset the reauth counter since EAPOL START has been received!!! *Dot1x_NW_MsgTask_5: May 24 14:15:31.645: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_5: May 24 14:15:31.646: b0:10:41:b8:15:d5 Received EAPOL START from mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:31.646: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *Dot1x_NW_MsgTask_5: May 24 14:15:31.646: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 2) *Dot1x_NW_MsgTask_5: May 24 14:15:31.646: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 Received EAPOL EAPPKT from mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 Received Identity Response (count=1) from mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 Resetting reauth count 1 to 0 for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 EAP State update from Connecting to Authenticating for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Authenticating state *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 Entering Backend Auth Response state for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.356: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 Processing Access-Reject for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 Sending EAP-Failure to mobile b0:10:41:b8:15:d5 (EAP Id -1) *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 Entering Backend Auth Failure state (id=-1) for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 Scheduling deletion of Mobile Station: (callerId: 84) in 1 seconds *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 0.0.0.0 8021X_REQD (3) Change state to START (0) last state 8021X_REQD (3) *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 0.0.0.0 START (0) Reached FAILURE: from line 5640 *Dot1x_NW_MsgTask_5: May 24 14:15:39.361: b0:10:41:b8:15:d5 Scheduling deletion of Mobile Station: (callerId: 9) in 10 seconds *Dot1x_NW_MsgTask_5: May 24 14:15:39.362: b0:10:41:b8:15:d5 Max AAA failure for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.362: b0:10:41:b8:15:d5 Setting quiet timer for 5 seconds for mobile b0:10:41:b8:15:d5 *Dot1x_NW_MsgTask_5: May 24 14:15:39.362: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Unknown state *Dot1x_NW_MsgTask_5: May 24 14:15:39.362: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *Dot1x_NW_MsgTask_5: May 24 14:15:39.362: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *osapiBsnTimer: May 24 14:15:44.234: b0:10:41:b8:15:d5 802.1x 'quiteWhile' Timer expired for station b0:10:41:b8:15:d5 and for message = M0 *dot1xMsgTask: May 24 14:15:44.234: b0:10:41:b8:15:d5 quiet timer completed for mobile b0:10:41:b8:15:d5 *dot1xMsgTask: May 24 14:15:44.234: b0:10:41:b8:15:d5 dot1x - moving mobile b0:10:41:b8:15:d5 into Connecting state *dot1xMsgTask: May 24 14:15:44.235: b0:10:41:b8:15:d5 Sending EAP-Request/Identity to mobile b0:10:41:b8:15:d5 (EAP Id 1) *dot1xMsgTask: May 24 14:15:44.235: b0:10:41:b8:15:d5 reauth_sm state transition 0 ---> 0 for mobile b0:10:41:b8:15:d5 at 1x_reauth_sm.c:71 *osapiBsnTimer: May 24 14:15:49.234: b0:10:41:b8:15:d5 apfMsExpireCallback (apf_ms.c:632) Expiring Mobile! *apfReceiveTask: May 24 14:15:49.235: b0:10:41:b8:15:d5 apfMsExpireMobileStation (apf_ms.c:6976) Changing state for mobile b0:10:41:b8:15:d5 on AP 00:3a:99:f2:21:f0 from Associated to Disassociated *apfReceiveTask: May 24 14:15:49.235: b0:10:41:b8:15:d5 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds