本帖最后由 wuhao0015 于 2016-4-11 22:15 编辑 各位大家好,(已解决)
最近做实验遇到个问题,我使用vWLC8.1.131+LAP1142N-A-K9+ISE1.2.1(补丁到path8),做CWA,使用ISE内置的用户。
设备连接无线可以正常跳出认证页面。认证什么的都可以通过但是在授权的时候提示COA错误(COA确定开启),无法授权。然后连接无线的设备就断开了。然后就没有然后了。不知啥原因。
WLC信息:
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.1.131.0
RTOS Version..................................... 8.1.131.0
Bootloader Version............................... 8.1.131.0
Emergency Image Version.......................... 8.1.131.0
Build Type....................................... DATA + WPS
System Name...................................... WLC
System Location.................................. Nanjing
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 192.168.200.102
IPv6 Address..................................... ::
System Up Time................................... 4 days 21 hrs 38 mins 45 secs
System Timezone Location......................... (GMT +8:00) HongKong, Bejing, Chongquing
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:CN,US
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 3
Burned-in MAC Address............................ 00:0C:29:08:D1:17
Maximum number of APs supported.................. 200
System Nas-Id.................................... WLC
WLC MIC Certificate Types........................ SHA1
(Cisco Controller) >show ap summary
Number of APs.................................... 2
Global AP User Name.............................. hale
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients DSE Location
------------------ ----- -------------------- ----------------- ---------------- ---------- --------------- -------- --------------
NJ-Home-LAP1142I 2 AIR-LAP1142N-A-K9 d0:d0:fd:65:24:74 Nanjing US 192.168.50.251 2 [0 ,0 ,0 ]
NJ-Home-LAP2702I 2 AIR-CAP2702I-A-K9 88:1d:fc:e6:df:80 Nanjing US 192.168.50.252 1 [0 ,0 ,0 ]
(Cisco Controller) >
(Cisco Controller) >show radius summary
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Accounting Call Station Id Type.................. Mac Address
Auth Call Station Id Type........................ AP's Radio MAC Address:SSID
Extended Source Ports Support.................... Enabled
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
RADIUS Authentication Framed-MTU................. 1300 Bytes
Authentication Servers
Idx Type Server Address Port State Tout MgmtTout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr/Region
--- ---- ---------------- ------ -------- ---- -------- ------- -------------------------------------------------------
1 * NM 192.168.200.101 1812 Enabled 2 2
Enabled Disabled - none/unknown/group-0/0 none/none/none
--More-- or (q)uit
Accounting Servers
Idx Type Server Address Port State Tout MgmtTout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr/Region
--- ---- ---------------- ------ -------- ---- -------- ------- -------------------------------------------------------
1 * N 192.168.200.101 1813 Enabled 2 2 N/A Disabled - none/unknown/group-0/0 none/none/none
(Cisco Controller) >
WLC的debug信息。(从连接到被断开的debug信息)
(Cisco Controller) >debug aaa events enable
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*radiusTransportThread: Apr 04 18:36:44.204: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*apfMsConnTask_4: Apr 04 18:56:46.057: f4:8b:32:73:ff:f9 Sending Accounting request (2) for station f4:8b:32:73:ff:f9
*apfMsConnTask_4: Apr 04 18:56:46.058: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:56:46.058: AccountingMessage Accounting Stop: 0x7f884ef35628
*aaaQueueReader: Apr 04 18:56:46.058: Packet contains 23 AVPs:
*aaaQueueReader: Apr 04 18:56:46.058: AVP[01] User-Name................................f48b3273fff9 (12 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[04] Framed-IP-Address........................0xc0a83210 (-1062718960) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[05] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[06] Airespace / WLAN-Identifier..............0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[07] Acct-Session-Id..........................570243bc/f4:8b:32:73:ff:f9/180 (30 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[09] Cisco / Audit-Session-Id.................66c8a8c0000000a2ba430257 (24 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[10] Acct-Authentic...........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[11] Acct-Event-Time..........................0x5702486e (1459767406) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[12] Acct-Status-Type.........................0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[13] Acct-Input-Octets........................0x00016a69 (92777) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[14] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[15] Acct-Output-Octets.......................0x00067682 (423554) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[16] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[17] Acct-Input-Packets.......................0x00000305 (773) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[18] Acct-Output-Packets......................0x00000249 (585) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[19] Acct-Terminate-Cause.....................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[20] Acct-Session-Time........................0x000004b2 (1202) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[21] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[22] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[23] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:46.058: Found the radius server : 192.168.200.101 from the global server list
*apfMsConnTask_4: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Audit Session ID added to the mscb: 66c8a8c0000000a36e480257
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Stop (id 106) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*aaaQueueReader: Apr 04 18:56:46.058: Unable to find requested user entry for f48b3273fff9
*aaaQueueReader: Apr 04 18:56:46.058: ReProcessAuthentication previous proto 8, next proto 40000001
*aaaQueueReader: Apr 04 18:56:46.058: AuthenticationRequest: 0x7f87f7320978
*aaaQueueReader: Apr 04 18:56:46.058: Callback.....................................0x53ded0
*aaaQueueReader: Apr 04 18:56:46.058: protocolType.................................0x40000001
*aaaQueueReader: Apr 04 18:56:46.058: proxyState...................................F4:8B:32:73:FF:F9-00:00
*aaaQueueReader: Apr 04 18:56:46.058: Packet contains 13 AVPs (not shown)
*aaaQueueReader: Apr 04 18:56:46.058: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:46.058: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:56:46.058: Putting the quth request in qid 9, srv=index 0
*aaaQueueReader: Apr 04 18:56:46.058: Request Authenticator 26:77:d4:5c:3a:8a:a9:4b:ee:57:cb:15:77:90:d3:01
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1812
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Successful transmission of Authentication Packet (id 37) to 192.168.200.101:1812 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:46.106: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 0, rawOffset 20, rawLeft 288
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 1, rawOffset 39, rawLeft 269
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 2, rawOffset 79, rawLeft 229
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 3, rawOffset 128, rawLeft 180
*radiusTransportThread: Apr 04 18:56:46.107: *** Counted VSA 150994944 AVP of length 37, code 1 atrlen 31)
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 4, rawOffset 165, rawLeft 143
*radiusTransportThread: Apr 04 18:56:46.107: *** Counted VSA 150994944 AVP of length 115, code 1 atrlen 109)
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 5, rawOffset 280, rawLeft 28
*radiusTransportThread: Apr 04 18:56:46.107: *** Counted VSA 150994944 AVP of length 28, code 1 atrlen 22)
*radiusTransportThread: Apr 04 18:56:46.107: Counted 6 AVPs (processed 308 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 0, rawOffset 20, rawLeft 288, respOffset 184, respLeft 7908
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 19 raw bytes, copied 17 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 1, rawOffset 39, rawLeft 269, respOffset 201, respLeft 7891
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 40 raw bytes, copied 38 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 2, rawOffset 79, rawLeft 229, respOffset 239, respLeft 7853
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 49 raw bytes, copied 47 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 3, rawOffset 128, rawLeft 180, respOffset 286, respLeft 7806
*radiusTransportThread: Apr 04 18:56:46.107: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 31, Value:
*radiusTransportThread: Apr 04 18:56:46.107: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 2d 61 63 6c url-redirect-acl
*radiusTransportThread: Apr 04 18:56:46.107: 00000010: 3d 57 65 62 2d 41 75 74 68 2d 41 43 4c =Web-Auth-ACL
*radiusTransportThread: Apr 04 18:56:46.107: Processed VSA 9, type 1, raw bytes 31, copied 12 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 4, rawOffset 165, rawLeft 143, respOffset 298, respLeft 7794
*radiusTransportThread: Apr 04 18:56:46.107: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 109, Value:
*radiusTransportThread: Apr 04 18:56:46.107: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 3d 68 74 74 url-redirect=htt
*radiusTransportThread: Apr 04 18:56:46.107: 00000010: 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 32 30 30 ps://192.168.200
*radiusTransportThread: Apr 04 18:56:46.107: 00000020: 2e 31 30 31 3a 38 34 34 33 2f 67 75 65 73 74 70 .101:8443/guestp
*radiusTransportThread: Apr 04 18:56:46.107: 00000030: 6f 72 74 61 6c 2f 67 61 74 65 77 61 79 3f 73 65 ortal/gateway?se
*radiusTransportThread: Apr 04 18:56:46.107: 00000040: 73 73 69 6f 6e 49 64 3d 36 36 63 38 61 38 63 30 ssionId=66c8a8c0
*radiusTransportThread: Apr 04 18:56:46.107: 00000050: 30 30 30 30 30 30 61 33 36 65 34 38 30 32 35 37 000000a36e480257
*radiusTransportThread: Apr 04 18:56:46.107: 00000060: 26 61 63 74 69 6f 6e 3d 63 77 61 &action=cwa
*radiusTransportThread: Apr 04 18:56:46.107: Processed VSA 9, type 1, raw bytes 109, copied 94 bytes
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 115 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 5, rawOffset 280, rawLeft 28, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:46.107: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 22, Value:
*radiusTransportThread: Apr 04 18:56:46.107: 00000000: 70 72 6f 66 69 6c 65 2d 6e 61 6d 65 3d 41 6e 64 profile-name=And
*radiusTransportThread: Apr 04 18:56:46.107: 00000010: 72 6f 69 64 roid
*radiusTransportThread: Apr 04 18:56:46.107: Processed VSA 9, type 1, raw bytes 22, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 28 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:46.107: Done - avpIndex 5, rawOffset 308, rawLeft 0, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Access-Accept received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:56:46.107: AuthorizationResponse: 0x48ce6e0
*radiusTransportThread: Apr 04 18:56:46.107: structureSize................................392
*radiusTransportThread: Apr 04 18:56:46.107: resultCode...................................0
*radiusTransportThread: Apr 04 18:56:46.107: protocolUsed.................................0x00000001
*radiusTransportThread: Apr 04 18:56:46.107: proxyState...................................F4:8B:32:73:FF:F9-00:00
*radiusTransportThread: Apr 04 18:56:46.107: Packet contains 5 AVPs:
*radiusTransportThread: Apr 04 18:56:46.107: AVP[01] User-Name................................F4-8B-32-73-FF-F9 (17 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[02] State....................................ReauthSession:66c8a8c0000000a36e480257 (38 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[03] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/580 (47 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[04] Cisco / Url-Redirect-Acl.................Web-Auth-ACL (12 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[05] Cisco / Url-Redirect.....................DATA (94 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[0]: attribute 1
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 username = F4-8B-32-73-FF-F9
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[1]: attribute 24
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[2]: attribute 25
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[3]: attribute 6
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[4]: attribute 5
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 SGT received is '' with length 0 for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to flexconnect ACL ID 1
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to ACL ID 255
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Applying new AAA override for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Inserting new RADIUS override into chain for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*DHCP Socket Task: Apr 04 18:56:47.487: f4:8b:32:73:ff:f9 Sending Accounting request (0) for station f4:8b:32:73:ff:f9
*DHCP Socket Task: Apr 04 18:56:47.487: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:56:47.487: AccountingMessage Accounting Start: 0x7f87f7320978
*aaaQueueReader: Apr 04 18:56:47.487: Packet contains 15 AVPs:
*aaaQueueReader: Apr 04 18:56:47.487: AVP[01] User-Name................................f48b3273fff9 (12 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[04] Framed-IP-Address........................0xc0a8312e (-1062719186) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[05] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/580 (47 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[06] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[07] Airespace / WLAN-Identifier..............0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[08] Acct-Session-Id..........................5702486e/f4:8b:32:73:ff:f9/182 (30 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[10] Cisco / Audit-Session-Id.................66c8a8c0000000a36e480257 (24 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[12] Acct-Event-Time..........................0x5702486f (1459767407) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[13] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[14] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[15] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:47.487: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:56:47.487: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:56:47.487: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Start (id 107) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:47.498: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:47.498: Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:47.498: Done - avpIndex 0, rawOffset 20, rawLeft 0, respOffset 40, respLeft 8052
*radiusTransportThread: Apr 04 18:56:47.498: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:56:48.108: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*radiusTransportThread: Apr 04 18:56:48.108: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Stop (id 106) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:48.114: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:48.114: Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:48.114: Done - avpIndex 0, rawOffset 20, rawLeft 0, respOffset 40, respLeft 8052
*radiusTransportThread: Apr 04 18:56:48.114: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*aaaQueueReader: Apr 04 18:56:51.331: Unable to find requested user entry for f48b3273fff9
*aaaQueueReader: Apr 04 18:56:51.331: ReProcessAuthentication previous proto 8, next proto 40000001
*aaaQueueReader: Apr 04 18:56:51.331: AuthenticationRequest: 0x7f87f732afb8
*aaaQueueReader: Apr 04 18:56:51.331: Callback.....................................0x53ded0
*aaaQueueReader: Apr 04 18:56:51.331: protocolType.................................0x40000001
*aaaQueueReader: Apr 04 18:56:51.331: proxyState...................................F4:8B:32:73:FF:F9-00:00
*aaaQueueReader: Apr 04 18:56:51.331: Packet contains 13 AVPs (not shown)
*aaaQueueReader: Apr 04 18:56:51.331: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:51.331: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:56:51.331: Putting the quth request in qid 9, srv=index 0
*aaaQueueReader: Apr 04 18:56:51.331: Request Authenticator b9:fc:d0:83:5f:5b:a1:e0:e6:c2:6f:1e:06:3c:c4:c6
*aaaQueueReader: Apr 04 18:56:51.331: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1812
*aaaQueueReader: Apr 04 18:56:51.332: f4:8b:32:73:ff:f9 Successful transmission of Authentication Packet (id 38) to 192.168.200.101:1812 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:51.360: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 0, rawOffset 20, rawLeft 288
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 1, rawOffset 39, rawLeft 269
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 2, rawOffset 79, rawLeft 229
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 3, rawOffset 128, rawLeft 180
*radiusTransportThread: Apr 04 18:56:51.360: *** Counted VSA 150994944 AVP of length 37, code 1 atrlen 31)
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 4, rawOffset 165, rawLeft 143
*radiusTransportThread: Apr 04 18:56:51.360: *** Counted VSA 150994944 AVP of length 115, code 1 atrlen 109)
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 5, rawOffset 280, rawLeft 28
*radiusTransportThread: Apr 04 18:56:51.360: *** Counted VSA 150994944 AVP of length 28, code 1 atrlen 22)
*radiusTransportThread: Apr 04 18:56:51.360: Counted 6 AVPs (processed 308 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 0, rawOffset 20, rawLeft 288, respOffset 184, respLeft 7908
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 19 raw bytes, copied 17 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 1, rawOffset 39, rawLeft 269, respOffset 201, respLeft 7891
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 40 raw bytes, copied 38 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 2, rawOffset 79, rawLeft 229, respOffset 239, respLeft 7853
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 49 raw bytes, copied 47 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 3, rawOffset 128, rawLeft 180, respOffset 286, respLeft 7806
*radiusTransportThread: Apr 04 18:56:51.360: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 31, Value:
*radiusTransportThread: Apr 04 18:56:51.360: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 2d 61 63 6c url-redirect-acl
*radiusTransportThread: Apr 04 18:56:51.360: 00000010: 3d 57 65 62 2d 41 75 74 68 2d 41 43 4c =Web-Auth-ACL
*radiusTransportThread: Apr 04 18:56:51.360: Processed VSA 9, type 1, raw bytes 31, copied 12 bytes
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 37 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 4, rawOffset 165, rawLeft 143, respOffset 298, respLeft 7794
*radiusTransportThread: Apr 04 18:56:51.360: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 109, Value:
*radiusTransportThread: Apr 04 18:56:51.360: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 3d 68 74 74 url-redirect=htt
*radiusTransportThread: Apr 04 18:56:51.360: 00000010: 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 32 30 30 ps://192.168.200
*radiusTransportThread: Apr 04 18:56:51.360: 00000020: 2e 31 30 31 3a 38 34 34 33 2f 67 75 65 73 74 70 .101:8443/guestp
*radiusTransportThread: Apr 04 18:56:51.360: 00000030: 6f 72 74 61 6c 2f 67 61 74 65 77 61 79 3f 73 65 ortal/gateway?se
*radiusTransportThread: Apr 04 18:56:51.360: 00000040: 73 73 69 6f 6e 49 64 3d 36 36 63 38 61 38 63 30 ssionId=66c8a8c0
*radiusTransportThread: Apr 04 18:56:51.360: 00000050: 30 30 30 30 30 30 61 33 36 65 34 38 30 32 35 37 000000a36e480257
*radiusTransportThread: Apr 04 18:56:51.360: 00000060: 26 61 63 74 69 6f 6e 3d 63 77 61 &action=cwa
*radiusTransportThread: Apr 04 18:56:51.360: Processed VSA 9, type 1, raw bytes 109, copied 94 bytes
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 115 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 5, rawOffset 280, rawLeft 28, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:51.360: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 22, Value:
*radiusTransportThread: Apr 04 18:56:51.360: 00000000: 70 72 6f 66 69 6c 65 2d 6e 61 6d 65 3d 41 6e 64 profile-name=And
*radiusTransportThread: Apr 04 18:56:51.360: 00000010: 72 6f 69 64 roid
*radiusTransportThread: Apr 04 18:56:51.360: Processed VSA 9, type 1, raw bytes 22, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 28 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: Done - avpIndex 5, rawOffset 308, rawLeft 0, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 Access-Accept received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:56:51.360: AuthorizationResponse: 0x48ce6e0
*radiusTransportThread: Apr 04 18:56:51.360: structureSize................................392
*radiusTransportThread: Apr 04 18:56:51.360: resultCode...................................0
*radiusTransportThread: Apr 04 18:56:51.360: protocolUsed.................................0x00000001
*radiusTransportThread: Apr 04 18:56:51.360: proxyState...................................F4:8B:32:73:FF:F9-00:00
*radiusTransportThread: Apr 04 18:56:51.360: Packet contains 5 AVPs:
*radiusTransportThread: Apr 04 18:56:51.360: AVP[01] User-Name................................F4-8B-32-73-FF-F9 (17 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[02] State....................................ReauthSession:66c8a8c0000000a36e480257 (38 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[03] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/583 (47 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[04] Cisco / Url-Redirect-Acl.................Web-Auth-ACL (12 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[05] Cisco / Url-Redirect.....................DATA (94 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[0]: attribute 1
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 username = F4-8B-32-73-FF-F9
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[1]: attribute 24
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[2]: attribute 25
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[3]: attribute 6
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[4]: attribute 5
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 SGT received is '' with length 0 for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to flexconnect ACL ID 1
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to ACL ID 255
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Applying new AAA override for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Inserting new RADIUS override into chain for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: processIncomingMessages: Received a message from server 192.168.200.101 of len 202 with reason code 0
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: processIncomingMessages: received a frame with code 43 from 192.168.200.101 on port:61422
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: the value to be parsed subscriber:command=reauthenticate+ and the length =35
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: Reauthenticate command = reauthenticate+
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: the value to be parsed subscriber:reauthenticate-type=last1 and the length =37
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: the value to be parsed audit-session-id=66c8a8c0000000a36e480257 and the length =43
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: audit session ID recieved in CoA = 66c8a8c0000000a36e480257
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: Message Authenticator received - e2:22:38:ac:48:e8:8c:3a:21:14:b6:1d:29:25:da:e3
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: Message Authenticator calc'ed - e2:22:38:ac:48:e8:8c:3a:21:14:b6:1d:29:25:da:e3 rawlen 202
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Request Authenticator - e1:52:92:f1:e3:08:ff:7d:85:4b:a5:5a:d7:09:89:15
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Received a 'CoA-Request' from 192.168.200.101 port 61422
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Packet contains 9 AVPs:
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[01] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[02] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[03] Acct-Event-Time..........................0x570248a9 (1459767465) (4 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[04] Message-Authenticator....................DATA (16 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[05] Acct-Event-Time..........................0x65723a63 (1701984867) (4 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[06] Message-Authenticator....................mand=reauthentic (16 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[07] Unknown Attribute 0......................NULL (0 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[08] Unknown Attribute 0......................NULL (0 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[09] Unknown Attribute 0......................NULL (0 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: CoA - Received IP Address : 192.168.200.102, Vlan ID: (received 0)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: f4:8b:32:73:ff:f9 Calling-Station-Id ---> f4:8b:32:73:ff:f9
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Handling a valid 'CoA-Request' regarding station f4:8b:32:73:ff:f9
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: f4:8b:32:73:ff:f9 Reauthenticating station f4:8b:32:73:ff:f9
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Sent a 'CoA-Ack' to 192.168.200.101 (port:61422)
*aaaQueueReader: Apr 04 18:57:41.683: Unable to find requested user entry for f48b3273fff9
*aaaQueueReader: Apr 04 18:57:41.683: ReProcessAuthentication previous proto 8, next proto 40000001
*aaaQueueReader: Apr 04 18:57:41.683: AuthenticationRequest: 0x7f87f7321238
*aaaQueueReader: Apr 04 18:57:41.683: Callback.....................................0x53ded0
*aaaQueueReader: Apr 04 18:57:41.683: protocolType.................................0x40000001
*aaaQueueReader: Apr 04 18:57:41.683: proxyState...................................F4:8B:32:73:FF:F9-00:00
*aaaQueueReader: Apr 04 18:57:41.683: Packet contains 13 AVPs (not shown)
*aaaQueueReader: Apr 04 18:57:41.683: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:41.683: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:57:41.683: Putting the quth request in qid 9, srv=index 0
*aaaQueueReader: Apr 04 18:57:41.683: Request Authenticator b5:03:ee:ff:b0:74:e0:f7:ad:34:14:e5:df:24:e7:51
*aaaQueueReader: Apr 04 18:57:41.683: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1812
*aaaQueueReader: Apr 04 18:57:41.684: f4:8b:32:73:ff:f9 Successful transmission of Authentication Packet (id 39) to 192.168.200.101:1812 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:41.698: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 0, rawOffset 20, rawLeft 158
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 1, rawOffset 26, rawLeft 152
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 2, rawOffset 66, rawLeft 112
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 3, rawOffset 115, rawLeft 63
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 4, rawOffset 133, rawLeft 45
*radiusTransportThread: Apr 04 18:57:41.698: *** Counted VSA 150994944 AVP of length 28, code 1 atrlen 22)
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 5, rawOffset 161, rawLeft 17
*radiusTransportThread: Apr 04 18:57:41.698: *** Counted VSA 1664548864 AVP of length 17, code 6 atrlen 11)
*radiusTransportThread: Apr 04 18:57:41.698: Counted 6 AVPs (processed 178 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 0, rawOffset 20, rawLeft 158, respOffset 184, respLeft 7908
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 6 raw bytes, copied 4 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 1, rawOffset 26, rawLeft 152, respOffset 188, respLeft 7904
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 40 raw bytes, copied 38 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 2, rawOffset 66, rawLeft 112, respOffset 226, respLeft 7866
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 49 raw bytes, copied 47 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 3, rawOffset 115, rawLeft 63, respOffset 273, respLeft 7819
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 18 raw bytes, copied 16 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 4, rawOffset 133, rawLeft 45, respOffset 289, respLeft 7803
*radiusTransportThread: Apr 04 18:57:41.698: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 22, Value:
*radiusTransportThread: Apr 04 18:57:41.698: 00000000: 70 72 6f 66 69 6c 65 2d 6e 61 6d 65 3d 41 6e 64 profile-name=And
*radiusTransportThread: Apr 04 18:57:41.698: 00000010: 72 6f 69 64 roid
*radiusTransportThread: Apr 04 18:57:41.698: Processed VSA 9, type 1, raw bytes 22, copied 0 bytes
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 28 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 4, rawOffset 161, rawLeft 17, respOffset 289, respLeft 7803
*radiusTransportThread: Apr 04 18:57:41.698: AVP: VendorId: 1664548864, vendorType: 6, vendorLen: 11, Value:
*radiusTransportThread: Apr 04 18:57:41.698: 00000000: 41 64 6d 69 6e 2d 41 43 4c Admin-ACL
*radiusTransportThread: Apr 04 18:57:41.698: Processed VSA 14179, type 6, raw bytes 11, copied 9 bytes
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 17 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:57:41.698: Done - avpIndex 5, rawOffset 178, rawLeft 0, respOffset 298, respLeft 7794
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Access-Accept received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:57:41.698: structureSize................................298
*radiusTransportThread: Apr 04 18:57:41.698: resultCode...................................0
*radiusTransportThread: Apr 04 18:57:41.698: protocolUsed.................................0x00000001
*radiusTransportThread: Apr 04 18:57:41.698: proxyState...................................F4:8B:32:73:FF:F9-00:00
*radiusTransportThread: Apr 04 18:57:41.698: Packet contains 5 AVPs:
*radiusTransportThread: Apr 04 18:57:41.698: AVP[01] User-Name................................0x68616c65 (1751215205) (4 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[02] State....................................ReauthSession:66c8a8c0000000a36e480257 (38 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[03] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/584 (47 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[04] Message-Authenticator....................DATA (16 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[05] Airespace / ACL-Name.....................Admin-ACL (9 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[0]: attribute 1
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 username = hale
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[1]: attribute 24
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[2]: attribute 25
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[3]: attribute 80
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[4]: attribute 6
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Applying new AAA override for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x400
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: 'Admin-ACL, ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Inserting new RADIUS override into chain for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x400
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: 'Admin-ACL, ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Applying override policy from source Override Summation: with value 400
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 256, valid bits: 0x400
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: 'Admin-ACL, ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:57:41.699: f4:8b:32:73:ff:f9 Sending Accounting request (0) for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:41.699: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:57:41.699: AccountingMessage Accounting Interim: 0x7f884ef3c308
*aaaQueueReader: Apr 04 18:57:41.699: Packet contains 23 AVPs:
*aaaQueueReader: Apr 04 18:57:41.699: AVP[01] User-Name................................0x68616c65 (1751215205) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[04] Framed-IP-Address........................0xc0a8312e (-1062719186) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[05] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/584 (47 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[06] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[07] Airespace / WLAN-Identifier..............0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[08] Acct-Session-Id..........................5702486e/f4:8b:32:73:ff:f9/182 (30 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[10] Cisco / Audit-Session-Id.................66c8a8c0000000a36e480257 (24 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[12] Acct-Event-Time..........................0x570248a5 (1459767461) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[13] Acct-Status-Type.........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[14] Acct-Input-Octets........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[15] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[16] Acct-Output-Octets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[17] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[18] Acct-Input-Packets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[19] Acct-Output-Packets......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[20] Acct-Session-Time........................0x00000037 (55) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[21] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[22] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[23] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:41.699: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:57:41.699: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:57:41.699: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Interim (id 108) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:41.713: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:41.713: numAvps 0, rawOffset 20, rawLeft 18
*radiusTransportThread: Apr 04 18:57:41.713: Counted 1 AVPs (processed 38 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:41.713: avpIndex 0, rawOffset 20, rawLeft 18, respOffset 64, respLeft 8028
*radiusTransportThread: Apr 04 18:57:41.713: .....processed 18 raw bytes, copied 16 bytes
*radiusTransportThread: Apr 04 18:57:41.713: Done - avpIndex 1, rawOffset 38, rawLeft 0, respOffset 80, respLeft 8012
*radiusTransportThread: Apr 04 18:57:41.713: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*apfReceiveTask: Apr 04 18:57:42.697: f4:8b:32:73:ff:f9 Sending Accounting request (2) for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:42.697: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:57:42.698: AccountingMessage Accounting Stop: 0x7f884ef25288
*aaaQueueReader: Apr 04 18:57:42.698: Packet contains 24 AVPs:
*aaaQueueReader: Apr 04 18:57:42.698: AVP[01] User-Name................................0x68616c65 (1751215205) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[04] Framed-IP-Address........................0xc0a8312e (-1062719186) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[05] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/584 (47 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[06] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[07] Airespace / WLAN-Identifier..............0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[08] Acct-Session-Id..........................5702486e/f4:8b:32:73:ff:f9/182 (30 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[10] Cisco / Audit-Session-Id.................66c8a8c0000000a36e480257 (24 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[12] Acct-Event-Time..........................0x570248a6 (1459767462) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[13] Acct-Status-Type.........................0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[14] Acct-Input-Octets........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[15] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[16] Acct-Output-Octets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[17] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[18] Acct-Input-Packets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[19] Acct-Output-Packets......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[20] Acct-Terminate-Cause.....................0x00000004 (4) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[21] Acct-Session-Time........................0x00000038 (56) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[22] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[23] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[24] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:42.698: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:57:42.698: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:57:42.698: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Stop (id 109) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:42.704: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:42.704: numAvps 0, rawOffset 20, rawLeft 18
*radiusTransportThread: Apr 04 18:57:42.704: Counted 1 AVPs (processed 38 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:42.704: avpIndex 0, rawOffset 20, rawLeft 18, respOffset 64, respLeft 8028
*radiusTransportThread: Apr 04 18:57:42.704: .....processed 18 raw bytes, copied 16 bytes
*radiusTransportThread: Apr 04 18:57:42.704: Done - avpIndex 1, rawOffset 38, rawLeft 0, respOffset 80, respLeft 8012
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*radiusTransportThread: Apr 04 18:57:42.704: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*apfReceiveTask: Apr 04 18:57:52.460: f4:8b:32:73:ff:f9 Audit Session ID added to the mscb: 66c8a8c0000000a4b0480257
*DHCP Socket Task: Apr 04 18:57:53.788: f4:8b:32:73:ff:f9 Sending Accounting request (0) for station f4:8b:32:73:ff:f9
*DHCP Socket Task: Apr 04 18:57:53.788: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:57:53.788: AccountingMessage Accounting Start: 0x7f87f731ef38
*aaaQueueReader: Apr 04 18:57:53.788: Packet contains 14 AVPs:
*aaaQueueReader: Apr 04 18:57:53.788: AVP[01] User-Name................................f48b3273fff9 (12 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[04] Framed-IP-Address........................0xc0a83210 (-1062718960) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[05] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[06] Airespace / WLAN-Identifier..............0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[07] Acct-Session-Id..........................570248b1/f4:8b:32:73:ff:f9/183 (30 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[09] Cisco / Audit-Session-Id.................66c8a8c0000000a4b0480257 (24 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[10] Acct-Authentic...........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[11] Acct-Event-Time..........................0x570248b1 (1459767473) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[12] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[13] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[14] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:53.789: Found the radius server : 192.168.200.101 from the global server list
*aaaQueueReader: Apr 04 18:57:53.789: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:57:53.789: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Start (id 110) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:53.818: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:53.818: Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:53.818: Done - avpIndex 0, rawOffset 20, rawLeft 0, respOffset 40, respLeft 8052
*radiusTransportThread: Apr 04 18:57:53.818: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
下面是ISE的信息:
ise/admin# show version
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.5.311
ADE-OS System Architecture: x86_64
Copyright (c) 2005-2013 by Cisco Systems, Inc.
All rights reserved.
Hostname: ise
Version information of installed applications
---------------------------------------------
Cisco Identity Services Engine
---------------------------------------------
Version : 1.2.1.198
Build Date : Wed May 21 22:29:56 2014
Install Date : Sat Mar 26 00:03:02 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 1
Install Date : Sat Mar 26 20:35:24 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 2
Install Date : Sat Mar 26 21:05:05 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 3
Install Date : Sat Mar 26 21:08:37 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 4
Install Date : Sat Mar 26 21:11:20 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 5
Install Date : Sat Mar 26 21:37:59 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 6
Install Date : Sat Mar 26 22:01:54 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 7
Install Date : Sat Mar 26 22:30:38 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 8
Install Date : Sat Mar 26 22:56:25 2016
ise/admin#
认证的过程信息:
详细错误信息
Overview
Event | 5417 Dynamic Authorization failed |
Username | |
Endpoint Id | F4:8B:32:73:FF:F9 |
Endpoint Profile | |
Authorization Profile | |
|
Authentication Details
Source Timestamp | 2016-04-04 18:57:45.033 |
Received Timestamp | 2016-04-04 18:57:45.034 |
Policy Server | ise |
Event | 5417 Dynamic Authorization failed |
Failure Reason | 11103 RADIUS-Client encountered error during processing flow |
Resolution | Do the following: 1) Verify shared secret matches on the ISE Server and corresponding AAA Client, External AAA Server or External RADIUS Token Server. 2) Check the AAA Client or External Server for hardware problems. 3) Check the network devices that connect the AAA peer to ISE for hardware problems. 4) Check whether the network device or AAA Client has any known RADIUS compatibility issues. |
Root cause | RADIUS-Client encountered an error during processing flow |
Username | |
User Type | |
Endpoint Id | F4:8B:32:73:FF:F9 |
Endpoint Profile | |
IP Address | |
Identity Store | |
Identity Group | |
Audit Session Id | 66c8a8c0000000a36e480257 |
Authentication Method | |
Authentication Protocol | |
Service Type | |
Network Device | vWLC |
Device Type | |
Location | |
NAS IP Address | 192.168.200.102 |
NAS Port Id | |
NAS Port Type | |
Authorization Profile | |
Posture Status | |
Security Group | |
Response Time | 3 |
|
Other Attributes
ConfigVersionId | 15 |
RadiusPacketType | CoARequest |
Event-Timestamp | 1459767465 |
AcsSessionID | 1b498785-de0b-4b9e-abe6-54166c0c7559 |
Device IP Address | 192.168.200.102 |
CiscoAVPair | subscriber:command=reauthenticate |
subscriber:reauthenticate-type | last |
audit-session-id | 66c8a8c0000000a36e480257 |
|
Session Events
2016-04-04 18:57:46.053 | RADIUS Accounting stop request |
2016-04-04 18:57:45.046 | Authorize-Only succeeded |
2016-04-04 18:57:45.034 | Dynamic Authorization failed |
2016-04-04 18:57:44.989 | Guest Authentication Passed |
2016-04-04 18:56:50.839 | RADIUS Accounting start request |
2016-04-04 18:56:49.453 | Authentication succeeded |
|
已崩溃,研究几天没有收货,遂开帖请教各位专家。谢谢