取消
显示结果 
搜索替代 
您的意思是: 
cancel
13040
查看次数
12
有帮助
11
回复

vWLC结合ISE做Web-Auth的问题

wuhao0015
Spotlight
Spotlight
本帖最后由 wuhao0015 于 2016-4-11 22:15 编辑
各位大家好,(已解决)
最近做实验遇到个问题,我使用vWLC8.1.131+LAP1142N-A-K9+ISE1.2.1(补丁到path8),做CWA,使用ISE内置的用户。
设备连接无线可以正常跳出认证页面。认证什么的都可以通过但是在授权的时候提示COA错误(COA确定开启),无法授权。然后连接无线的设备就断开了。然后就没有然后了。不知啥原因。
WLC信息:
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.1.131.0
RTOS Version..................................... 8.1.131.0
Bootloader Version............................... 8.1.131.0
Emergency Image Version.......................... 8.1.131.0
Build Type....................................... DATA + WPS
System Name...................................... WLC
System Location.................................. Nanjing
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 192.168.200.102
IPv6 Address..................................... ::
System Up Time................................... 4 days 21 hrs 38 mins 45 secs
System Timezone Location......................... (GMT +8:00) HongKong, Bejing, Chongquing
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:CN,US
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 3
Burned-in MAC Address............................ 00:0C:29:08:D1:17
Maximum number of APs supported.................. 200
System Nas-Id.................................... WLC
WLC MIC Certificate Types........................ SHA1
(Cisco Controller) >show ap summary
Number of APs.................................... 2
Global AP User Name.............................. hale
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients DSE Location
------------------ ----- -------------------- ----------------- ---------------- ---------- --------------- -------- --------------
NJ-Home-LAP1142I 2 AIR-LAP1142N-A-K9 d0:d0:fd:65:24:74 Nanjing US 192.168.50.251 2 [0 ,0 ,0 ]
NJ-Home-LAP2702I 2 AIR-CAP2702I-A-K9 88:1d:fc:e6:df:80 Nanjing US 192.168.50.252 1 [0 ,0 ,0 ]
(Cisco Controller) >
(Cisco Controller) >show radius summary
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Accounting Call Station Id Type.................. Mac Address
Auth Call Station Id Type........................ AP's Radio MAC Address:SSID
Extended Source Ports Support.................... Enabled
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
RADIUS Authentication Framed-MTU................. 1300 Bytes
Authentication Servers
Idx Type Server Address Port State Tout MgmtTout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr/Region
--- ---- ---------------- ------ -------- ---- -------- ------- -------------------------------------------------------
1 * NM 192.168.200.101 1812 Enabled 2 2 Enabled Disabled - none/unknown/group-0/0 none/none/none
--More-- or (q)uit
Accounting Servers
Idx Type Server Address Port State Tout MgmtTout RFC3576 IPSec - AuthMode/Phase1/Group/Lifetime/Auth/Encr/Region
--- ---- ---------------- ------ -------- ---- -------- ------- -------------------------------------------------------
1 * N 192.168.200.101 1813 Enabled 2 2 N/A Disabled - none/unknown/group-0/0 none/none/none
(Cisco Controller) >
WLC的debug信息。(从连接到被断开的debug信息)
(Cisco Controller) >debug aaa events enable
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*radiusTransportThread: Apr 04 18:36:44.204: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*apfMsConnTask_4: Apr 04 18:56:46.057: f4:8b:32:73:ff:f9 Sending Accounting request (2) for station f4:8b:32:73:ff:f9
*apfMsConnTask_4: Apr 04 18:56:46.058: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:56:46.058: AccountingMessage Accounting Stop: 0x7f884ef35628
*aaaQueueReader: Apr 04 18:56:46.058: Packet contains 23 AVPs:
*aaaQueueReader: Apr 04 18:56:46.058: AVP[01] User-Name................................f48b3273fff9 (12 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[04] Framed-IP-Address........................0xc0a83210 (-1062718960) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[05] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[06] Airespace / WLAN-Identifier..............0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[07] Acct-Session-Id..........................570243bc/f4:8b:32:73:ff:f9/180 (30 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[09] Cisco / Audit-Session-Id.................66c8a8c0000000a2ba430257 (24 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[10] Acct-Authentic...........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[11] Acct-Event-Time..........................0x5702486e (1459767406) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[12] Acct-Status-Type.........................0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[13] Acct-Input-Octets........................0x00016a69 (92777) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[14] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[15] Acct-Output-Octets.......................0x00067682 (423554) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[16] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[17] Acct-Input-Packets.......................0x00000305 (773) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[18] Acct-Output-Packets......................0x00000249 (585) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[19] Acct-Terminate-Cause.....................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[20] Acct-Session-Time........................0x000004b2 (1202) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[21] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[22] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: AVP[23] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:56:46.058: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:46.058: Found the radius server : 192.168.200.101 from the global server list
*apfMsConnTask_4: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Audit Session ID added to the mscb: 66c8a8c0000000a36e480257
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Stop (id 106) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*aaaQueueReader: Apr 04 18:56:46.058: Unable to find requested user entry for f48b3273fff9
*aaaQueueReader: Apr 04 18:56:46.058: ReProcessAuthentication previous proto 8, next proto 40000001
*aaaQueueReader: Apr 04 18:56:46.058: AuthenticationRequest: 0x7f87f7320978
*aaaQueueReader: Apr 04 18:56:46.058: Callback.....................................0x53ded0
*aaaQueueReader: Apr 04 18:56:46.058: protocolType.................................0x40000001
*aaaQueueReader: Apr 04 18:56:46.058: proxyState...................................F4:8B:32:73:FF:F9-00:00
*aaaQueueReader: Apr 04 18:56:46.058: Packet contains 13 AVPs (not shown)
*aaaQueueReader: Apr 04 18:56:46.058: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:46.058: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:56:46.058: Putting the quth request in qid 9, srv=index 0
*aaaQueueReader: Apr 04 18:56:46.058: Request Authenticator 26:77:d4:5c:3a:8a:a9:4b:ee:57:cb:15:77:90:d3:01
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1812
*aaaQueueReader: Apr 04 18:56:46.058: f4:8b:32:73:ff:f9 Successful transmission of Authentication Packet (id 37) to 192.168.200.101:1812 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:46.106: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 0, rawOffset 20, rawLeft 288
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 1, rawOffset 39, rawLeft 269
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 2, rawOffset 79, rawLeft 229
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 3, rawOffset 128, rawLeft 180
*radiusTransportThread: Apr 04 18:56:46.107: *** Counted VSA 150994944 AVP of length 37, code 1 atrlen 31)
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 4, rawOffset 165, rawLeft 143
*radiusTransportThread: Apr 04 18:56:46.107: *** Counted VSA 150994944 AVP of length 115, code 1 atrlen 109)
*radiusTransportThread: Apr 04 18:56:46.107: numAvps 5, rawOffset 280, rawLeft 28
*radiusTransportThread: Apr 04 18:56:46.107: *** Counted VSA 150994944 AVP of length 28, code 1 atrlen 22)
*radiusTransportThread: Apr 04 18:56:46.107: Counted 6 AVPs (processed 308 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 0, rawOffset 20, rawLeft 288, respOffset 184, respLeft 7908
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 19 raw bytes, copied 17 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 1, rawOffset 39, rawLeft 269, respOffset 201, respLeft 7891
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 40 raw bytes, copied 38 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 2, rawOffset 79, rawLeft 229, respOffset 239, respLeft 7853
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 49 raw bytes, copied 47 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 3, rawOffset 128, rawLeft 180, respOffset 286, respLeft 7806
*radiusTransportThread: Apr 04 18:56:46.107: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 31, Value:
*radiusTransportThread: Apr 04 18:56:46.107: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 2d 61 63 6c url-redirect-acl
*radiusTransportThread: Apr 04 18:56:46.107: 00000010: 3d 57 65 62 2d 41 75 74 68 2d 41 43 4c =Web-Auth-ACL
*radiusTransportThread: Apr 04 18:56:46.107: Processed VSA 9, type 1, raw bytes 31, copied 12 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 4, rawOffset 165, rawLeft 143, respOffset 298, respLeft 7794
*radiusTransportThread: Apr 04 18:56:46.107: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 109, Value:
*radiusTransportThread: Apr 04 18:56:46.107: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 3d 68 74 74 url-redirect=htt
*radiusTransportThread: Apr 04 18:56:46.107: 00000010: 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 32 30 30 ps://192.168.200
*radiusTransportThread: Apr 04 18:56:46.107: 00000020: 2e 31 30 31 3a 38 34 34 33 2f 67 75 65 73 74 70 .101:8443/guestp
*radiusTransportThread: Apr 04 18:56:46.107: 00000030: 6f 72 74 61 6c 2f 67 61 74 65 77 61 79 3f 73 65 ortal/gateway?se
*radiusTransportThread: Apr 04 18:56:46.107: 00000040: 73 73 69 6f 6e 49 64 3d 36 36 63 38 61 38 63 30 ssionId=66c8a8c0
*radiusTransportThread: Apr 04 18:56:46.107: 00000050: 30 30 30 30 30 30 61 33 36 65 34 38 30 32 35 37 000000a36e480257
*radiusTransportThread: Apr 04 18:56:46.107: 00000060: 26 61 63 74 69 6f 6e 3d 63 77 61 &action=cwa
*radiusTransportThread: Apr 04 18:56:46.107: Processed VSA 9, type 1, raw bytes 109, copied 94 bytes
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 115 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:46.107: avpIndex 5, rawOffset 280, rawLeft 28, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:46.107: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 22, Value:
*radiusTransportThread: Apr 04 18:56:46.107: 00000000: 70 72 6f 66 69 6c 65 2d 6e 61 6d 65 3d 41 6e 64 profile-name=And
*radiusTransportThread: Apr 04 18:56:46.107: 00000010: 72 6f 69 64 roid
*radiusTransportThread: Apr 04 18:56:46.107: Processed VSA 9, type 1, raw bytes 22, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:46.107: .....processed 28 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:46.107: Done - avpIndex 5, rawOffset 308, rawLeft 0, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Access-Accept received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:56:46.107: AuthorizationResponse: 0x48ce6e0
*radiusTransportThread: Apr 04 18:56:46.107: structureSize................................392
*radiusTransportThread: Apr 04 18:56:46.107: resultCode...................................0
*radiusTransportThread: Apr 04 18:56:46.107: protocolUsed.................................0x00000001
*radiusTransportThread: Apr 04 18:56:46.107: proxyState...................................F4:8B:32:73:FF:F9-00:00
*radiusTransportThread: Apr 04 18:56:46.107: Packet contains 5 AVPs:
*radiusTransportThread: Apr 04 18:56:46.107: AVP[01] User-Name................................F4-8B-32-73-FF-F9 (17 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[02] State....................................ReauthSession:66c8a8c0000000a36e480257 (38 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[03] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/580 (47 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[04] Cisco / Url-Redirect-Acl.................Web-Auth-ACL (12 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: AVP[05] Cisco / Url-Redirect.....................DATA (94 bytes)
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[0]: attribute 1
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 username = F4-8B-32-73-FF-F9
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[1]: attribute 24
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[2]: attribute 25
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[3]: attribute 6
*radiusTransportThread: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 processing avps[4]: attribute 5
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 SGT received is '' with length 0 for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to flexconnect ACL ID 1
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to ACL ID 255
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Applying new AAA override for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Inserting new RADIUS override into chain for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:56:46.107: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*DHCP Socket Task: Apr 04 18:56:47.487: f4:8b:32:73:ff:f9 Sending Accounting request (0) for station f4:8b:32:73:ff:f9
*DHCP Socket Task: Apr 04 18:56:47.487: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:56:47.487: AccountingMessage Accounting Start: 0x7f87f7320978
*aaaQueueReader: Apr 04 18:56:47.487: Packet contains 15 AVPs:
*aaaQueueReader: Apr 04 18:56:47.487: AVP[01] User-Name................................f48b3273fff9 (12 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[04] Framed-IP-Address........................0xc0a8312e (-1062719186) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[05] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/580 (47 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[06] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[07] Airespace / WLAN-Identifier..............0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[08] Acct-Session-Id..........................5702486e/f4:8b:32:73:ff:f9/182 (30 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[10] Cisco / Audit-Session-Id.................66c8a8c0000000a36e480257 (24 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[12] Acct-Event-Time..........................0x5702486f (1459767407) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[13] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[14] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: AVP[15] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:56:47.487: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:47.487: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:56:47.487: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:56:47.487: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Start (id 107) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:47.498: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:47.498: Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:47.498: Done - avpIndex 0, rawOffset 20, rawLeft 0, respOffset 40, respLeft 8052
*radiusTransportThread: Apr 04 18:56:47.498: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:56:48.108: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*radiusTransportThread: Apr 04 18:56:48.108: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Stop (id 106) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:48.114: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:48.114: Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:48.114: Done - avpIndex 0, rawOffset 20, rawLeft 0, respOffset 40, respLeft 8052
*radiusTransportThread: Apr 04 18:56:48.114: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*aaaQueueReader: Apr 04 18:56:51.331: Unable to find requested user entry for f48b3273fff9
*aaaQueueReader: Apr 04 18:56:51.331: ReProcessAuthentication previous proto 8, next proto 40000001
*aaaQueueReader: Apr 04 18:56:51.331: AuthenticationRequest: 0x7f87f732afb8
*aaaQueueReader: Apr 04 18:56:51.331: Callback.....................................0x53ded0
*aaaQueueReader: Apr 04 18:56:51.331: protocolType.................................0x40000001
*aaaQueueReader: Apr 04 18:56:51.331: proxyState...................................F4:8B:32:73:FF:F9-00:00
*aaaQueueReader: Apr 04 18:56:51.331: Packet contains 13 AVPs (not shown)
*aaaQueueReader: Apr 04 18:56:51.331: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:56:51.331: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:56:51.331: Putting the quth request in qid 9, srv=index 0
*aaaQueueReader: Apr 04 18:56:51.331: Request Authenticator b9:fc:d0:83:5f:5b:a1:e0:e6:c2:6f:1e:06:3c:c4:c6
*aaaQueueReader: Apr 04 18:56:51.331: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1812
*aaaQueueReader: Apr 04 18:56:51.332: f4:8b:32:73:ff:f9 Successful transmission of Authentication Packet (id 38) to 192.168.200.101:1812 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:56:51.360: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 0, rawOffset 20, rawLeft 288
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 1, rawOffset 39, rawLeft 269
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 2, rawOffset 79, rawLeft 229
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 3, rawOffset 128, rawLeft 180
*radiusTransportThread: Apr 04 18:56:51.360: *** Counted VSA 150994944 AVP of length 37, code 1 atrlen 31)
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 4, rawOffset 165, rawLeft 143
*radiusTransportThread: Apr 04 18:56:51.360: *** Counted VSA 150994944 AVP of length 115, code 1 atrlen 109)
*radiusTransportThread: Apr 04 18:56:51.360: numAvps 5, rawOffset 280, rawLeft 28
*radiusTransportThread: Apr 04 18:56:51.360: *** Counted VSA 150994944 AVP of length 28, code 1 atrlen 22)
*radiusTransportThread: Apr 04 18:56:51.360: Counted 6 AVPs (processed 308 bytes, left 0)
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 0, rawOffset 20, rawLeft 288, respOffset 184, respLeft 7908
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 19 raw bytes, copied 17 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 1, rawOffset 39, rawLeft 269, respOffset 201, respLeft 7891
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 40 raw bytes, copied 38 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 2, rawOffset 79, rawLeft 229, respOffset 239, respLeft 7853
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 49 raw bytes, copied 47 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 3, rawOffset 128, rawLeft 180, respOffset 286, respLeft 7806
*radiusTransportThread: Apr 04 18:56:51.360: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 31, Value:
*radiusTransportThread: Apr 04 18:56:51.360: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 2d 61 63 6c url-redirect-acl
*radiusTransportThread: Apr 04 18:56:51.360: 00000010: 3d 57 65 62 2d 41 75 74 68 2d 41 43 4c =Web-Auth-ACL
*radiusTransportThread: Apr 04 18:56:51.360: Processed VSA 9, type 1, raw bytes 31, copied 12 bytes
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 37 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 4, rawOffset 165, rawLeft 143, respOffset 298, respLeft 7794
*radiusTransportThread: Apr 04 18:56:51.360: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 109, Value:
*radiusTransportThread: Apr 04 18:56:51.360: 00000000: 75 72 6c 2d 72 65 64 69 72 65 63 74 3d 68 74 74 url-redirect=htt
*radiusTransportThread: Apr 04 18:56:51.360: 00000010: 70 73 3a 2f 2f 31 39 32 2e 31 36 38 2e 32 30 30 ps://192.168.200
*radiusTransportThread: Apr 04 18:56:51.360: 00000020: 2e 31 30 31 3a 38 34 34 33 2f 67 75 65 73 74 70 .101:8443/guestp
*radiusTransportThread: Apr 04 18:56:51.360: 00000030: 6f 72 74 61 6c 2f 67 61 74 65 77 61 79 3f 73 65 ortal/gateway?se
*radiusTransportThread: Apr 04 18:56:51.360: 00000040: 73 73 69 6f 6e 49 64 3d 36 36 63 38 61 38 63 30 ssionId=66c8a8c0
*radiusTransportThread: Apr 04 18:56:51.360: 00000050: 30 30 30 30 30 30 61 33 36 65 34 38 30 32 35 37 000000a36e480257
*radiusTransportThread: Apr 04 18:56:51.360: 00000060: 26 61 63 74 69 6f 6e 3d 63 77 61 &action=cwa
*radiusTransportThread: Apr 04 18:56:51.360: Processed VSA 9, type 1, raw bytes 109, copied 94 bytes
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 115 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: avpIndex 5, rawOffset 280, rawLeft 28, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:51.360: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 22, Value:
*radiusTransportThread: Apr 04 18:56:51.360: 00000000: 70 72 6f 66 69 6c 65 2d 6e 61 6d 65 3d 41 6e 64 profile-name=And
*radiusTransportThread: Apr 04 18:56:51.360: 00000010: 72 6f 69 64 roid
*radiusTransportThread: Apr 04 18:56:51.360: Processed VSA 9, type 1, raw bytes 22, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: .....processed 28 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:56:51.360: Done - avpIndex 5, rawOffset 308, rawLeft 0, respOffset 392, respLeft 7700
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 Access-Accept received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:56:51.360: AuthorizationResponse: 0x48ce6e0
*radiusTransportThread: Apr 04 18:56:51.360: structureSize................................392
*radiusTransportThread: Apr 04 18:56:51.360: resultCode...................................0
*radiusTransportThread: Apr 04 18:56:51.360: protocolUsed.................................0x00000001
*radiusTransportThread: Apr 04 18:56:51.360: proxyState...................................F4:8B:32:73:FF:F9-00:00
*radiusTransportThread: Apr 04 18:56:51.360: Packet contains 5 AVPs:
*radiusTransportThread: Apr 04 18:56:51.360: AVP[01] User-Name................................F4-8B-32-73-FF-F9 (17 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[02] State....................................ReauthSession:66c8a8c0000000a36e480257 (38 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[03] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/583 (47 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[04] Cisco / Url-Redirect-Acl.................Web-Auth-ACL (12 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: AVP[05] Cisco / Url-Redirect.....................DATA (94 bytes)
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[0]: attribute 1
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 username = F4-8B-32-73-FF-F9
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[1]: attribute 24
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[2]: attribute 25
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[3]: attribute 6
*radiusTransportThread: Apr 04 18:56:51.360: f4:8b:32:73:ff:f9 processing avps[4]: attribute 5
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 SGT received is '' with length 0 for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to flexconnect ACL ID 1
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 AAA Override Url-Redirect-Acl 'Web-Auth-ACL' mapped to ACL ID 255
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Applying new AAA override for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Inserting new RADIUS override into chain for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x0
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*apfReceiveTask: Apr 04 18:56:51.361: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: processIncomingMessages: Received a message from server 192.168.200.101 of len 202 with reason code 0
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: processIncomingMessages: received a frame with code 43 from 192.168.200.101 on port:61422
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: the value to be parsed subscriber:command=reauthenticate+ and the length =35
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: Reauthenticate command = reauthenticate+
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: the value to be parsed subscriber:reauthenticate-type=last1 and the length =37
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: the value to be parsed audit-session-id=66c8a8c0000000a36e480257 and the length =43
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: audit session ID recieved in CoA = 66c8a8c0000000a36e480257
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: Message Authenticator received - e2:22:38:ac:48:e8:8c:3a:21:14:b6:1d:29:25:da:e3
*radiusCoASupportTransportThread: Apr 04 18:57:41.682: Message Authenticator calc'ed - e2:22:38:ac:48:e8:8c:3a:21:14:b6:1d:29:25:da:e3 rawlen 202
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Request Authenticator - e1:52:92:f1:e3:08:ff:7d:85:4b:a5:5a:d7:09:89:15
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Received a 'CoA-Request' from 192.168.200.101 port 61422
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Packet contains 9 AVPs:
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[01] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[02] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[03] Acct-Event-Time..........................0x570248a9 (1459767465) (4 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[04] Message-Authenticator....................DATA (16 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[05] Acct-Event-Time..........................0x65723a63 (1701984867) (4 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[06] Message-Authenticator....................mand=reauthentic (16 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[07] Unknown Attribute 0......................NULL (0 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[08] Unknown Attribute 0......................NULL (0 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: AVP[09] Unknown Attribute 0......................NULL (0 bytes)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: CoA - Received IP Address : 192.168.200.102, Vlan ID: (received 0)
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: f4:8b:32:73:ff:f9 Calling-Station-Id ---> f4:8b:32:73:ff:f9
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Handling a valid 'CoA-Request' regarding station f4:8b:32:73:ff:f9
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: f4:8b:32:73:ff:f9 Reauthenticating station f4:8b:32:73:ff:f9
*radiusCoASupportTransportThread: Apr 04 18:57:41.683: Sent a 'CoA-Ack' to 192.168.200.101 (port:61422)
*aaaQueueReader: Apr 04 18:57:41.683: Unable to find requested user entry for f48b3273fff9
*aaaQueueReader: Apr 04 18:57:41.683: ReProcessAuthentication previous proto 8, next proto 40000001
*aaaQueueReader: Apr 04 18:57:41.683: AuthenticationRequest: 0x7f87f7321238
*aaaQueueReader: Apr 04 18:57:41.683: Callback.....................................0x53ded0
*aaaQueueReader: Apr 04 18:57:41.683: protocolType.................................0x40000001
*aaaQueueReader: Apr 04 18:57:41.683: proxyState...................................F4:8B:32:73:FF:F9-00:00
*aaaQueueReader: Apr 04 18:57:41.683: Packet contains 13 AVPs (not shown)
*aaaQueueReader: Apr 04 18:57:41.683: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:41.683: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:57:41.683: Putting the quth request in qid 9, srv=index 0
*aaaQueueReader: Apr 04 18:57:41.683: Request Authenticator b5:03:ee:ff:b0:74:e0:f7:ad:34:14:e5:df:24:e7:51
*aaaQueueReader: Apr 04 18:57:41.683: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1812
*aaaQueueReader: Apr 04 18:57:41.684: f4:8b:32:73:ff:f9 Successful transmission of Authentication Packet (id 39) to 192.168.200.101:1812 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:41.698: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 0, rawOffset 20, rawLeft 158
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 1, rawOffset 26, rawLeft 152
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 2, rawOffset 66, rawLeft 112
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 3, rawOffset 115, rawLeft 63
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 4, rawOffset 133, rawLeft 45
*radiusTransportThread: Apr 04 18:57:41.698: *** Counted VSA 150994944 AVP of length 28, code 1 atrlen 22)
*radiusTransportThread: Apr 04 18:57:41.698: numAvps 5, rawOffset 161, rawLeft 17
*radiusTransportThread: Apr 04 18:57:41.698: *** Counted VSA 1664548864 AVP of length 17, code 6 atrlen 11)
*radiusTransportThread: Apr 04 18:57:41.698: Counted 6 AVPs (processed 178 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 0, rawOffset 20, rawLeft 158, respOffset 184, respLeft 7908
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 6 raw bytes, copied 4 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 1, rawOffset 26, rawLeft 152, respOffset 188, respLeft 7904
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 40 raw bytes, copied 38 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 2, rawOffset 66, rawLeft 112, respOffset 226, respLeft 7866
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 49 raw bytes, copied 47 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 3, rawOffset 115, rawLeft 63, respOffset 273, respLeft 7819
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 18 raw bytes, copied 16 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 4, rawOffset 133, rawLeft 45, respOffset 289, respLeft 7803
*radiusTransportThread: Apr 04 18:57:41.698: AVP: VendorId: 150994944, vendorType: 1, vendorLen: 22, Value:
*radiusTransportThread: Apr 04 18:57:41.698: 00000000: 70 72 6f 66 69 6c 65 2d 6e 61 6d 65 3d 41 6e 64 profile-name=And
*radiusTransportThread: Apr 04 18:57:41.698: 00000010: 72 6f 69 64 roid
*radiusTransportThread: Apr 04 18:57:41.698: Processed VSA 9, type 1, raw bytes 22, copied 0 bytes
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 28 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:57:41.698: avpIndex 4, rawOffset 161, rawLeft 17, respOffset 289, respLeft 7803
*radiusTransportThread: Apr 04 18:57:41.698: AVP: VendorId: 1664548864, vendorType: 6, vendorLen: 11, Value:
*radiusTransportThread: Apr 04 18:57:41.698: 00000000: 41 64 6d 69 6e 2d 41 43 4c Admin-ACL
*radiusTransportThread: Apr 04 18:57:41.698: Processed VSA 14179, type 6, raw bytes 11, copied 9 bytes
*radiusTransportThread: Apr 04 18:57:41.698: .....processed 17 raw bytes, copied 0 bytes
*radiusTransportThread: Apr 04 18:57:41.698: Done - avpIndex 5, rawOffset 178, rawLeft 0, respOffset 298, respLeft 7794
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Access-Accept received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*radiusTransportThread: Apr 04 18:57:41.698: structureSize................................298
*radiusTransportThread: Apr 04 18:57:41.698: resultCode...................................0
*radiusTransportThread: Apr 04 18:57:41.698: protocolUsed.................................0x00000001
*radiusTransportThread: Apr 04 18:57:41.698: proxyState...................................F4:8B:32:73:FF:F9-00:00
*radiusTransportThread: Apr 04 18:57:41.698: Packet contains 5 AVPs:
*radiusTransportThread: Apr 04 18:57:41.698: AVP[01] User-Name................................0x68616c65 (1751215205) (4 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[02] State....................................ReauthSession:66c8a8c0000000a36e480257 (38 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[03] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/584 (47 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[04] Message-Authenticator....................DATA (16 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: AVP[05] Airespace / ACL-Name.....................Admin-ACL (9 bytes)
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[0]: attribute 1
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 username = hale
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[1]: attribute 24
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[2]: attribute 25
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[3]: attribute 80
*radiusTransportThread: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 processing avps[4]: attribute 6
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Applying new AAA override for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x400
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: 'Admin-ACL, ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Inserting new RADIUS override into chain for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 2, valid bits: 0x400
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: 'Admin-ACL, ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Applying override policy from source Override Summation: with value 400

*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values for station f4:8b:32:73:ff:f9
source: 256, valid bits: 0x400
qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*apfReceiveTask: Apr 04 18:57:41.698: f4:8b:32:73:ff:f9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
vlanIfName: '', vlanId:0, aclName: 'Admin-ACL, ipv6AclName: , avcProfileName: '
*apfReceiveTask: Apr 04 18:57:41.699: f4:8b:32:73:ff:f9 Sending Accounting request (0) for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:41.699: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:57:41.699: AccountingMessage Accounting Interim: 0x7f884ef3c308
*aaaQueueReader: Apr 04 18:57:41.699: Packet contains 23 AVPs:
*aaaQueueReader: Apr 04 18:57:41.699: AVP[01] User-Name................................0x68616c65 (1751215205) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[04] Framed-IP-Address........................0xc0a8312e (-1062719186) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[05] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/584 (47 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[06] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[07] Airespace / WLAN-Identifier..............0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[08] Acct-Session-Id..........................5702486e/f4:8b:32:73:ff:f9/182 (30 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[10] Cisco / Audit-Session-Id.................66c8a8c0000000a36e480257 (24 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[12] Acct-Event-Time..........................0x570248a5 (1459767461) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[13] Acct-Status-Type.........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[14] Acct-Input-Octets........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[15] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[16] Acct-Output-Octets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[17] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[18] Acct-Input-Packets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[19] Acct-Output-Packets......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[20] Acct-Session-Time........................0x00000037 (55) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[21] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[22] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: AVP[23] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:57:41.699: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:41.699: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:57:41.699: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:57:41.699: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Interim (id 108) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:41.713: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:41.713: numAvps 0, rawOffset 20, rawLeft 18
*radiusTransportThread: Apr 04 18:57:41.713: Counted 1 AVPs (processed 38 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:41.713: avpIndex 0, rawOffset 20, rawLeft 18, respOffset 64, respLeft 8028
*radiusTransportThread: Apr 04 18:57:41.713: .....processed 18 raw bytes, copied 16 bytes
*radiusTransportThread: Apr 04 18:57:41.713: Done - avpIndex 1, rawOffset 38, rawLeft 0, respOffset 80, respLeft 8012
*radiusTransportThread: Apr 04 18:57:41.713: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*apfReceiveTask: Apr 04 18:57:42.697: f4:8b:32:73:ff:f9 Sending Accounting request (2) for station f4:8b:32:73:ff:f9
*apfReceiveTask: Apr 04 18:57:42.697: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:57:42.698: AccountingMessage Accounting Stop: 0x7f884ef25288
*aaaQueueReader: Apr 04 18:57:42.698: Packet contains 24 AVPs:
*aaaQueueReader: Apr 04 18:57:42.698: AVP[01] User-Name................................0x68616c65 (1751215205) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[04] Framed-IP-Address........................0xc0a8312e (-1062719186) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[05] Class....................................CACS:66c8a8c0000000a36e480257:ise/248701762/584 (47 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[06] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[07] Airespace / WLAN-Identifier..............0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[08] Acct-Session-Id..........................5702486e/f4:8b:32:73:ff:f9/182 (30 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[10] Cisco / Audit-Session-Id.................66c8a8c0000000a36e480257 (24 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[12] Acct-Event-Time..........................0x570248a6 (1459767462) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[13] Acct-Status-Type.........................0x00000002 (2) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[14] Acct-Input-Octets........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[15] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[16] Acct-Output-Octets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[17] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[18] Acct-Input-Packets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[19] Acct-Output-Packets......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[20] Acct-Terminate-Cause.....................0x00000004 (4) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[21] Acct-Session-Time........................0x00000038 (56) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[22] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[23] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: AVP[24] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:57:42.698: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:42.698: Found a server : 192.168.200.101 from the WLAN server list of radius server index 1
*aaaQueueReader: Apr 04 18:57:42.698: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:57:42.698: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Stop (id 109) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:42.704: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:42.704: numAvps 0, rawOffset 20, rawLeft 18
*radiusTransportThread: Apr 04 18:57:42.704: Counted 1 AVPs (processed 38 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:42.704: avpIndex 0, rawOffset 20, rawLeft 18, respOffset 64, respLeft 8028
*radiusTransportThread: Apr 04 18:57:42.704: .....processed 18 raw bytes, copied 16 bytes
*radiusTransportThread: Apr 04 18:57:42.704: Done - avpIndex 1, rawOffset 38, rawLeft 0, respOffset 80, respLeft 8012
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >*radiusTransportThread: Apr 04 18:57:42.704: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
*apfReceiveTask: Apr 04 18:57:52.460: f4:8b:32:73:ff:f9 Audit Session ID added to the mscb: 66c8a8c0000000a4b0480257
*DHCP Socket Task: Apr 04 18:57:53.788: f4:8b:32:73:ff:f9 Sending Accounting request (0) for station f4:8b:32:73:ff:f9
*DHCP Socket Task: Apr 04 18:57:53.788: PemLocationConfigured [1]Adding VSA with NAS update and Role[1] with state[0]
*aaaQueueReader: Apr 04 18:57:53.788: AccountingMessage Accounting Start: 0x7f87f731ef38
*aaaQueueReader: Apr 04 18:57:53.788: Packet contains 14 AVPs:
*aaaQueueReader: Apr 04 18:57:53.788: AVP[01] User-Name................................f48b3273fff9 (12 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[02] Nas-Port.................................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[03] Nas-Ip-Address...........................0xc0a8c866 (-1062680474) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[04] Framed-IP-Address........................0xc0a83210 (-1062718960) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[05] NAS-Identifier...........................WLC (3 bytes)
*aaaQueueReader: Apr 04 18:57:53.788: AVP[06] Airespace / WLAN-Identifier..............0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[07] Acct-Session-Id..........................570248b1/f4:8b:32:73:ff:f9/183 (30 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[09] Cisco / Audit-Session-Id.................66c8a8c0000000a4b0480257 (24 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[10] Acct-Authentic...........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[11] Acct-Event-Time..........................0x570248b1 (1459767473) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[12] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[13] Calling-Station-Id.......................f4-8b-32-73-ff-f9 (17 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: AVP[14] Called-Station-Id........................00-0c-29-08-d1-17 (17 bytes)
*aaaQueueReader: Apr 04 18:57:53.789: NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Apr 04 18:57:53.789: Found the radius server : 192.168.200.101 from the global server list
*aaaQueueReader: Apr 04 18:57:53.789: f4:8b:32:73:ff:f9 Sending the packet to v4 host 192.168.200.101:1813
*aaaQueueReader: Apr 04 18:57:53.789: f4:8b:32:73:ff:f9 Successful transmission of Accounting-Start (id 110) to 192.168.200.101:1813 from server queue 9, proxy state f4:8b:32:73:ff:f9-00:00
*radiusTransportThread: Apr 04 18:57:53.818: 9.client sockfd 29 is set. process the msg
*radiusTransportThread: Apr 04 18:57:53.818: Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Apr 04 18:57:53.818: Done - avpIndex 0, rawOffset 20, rawLeft 0, respOffset 40, respLeft 8052
*radiusTransportThread: Apr 04 18:57:53.818: f4:8b:32:73:ff:f9 Accounting-Response received from RADIUS server 192.168.200.101 for mobile f4:8b:32:73:ff:f9 receiveId = 0
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
下面是ISE的信息:
ise/admin# show version
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.5.311
ADE-OS System Architecture: x86_64
Copyright (c) 2005-2013 by Cisco Systems, Inc.
All rights reserved.
Hostname: ise
Version information of installed applications
---------------------------------------------
Cisco Identity Services Engine
---------------------------------------------
Version : 1.2.1.198
Build Date : Wed May 21 22:29:56 2014
Install Date : Sat Mar 26 00:03:02 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 1
Install Date : Sat Mar 26 20:35:24 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 2
Install Date : Sat Mar 26 21:05:05 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 3
Install Date : Sat Mar 26 21:08:37 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 4
Install Date : Sat Mar 26 21:11:20 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 5
Install Date : Sat Mar 26 21:37:59 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 6
Install Date : Sat Mar 26 22:01:54 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 7
Install Date : Sat Mar 26 22:30:38 2016
Cisco Identity Services Engine Patch
---------------------------------------------
Version : 8
Install Date : Sat Mar 26 22:56:25 2016
ise/admin#
认证的过程信息:
190212xmt9m4eenhvvehln.jpg
详细错误信息
190213llsc95082ksqcllq.jpg


Overview





Event 5417 Dynamic Authorization failed
Username
Endpoint Id F4:8B:32:73:FF:F9
Endpoint Profile
Authorization Profile



Authentication Details




























Source Timestamp 2016-04-04 18:57:45.033
Received Timestamp 2016-04-04 18:57:45.034
Policy Server ise
Event 5417 Dynamic Authorization failed
Failure Reason 11103 RADIUS-Client encountered error during processing flow
Resolution Do the following: 1) Verify shared secret matches on the ISE Server and corresponding AAA Client, External AAA Server or External RADIUS Token Server. 2) Check the AAA Client or External Server for hardware problems. 3) Check the network devices that connect the AAA peer to ISE for hardware problems. 4) Check whether the network device or AAA Client has any known RADIUS compatibility issues.
Root cause RADIUS-Client encountered an error during processing flow
Username
User Type
Endpoint Id F4:8B:32:73:FF:F9
Endpoint Profile
IP Address
Identity Store
Identity Group
Audit Session Id 66c8a8c0000000a36e480257
Authentication Method
Authentication Protocol
Service Type
Network Device vWLC
Device Type
Location
NAS IP Address 192.168.200.102
NAS Port Id
NAS Port Type
Authorization Profile
Posture Status
Security Group
Response Time 3



Other Attributes








ConfigVersionId 15
RadiusPacketType CoARequest
Event-Timestamp 1459767465
AcsSessionID 1b498785-de0b-4b9e-abe6-54166c0c7559
Device IP Address 192.168.200.102
CiscoAVPair subscriber:command=reauthenticate
subscriber:reauthenticate-type last
audit-session-id 66c8a8c0000000a36e480257



Session Events






2016-04-04 18:57:46.053 RADIUS Accounting stop request
2016-04-04 18:57:45.046 Authorize-Only succeeded
2016-04-04 18:57:45.034 Dynamic Authorization failed
2016-04-04 18:57:44.989 Guest Authentication Passed
2016-04-04 18:56:50.839 RADIUS Accounting start request
2016-04-04 18:56:49.453 Authentication succeeded

已崩溃,研究几天没有收货,遂开帖请教各位专家。谢谢
1 个已接受解答

已接受的解答

Yanli Sun
Community Manager
Community Manager
感谢楼主把解决方案分享出来给大家学习,手动点赞:handshake

在原帖中查看解决方案

11 条回复11

Yanli Sun
Community Manager
Community Manager
感谢楼主把解决方案分享出来给大家学习,手动点赞:handshake

one-time
Level 13
Level 13
静候小伙伴的回复哦!)

wuhao0015
Spotlight
Spotlight
管理员 发表于 2016-4-4 20:48 back.gif
静候小伙伴的回复哦!

灰常感谢管理的支持~~!

wuhao0015
Spotlight
Spotlight
帖子不要沉啊 .

wuhao0015
Spotlight
Spotlight
帖子不要沉啊 .

wuhao0015
Spotlight
Spotlight
查阅各种资料,我个人感觉是个BUG。开不了CASE。
BUG地址:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut20426

wuhao0015
Spotlight
Spotlight
查阅各种资料,我个人感觉是个BUG。开不了CASE。
BUG地址:https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut20426

wuhao0015
Spotlight
Spotlight
本帖最后由 wuhao0015 于 2016-4-9 23:49 编辑
更新:
把vWLC换成8.0.132版本后,COA的错误没有了,但是还是认证成功后无线还是被断开了,提示找不到授权的ACL。debug如下:
我估计还是bug。。。
debug client xx.xx.xx.xx.xx.xx
(Cisco Controller) >*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Received SGT for this Client.
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Resetting web IPv4 acl from 255 to 255
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Resetting web IPv4 Flex acl from 1 to 65535
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 AAA redirect is NULL. Skipping Web-auth for Radius NAC enabled WLAN.
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Username entry (hale) created for mobile, length = 253
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Username entry (hale) created in mscb for mobile, length = 253
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 override for default ap group, marking intgrp NULL
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Re-applying interface policy for client
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 192.168.49.71 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2435)
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 192.168.49.71 WEBAUTH_REQD (8) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2456)

*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Values before applying NASID - interfacetype:0, ovrd:0, mscb nasid:WLC, interface nasid:
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 apfApplyWlanPolicy: Retaining (ACL [255] / Flexconnect ACL [65535]) recieved in AAA attributes on mobile
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Check before Setting the NAS Id to WLAN specific Id 'WLC'
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Setting the NAS Id to WLAN specific Id 'WLC'
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Inserting AAA Override struct for mobile
MAC: 10:2a:b3:d0:3f:58, source 2
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 Applying override policy from source Override Summation: with value 400

*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 192.168.49.71 WEBAUTH_REQD (8) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2663)
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 apfMs1xStateDec
*apfReceiveTask: Apr 08 22:05:09.476: 10:2a:b3:d0:3f:58 192.168.49.71 WEBAUTH_REQD (8) Change state to START (0) last state WEBAUTH_REQD (8)
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 START (0) Initializing policy
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state AUTHCHECK (2)
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 L2AUTHCOMPLETE (4) DHCP required on AP d0:57:4c:c9:26:60 vapId 2 apVapId 2for this client
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 Not Using WMM Compliance code qosCap 00
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP d0:57:4c:c9:26:60 vapId 2 apVapId 2 flex-acl-name:
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 apfMsRunStateInc
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Adding Fast Path rule
type = Airespace AP Client
on AP d0:57:4c:c9:26:60, slot 1, interface = 1, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL ID =
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 64206, IntfId = 0 Local Bridging Vlan = 0, Local Bridging intf id = 0
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 64206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 64206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 64206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 Accounting NAI-Realm: hale, from Mscb username : hale
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 192.168.49.71 RUN (20) Skipping TMP rule add
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 apfMsAssoStateInc
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 apfPemAddUser2 (apf_policy.c:353) Changing state for mobile 10:2a:b3:d0:3f:58 on AP d0:57:4c:c9:26:60 from AAA Pending to Associated
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 apfPemAddUser2:session timeout forstation 10:2a:b3:d0:3f:58 - Session Tout 1800, apfMsTimeOut '1800' and sessionTimerRunning flag is 0
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 Scheduling deletion of Mobile Station: (callerId: 49) in 1800 seconds
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 Func: apfPemAddUser2, Ms Timeout = 1800, Session Timeout = 1800
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 Sending assoc-resp with status 0 station:10:2a:b3:d0:3f:58 AP:d0:57:4c:c9:26:60-01 on apVapId 2
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 Sending Assoc Response to station on BSSID d0:57:4c:c9:26:6e (status 0) ApVapId 2 Slot 1
*apfReceiveTask: Apr 08 22:05:09.477: 10:2a:b3:d0:3f:58 apfProcessRadiusAssocResp (apf_80211.c:3986) Changing state for mobile 10:2a:b3:d0:3f:58 on AP d0:57:4c:c9:26:60 from Associated to Associated
*pemReceiveTask: Apr 08 22:05:09.478: 10:2a:b3:d0:3f:58 192.168.49.71 Removed NPU entry.
*pemReceiveTask: Apr 08 22:05:09.478: 10:2a:b3:d0:3f:58 192.168.49.71 Added NPU entry of type 1, dtlFlags 0x0
*spamApTask4: Apr 08 22:05:09.538: 10:2a:b3:d0:3f:58 Received DELETE mobile, reason MN_REASSOC_TIMEOUT, from AP d0:57:4c:c9:26:60, slot 1 ...cleaning up mscb
*spamApTask4: Apr 08 22:05:09.539: 10:2a:b3:d0:3f:58 apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4
*spamApTask4: Apr 08 22:05:09.539: 10:2a:b3:d0:3f:58 Scheduling deletion of Mobile Station: (callerId: 30) in 1 seconds
*apfMsConnTask_4: Apr 08 22:05:10.325: 10:2a:b3:d0:3f:58 Processing assoc-req station:10:2a:b3:d0:3f:58 AP:d0:57:4c:c9:26:60-01 thread:54b82f0
*apfMsConnTask_4: Apr 08 22:05:10.325: 10:2a:b3:d0:3f:58 Ignoring 802.11 assoc request from mobile pending deletion
*apfMsConnTask_4: Apr 08 22:05:10.325: 10:2a:b3:d0:3f:58 Sending assoc-resp with status 12 station:10:2a:b3:d0:3f:58 AP:d0:57:4c:c9:26:60-01 on apVapId 1
*apfMsConnTask_4: Apr 08 22:05:10.325: 10:2a:b3:d0:3f:58 Sending Assoc Response to station on BSSID d0:57:4c:c9:26:6f (status Assoc denied unspecified) ApVapId 1 Slot 1
*spamApTask4: Apr 08 22:05:10.386: 10:2a:b3:d0:3f:58 Received DELETE mobile, reason MN_AP_AUTH_STOP, from AP d0:57:4c:c9:26:60, slot 1 ...cleaning up mscb
*spamApTask4: Apr 08 22:05:10.386: 10:2a:b3:d0:3f:58 apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 15, reasonCode 1
*spamApTask4: Apr 08 22:05:10.386: 10:2a:b3:d0:3f:58 Scheduling deletion of Mobile Station: (callerId: 30) in 1 seconds
*osapiBsnTimer: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 apfMsExpireCallback (apf_ms.c:637) Expiring Mobile!
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 apfMsExpireMobileStation (apf_ms.c:7069) Changing state for mobile 10:2a:b3:d0:3f:58 on AP d0:57:4c:c9:26:60 from Associated to Disassociated
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Sent Deauthenticate to mobile on BSSID d0:57:4c:c9:26:60 slot 1(caller apf_ms.c:7163)
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Setting active key cache index 8 ---> 8
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Global PMK Cache deletion failed.
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Accounting NAI-Realm: hale, from Mscb username : hale
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 apfMsAssoStateDec
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 apfMsExpireMobileStation (apf_ms.c:7201) Changing state for mobile 10:2a:b3:d0:3f:58 on AP d0:57:4c:c9:26:60 from Disassociated to Idle
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 192.168.49.71 START (0) Deleted mobile LWAPP rule on AP [d0:57:4c:c9:26:60]
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Username entry 'hale' is deleted for mobile from the UserName table
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Username entry hale deleted for mobile
*apfReceiveTask: Apr 08 22:05:11.215: 10:2a:b3:d0:3f:58 Deleting mobile on AP d0:57:4c:c9:26:60(1)
*pemReceiveTask: Apr 08 22:05:11.216: 10:2a:b3:d0:3f:58 192.168.49.71 Removed NPU entry.

wuhao0015
Spotlight
Spotlight
本帖最后由 wuhao0015 于 2016-4-11 22:57 编辑
经过几天的测试和研究问题还是被自己解决了。
总结有几个问题。
1,软件bug,8.1.131授权直接提示COA错误。vWLC降到8.0.132错误消失。
2,需要授权的Flexconnect ACL需要提前推给AP,不然debug提示找不到ACL。
3,ISE的Standard Authorization Profiles的名字中间不能有“-”,不然提示找不到授权策略。去掉“-”问题解决。貌似可以使用“_”,这个是为什么呢。。。
。。。休息会,累死了。。。

gzlccna01
Level 1
Level 1
wuhao0015 发表于 2016-4-11 22:10
经过几天的测试和研究问题还是被自己解决了。
总结有几个问题。

楼主,有个问题请教一下。我同样也是做VWLC+ISE1.4.10 做ISE自带的Guest 门户的COA认证,但是我现在的问题是一直卡在用户无法弹出Guest门户网页。ISE提示DNS解析错误的问题,想请教一下。

wuhao0015
Spotlight
Spotlight
gzlccna01 发表于 2017-2-21 23:35
楼主,有个问题请教一下。我同样也是做VWLC+ISE1.4.10 做ISE自带的Guest 门户的COA认证,但是我现在的问 ...

DNS肯定是要做的,当然也可以设置跳出的页面不用域名直接使用IP地址也行~!
快捷链接