cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2949
Views
0
Helpful
30
Replies

Statically addressed devices cannot achive RUN state

rm760
Level 4
Level 4

I have just converted my home from (3) 3600 series autonomous APs to LWAPs with 802.11AC radios to take advantage of the 802.11AC radio spectrum.

I am using a WLC 2504 running version 8.1.102.0 software.   All is working great except for my security cameras.  They require a static IP address to communicate with the DVR.   They are older and use WEP encryption (hex 128 bit).   They cannot achieve the RUN state as the controller wants the IP address before allowing connection to the network.  DHCP is not set to required for the WLAN or Interface.  Here is the error I receive.

*apfMsConnTask_3: Jun 20 11:57:33.067: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:14:b7 0.0.0.0 DHCP_REQD (7) Rejecting association attempt by ad-hoc client

 

I have even attempted to break down the communication to its most basic form (wide open), and still the same result. 

Thoughts and suggestions would be greatly appreciated. 

Attached is a copy of my configuration

30 Replies 30

should I be doing something other than local switching?  I have removed the check box from the learn client ip address flex connect setting

no its fine , but as you know the troubleshooting point of view is different when dealing with local switching or central switching , 

 

any changes after disabling it ? :|

Ali

I am resetting the DVR to capture video, will know in about 1 hour.  Will reply then

all of my camera MAC addresses start 00:80:f0.  I am noticing these cameras are now showing up in the client monitor table with both their wireless MAC address and their wired MAC address.

 

Am I fighting cleanair now?

from the screenshot i can see that the last digit is different , so it's not daul or duplicate MACs, 

 

it looks like that the cameras has two radios and each radio is actually a separated wireless driver  , and both radios are trying to connect on the WLC ,  

can you debug the other MAC address on the WLC,  

Ali

Please allow me to expand upon my previous statement.  Each camera has a wired and wireless network MAC address.  For some reason the WLC is seeing both MAC addresses and assuming it a rogue network.  As such the WLC rejects the connection.  Is there a way to configure the WLC so as to not reject these connections? Maybe some form of permit ACL?  

this is strange! why the ethernet adapter appears on the WLC as client, 

this scenario can happen when an ethernet client is connected behind a WGB , bu this is not the case , 

 

can you share the show client details for these ethernet MAC add ? along with debugs , so we can understand this behavior . 

here is show client details

(Cisco Controller) >show client detail 00:80:f0:58:3c:13
Client MAC Address............................... 00:80:f0:58:3c:13
Client Username ................................. N/A
AP MAC Address................................... 64:d8:14:d1:3c:70
AP Name.......................................... Garage_AP
AP radio slot Id................................. 0
Client State..................................... Associated
Client User Group................................
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 5
Wireless LAN Network Name (SSID)................. HOUNDS
Wireless LAN Profile Name........................ Cameras
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 64:d8:14:d1:3c:74
Connected For ................................... 25 secs
Channel.......................................... 11
IP Address....................................... Unknown
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 7
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0

--More-- or (q)uit
Session Timeout.................................. 0
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Disabled
Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0,
    ............................................. 48.0,54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Audit Session ID................................. ac100402000024a3558998c3
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable

--More-- or (q)uit
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
Client Type...................................... Simple IP
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... Static WEP
Encryption Cipher................................ WEP (104 bits)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ wlan 192
VLAN............................................. 192
Quarantine VLAN.................................. 0
Access VLAN...................................... 192
Local Bridging VLAN.............................. 192
Client Capabilities:
      CF Pollable................................ Not implemented
      CF Poll Request............................ Not implemented
      Short Preamble............................. Implemented
      PBCC....................................... Not implemented

--More-- or (q)uit
      Channel Agility............................ Not implemented
      Listen Interval............................ 0
      Fast BSS Transition........................ Not implemented
      11v BSS Transition......................... Not implemented
Client Wifi Direct Capabilities:
      WFD capable................................ No
      Manged WFD capable......................... No
      Cross Connection Capable................... No
      Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
      Number of Bytes Received................... 0
      Number of Bytes Sent....................... 0
      Total Number of Bytes Sent................. 0
      Total Number of Bytes Recv................. 0
      Number of Bytes Sent (last 90s)............ 0
      Number of Bytes Recv (last 90s)............ 0
      Number of Packets Received................. 0
      Number of Packets Sent..................... 0
      Number of Interim-Update Sent.............. 0
      Number of EAP Id Request Msg Timeouts...... 0
      Number of EAP Id Request Msg Failures...... 0
      Number of EAP Request Msg Timeouts......... 0

--More-- or (q)uit
      Number of EAP Request Msg Failures......... 0
      Number of EAP Key Msg Timeouts............. 0
      Number of EAP Key Msg Failures............. 0
      Number of Data Retries..................... 0
      Number of RTS Retries...................... 0
      Number of Duplicate Received Packets....... 0
      Number of Decrypt Failed Packets........... 0
      Number of Mic Failured Packets............. 0
      Number of Mic Missing Packets.............. 0
      Number of RA Packets Dropped............... 0
      Number of Policy Errors.................... 0
      Radio Signal Strength Indicator............ Unavailable
      Signal to Noise Ratio...................... Unavailable
Client Rate Limiting Statistics:
      Number of Data Packets Received............ 0
      Number of Data Rx Packets Dropped.......... 0
      Number of Data Bytes Received.............. 0
      Number of Data Rx Bytes Dropped............ 0
      Number of Realtime Packets Received........ 0
      Number of Realtime Rx Packets Dropped...... 0
      Number of Realtime Bytes Received.......... 0
      Number of Realtime Rx Bytes Dropped........ 0
      Number of Data Packets Sent................ 0

--More-- or (q)uit
      Number of Data Tx Packets Dropped.......... 0
      Number of Data Bytes Sent.................. 0
      Number of Data Tx Bytes Dropped............ 0
      Number of Realtime Packets Sent............ 0
      Number of Realtime Tx Packets Dropped...... 0
      Number of Realtime Bytes Sent.............. 0
      Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
      Attic_AP(slot 0)
        antenna0: 25 secs ago.................... -56 dBm
        antenna1: 25 secs ago.................... -56 dBm
      Garage_AP(slot 0)
        antenna0: 24 secs ago.................... -59 dBm
        antenna1: 24 secs ago.................... -75 dBm
      Closet_AP(slot 0)
        antenna0: 25 secs ago.................... -61 dBm
        antenna1: 25 secs ago.................... -77 dBm
DNS Server details:
      DNS server IP ............................. 0.0.0.0
      DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:

 

--More-- or (q)uit
 Client Dhcp Required:     False
Allowed (URL)IP Addresses
-------------------------

AVC Profile Name: ............................... none

(Cisco Controller) >

only debug after debugging client

*apfMsConnTask_3: Jun 23 10:42:35.701: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:55:07:4d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 23 10:42:35.700: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:14:b6 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_5: Jun 23 10:41:42.317: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:5f:b1:e3 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_5: Jun 23 10:41:42.312: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 23 10:41:35.608: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:55:07:4d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 23 10:41:35.603: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:14:b6 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_5: Jun 23 10:40:42.176: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:5f:b1:e3 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_5: Jun 23 10:40:42.173: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 23 10:40:35.563: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:55:07:4d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client

 

 

the WLC sees this mac as ad hoc client , which is a client connected to an ad hoc, 

i think there is no way to stop this from the AP side , 

 

so can you check on the camera if it can be stopped from there  .

Ali

Now I am seeing rejection messages in my message log on the WLC

*apfMsConnTask_3: Jun 22 15:44:03.066: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:43:49.785: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:12 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:43:03.483: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:42:29.721: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:42:03.233: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:41:03.228: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:40:49.868: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:38:29.782: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:37:29.848: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:37:03.166: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:36:29.970: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:36:03.177: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:12 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:36:03.174: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:35:03.162: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:34:49.836: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:12 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:33:49.855: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:12 192.168.128.20 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:33:03.301: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:32:29.858: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:32:03.302: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:31:03.317: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:30:29.958: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:30:03.284: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:29:30.001: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:29:03.176: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:28:30.028: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:28:03.187: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:27:49.921: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:55:07:4d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:27:43.161: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:27:03.449: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:26:30.008: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:26:03.163: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:25:30.240: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:25:03.633: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:24:30.030: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:24:03.222: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:24:03.216: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:5f:b1:e2 192.168.128.23 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:23:29.965: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_3: Jun 22 15:23:03.177: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:20:6d 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:22:30.340: %APF-3-ASSOCREQ: apf_utils.c:1514 00:80:f0:58:3c:13 0.0.0.0 RUN (20) Rejecting association attempt by ad-hoc client
*apfMsConnTask_1: Jun 22 15:21:34.006: %APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c:437 Could not check supported rates. Missing Supported Rate. Length :0. Mobile MAC: 00:80:f0:58:a0:10.

 

Also in my trap log

Mon Jun 22 15:44:37 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
1Mon Jun 22 15:44:36 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:74 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11b/g radio whose slot ID is 0
2Mon Jun 22 15:43:48 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
3Mon Jun 22 15:43:35 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
4Mon Jun 22 15:41:33 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
5Mon Jun 22 15:40:48 2015Rogue AP: 9c:d3:6d:a6:88:79 detected on Base Radio MAC: 34:a8:4e:81:2a:50 Interface no: 0(802.11n(2.4 GHz)) Channel: 8 RSSI: -71 SNR: 21 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0
6Mon Jun 22 15:40:45 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
7Mon Jun 22 15:40:32 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
8Mon Jun 22 15:39:33 2015Impersonation of AP with Base Radio MAC c4:14:3c:28:2f:64 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: c4:14:3c:28:2f:60 on its 802.11b/g radio whose slot ID is 0
9Mon Jun 22 15:38:31 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
10Mon Jun 22 15:37:41 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
11Mon Jun 22 15:37:31 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
12Mon Jun 22 15:36:55 2015Rogue AP: 00:25:3c:08:50:d1 detected on Base Radio MAC: 64:d8:14:d1:3c:70 Interface no: 0(802.11b/g) Channel: 3 RSSI: -73 SNR: 6 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0
13Mon Jun 22 15:35:29 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
14Mon Jun 22 15:34:36 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
15Mon Jun 22 15:34:28 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
16Mon Jun 22 15:33:19 2015Rogue AP : 9c:d3:6d:a6:88:79 removed from Base Radio MAC : 34:a8:4e:81:2a:50 Interface no:0(802.11n(2.4 GHz))
17Mon Jun 22 15:33:19 2015Rogue AP : 9c:d3:6d:a6:88:79 removed from Base Radio MAC : c4:14:3c:28:2f:60 Interface no:0(802.11n(2.4 GHz))
18Mon Jun 22 15:32:25 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
19Mon Jun 22 15:31:49 2015Rogue AP : 00:25:3c:08:50:d1 removed from Base Radio MAC : 64:d8:14:d1:3c:70 Interface no:0(802.11b/g)
20Mon Jun 22 15:31:33 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
21Mon Jun 22 15:31:25 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
22Mon Jun 22 15:29:22 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
23Mon Jun 22 15:28:30 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
24Mon Jun 22 15:28:21 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
25Mon Jun 22 15:28:20 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:74 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11b/g radio whose slot ID is 0
26Mon Jun 22 15:27:49 2015Rogue AP: 00:25:3c:08:50:d1 detected on Base Radio MAC: 64:d8:14:d1:3c:70 Interface no: 0(802.11b/g) Channel: 3 RSSI: -77 SNR: 1 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0
27Mon Jun 22 15:27:38 2015Rogue AP : 9c:d3:6d:b3:e2:89 removed from Base Radio MAC : 34:a8:4e:81:2a:50 Interface no:0(802.11n(2.4 GHz))
28Mon Jun 22 15:26:19 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
29Mon Jun 22 15:26:15 2015Rogue AP: 9c:d3:6d:a6:88:79 detected on Base Radio MAC: c4:14:3c:28:2f:60 Interface no: 0(802.11n(2.4 GHz)) Channel: 8 RSSI: -78 SNR: 1 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0
30Mon Jun 22 15:25:27 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
31Mon Jun 22 15:25:19 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
32Mon Jun 22 15:23:38 2015Rogue AP: 9c:d3:6d:b3:e2:89 detected on Base Radio MAC: 34:a8:4e:81:2a:50 Interface no: 0(802.11n(2.4 GHz)) Channel: 8 RSSI: -62 SNR: 4 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0
33Mon Jun 22 15:23:23 2015Interference Profile Updated to Pass for Base Radio MAC: 64:d8:14:d1:3c:70 and slotNo: 0
34Mon Jun 22 15:23:18 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
35Mon Jun 22 15:22:23 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
36Mon Jun 22 15:22:18 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
37Mon Jun 22 15:20:16 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
38Mon Jun 22 15:20:08 2015Impersonation of AP with Base Radio MAC c4:14:3c:28:2f:64 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: c4:14:3c:28:2f:60 on its 802.11b/g radio whose slot ID is 0
39Mon Jun 22 15:19:19 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
40Mon Jun 22 15:19:15 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
41Mon Jun 22 15:17:13 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
42Mon Jun 22 15:17:06 2015Impersonation of AP with Base Radio MAC c4:14:3c:28:2f:64 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: c4:14:3c:28:2f:60 on its 802.11b/g radio whose slot ID is 0
43Mon Jun 22 15:16:13 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
44Mon Jun 22 15:16:11 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:74 using source address of 00:80:f0:8c:43:06 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11b/g radio whose slot ID is 0
45Mon Jun 22 15:15:19 2015Rogue AP : 9c:d3:6d:a6:88:79 removed from Base Radio MAC : 34:a8:4e:81:2a:50 Interface no:0(802.11n(2.4 GHz))
46Mon Jun 22 15:15:17 2015Impersonation of AP with Base Radio MAC 34:a8:4e:81:2a:54 using source address of 00:80:f0:8c:43:07 has been detected by the AP with MAC Address: 34:a8:4e:81:2a:50 on its 802.11b/g radio whose slot ID is 0
47Mon Jun 22 15:14:10 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
48Mon Jun 22 15:14:02 2015Impersonation of AP with Base Radio MAC c4:14:3c:28:2f:64 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: c4:14:3c:28:2f:60 on its 802.11b/g radio whose slot ID is 0
49Mon Jun 22 15:13:10 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
50Mon Jun 22 15:13:09 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:74 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11b/g radio whose slot ID is 0
51Mon Jun 22 15:11:25 2015Noise Profile Updated to Pass for Base Radio MAC: 34:a8:4e:81:2a:50 and slotNo: 0
52Mon Jun 22 15:11:19 2015Rogue AP: 9c:d3:6d:a6:88:79 detected on Base Radio MAC: 34:a8:4e:81:2a:50 Interface no: 0(802.11n(2.4 GHz)) Channel: 8 RSSI: -71 SNR: 21 Classification: unclassified, State: Alert, RuleClassified : N, Severity Score: 0, RuleName: N.A. ,Classified AP MAC: 00:00:00:00:00:00 ,Classified RSSI: 0
53Mon Jun 22 15:11:07 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
54Mon Jun 22 15:10:06 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
55Mon Jun 22 15:10:05 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:74 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11b/g radio whose slot ID is 0
56Mon Jun 22 15:10:00 2015Impersonation of AP with Base Radio MAC c4:14:3c:28:2f:64 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: c4:14:3c:28:2f:60 on its 802.11b/g radio whose slot ID is 0
57Mon Jun 22 15:08:26 2015Interference Profile Failed for Base Radio MAC: 64:d8:14:d1:3c:70 and slotNo: 0
58Mon Jun 22 15:08:25 2015Noise Profile Failed for Base Radio MAC: 34:a8:4e:81:2a:50 and slotNo: 0
59Mon Jun 22 15:08:03 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:75 using source address of 64:d8:14:d1:3c:75 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
60Mon Jun 22 15:07:03 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:77 using source address of 64:d8:14:d1:3c:77 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11a radio whose slot ID is 1
61Mon Jun 22 15:06:56 2015Impersonation of AP with Base Radio MAC c4:14:3c:28:2f:64 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: c4:14:3c:28:2f:60 on its 802.11b/g radio whose slot ID is 0
62Mon Jun 22 15:06:02 2015Impersonation of AP with Base Radio MAC 64:d8:14:d1:3c:74 using source address of 00:80:f0:58:a0:10 has been detected by the AP with MAC Address: 64:d8:14:d1:3c:70 on its 802.11b/g radio whose slot ID is 0
63Mon Jun 22 15:05:26 2015Noise Profile Updated to Pass for Base Radio MAC: 34:a8:4e:81:2a:50 and slotNo: 0

Here is the output for show client details for AMC add 00:80:f0:58:14:b6

(Cisco Controller) >show client detail 00:80:f0:58:14:b6
Client MAC Address............................... 00:80:f0:58:14:b6
Client Username ................................. N/A
AP MAC Address................................... 34:a8:4e:81:2a:50
AP Name.......................................... Attic_AP
AP radio slot Id................................. 0
Client State..................................... Associated
Client User Group................................
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 5
Wireless LAN Network Name (SSID)................. HOUNDS
Wireless LAN Profile Name........................ Cameras
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 34:a8:4e:81:2a:54
Connected For ................................... 11 secs
Channel.......................................... 11
IP Address....................................... 192.168.128.10
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 23
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0

--More-- or (q)uit
Session Timeout.................................. 0
Client CCX version............................... No CCX support
QoS Level........................................ Silver
Avg data Rate.................................... 0
Burst data Rate.................................. 0
Avg Real time data Rate.......................... 0
Burst Real Time data Rate........................ 0
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Disabled
Supported Rates.................................. 12.0,18.0,24.0,36.0,48.0,
    ............................................. 54.0
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Audit Session ID................................. ac100402000017ef55887be7
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... none
FlexConnect ACL Applied Status................... Unavailable
IPv4 ACL Applied Status.......................... Unavailable

--More-- or (q)uit
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Layer2 ACL Name.................................. none
Layer2 ACL Applied Status........................ Unavailable
Client Type...................................... Simple IP
mDNS Status...................................... Disabled
mDNS Profile Name................................ none
No. of mDNS Services Advertised.................. 0
Policy Type...................................... Static WEP
Encryption Cipher................................ WEP (104 bits)
Protected Management Frame ...................... No
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ wlan 192
VLAN............................................. 192
Quarantine VLAN.................................. 0
Access VLAN...................................... 192
Local Bridging VLAN.............................. 192
Client Capabilities:
      CF Pollable................................ Not implemented
      CF Poll Request............................ Not implemented
      Short Preamble............................. Implemented
      PBCC....................................... Not implemented

--More-- or (q)uit
      Channel Agility............................ Not implemented
      Listen Interval............................ 0
      Fast BSS Transition........................ Not implemented
      11v BSS Transition......................... Not implemented
Client Wifi Direct Capabilities:
      WFD capable................................ No
      Manged WFD capable......................... No
      Cross Connection Capable................... No
      Support Concurrent Operation............... No
Fast BSS Transition Details:
Client Statistics:
      Number of Bytes Received................... 0
      Number of Bytes Sent....................... 0
      Total Number of Bytes Sent................. 0
      Total Number of Bytes Recv................. 0
      Number of Bytes Sent (last 90s)............ 40176
      Number of Bytes Recv (last 90s)............ 1350181
      Number of Packets Received................. 0
      Number of Packets Sent..................... 0
      Number of Interim-Update Sent.............. 0
      Number of EAP Id Request Msg Timeouts...... 0
      Number of EAP Id Request Msg Failures...... 0
      Number of EAP Request Msg Timeouts......... 0

--More-- or (q)uit
      Number of EAP Request Msg Failures......... 0
      Number of EAP Key Msg Timeouts............. 0
      Number of EAP Key Msg Failures............. 0
      Number of Data Retries..................... 0
      Number of RTS Retries...................... 0
      Number of Duplicate Received Packets....... 0
      Number of Decrypt Failed Packets........... 0
      Number of Mic Failured Packets............. 0
      Number of Mic Missing Packets.............. 0
      Number of RA Packets Dropped............... 0
      Number of Policy Errors.................... 0
      Radio Signal Strength Indicator............ Unavailable
      Signal to Noise Ratio...................... Unavailable
Client Rate Limiting Statistics:
      Number of Data Packets Received............ 0
      Number of Data Rx Packets Dropped.......... 0
      Number of Data Bytes Received.............. 0
      Number of Data Rx Bytes Dropped............ 0
      Number of Realtime Packets Received........ 0
      Number of Realtime Rx Packets Dropped...... 0
      Number of Realtime Bytes Received.......... 0
      Number of Realtime Rx Bytes Dropped........ 0
      Number of Data Packets Sent................ 0

--More-- or (q)uit
      Number of Data Tx Packets Dropped.......... 0
      Number of Data Bytes Sent.................. 0
      Number of Data Tx Bytes Dropped............ 0
      Number of Realtime Packets Sent............ 0
      Number of Realtime Tx Packets Dropped...... 0
      Number of Realtime Bytes Sent.............. 0
      Number of Realtime Tx Bytes Dropped........ 0
Nearby AP Statistics:
      Attic_AP(slot 0)
        antenna0: 5 secs ago..................... -63 dBm
        antenna1: 5 secs ago..................... -56 dBm
      Closet_AP(slot 0)
        antenna0: 48 secs ago.................... -58 dBm
        antenna1: 48 secs ago.................... -58 dBm
DNS Server details:
      DNS server IP ............................. 0.0.0.0
      DNS server IP ............................. 0.0.0.0
Assisted Roaming Prediction List details:


 Client Dhcp Required:     False
Allowed (URL)IP Addresses
-------------------------

--More-- or (q)uit

AVC Profile Name: ............................... none

(Cisco Controller) >

 

from show cleint details , i can see that the client is in run state :

 

Policy Manager State............................. RUN 

 

since the cleint is in run state and has ip address so it should be fine , 

 

only do the cisco recommendation of disabling flexconnect learn ip address on the WLAN that has passive client enabled . 

Here is the output from debug client

(Cisco Controller) debug> client 00:80:f0:58:14:b6

(Cisco Controller) debug>*pemReceiveTask: Jun 20 17:22:23.675: 00:80:f0:58:20:6d 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Processing assoc-req station:00:80:f0:58:14:b6 AP:c4:14:3c:28:2f:60-00 thread:158c8930
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Association received from mobile on BSSID c4:14:3c:28:2f:64 AP Closet_AP
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Global 200 Clients are allowed to AP radio

*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Max Client Trap Threshold: 0  cur: 8

*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 override for default ap group, marking intgrp NULL
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access                                     Vlan 192

*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Re-applying interface policy for client

*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) -                                    -- (caller apf_policy.c:2639)
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) -                                    -- (caller apf_policy.c:2660)
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Setting the NAS Id to WLAN specific Id 'wlc.consulteron.local'
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Applying site-specific Local Bridging override for station 00:80:f0:58:14:b6 - vapId 5,                                     site 'default-group', interface 'wlan 192'
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 Applying Local Bridging Interface Policy for station 00:80:f0:58:14:b6 - vlan 192, inter                                    face id 16, interface 'wlan 192'
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_3: Jun 22 14:26:36.197: 00:80:f0:58:14:b6 suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Applied RADIUS override policy
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Replacing Fast Path rule
  type = Airespace AP Client
  on AP c4:14:3c:28:2f:60, slot 0, interface = 13, QOS = 0
  IPv4 ACL ID = 255, IPv6 ACL
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206,                                     IntfId = 16  Local Bridging Vlan = 192, Local Bridging intf id = 16
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction =                                     0, AppToken = 15206  AverageRate = 0, BurstRate = 0

*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction =                                     0, AppToken = 15206  AverageRate = 0, BurstRate = 0

*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction =                                     0, AppToken = 15206  AverageRate = 0, BurstRate = 0

*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 2                                    55, L2 ACL ID 255)
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 Sending 11w Flag 0 for Client 00:80:F0:58:14:B6
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Plumbed mobile LWAPP rule on AP c4:14:3c:28:2f:60 vapId 5 apVapI                                    d 5 flex-acl-name:
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Change state to RUN (20) last state RUN (20)

*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 apfPemAddUser2 (apf_policy.c:357) Changing state for mobile 00:80:f0:58:14:b6 on AP c4:1                                    4:3c:28:2f:60 from Associated to Associated

*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 apfPemAddUser2:session timeout forstation 00:80:f0:58:14:b6 - Session Tout 0, apfMsTimeO                                    ut '0' and sessionTimerRunning flag is  0
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 Sending assoc-resp with status 0 station:00:80:f0:58:14:b6 AP:c4:14:3c:28:2f:60-00 on ap                                    VapId 5
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 Sending Assoc Response to station on BSSID c4:14:3c:28:2f:64 (status 0) ApVapId 5 Slot 0
*apfMsConnTask_3: Jun 22 14:26:36.198: 00:80:f0:58:14:b6 apfProcessAssocReq (apf_80211.c:9840) Changing state for mobile 00:80:f0:58:14:b6 on AP                                     c4:14:3c:28:2f:60 from Associated to Associated

*pemReceiveTask: Jun 22 14:26:36.200: 00:80:f0:58:14:b6 192.168.128.10 Added NPU entry of type 1, dtlFlags 0x0

(Cisco Controller) debug>*Apf Guest: Jun 22 14:26:52.880: Wired client head is NULL, no clients in the list. Number of clients = 0

*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Processing assoc-req station:00:80:f0:58:14:b6 AP:c4:14:3c:28:2f:60-00 thread:158c8930
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Association received from mobile on BSSID c4:14:3c:28:2f:64 AP Closet_AP
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Global 200 Clients are allowed to AP radio

*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Max Client Trap Threshold: 0  cur: 8

*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 override for default ap group, marking intgrp NULL
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 192

*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Re-applying interface policy for client

*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:263         9)
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:266         0)
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Setting the NAS Id to WLAN specific Id 'wlc.consulteron.local'
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Applying site-specific Local Bridging override for station 00:80:f0:58:14:b6 - vapId 5, site 'default-group', inter         face 'wlan 192'
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 Applying Local Bridging Interface Policy for station 00:80:f0:58:14:b6 - vlan 192, interface id 16, interface 'wlan          192'
*apfMsConnTask_3: Jun 22 14:27:36.242: 00:80:f0:58:14:b6 processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 STA - rates (6): 24 36 48 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Applied RADIUS override policy
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Replacing Fast Path rule
  type = Airespace AP Client
  on AP c4:14:3c:28:2f:60, slot 0, interface = 13, QOS = 0
  IPv4 ACL ID = 255, IPv6 ACL
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 16  Local Bridgin         g Vlan = 192, Local Bridging intf id = 16
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 15206  Avera         geRate = 0, BurstRate = 0

*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 15206  Avera         geRate = 0, BurstRate = 0

*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 15206  Avera         geRate = 0, BurstRate = 0

*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 Sending 11w Flag 0 for Client 00:80:F0:58:14:B6
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Plumbed mobile LWAPP rule on AP c4:14:3c:28:2f:60 vapId 5 apVapId 5 flex-acl-name:
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 192.168.128.10 RUN (20) Change state to RUN (20) last state RUN (20)

*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 apfPemAddUser2 (apf_policy.c:357) Changing state for mobile 00:80:f0:58:14:b6 on AP c4:14:3c:28:2f:60 from Associat         ed to Associated

*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 apfPemAddUser2:session timeout forstation 00:80:f0:58:14:b6 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunn         ing flag is  0
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_3: Jun 22 14:27:36.243: 00:80:f0:58:14:b6 Sending assoc-resp with status 0 station:00:80:f0:58:14:b6 AP:c4:14:3c:28:2f:60-00 on apVapId 5
*apfMsConnTask_3: Jun 22 14:27:36.244: 00:80:f0:58:14:b6 Sending Assoc Response to station on BSSID c4:14:3c:28:2f:64 (status 0) ApVapId 5 Slot 0
*apfMsConnTask_3: Jun 22 14:27:36.244: 00:80:f0:58:14:b6 apfProcessAssocReq (apf_80211.c:9840) Changing state for mobile 00:80:f0:58:14:b6 on AP c4:14:3c:28:2f:60 from Asso         ciated to Associated

*pemReceiveTask: Jun 22 14:27:36.246: 00:80:f0:58:14:b6 192.168.128.10 Added NPU entry of type 1, dtlFlags 0x0

(Cisco Controller) debug>

 

 

 

gohussai
Level 4
Level 4

yes flex group can solve the issue.  and thanks scott nice addon.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: