04-16-2012 09:11 AM - edited 07-03-2021 10:00 PM
Here is what I'm getting:
*Dot1x_NW_MsgTask_0: Apr 16 10:08:53.443: %APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create username mag12 for mobile00:21:5f:b2:f6:87.
I have WPA2 with 802.1X ties back to ACS 5.3. Works great, but I got a client having a problem today. Cisco doesn't say much about this error and it consider it an internal error? How to fix it? what does it mean exactly? Anybody?
Here is my CLI debug output last few lines:
*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 Stopping reauth timeout for 00:22:5f:b3:f6:87
*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state
*dot1xMsgTask: Apr 16 09:08:38.461: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Apr 16 09:08:38.465: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 Received EAPOL START from mobile 00:22:5f:b3:f6:87
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.489: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.493: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87
04-16-2012 09:21 AM
Looks like there may be a stuck/stale entry in the MSCB that is not allowing that client to be added.
You could try rebooting the WLC to see if it clears it.
Steve
04-16-2012 09:27 AM
There is noway we can clear the MCSB entry table for that controller from command line? The user is able to authenticate from time to time so it is an intermittent issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide