04-16-2012 09:11 AM - edited 07-03-2021 10:00 PM
Here is what I'm getting:
*Dot1x_NW_MsgTask_0: Apr 16 10:08:53.443: %APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create username mag12 for mobile00:21:5f:b2:f6:87.
I have WPA2 with 802.1X ties back to ACS 5.3. Works great, but I got a client having a problem today. Cisco doesn't say much about this error and it consider it an internal error? How to fix it? what does it mean exactly? Anybody?
Here is my CLI debug output last few lines:
*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 Stopping reauth timeout for 00:22:5f:b3:f6:87
*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state
*dot1xMsgTask: Apr 16 09:08:38.461: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Apr 16 09:08:38.465: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 Received EAPOL START from mobile 00:22:5f:b3:f6:87
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.489: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.493: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87
04-16-2012 09:21 AM
Looks like there may be a stuck/stale entry in the MSCB that is not allowing that client to be added.
You could try rebooting the WLC to see if it clears it.
Steve
04-16-2012 09:27 AM
There is noway we can clear the MCSB entry table for that controller from command line? The user is able to authenticate from time to time so it is an intermittent issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: