About Frederik De Muyter

Frederik De Muyter · ‎12-07-2018

Hi, Considering the bellow scenario where i have a multilayer connecting to 2 different MPLS providers (international and local)We are receving and advertising routes via ospf to the MPLS provider. If we would like to place a firewall in between the routing segment how do i best do this? Let the firewall participate in OSPF? Most likely multiple solutions for this? I could use IBGP and run it through the firewall, this would give me advantages of network team being in control or routing. Another solution like this would be create a separate ospf area for the firewall and connect the isp to my backbone area using ospf virtual link. Don't think this option is that good it will work but. (in both cases I will see traffic passing the firewall. GRE for OSPF is also an option but then all my data packets will be encapsulated(firewall has the ability to inspect encapsulated traffic). Any other options? Or just let the firewall participate in OSPF area 0?

Frederik De Muyter · ‎07-26-2018

Hi, There are connections on the wlc that work. About 30 APS on the stand-by that serve clients. Frederik

Frederik De Muyter · ‎07-26-2018

We have 2 controllers in a mobility group no SSO configured. When i failover an accesspoint to the "standby" controller the client remains active. But when i disconnect and try to reconnect the client to the SSID i am unable to do so. From the debug client / aaa debug it seems like the client is never getting into a L2AUTHCOMPLETE (4) state. No key exchange. Copy paste of debug output and show client details below: (Cisco Controller) >*Dot1x_NW_MsgTask_0: Jul 26 17:47:59.150: f0:d5:bf:fe:02:68 PMK: Sending cache delete *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *aaaQueueReader: Jul 26 17:49:12.632: RADIUS Auth server sync stats timer event *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS auth server 10.0.139.1 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS auth server 10.0.139.2 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS auth server 10.0.139.100 *aaaQueueReader: Jul 26 17:49:12.632: RADIUS Acct server sync stats timer event *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS acct server 10.0.139.1 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS acct server 10.0.139.2 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS acct server 10.0.139.100 *aaaQueueReader: Jul 26 17:49:47.684: User admin authenticated *emWeb: Jul 26 17:49:47.684: Authentication succeeded for admin on 10.19.127.30 *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Created Acct-Session-ID (5b59eddc/f0:d5:bf:fe:02:68/19100) for the mobile *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Adding mobile on LWAPP AP 88:1d:fc:8d:24:10(1) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfMsAssoStateInc *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfMsOpenStateInc *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfHreapFaultTolClientUpdate (apf_80211.c:16799) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Idle to Associated *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Stopping deletion of Mobile Station: (callerId: 81) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 override for default ap group, marking intgrp NULL *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0 *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying site-specific Local Bridging override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying Local Bridging Interface Policy for station f0:d5:bf:fe:02:68 - vlan 129, interface id 0, interface 'management' *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 override from ap group, removing intf group from mscb *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying site-specific override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0 *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2955) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Setting the NAS Id to AP group specific Id 'LL-LL-WLC01112' *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 In setApfVapLocalSwitchFlag:16116 setting Central switched to FLASE *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Set Clinet MSCB as Central Association Disabled *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Change state to DHCP_REQD (7) last state START (0) *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 apfMsRunStateInc *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 10.19.12.16 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7) *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Sending Accounting request (0) for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PemLocationConfigured [0]Adding VSA with NAS update and Role[1] with state[0] *aaaQueueReader: Jul 26 17:50:52.568: AccountingMessage Accounting Start: 0x7f548807a218 *aaaQueueReader: Jul 26 17:50:52.568: Packet contains 13 AVPs: *aaaQueueReader: Jul 26 17:50:52.568: AVP[01] User-Name................................f0-d5-bf-fe-02-68 (17 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[02] Nas-Port.................................0x00000008 (8) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[03] Nas-Ip-Address...........................0x0a0e8101 (168722689) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[04] Framed-IP-Address........................0x0a130c10 (169020432) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[06] Airespace / WLAN-Identifier..............0x00000003 (3) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[07] Acct-Session-Id..........................5b59eddc/f0:d5:bf:fe:02:68/19100 (32 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[09] Acct-Authentic...........................0x00000003 (3) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[10] Acct-Event-Time..........................0x5b59eddc (1532620252) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[11] Acct-Status-Type.........................0x00000001 (1) (4 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[12] Calling-Station-Id.......................10.19.12.16 (11 bytes) *aaaQueueReader: Jul 26 17:50:52.568: AVP[13] Called-Station-Id........................10.14.129.1 (11 bytes) *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1813 index 0 active 1 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1813 index 1 active 1 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Send Radius Acct Request with pktId:240 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1813 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Successful transmission of Accounting-Start (pktId 240) to 10.0.139.1:1813 from server queue 8, proxy state f0:d5:bf:fe:02:68-00:00 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 1 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:47 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *aaaQueueReader: Jul 26 17:50:52.568: 00000000: 04 f0 00 a9 b0 29 78 a9 64 09 fc 49 38 4d 6a ca .....)x.d..I8Mj. *aaaQueueReader: Jul 26 17:50:52.568: 00000010: 12 60 18 31 01 13 66 30 2d 64 35 2d 62 66 2d 66 .`.1..f0-d5-bf-f *aaaQueueReader: Jul 26 17:50:52.568: 00000030: 0e 81 01 08 06 0a 13 0c 10 20 10 4c 4c 2d 4c 4c ...........LL-LL *aaaQueueReader: Jul 26 17:50:52.568: 00000040: 2d 57 4c 43 30 31 31 31 32 1a 0c 00 00 37 63 01 -WLC01112....7c. *aaaQueueReader: Jul 26 17:50:52.568: 00000050: 06 00 00 00 03 2c 22 35 62 35 39 65 64 64 63 2f .....,"5b59eddc/ *aaaQueueReader: Jul 26 17:50:52.568: 00000060: 66 30 3a 64 35 3a 62 66 3a 66 65 3a 30 32 3a 36 f0:d5:bf:fe:02:6 *aaaQueueReader: Jul 26 17:50:52.568: 00000070: 38 2f 31 39 31 30 30 3d 06 00 00 00 13 2d 06 00 8/19100=.....-.. *aaaQueueReader: Jul 26 17:50:52.568: 00000080: 00 00 03 37 06 5b 59 ed dc 28 06 00 00 00 01 1f ...7.[Y..(...... *aaaQueueReader: Jul 26 17:50:52.568: 00000090: 0d 31 30 2e 31 39 2e 31 32 2e 31 36 1e 0d 31 30 .10.19.12.16..10 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 0 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Adding BSSID 88:1d:fc:8d:24:1e to PMKID cache at index 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: New PMKID: (16) *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: [0000] 2d c4 f2 49 ce 14 1e 20 7a e4 dc a2 6f b8 70 40 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PMK: Sending cache delete *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Zeroize AAA Overrides from local for station *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Adding Audit session ID payload in Mobility handoff *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 1 PMK-update groupcast messages sent *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PMK sent to mobility group *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PMK: Sending cache add *radiusTransportThread: Jul 26 17:50:52.572: f0:d5:bf:fe:02:68 Counted 0 AVPs (processed 20 bytes, left 0) *radiusTransportThread: Jul 26 17:50:52.572: f0:d5:bf:fe:02:68 Accounting-Response received from RADIUS server 10.0.139.1 (qid:8) with port:1813, pktId:240 for mobile f0:d5:bf:fe:02:68 receiveId = 0 *spamApTask5: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 Cleaning up state for STA f0:d5:bf:fe:02:68 due to event for AP 88:1d:fc:8d:24:10(1) *apfReceiveTask: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 apfSendDisAssocMsgDebug (apf_80211.c:3708) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Disassociated *apfReceiveTask: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 Sent Disassociate to mobile on AP 88:1d:fc:8d:24:10-1 on BSSID 88:1d:fc:8d:24:1e(reason 1, caller apf_ms.c:7641) *apfReceiveTask: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds *radiusTransportThread: Jul 26 17:51:00.532: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:00.532: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:00.532: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *osapiBsnTimer: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 apfMsExpireCallback (apf_ms.c:638) Expiring Mobile! *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Client already in disassociated state, not sending disassociation *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Sent Deauthenticate to mobile on BSSID 88:1d:fc:8d:24:1e slot 1(caller apf_ms.c:7759) *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Removing BSSID 88:1d:fc:8d:24:1e from PMKID cache of station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Setting active key cache index 0 ---> 8 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Deleting the PMK cache when de-authenticating the client. *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 PMK: Sending cache delete *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Removing PMK cache entry for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Sending Accounting request (2) for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 PemLocationConfigured [0]Adding VSA with NAS update and Role[1] with state[0] *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 apfMsAssoStateDec *aaaQueueReader: Jul 26 17:51:02.585: AccountingMessage Accounting Stop: 0x7f55cad2abc8 *aaaQueueReader: Jul 26 17:51:02.585: Packet contains 22 AVPs: *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 apfMsExpireMobileStation (apf_ms.c:7800) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Disassociated to Idle *aaaQueueReader: Jul 26 17:51:02.585: AVP[01] User-Name................................f0-d5-bf-fe-02-68 (17 bytes) *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds *aaaQueueReader: Jul 26 17:51:02.585: AVP[02] Nas-Port.................................0x00000008 (8) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[03] Nas-Ip-Address...........................0x0a0e8101 (168722689) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[04] Framed-IP-Address........................0x0a130c10 (169020432) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[05] NAS-Identifier...........................LL-LL-WLC01112 (14 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[06] Airespace / WLAN-Identifier..............0x00000003 (3) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[07] Acct-Session-Id..........................5b59eddc/f0:d5:bf:fe:02:68/19100 (32 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[09] Acct-Authentic...........................0x00000003 (3) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[10] Acct-Event-Time..........................0x5b59ede6 (1532620262) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[11] Acct-Status-Type.........................0x00000002 (2) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[12] Acct-Input-Octets........................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[13] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[14] Acct-Output-Octets.......................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[15] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[16] Acct-Input-Packets.......................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[17] Acct-Output-Packets......................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[18] Acct-Terminate-Cause.....................0x00000001 (1) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[19] Acct-Session-Time........................0x0000000a (10) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[20] Acct-Delay-Time..........................0x00000000 (0) (4 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[21] Calling-Station-Id.......................10.19.12.16 (11 bytes) *aaaQueueReader: Jul 26 17:51:02.585: AVP[22] Called-Station-Id........................10.14.129.1 (11 bytes) *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1813 index 1 active 1 *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Send Radius Acct Request with pktId:242 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1813 *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Successful transmission of Accounting-Stop (pktId 242) to 10.0.139.1:1813 from server queue 8, proxy state f0:d5:bf:fe:02:68-00:00 *aaaQueueReader: Jul 26 17:51:02.585: 00000000: 04 f2 00 df 46 01 ee e9 4a e9 ca 38 5e 95 a3 d1 ....F...J..8^... *aaaQueueReader: Jul 26 17:51:02.585: 00000010: 63 29 0a ae 01 13 66 30 2d 64 35 2d 62 66 2d 66 c)....f0-d5-bf-f *aaaQueueReader: Jul 26 17:51:02.585: 00000020: 65 2d 30 32 2d 36 38 05 06 00 00 00 08 04 06 0a e-02-68......... *aaaQueueReader: Jul 26 17:51:02.585: 00000030: 0e 81 01 08 06 0a 13 0c 10 20 10 4c 4c 2d 4c 4c ...........LL-LL *aaaQueueReader: Jul 26 17:51:02.585: 00000040: 2d 57 4c 43 30 31 31 31 32 1a 0c 00 00 37 63 01 -WLC01112....7c. *aaaQueueReader: Jul 26 17:51:02.585: 00000050: 06 00 00 00 03 2c 22 35 62 35 39 65 64 64 63 2f .....,"5b59eddc/ *aaaQueueReader: Jul 26 17:51:02.585: 00000060: 66 30 3a 64 35 3a 62 66 3a 66 65 3a 30 32 3a 36 f0:d5:bf:fe:02:6 *aaaQueueReader: Jul 26 17:51:02.585: 00000070: 38 2f 31 39 31 30 30 3d 06 00 00 00 13 2d 06 00 8/19100=.....-.. *aaaQueueReader: Jul 26 17:51:02.585: 00000080: 00 00 03 37 06 5b 59 ed e6 28 06 00 00 00 02 2a ...7.[Y..(.....* *aaaQueueReader: Jul 26 17:51:02.585: 00000090: 06 00 00 00 00 34 06 00 00 00 00 2b 06 00 00 00 .....4.....+.... *aaaQueueReader: Jul 26 17:51:02.585: 000000a0: 00 35 06 00 00 00 00 2f 06 00 00 00 00 30 06 00 .5...../.....0.. *aaaQueueReader: Jul 26 17:51:02.585: 000000b0: 00 00 00 31 06 00 00 00 01 2e 06 00 00 00 0a 29 ...1...........) *aaaQueueReader: Jul 26 17:51:02.585: 000000c0: 06 00 00 00 00 1f 0d 31 30 2e 31 39 2e 31 32 2e .......10.19.12. *aaaQueueReader: Jul 26 17:51:02.585: 000000d0: 31 36 1e 0d 31 30 2e 31 34 2e 31 32 39 2e 31 16..10.14.129.1 *radiusTransportThread: Jul 26 17:51:02.590: f0:d5:bf:fe:02:68 Counted 0 AVPs (processed 20 bytes, left 0) *radiusTransportThread: Jul 26 17:51:02.590: f0:d5:bf:fe:02:68 Accounting-Response received from RADIUS server 10.0.139.1 (qid:8) with port:1813, pktId:242 for mobile f0:d5:bf:fe:02:68 receiveId = 0 *radiusTransportThread: Jul 26 17:51:06.165: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:06.165: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:06.165: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *osapiBsnTimer: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 apfMsExpireCallback (apf_ms.c:638) Expiring Mobile! *apfReceiveTask: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0. *apfReceiveTask: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Deleted mobile LWAPP rule on AP [88:1d:fc:8d:24:10] *apfReceiveTask: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 Deleting mobile on AP 88:1d:fc:8d:24:10(1) *apfOpenDtlSocket: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Recevied management frame ASSOCIATION REQUEST on BSSID 88:1d:fc:8d:24:10 destination addr 88:1d:fc:8d:24:1e *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Processing assoc-req station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 ssid : La******************Internal thread:1c6a9380 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Created Acct-Session-ID (5b59edf4/f0:d5:bf:fe:02:68/19106) for the mobile *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Adding mobile on LWAPP AP 88:1d:fc:8d:24:10(1) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Association received from mobile on BSSID 88:1d:fc:8d:24:1d AP LL-LL-AP1505 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Station: F0:D5:BF:FE:02:68 11v BSS Transition not enabled on the AP 88:1D:FC:8D:24:10 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Global 200 Clients are allowed to AP radio *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Max Client Trap Threshold: 0 cur: 3 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Rf profile 600 Clients are allowed to AP wlan *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 override for default ap group, marking intgrp NULL *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2955) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 In processSsidIE:6568 setting Central switched to FALSE *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Set Clinet MSCB as Central Association Disabled *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying site-specific Local Bridging override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying Local Bridging Interface Policy for station f0:d5:bf:fe:02:68 - vlan 129, interface id 0, interface 'management' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 override from ap group, removing intf group from mscb *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying site-specific override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Setting the NAS Id to AP group specific Id 'LL-LL-WLC01112' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Set Clinet Non AP specific WLAN apfMsAccessVlan = 12 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 This apfMsAccessVlan may be changed later from AAA after L2 Auth *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Cleared localSwitchingVlan, may be assigned later based on AAA override *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 processSsidIE statusCode is 0 and status is 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 processSsidIE ssid_done_flag is 0 finish_flag is 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 suppRates statusCode is 0 and gotSuppRatesElement is 1 *apfMsConnTask_0: Jul 26 17:51:16.495: RSNIE in Assoc. Req.: (22) *apfMsConnTask_0: Jul 26 17:51:16.495: [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f *apfMsConnTask_0: Jul 26 17:51:16.495: [0016] ac 01 3c 00 00 00 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Processing RSN IE type 48, length 22 for mobile f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Selected Unicast cipher CCMP128 for client device *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Received 802.11i 802.1X key management suite, enabling dot1x Authentication *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 RSN Capabilities: 60 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Marking Mobile as non-11w Capable *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 8 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Updating AID for REAP AP Client 88:1d:fc:8d:24:10 - AID ===> 9 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Initializing policy *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfVapSecurity=0x4000 L2=16384 SkipWeb=0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 AuthenticationRequired = 1 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Encryption policy is set to 0x80000001 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) DHCP required on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2for this client *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Not Using WMM Compliance code qosCap 00 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Vlan while overriding the policy = -1 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 sending to spamAddMobile vlanId -1 flex aclName = , flexAclId 65535 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2 flex-acl-name: *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfMsAssoStateInc *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfPemAddUser2 (apf_policy.c:416) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Idle to Associated *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Sending assoc-resp with status 0 station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 on apVapId 2 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 VHT Operation IE: width 20/0 ch 36 freq0 0 freq1 0 msc0 0x3f msc1 0x3f *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Sending Assoc Response (status: '0') to station on AP LL-LL-AP1505 on BSSID 88:1d:fc:8d:24:1e ApVapId 2 Slot 1, mobility role 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfProcessAssocReq (apf_80211.c:10975) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Associated *spamApTask5: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Successful transmission of LWAPP Add-Mobile to AP 88:1d:fc:8d:24:10 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 1 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:47 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Stopping reauth timeout for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Received EAPOL START, dot1x state = 2 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Ignore EAPOL START as infra EAP is pending, mobile is in 2 state *spamApTask5: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Received ADD_MOBILE ack - Initiating 1x to STA f0:d5:bf:fe:02:68 (idx 87) *spamApTask5: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Sent dot1x auth initiate message for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 reauth_sm state transition 1 ---> 0 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Connecting state *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Sending EAP-Request/Identity to mobile f0:d5:bf:fe:02:68 (EAP Id 1) *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Received Identity Response (count=1) from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Resetting reauth count 1 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 EAP State update from Connecting to Authenticating for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticating state *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Created Cisco-Audit-Session-ID for the mobile: 01810e0a00003b65f4ed595b *aaaQueueReader: Jul 26 17:51:16.924: AuthenticationRequest: 0x7f55cae04c60 *aaaQueueReader: Jul 26 17:51:16.924: Callback.....................................0x754ca0 *aaaQueueReader: Jul 26 17:51:16.924: proxyState...................................F0:D5:BF:FE:02:68-01:00 *aaaQueueReader: Jul 26 17:51:16.924: Packet contains 19 AVPs (not shown) *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:56 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 56) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-01:00 *aaaQueueReader: Jul 26 17:51:16.924: 00000000: 01 38 01 47 fd bc 19 71 1e 9f 0f 4a 7c 5a 35 99 .8.G...q...J|Z5. *aaaQueueReader: Jul 26 17:51:16.924: 00000010: 3f d3 7e 92 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d ?.~...host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:16.924: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:16.924: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:16.924: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:16.924: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:16.924: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:16.924: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:16.924: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:16.924: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:16.924: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:16.924: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:16.924: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:16.924: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:16.924: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:16.924: 00000110: 32 39 4f 23 02 01 00 21 01 68 6f 73 74 2f 4c 4c 29O#...!.host/LL *aaaQueueReader: Jul 26 17:51:16.924: 00000120: 42 47 2d 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e BG-03649.lorrain *aaaQueueReader: Jul 26 17:51:16.924: 00000130: 65 2e 6d 73 74 50 12 fb 4d d4 e2 3a 99 aa ea da e.mstP..M..:.... *aaaQueueReader: Jul 26 17:51:16.924: 00000140: b2 0c bd 91 0a 00 2a ......* *radiusTransportThread: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 90 bytes, left 0) *radiusTransportThread: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Access-Challenge received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:56 for mobile f0:d5:bf:fe:02:68 receiveId = 1 *radiusTransportThread: Jul 26 17:51:16.970: AuthorizationResponse: 0xacf1ea0 *radiusTransportThread: Jul 26 17:51:16.970: structureSize................................262 *radiusTransportThread: Jul 26 17:51:16.970: resultCode...................................255 *radiusTransportThread: Jul 26 17:51:16.970: protocolUsed.................................0x00000001 *radiusTransportThread: Jul 26 17:51:16.970: proxyState...................................F0:D5:BF:FE:02:68-01:00 *radiusTransportThread: Jul 26 17:51:16.970: Packet contains 4 AVPs (not shown) *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Allocating EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.127: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.127: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 2, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.127: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:17.128: AuthenticationRequest: 0x7f55cad3e2d0 *aaaQueueReader: Jul 26 17:51:17.128: Callback.....................................0x754ca0 *aaaQueueReader: Jul 26 17:51:17.128: protocolType.................................0x00140001 *aaaQueueReader: Jul 26 17:51:17.128: proxyState...................................F0:D5:BF:FE:02:68-01:01 *aaaQueueReader: Jul 26 17:51:17.128: Packet contains 20 AVPs (not shown) *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:57 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 57) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-01:01 *aaaQueueReader: Jul 26 17:51:17.128: 00000000: 01 39 02 12 9a ba da fa 47 ea 65 5d 1e 40 92 77 .9......G.e].@.w *aaaQueueReader: Jul 26 17:51:17.128: 00000010: 82 77 cf 47 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d .w.G..host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:17.128: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:17.128: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:17.128: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:17.128: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:17.128: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:17.128: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:17.128: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:17.128: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:17.128: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:17.128: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:17.128: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:17.128: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:17.128: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:17.128: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:17.128: 00000110: 32 39 4f c8 02 02 00 c6 0d 80 00 00 00 bc 16 03 29O............. *aaaQueueReader: Jul 26 17:51:17.128: 00000120: 03 00 b7 01 00 00 b3 03 03 5b 59 ed f5 d8 d9 00 .........[Y..... *aaaQueueReader: Jul 26 17:51:17.128: 00000130: 1f 15 b8 a1 05 e0 72 8c 9a f2 29 96 76 fe 02 29 ......r...).v..) *aaaQueueReader: Jul 26 17:51:17.128: 00000140: 92 23 d4 71 dd f8 d3 35 99 20 c1 35 00 00 65 d8 .#.q...5...5..e. *aaaQueueReader: Jul 26 17:51:17.128: 00000150: 10 70 30 c6 07 f5 ca c7 6c 06 95 4a 8b da c4 e6 .p0.....l..J.... *aaaQueueReader: Jul 26 17:51:17.128: 00000160: 2a 17 83 47 82 a7 87 8c fe 06 00 2a c0 2c c0 2b *..G.......*.,.+ *aaaQueueReader: Jul 26 17:51:17.128: 00000180: c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c .............=.< *aaaQueueReader: Jul 26 17:51:17.128: 00000190: 00 35 00 2f 00 0a 01 00 00 40 00 05 00 05 01 00 .5./.....@...... *aaaQueueReader: Jul 26 17:51:17.128: 000001a0: 00 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 ................ *aaaQueueReader: Jul 26 17:51:17.128: 000001b0: 0b 00 02 01 00 00 0d 00 14 00 12 04 01 05 01 02 ................ *aaaQueueReader: Jul 26 17:51:17.128: 000001c0: 01 04 03 05 03 02 03 02 02 06 01 06 03 00 23 00 ..............#. *aaaQueueReader: Jul 26 17:51:17.128: 000001e0: 00 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 ...7............ *aaaQueueReader: Jul 26 17:51:17.128: 000001f0: 00 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 9f ............./T. *aaaQueueReader: Jul 26 17:51:17.128: 00000200: 50 12 c5 0d 53 11 12 89 6e dc 80 c9 ab 15 4e 1b P...S...n.....N. *aaaQueueReader: Jul 26 17:51:17.128: 00000210: d6 52 .R *radiusTransportThread: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 243 bytes, left 0) *radiusTransportThread: Jul 26 17:51:17.173: structureSize................................415 *radiusTransportThread: Jul 26 17:51:17.173: resultCode...................................255 *radiusTransportThread: Jul 26 17:51:17.173: protocolUsed.................................0x00000001 *radiusTransportThread: Jul 26 17:51:17.173: proxyState...................................F0:D5:BF:FE:02:68-01:01 *radiusTransportThread: Jul 26 17:51:17.173: Packet contains 4 AVPs (not shown) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Entering Backend Auth Req state (id=3) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 3) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Reusing allocated memory for EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 3, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Resetting reauth count 0 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:17.349: Callback.....................................0x754ca0 *aaaQueueReader: Jul 26 17:51:17.349: protocolType.................................0x00140001 *aaaQueueReader: Jul 26 17:51:17.349: proxyState...................................F0:D5:BF:FE:02:68-01:02 *aaaQueueReader: Jul 26 17:51:17.349: Packet contains 20 AVPs (not shown) *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:58 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 58) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-01:02 *aaaQueueReader: Jul 26 17:51:17.349: 00000000: 01 3a 01 91 d8 fd 9e aa 95 c7 f1 1e f3 33 09 f1 .:...........3.. *aaaQueueReader: Jul 26 17:51:17.349: 00000010: 84 40 41 fc 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d .@A...host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:17.349: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:17.349: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:17.349: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:17.349: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:17.349: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:17.349: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:17.349: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:17.349: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:17.349: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:17.349: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:17.349: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:17.349: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:17.349: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:17.349: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:17.349: 00000110: 32 39 4f 47 02 03 00 45 0d 80 00 00 00 3b 14 03 29OG...E.....;.. *aaaQueueReader: Jul 26 17:51:17.349: 00000120: 01 00 01 01 16 03 01 00 30 f0 59 58 f1 73 14 1d ........0.YX.s.. *aaaQueueReader: Jul 26 17:51:17.349: 00000130: fa 43 86 d7 38 e4 78 3b 17 40 d4 c5 45 71 64 48 .C..8.x;.@..EqdH *aaaQueueReader: Jul 26 17:51:17.349: 00000140: 62 5c f5 b6 96 ae 23 bd a7 e2 51 44 e4 3e c6 27 b\....#...QD.>.' *aaaQueueReader: Jul 26 17:51:17.349: 00000160: 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 00 ..7............. *aaaQueueReader: Jul 26 17:51:17.349: 00000170: 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 9f 50 ............/T.P *aaaQueueReader: Jul 26 17:51:17.349: 00000180: 12 4f 2f 7d 2c dd 0c f1 5d 3d 21 93 d4 26 62 f0 .O/},...]=!..&b. *aaaQueueReader: Jul 26 17:51:17.349: 00000190: ad . *radiusTransportThread: Jul 26 17:51:17.400: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 16 atrlen 52) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 17 atrlen 52) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Counted 6 AVPs (processed 212 bytes, left 0) *radiusTransportThread: Jul 26 17:51:17.400: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 16, vendorLen: 52 *radiusTransportThread: Jul 26 17:51:17.400: 00000000: d6 2e 7b 25 17 2d 0a 03 0c 46 bf 7d 49 02 c2 ee ..{%.-...F.}I... *radiusTransportThread: Jul 26 17:51:17.400: 00000010: cd 71 cb 75 79 8e b5 f5 92 ed 95 80 14 b1 2d e7 .q.uy.........-. *radiusTransportThread: Jul 26 17:51:17.400: 00000020: f0 cd 9b 53 f8 06 cb 78 5b 7c 5f 6e 74 84 9b 0e ...S...x[|_nt... *radiusTransportThread: Jul 26 17:51:17.400: 00000030: f3 3e .> *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Radius AVP MPPE send key decrypted key: keylen: 32 *radiusTransportThread: Jul 26 17:51:17.400: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 17, vendorLen: 52 *radiusTransportThread: Jul 26 17:51:17.400: 00000000: d6 2f 31 11 cf f7 47 7b ce 5b 43 3f 26 56 7f f2 ./1...G{.[C?&V.. *radiusTransportThread: Jul 26 17:51:17.400: 00000020: 71 05 77 2b 49 6c 87 bc 06 e6 e4 51 fa d8 e3 b6 q.w+Il.....Q.... *radiusTransportThread: Jul 26 17:51:17.400: 00000030: 53 0b S. *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Radius AVP MPPE recv key: keylen: 32 *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Processed VSA 311, type 17, raw bytes 52, copied 32 bytes *radiusTransportThread: Jul 26 17:51:17.400: AuthorizationResponse: 0xacf1ea0 *radiusTransportThread: Jul 26 17:51:17.400: structureSize................................380 *radiusTransportThread: Jul 26 17:51:17.400: resultCode...................................0 *radiusTransportThread: Jul 26 17:51:17.400: protocolUsed.................................0x00000001 *radiusTransportThread: Jul 26 17:51:17.400: proxyState...................................F0:D5:BF:FE:02:68-01:02 *radiusTransportThread: Jul 26 17:51:17.400: Packet contains 6 AVPs: *radiusTransportThread: Jul 26 17:51:17.400: AVP[02] EAP-Message..............................0x03030004 (50528260) (4 bytes) *radiusTransportThread: Jul 26 17:51:17.400: AVP[03] Class....................................DATA (44 bytes) *radiusTransportThread: Jul 26 17:51:17.400: AVP[05] Microsoft / MPPE-Recv-Key................DATA (32 bytes) *radiusTransportThread: Jul 26 17:51:17.400: AVP[06] Message-Authenticator....................DATA (16 bytes) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Processing Access-Accept for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Resetting web IPv4 acl from 255 to 255 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Resetting web IPv4 Flex acl from 65535 to 65535 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Received MPPE_SEND_KEY: KeyLen: 32 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Applying new AAA override for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Override values for station f0:d5:bf:fe:02:68 source: 4, valid bits: 0x0 qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1 vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: ' *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Unable to apply override policy for station f0:d5:bf:fe:02:68 - VapAllowRadiusOverride is FALSE. *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Setting re-auth timeout to 0 seconds, got from WLAN config. *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Stopping reauth timeout for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Username entry (host/COMPUTERNAME.******************.mst) created for mobile, length = 253 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Username entry (host/COMPUTERNAME.******************.mst) created in mscb for mobile, length = 253 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Creating a PKC PMKID Cache entry for station f0:d5:bf:fe:02:68 (RSN 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 8 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Adding BSSID 88:1d:fc:8d:24:1e to PMKID cache at index 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: New PMKID: (16) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: [0000] 25 eb 78 65 c5 8a 8d 82 29 47 d9 7a b4 23 1f 24 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 apfCreatePmkCacheEntry: added a new pmk cache entry for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Zeroize AAA Overrides from local for station *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 1 PMK-update groupcast messages sent *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 PMK sent to mobility group *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Disabling re-auth since PMK lifetime can take care of same. *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Sending EAP-Success to mobile f0:d5:bf:fe:02:68 (EAP Id 3) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Freeing AAACB from Dot1xCB as AAA auth is done for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Entering Backend Auth Success state (id=3) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Received Auth Success while in Authenticating state for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticated state *apfOpenDtlSocket: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Recevied management frame ASSOCIATION REQUEST on BSSID 88:1d:fc:8d:24:10 destination addr 88:1d:fc:8d:24:1e *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Processing assoc-req station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 ssid : La******************Internal thread:1c6a9380 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Station: F0:D5:BF:FE:02:68 11v BSS Transition not enabled on the AP 88:1D:FC:8D:24:10 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Association received from mobile on BSSID 88:1d:fc:8d:24:1d AP LL-LL-AP1505 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Station: F0:D5:BF:FE:02:68 11v BSS Transition not enabled on the AP 88:1D:FC:8D:24:10 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Global 200 Clients are allowed to AP radio *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Max Client Trap Threshold: 0 cur: 4 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Rf profile 600 Clients are allowed to AP wlan *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 override for default ap group, marking intgrp NULL *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 In processSsidIE:6568 setting Central switched to FALSE *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Set Clinet MSCB as Central Association Disabled *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Applying site-specific Local Bridging override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Applying Local Bridging Interface Policy for station f0:d5:bf:fe:02:68 - vlan 129, interface id 0, interface 'management' *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 override from ap group, removing intf group from mscb *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 12 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2955) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Setting the NAS Id to AP group specific Id 'LL-LL-WLC01112' *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Set Clinet Non AP specific WLAN apfMsAccessVlan = 12 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 This apfMsAccessVlan may be changed later from AAA after L2 Auth *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Cleared localSwitchingVlan, may be assigned later based on AAA override *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 processSsidIE statusCode is 0 and status is 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 processSsidIE ssid_done_flag is 0 finish_flag is 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 STA - rates (7): 12 152 36 48 72 96 108 0 0 0 0 0 0 0 0 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 suppRates statusCode is 0 and gotSuppRatesElement is 1 *apfMsConnTask_0: Jul 26 17:51:40.299: RSNIE in Assoc. Req.: (22) *apfMsConnTask_0: Jul 26 17:51:40.299: [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f *apfMsConnTask_0: Jul 26 17:51:40.299: [0016] ac 01 3c 00 00 00 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Processing RSN IE type 48, length 22 for mobile f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Selected Unicast cipher CCMP128 for client device *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Received 802.11i 802.1X key management suite, enabling dot1x Authentication *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 RSN Capabilities: 60 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Marking Mobile as non-11w Capable *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Received RSN IE with 0 PMKIDs from mobile f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Found an cache entry for BSSID 88:1d:fc:8d:24:1e in PMKID cache at index 0 of station f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Removing BSSID 88:1d:fc:8d:24:1e from PMKID cache of station f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Setting active key cache index 0 ---> 8 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 AID 9 in Assoc Req from flex AP 88:1d:fc:8d:24:10 is same as in mscb f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Initializing policy *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfVapSecurity=0x4000 L2=16384 SkipWeb=0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 AuthenticationRequired = 1 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Encryption policy is set to 0x80000001 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) DHCP required on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2for this client *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Not Using WMM Compliance code qosCap 00 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Vlan while overriding the policy = -1 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 sending to spamAddMobile vlanId -1 flex aclName = , flexAclId 65535 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2 flex-acl-name: *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfPemAddUser2 (apf_policy.c:416) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Associated *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfPemAddUser2:session timeout forstation f0:d5:bf:fe:02:68 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Sending assoc-resp with status 0 station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 on apVapId 2 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 VHT Operation IE: width 20/0 ch 36 freq0 0 freq1 0 msc0 0x3f msc1 0x3f *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Sending Assoc Response (status: '0') to station on AP LL-LL-AP1505 on BSSID 88:1d:fc:8d:24:1e ApVapId 2 Slot 1, mobility role 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfProcessAssocReq (apf_80211.c:10975) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Associated *spamApTask5: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Successful transmission of LWAPP Add-Mobile to AP 88:1d:fc:8d:24:10 *spamApTask5: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Received ADD_MOBILE ack - Initiating 1x to STA f0:d5:bf:fe:02:68 (idx 88) *spamApTask5: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Sent dot1x auth initiate message for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 0 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Connecting state *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Sending EAP-Request/Identity to mobile f0:d5:bf:fe:02:68 (EAP Id 1) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Received EAPOL START, dot1x state = 2 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Reset the reauth counter since EAPOL START has been received!!! *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 1 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:47 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Received EAPOL START from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Connecting state *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Sending EAP-Request/Identity to mobile f0:d5:bf:fe:02:68 (EAP Id 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.351: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.351: f0:d5:bf:fe:02:68 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Received Identity Response (count=1) from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Resetting reauth count 1 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 EAP State update from Connecting to Authenticating for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticating state *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:40.356: AuthenticationRequest: 0x7f55cacf0f18 *aaaQueueReader: Jul 26 17:51:40.356: Callback.....................................0x754ca0 *aaaQueueReader: Jul 26 17:51:40.356: protocolType.................................0x00140001 *aaaQueueReader: Jul 26 17:51:40.356: proxyState...................................F0:D5:BF:FE:02:68-03:00 *aaaQueueReader: Jul 26 17:51:40.356: Packet contains 19 AVPs (not shown) *aaaQueueReader: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:59 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 59) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-03:00 *aaaQueueReader: Jul 26 17:51:40.357: 00000000: 01 3b 01 47 44 a1 6d d6 e0 84 03 36 22 d5 83 29 .;.GD.m....6"..) *aaaQueueReader: Jul 26 17:51:40.357: 00000010: 0e 9e f2 4f 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d ...O..host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:40.357: 00000020: 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e 65 2e 6d 03649.******************.m *aaaQueueReader: Jul 26 17:51:40.357: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:40.357: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:40.357: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:40.357: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:40.357: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:40.357: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:40.357: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:40.357: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:40.357: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:40.357: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:40.357: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:40.357: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:40.357: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:40.357: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:40.357: 00000110: 32 39 4f 23 02 02 00 21 01 68 6f 73 74 2f 4c 4c 29O#...!.host/LL *aaaQueueReader: Jul 26 17:51:40.357: 00000120: 42 47 2d 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e BG-03649.lorrain *aaaQueueReader: Jul 26 17:51:40.357: 00000130: 65 2e 6d 73 74 50 12 be 90 ea 37 14 ea 04 7e 54 e.mstP....7...~T *aaaQueueReader: Jul 26 17:51:40.357: 00000140: 42 ff 6c 9d 41 66 d8 B.l.Af. *radiusTransportThread: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 90 bytes, left 0) *radiusTransportThread: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Access-Challenge received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:59 for mobile f0:d5:bf:fe:02:68 receiveId = 3 *radiusTransportThread: Jul 26 17:51:40.366: AuthorizationResponse: 0xacf1ea0 *radiusTransportThread: Jul 26 17:51:40.366: structureSize................................262 *radiusTransportThread: Jul 26 17:51:40.366: resultCode...................................255 *radiusTransportThread: Jul 26 17:51:40.366: protocolUsed.................................0x00000001 *radiusTransportThread: Jul 26 17:51:40.366: proxyState...................................F0:D5:BF:FE:02:68-03:00 *radiusTransportThread: Jul 26 17:51:40.366: Packet contains 4 AVPs (not shown) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Entering Backend Auth Req state (id=3) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 3) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Reusing allocated memory for EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 3, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Resetting reauth count 0 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:40.372: AuthenticationRequest: 0x7f55cacf0f18 *aaaQueueReader: Jul 26 17:51:40.372: Callback.....................................0x754ca0 *aaaQueueReader: Jul 26 17:51:40.372: protocolType.................................0x00140001 *aaaQueueReader: Jul 26 17:51:40.372: proxyState...................................F0:D5:BF:FE:02:68-03:01 *aaaQueueReader: Jul 26 17:51:40.372: Packet contains 20 AVPs (not shown) *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:60 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 60) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-03:01 *aaaQueueReader: Jul 26 17:51:40.372: 00000000: 01 3c 02 12 8d 48 5e 9c d8 18 3f 4c 92 d8 be 56 .<...H^...?L...V *aaaQueueReader: Jul 26 17:51:40.372: 00000010: 22 4c f1 8a 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d "L....host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:40.372: 00000020: 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e 65 2e 6d 03649.******************.m *aaaQueueReader: Jul 26 17:51:40.372: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:40.372: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:40.372: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:40.372: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:40.372: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:40.372: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:40.372: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:40.372: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:40.372: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:40.372: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:40.372: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:40.372: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:40.372: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:40.372: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:40.372: 00000110: 32 39 4f c8 02 03 00 c6 0d 80 00 00 00 bc 16 03 29O............. *aaaQueueReader: Jul 26 17:51:40.372: 00000120: 03 00 b7 01 00 00 b3 03 03 5b 59 ee 0c 41 d3 69 .........[Y..A.i *aaaQueueReader: Jul 26 17:51:40.372: 00000130: ee c9 e7 85 a4 83 93 d6 3f 2a 0a f7 ab 9e 83 0f ........?*...... *aaaQueueReader: Jul 26 17:51:40.372: 00000140: c8 7d cb 04 22 e2 5a 92 03 20 c1 35 00 00 65 d8 .}..".Z....5..e. *aaaQueueReader: Jul 26 17:51:40.372: 00000150: 10 70 30 c6 07 f5 ca c7 6c 06 95 4a 8b da c4 e6 .p0.....l..J.... *aaaQueueReader: Jul 26 17:51:40.372: 00000160: 2a 17 83 47 82 a7 87 8c fe 06 00 2a c0 2c c0 2b *..G.......*.,.+ *aaaQueueReader: Jul 26 17:51:40.372: 00000170: c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 .0./.....$.#.(.' *aaaQueueReader: Jul 26 17:51:40.372: 00000180: c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c .............=.< *aaaQueueReader: Jul 26 17:51:40.372: 00000190: 00 35 00 2f 00 0a 01 00 00 40 00 05 00 05 01 00 .5./.....@...... *aaaQueueReader: Jul 26 17:51:40.372: 000001a0: 00 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 ................ *aaaQueueReader: Jul 26 17:51:40.372: 000001b0: 0b 00 02 01 00 00 0d 00 14 00 12 04 01 05 01 02 ................ *aaaQueueReader: Jul 26 17:51:40.372: 000001c0: 01 04 03 05 03 02 03 02 02 06 01 06 03 00 23 00 ..............#. *aaaQueueReader: Jul 26 17:51:40.372: 000001d0: 00 00 17 00 00 ff 01 00 01 00 18 26 18 40 02 9f ...........&.@.. *aaaQueueReader: Jul 26 17:51:40.372: 000001e0: 00 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 ...7............ *aaaQueueReader: Jul 26 17:51:40.372: 000001f0: 00 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 a0 ............./T. *aaaQueueReader: Jul 26 17:51:40.372: 00000200: 50 12 bc 39 20 5c 5a 10 76 7e ce fa 65 79 f7 2e P..9.\Z.v~..ey.. *aaaQueueReader: Jul 26 17:51:40.372: 00000210: a3 33 .3 *radiusTransportThread: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 243 bytes, left 0) *radiusTransportThread: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Access-Challenge received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:60 for mobile f0:d5:bf:fe:02:68 receiveId = 3 *radiusTransportThread: Jul 26 17:51:40.377: AuthorizationResponse: 0xacf1ea0 *radiusTransportThread: Jul 26 17:51:40.377: structureSize................................415 *radiusTransportThread: Jul 26 17:51:40.377: resultCode...................................255 *radiusTransportThread: Jul 26 17:51:40.377: protocolUsed.................................0x00000001 *radiusTransportThread: Jul 26 17:51:40.377: proxyState...................................F0:D5:BF:FE:02:68-03:01 *radiusTransportThread: Jul 26 17:51:40.377: Packet contains 4 AVPs (not shown) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Entering Backend Auth Req state (id=4) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 4) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Reusing allocated memory for EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 4, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Resetting reauth count 0 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:40.385: AuthenticationRequest: 0x7f55cacf0f18 *aaaQueueReader: Jul 26 17:51:40.385: Callback.....................................0x754ca0 *aaaQueueReader: Jul 26 17:51:40.385: protocolType.................................0x00140001 *aaaQueueReader: Jul 26 17:51:40.385: proxyState...................................F0:D5:BF:FE:02:68-03:02 *aaaQueueReader: Jul 26 17:51:40.385: Packet contains 20 AVPs (not shown) *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:61 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 61) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-03:02 *aaaQueueReader: Jul 26 17:51:40.385: 00000000: 01 3d 01 91 a2 e0 5f 07 06 1f d4 38 0b d6 9e 32 .=...._....8...2 *aaaQueueReader: Jul 26 17:51:40.385: 00000010: 52 93 65 87 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d R.e...host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:40.385: 00000020: 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e 65 2e 6d 03649.******************.m *aaaQueueReader: Jul 26 17:51:40.385: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:40.385: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:40.385: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:40.385: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:40.385: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:40.385: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:40.385: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:40.385: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:40.385: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:40.385: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:40.385: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:40.385: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:40.385: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:40.385: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:40.385: 00000110: 32 39 4f 47 02 04 00 45 0d 80 00 00 00 3b 14 03 29OG...E.....;.. *aaaQueueReader: Jul 26 17:51:40.385: 00000120: 01 00 01 01 16 03 01 00 30 02 63 57 ed 41 a3 29 ........0.cW.A.) *aaaQueueReader: Jul 26 17:51:40.385: 00000130: c5 c3 50 3e f9 5e 49 38 bc 90 49 2c 1e 40 85 73 ..P>.^I8..I,.@.s *aaaQueueReader: Jul 26 17:51:40.385: 00000140: c6 d0 84 68 eb 01 46 36 e1 29 8d 6e 3d a9 0e 77 ...h..F6.).n=..w *aaaQueueReader: Jul 26 17:51:40.385: 00000150: 04 57 e4 24 b5 bd f9 17 30 18 26 18 40 02 9f 00 .W.$....0.&.@... *aaaQueueReader: Jul 26 17:51:40.385: 00000160: 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 00 ..7............. *aaaQueueReader: Jul 26 17:51:40.385: 00000170: 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 a0 50 ............/T.P *aaaQueueReader: Jul 26 17:51:40.385: 00000180: 12 ee 64 6f ea 39 8e ae 26 02 df 5d 13 a9 6c 94 ..do.9..&..]..l. *aaaQueueReader: Jul 26 17:51:40.385: 00000190: 5e ^ *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 16 atrlen 52) *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 17 atrlen 52) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Counted 6 AVPs (processed 212 bytes, left 0) *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 16, vendorLen: 52 *radiusTransportThread: Jul 26 17:51:40.390: 00000000: d6 30 a3 41 85 75 dd 82 a2 6b ab 21 20 24 f5 b8 .0.A.u...k.!.$.. *radiusTransportThread: Jul 26 17:51:40.390: 00000010: 28 c5 90 af 11 88 d1 d7 43 ce 1d 45 3c ce 0f b5 (.......C..E<... *radiusTransportThread: Jul 26 17:51:40.390: 00000020: 96 a4 e3 12 0d 40 ff fa 8c 99 0f 23 2d 0f dc 8b .....@.....#-... *radiusTransportThread: Jul 26 17:51:40.390: 00000030: 0e 7f .. *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Radius AVP MPPE send key decrypted key: keylen: 32 *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Processed VSA 311, type 16, raw bytes 52, copied 32 bytes *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 17, vendorLen: 52 *radiusTransportThread: Jul 26 17:51:40.390: 00000000: d6 31 a2 19 ee ea 4f e1 68 ea 94 5d 6f 33 20 57 .1....O.h..]o3.W *radiusTransportThread: Jul 26 17:51:40.390: 00000010: b6 94 c0 d1 97 47 6b f3 34 e9 37 50 ca 1c 61 95 .....Gk.4.7P..a. *radiusTransportThread: Jul 26 17:51:40.390: 00000020: d8 6d a8 9d da 50 53 3f a1 57 c5 a6 f0 80 a0 62 .m...PS?.W.....b *radiusTransportThread: Jul 26 17:51:40.390: 00000030: 87 08 .. *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Radius AVP MPPE recv key: keylen: 32 *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Processed VSA 311, type 17, raw bytes 52, copied 32 bytes *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Access-Accept received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:61 for mobile f0:d5:bf:fe:02:68 receiveId = 3 *radiusTransportThread: Jul 26 17:51:40.390: AuthorizationResponse: 0xacf1ea0 *radiusTransportThread: Jul 26 17:51:40.390: structureSize................................380 *radiusTransportThread: Jul 26 17:51:40.390: resultCode...................................0 *radiusTransportThread: Jul 26 17:51:40.390: protocolUsed.................................0x00000001 *radiusTransportThread: Jul 26 17:51:40.390: proxyState...................................F0:D5:BF:FE:02:68-03:02 *radiusTransportThread: Jul 26 17:51:40.390: Packet contains 6 AVPs: *radiusTransportThread: Jul 26 17:51:40.390: AVP[01] Service-Type.............................0x00000002 (2) (4 bytes) *radiusTransportThread: Jul 26 17:51:40.390: AVP[02] EAP-Message..............................0x03040004 (50593796) (4 bytes) *radiusTransportThread: Jul 26 17:51:40.390: AVP[03] Class....................................DATA (44 bytes) *radiusTransportThread: Jul 26 17:51:40.390: AVP[04] Microsoft / MPPE-Send-Key................DATA (32 bytes) *radiusTransportThread: Jul 26 17:51:40.390: AVP[05] Microsoft / MPPE-Recv-Key................DATA (32 bytes) *radiusTransportThread: Jul 26 17:51:40.390: AVP[06] Message-Authenticator....................DATA (16 bytes) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Processing Access-Accept for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Resetting web IPv4 acl from 255 to 255 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Resetting web IPv4 Flex acl from 65535 to 65535 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Received MPPE_SEND_KEY: KeyLen: 32 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Received MPPE_RECV_KEY: KeyLen: 32 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Applying new AAA override for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Override values for station f0:d5:bf:fe:02:68 source: 4, valid bits: 0x0 qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1 vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: ' *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Unable to apply override policy for station f0:d5:bf:fe:02:68 - VapAllowRadiusOverride is FALSE. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Setting re-auth timeout to 0 seconds, got from WLAN config. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Stopping reauth timeout for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Creating a PKC PMKID Cache entry for station f0:d5:bf:fe:02:68 (RSN 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 8 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Adding BSSID 88:1d:fc:8d:24:1e to PMKID cache at index 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: New PMKID: (16) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: [0000] 47 da 24 2b 1a 42 7d 63 78 a4 36 c6 00 b7 4b d2 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 PMK: Sending cache delete *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Zeroize AAA Overrides from local for station *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Adding Audit session ID payload in Mobility handoff *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 1 PMK-update groupcast messages sent *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 PMK sent to mobility group *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Disabling re-auth since PMK lifetime can take care of same. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Sending EAP-Success to mobile f0:d5:bf:fe:02:68 (EAP Id 4) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Freeing AAACB from Dot1xCB as AAA auth is done for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Entering Backend Auth Success state (id=4) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Received Auth Success while in Authenticating state for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticated state *radiusTransportThread: Jul 26 17:52:11.930: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:52:11.930: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:52:11.930: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) (Cisco Controller) >show clidn ent ? ap Displays information for all clients on a Cisco AP. calls Displays call information. ccx Display Cisco Client Extension(CCX) diagnostic options. detail Displays detailed information for a client by mac address. location-calibration Displays clients configured for location calibration probing Displays probing clients only roam-history Displays roam history information for a client by mac address. state Displays policy manager state information for client. summary Displays active clients. tclas Displays TCLAS associated with a client and User Priority tsm Displays traffic stream metrics for this client username Displays detailed information for a client by name. voice-diag Voice Diagnostics show commands wifiDirect-stats Displays Wifi Direct client stats wlan Displays Clients in a given WLAN (Cisco Controller) >show client detail ? <MAC addr> Enter a MAC address. (Cisco Controller) >show client detail *radiusTransportThread: Jul 26 17:53:17.678: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:53:17.678: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) Incorrect input! Use 'show client detail <MAC addr>' (Cisco Controller) >show client detail f0:d5:bf:fe:02:68 Client MAC Address............................... f0:d5:bf:fe:02:68 Client Username ................................. host/COMPUTERNAME.******************.mst AP MAC Address................................... 88:1d:fc:8d:24:10 AP Name.......................................... LL-LL-AP1505 AP radio slot Id................................. 1 Client State..................................... Associated Client User Group................................ host/COMPUTERNAME.******************.mst Client NAC OOB State............................. Access Wireless LAN Id.................................. 3 Wireless LAN Network Name (SSID)................. La******************Internal Wireless LAN Profile Name........................ La******************Internal Hotspot (802.11u)................................ Not Supported BSSID............................................ 88:1d:fc:8d:24:1e Connected For ................................... 108 secs Channel.......................................... 36 IP Address....................................... Unknown Gateway Address.................................. Unknown Netmask.......................................... Unknown Association Id................................... 9 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Client CCX version............................... 4 --More-- or (q)uit Client E2E version............................... 1 Re-Authentication Timeout........................ 86318 QoS Level........................................ Silver Avg data Rate.................................... 0 Burst data Rate.................................. 0 Avg Real time data Rate.......................... 0 Burst Real Time data Rate........................ 0 Avg Uplink data Rate............................. 0 Burst Uplink data Rate........................... 0 Avg Uplink Real time data Rate................... 0 Burst Uplink Real Time data Rate................. 0 802.1P Priority Tag.............................. disabled CTS Security Group Tag........................... Not Applicable KTS CAC Capability............................... No Qos Map Capability............................... Yes WMM Support...................................... Enabled APSD ACs....................................... BK BE VI VO Current Rate..................................... m8 ss2 Supported Rates.................................. 6.0,12.0,18.0,24.0,36.0,48.0, ............................................. 54.0 Mobility State................................... None Mobility Move Count.............................. 0 Security Policy Completed........................ No --More-- or (q)uit Policy Manager State............................. 8021X_REQD Audit Session ID................................. 01810e0a00003b65f4ed595b AAA Role Type.................................... none Local Policy Applied............................. none IPv4 ACL Name.................................... none AAA FlexConnect ACL Applied Status............... Unavailable IPv4 ACL Applied Status.......................... Unavailable IPv6 ACL Name.................................... none IPv6 ACL Applied Status.......................... Unavailable Layer2 ACL Name.................................. none Layer2 ACL Applied Status........................ Unavailable URL ACL Name..................................... none URL ACL Applied Status........................... Unavailable Client Type...................................... SimpleIP mDNS Status...................................... Disabled mDNS Profile Name................................ none No. of mDNS Services Advertised.................. 0 Policy Type...................................... WPA2 Authentication Key Management.................... 802.1x Encryption Cipher................................ CCMP-128 (AES) Protected Management Frame ...................... No Management Frame Protection...................... No EAP Type......................................... EAP-TLS --More-- or (q)uit FlexConnect Data Switching....................... Local FlexConnect Dhcp Status.......................... Local FlexConnect Vlan Based Central Switching......... No FlexConnect Authentication....................... Central FlexConnect Central Association.................. No FlexConnect VLAN NAME............................ management Quarantine VLAN.................................. 0 Access VLAN...................................... 12 Local Bridging VLAN.............................. 129 Client Capabilities: CF Pollable................................ Not implemented CF Poll Request............................ Not implemented Short Preamble............................. Not implemented PBCC....................................... Not implemented Channel Agility............................ Not implemented Listen Interval............................ 225 Fast BSS Transition........................ Not implemented 11v BSS Transition......................... Implemented Client Wifi Direct Capabilities: WFD capable................................ No Manged WFD capable......................... No Cross Connection Capable................... No Support Concurrent Operation............... No --More-- or (q)uit Fast BSS Transition Details: Client Statistics: Number of Bytes Received................... 2511 Number of Bytes Sent....................... 848 Total Number of Bytes Sent................. 848 Total Number of Bytes Recv................. 2511 Number of Bytes Sent (last 90s)............ 848 Number of Bytes Recv (last 90s)............ 2511 Number of Packets Received................. 31 Number of Packets Sent..................... 22 Number of Interim-Update Sent.............. 0 Number of EAP Id Request Msg Timeouts...... 0 Number of EAP Id Request Msg Failures...... 0 Number of EAP Request Msg Timeouts......... 0 Number of EAP Request Msg Failures......... 0 Number of EAP Key Msg Timeouts............. 0 Number of EAP Key Msg Failures............. 0 Number of Data Retries..................... 21 Number of RTS Retries...................... 0 Number of Duplicate Received Packets....... 0 Number of Decrypt Failed Packets........... 0 Number of Mic Failured Packets............. 0 Number of Mic Missing Packets.............. 0 --More-- or (q)uit Number of RA Packets Dropped............... 0 Number of Policy Errors.................... 0 Radio Signal Strength Indicator............ -46 dBm Signal to Noise Ratio...................... 52 dB Client Rate Limiting Statistics: Number of Data Packets Received............ 0 Number of Data Rx Packets Dropped.......... 0 Number of Data Bytes Received.............. 0 Number of Data Rx Bytes Dropped............ 0 Number of Realtime Packets Received........ 0 Number of Realtime Rx Packets Dropped...... 0 Number of Realtime Bytes Received.......... 0 Number of Realtime Rx Bytes Dropped........ 0 Number of Data Packets Sent................ 0 Number of Data Tx Packets Dropped.......... 0 Number of Data Bytes Sent.................. 0 Number of Data Tx Bytes Dropped............ 0 Number of Realtime Packets Sent............ 0 Number of Realtime Tx Packets Dropped...... 0 Number of Realtime Bytes Sent.............. 0 Number of Realtime Tx Bytes Dropped........ 0 Nearby AP Statistics: LL-LL-AP1505(slot 0) --More-- or (q)uit antenna0: 41 secs ago.................... -50 dBm antenna1: 41 secs ago.................... -50 dBm LL-LL-AP1505(slot 1) antenna0: 41 secs ago.................... -53 dBm antenna1: 41 secs ago.................... -49 dBm DNS Server details: DNS server IP ............................. 0.0.0.0 DNS server IP ............................. 0.0.0.0 Assisted Roaming Prediction List details: Client Dhcp Required: False Allowed (URL)IP Addresses ------------------------- AVC Profile Name: ............................... none Fastlane Client: ................................ No (Cisco Controller) >debug disable-all (Cisco Controller) >lou gout The system has unsaved changes. Would you like to save them now? (y/N) n When i run it through the Wireless debug analyzer tool i have the following output: ul 26 17:51:40.299 *apfMsConnTask_0 Client made new Association to AP/BSSID BSSID 88:1d:fc:8d:24:1d AP LL-LL-AP1505 Jul 26 17:51:40.299 *apfMsConnTask_0 The WLC/AP has found from client association request Information Element that claims PMKID Caching support Jul 26 17:51:40.299 *apfMsConnTask_0 The Reassociation Request from the client comes with 0 PMKID Jul 26 17:51:40.299 *apfMsConnTask_0 Client is entering the 802.1x or PSK Authentication state Jul 26 17:51:40.299 *apfMsConnTask_0 WLC/AP is sending an Association Response to the client with status code 0 = Successful association Jul 26 17:51:40.305 *Dot1x_NW_MsgTask_0 WLC/AP is sending EAP-Identity-Request to the client Jul 26 17:51:40.347 *Dot1x_NW_MsgTask_0 WLC/AP is sending EAP-Identity-Request to the client Jul 26 17:51:40.356 *Dot1x_NW_MsgTask_0 Client sent EAP-Identity-Response to WLC/AP Jul 26 17:51:40.357 *aaaQueueReader Radius request with ID 59 sent to 10.0.139.1. Jul 26 17:51:40.366 *radiusTransportThread Radius challenge with ID 59 received from 10.0.139.1. Jul 26 17:51:40.372 *aaaQueueReader Radius request with ID 60 sent to 10.0.139.1. Jul 26 17:51:40.377 *radiusTransportThread Radius challenge with ID 60 received from 10.0.139.1. Jul 26 17:51:40.385 *aaaQueueReader Radius request with ID 61 sent to 10.0.139.1. Jul 26 17:51:40.390 *radiusTransportThread Access-Accept with ID 61 received from 10.0.139.1. Jul 26 17:51:40.390 *Dot1x_NW_MsgTask_0 RADIUS Server permitted access Jul 26 17:51:40.390 *Dot1x_NW_MsgTask_0 Client will be required to Reauthenticate in 0 seconds

Frederik De Muyter · ‎02-07-2017

Hi , I have 2 5K's in L2 mode only using eVPC and 2 Fex extenders per 5K connected redundant. To be able to capture trafic from a server connected to these fexes i would like to setup an ERSPAN session. By default the 5k has a management vrf with contains a default route. I can ping the from this VRF to my capture station userd as ERSPAN destination. I cannot use the managment vrf for ERSPAN session not allowed. Since my default VRF doesn't have any routes the ERSPAN session indicates no route to destination. It is operating in L2 mode only so how do i create a default route inside the default vrf? Or use an additional vrf. I tried creating a new SVI and adding a static route but the route doesn't show up in default vrf routing table. The following featers have been enabled: dhcp 1 enabled fex 1 enabled interface-vlan 1 enabled lacp 1 enabled lldp 1 enabled sshServer 1 enabled tacacs 1 enabled udld 1 enabled vpc 1 enabled interfaces: Interface VRF-Name VRF-ID Site-of-Origin Vlan1 default 1 -- mgmt0 management 2 -- The VPC uplink port towards upstream switch has been configured as trunk. interface Port-channel3 description swi Nexus Server vPC100 switchport switchport trunk allowed vlan 62,166,170-172,220,221,314,325,900,901,906,907 switchport trunk allowed vlan add 912-914,920,923,933 switchport mode trunk end I tried creating an SVI for vlan 220 assing an available ip to it and add static route in seperate vrf but it doesn't show the route and i am still unable to ping from the newly created vrf. Any help on approaching this would be nice.

Frederik De Muyter · ‎07-29-2016

Hi, Consider the following example: The ISP router is configured to send all incomming traffic towards firewall. When i use the proxy i have an outgoing ip in the same subnet as the firewall. How does the router handle this return traffic? I assume it will check it already established sessions or arp table and send back towards .9 for proxy traffic?

Frederik De Muyter · ‎05-30-2011

Hi Mohan, Due to being bussy i was unable to reply to the message. I cannot find the condition you are talking about. Under Access Policies i can find a filter option and there i can select service_type equals Network_Access. But if i create that one he will disable my default device admin since i choose single result selection. I have include a file with screenshots. Kind regards, Frederik De Muyter.

Frederik De Muyter · ‎05-25-2011

Hi Mohan, Thank you for the repsonse. Do i have to change the single result selection to Default network access?? This means my tacacs devices will nog longer work?

Frederik De Muyter · ‎05-25-2011

Hi, I am trying to authenticate on Juniper NSM express using cisco ACS 5.2. The request is arriving at the cisco ACS but i am getting the following error. RADIUS requests can only be processed by Access Services that are of type Network Access. The ACS is configured with service selection rule Default Device admin (single result selection). Can somebody point me into a good direction on how to solve this. I suspect the ACS needs to be switched to Rule based selection result for the Network Access type to work. Kind regards, Frederik De Muyter.

Frederik De Muyter · 12-07-2018 02:19 AM

Hi, Considering the bellow scenario where i have a multilayer connecting to 2 different MPLS provide...

Frederik De Muyter · 11-22-2018 08:18 AM

Hi, I have a question about BYOD device portal. I i want to use it for internal users to register th...

Frederik De Muyter · 07-26-2018 02:22 PM

Hi,There are connections on the wlc that work. About 30 APS on the stand-by that serve clients.Frede...

Frederik De Muyter · 07-26-2018 11:25 AM

We have 2 controllers in a mobility group no SSO configured. When i failover an accesspoint to the "...

Frederik De Muyter · 02-22-2017 01:49 AM

Hi,We are having a look at migrating our current ACS environment towards ISE. Before we do this i wa...

Frederik De Muyter · 02-07-2017 11:12 AM

Hi , I have 2 5K's in L2 mode only using eVPC and 2 Fex extenders per 5K connected redundant. To be ...

Frederik De Muyter · 07-29-2016 12:05 AM

Hi, Consider the following example: The ISP router is configured to send all incomming traffic towar...

Frederik De Muyter · 05-30-2011 01:55 AM

Hi Mohan,Due to being bussy i was unable to reply to the message. I cannot find the condition you ar...

Frederik De Muyter · 05-25-2011 07:38 AM

Hi Mohan,Thank you for the repsonse. Do i have to change the single result selection to Default netw...

Frederik De Muyter · 05-25-2011 07:19 AM

Hi,I am trying to authenticate on Juniper NSM express using cisco ACS 5.2. The request is arriving a...

Date Registered	‎05-25-2011 07:05 AM
Date Last Visited	‎12-12-2018 08:33 PM
Total Messages Posted	10

General question firewall placement

Re: Flex connect 7510 controller mobili...

Flex connect 7510 controller mobility g...

Nexus 5K L2 mode only ERSPAN session

Caching Proxy and Firewall on same WAN ...

Re: ACS 5.2 authentication radius junip...

Re: ACS 5.2 authentication radius junip...

ACS 5.2 authentication radius juniper N...

General question firewall placement

BYOD portal license requirements / base license

Re: Flex connect 7510 controller mobility group client issue

Flex connect 7510 controller mobility group client issue

ACS to ISE migration

Nexus 5K L2 mode only ERSPAN session

Caching Proxy and Firewall on same WAN subnet, how it works.

Re: ACS 5.2 authentication radius juniper NSM

Re: ACS 5.2 authentication radius juniper NSM

ACS 5.2 authentication radius juniper NSM