We have 2 controllers in a mobility group no SSO configured. When i failover an accesspoint to the "standby" controller the client remains active. But when i disconnect and try to reconnect the client to the SSID i am unable to do so.
From the debug client / aaa debug it seems like the client is never getting into a L2AUTHCOMPLETE (4) state. No key exchange. Copy paste of debug output and show client details below:
(Cisco Controller) >*Dot1x_NW_MsgTask_0: Jul 26 17:47:59.150: f0:d5:bf:fe:02:68 PMK: Sending cache delete *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:49:08.037: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *aaaQueueReader: Jul 26 17:49:12.632: RADIUS Auth server sync stats timer event *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS auth server 10.0.139.1 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS auth server 10.0.139.2 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS auth server 10.0.139.100 *aaaQueueReader: Jul 26 17:49:12.632: RADIUS Acct server sync stats timer event *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS acct server 10.0.139.1 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS acct server 10.0.139.2 *aaaQueueReader: Jul 26 17:49:12.632: Sync statistics for RADIUS acct server 10.0.139.100 *aaaQueueReader: Jul 26 17:49:47.684: User admin authenticated *emWeb: Jul 26 17:49:47.684: Authentication succeeded for admin on 10.19.127.30 *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Created Acct-Session-ID (5b59eddc/f0:d5:bf:fe:02:68/19100) for the mobile *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Adding mobile on LWAPP AP 88:1d:fc:8d:24:10(1) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfMsAssoStateInc *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfMsOpenStateInc *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfHreapFaultTolClientUpdate (apf_80211.c:16799) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Idle to Associated
*apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Stopping deletion of Mobile Station: (callerId: 81) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 override for default ap group, marking intgrp NULL *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0 *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying site-specific Local Bridging override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying Local Bridging Interface Policy for station f0:d5:bf:fe:02:68 - vlan 129, interface id 0, interface 'management' *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 override from ap group, removing intf group from mscb *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying site-specific override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client
*apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2955) *apfReceiveTask: Jul 26 17:50:52.567: f0:d5:bf:fe:02:68 Setting the NAS Id to AP group specific Id 'LL-LL-WLC01112' *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 In setApfVapLocalSwitchFlag:16116 setting Central switched to FLASE *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Set Clinet MSCB as Central Association Disabled *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Change state to DHCP_REQD (7) last state START (0)
*apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 apfMsRunStateInc *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 10.19.12.16 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
*apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Sending Accounting request (0) for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PemLocationConfigured [0]Adding VSA with NAS update and Role[1] with state[0] *aaaQueueReader: Jul 26 17:50:52.568: AccountingMessage Accounting Start: 0x7f548807a218
*aaaQueueReader: Jul 26 17:50:52.568: Packet contains 13 AVPs:
*aaaQueueReader: Jul 26 17:50:52.568: AVP[01] User-Name................................f0-d5-bf-fe-02-68 (17 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[02] Nas-Port.................................0x00000008 (8) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[03] Nas-Ip-Address...........................0x0a0e8101 (168722689) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[04] Framed-IP-Address........................0x0a130c10 (169020432) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[06] Airespace / WLAN-Identifier..............0x00000003 (3) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[07] Acct-Session-Id..........................5b59eddc/f0:d5:bf:fe:02:68/19100 (32 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[09] Acct-Authentic...........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[10] Acct-Event-Time..........................0x5b59eddc (1532620252) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[11] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[12] Calling-Station-Id.......................10.19.12.16 (11 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: AVP[13] Called-Station-Id........................10.14.129.1 (11 bytes)
*aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1813 index 0 active 1 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1813 index 1 active 1 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Send Radius Acct Request with pktId:240 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1813 *aaaQueueReader: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Successful transmission of Accounting-Start (pktId 240) to 10.0.139.1:1813 from server queue 8, proxy state f0:d5:bf:fe:02:68-00:00 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 1 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:47 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *aaaQueueReader: Jul 26 17:50:52.568: 00000000: 04 f0 00 a9 b0 29 78 a9 64 09 fc 49 38 4d 6a ca .....)x.d..I8Mj. *aaaQueueReader: Jul 26 17:50:52.568: 00000010: 12 60 18 31 01 13 66 30 2d 64 35 2d 62 66 2d 66 .`.1..f0-d5-bf-f *aaaQueueReader: Jul 26 17:50:52.568: 00000030: 0e 81 01 08 06 0a 13 0c 10 20 10 4c 4c 2d 4c 4c ...........LL-LL *aaaQueueReader: Jul 26 17:50:52.568: 00000040: 2d 57 4c 43 30 31 31 31 32 1a 0c 00 00 37 63 01 -WLC01112....7c. *aaaQueueReader: Jul 26 17:50:52.568: 00000050: 06 00 00 00 03 2c 22 35 62 35 39 65 64 64 63 2f .....,"5b59eddc/ *aaaQueueReader: Jul 26 17:50:52.568: 00000060: 66 30 3a 64 35 3a 62 66 3a 66 65 3a 30 32 3a 36 f0:d5:bf:fe:02:6 *aaaQueueReader: Jul 26 17:50:52.568: 00000070: 38 2f 31 39 31 30 30 3d 06 00 00 00 13 2d 06 00 8/19100=.....-.. *aaaQueueReader: Jul 26 17:50:52.568: 00000080: 00 00 03 37 06 5b 59 ed dc 28 06 00 00 00 01 1f ...7.[Y..(...... *aaaQueueReader: Jul 26 17:50:52.568: 00000090: 0d 31 30 2e 31 39 2e 31 32 2e 31 36 1e 0d 31 30 .10.19.12.16..10 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 0 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Adding BSSID 88:1d:fc:8d:24:1e to PMKID cache at index 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: New PMKID: (16)
*Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: [0000] 2d c4 f2 49 ce 14 1e 20 7a e4 dc a2 6f b8 70 40
*Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PMK: Sending cache delete *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Zeroize AAA Overrides from local for station *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 Adding Audit session ID payload in Mobility handoff
*Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 1 PMK-update groupcast messages sent *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PMK sent to mobility group *Dot1x_NW_MsgTask_0: Jul 26 17:50:52.568: f0:d5:bf:fe:02:68 PMK: Sending cache add *radiusTransportThread: Jul 26 17:50:52.572: f0:d5:bf:fe:02:68 Counted 0 AVPs (processed 20 bytes, left 0) *radiusTransportThread: Jul 26 17:50:52.572: f0:d5:bf:fe:02:68 Accounting-Response received from RADIUS server 10.0.139.1 (qid:8) with port:1813, pktId:240 for mobile f0:d5:bf:fe:02:68 receiveId = 0 *spamApTask5: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 Cleaning up state for STA f0:d5:bf:fe:02:68 due to event for AP 88:1d:fc:8d:24:10(1) *apfReceiveTask: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 apfSendDisAssocMsgDebug (apf_80211.c:3708) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Disassociated
*apfReceiveTask: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 Sent Disassociate to mobile on AP 88:1d:fc:8d:24:10-1 on BSSID 88:1d:fc:8d:24:1e(reason 1, caller apf_ms.c:7641) *apfReceiveTask: Jul 26 17:50:52.606: f0:d5:bf:fe:02:68 Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds *radiusTransportThread: Jul 26 17:51:00.532: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:00.532: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:00.532: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *osapiBsnTimer: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 apfMsExpireCallback (apf_ms.c:638) Expiring Mobile! *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Client already in disassociated state, not sending disassociation *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Sent Deauthenticate to mobile on BSSID 88:1d:fc:8d:24:1e slot 1(caller apf_ms.c:7759) *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Removing BSSID 88:1d:fc:8d:24:1e from PMKID cache of station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Setting active key cache index 0 ---> 8 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Deleting the PMK cache when de-authenticating the client. *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 PMK: Sending cache delete *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Removing PMK cache entry for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Sending Accounting request (2) for station f0:d5:bf:fe:02:68 *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 PemLocationConfigured [0]Adding VSA with NAS update and Role[1] with state[0] *apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 apfMsAssoStateDec *aaaQueueReader: Jul 26 17:51:02.585: AccountingMessage Accounting Stop: 0x7f55cad2abc8
*aaaQueueReader: Jul 26 17:51:02.585: Packet contains 22 AVPs:
*apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 apfMsExpireMobileStation (apf_ms.c:7800) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Disassociated to Idle
*aaaQueueReader: Jul 26 17:51:02.585: AVP[01] User-Name................................f0-d5-bf-fe-02-68 (17 bytes)
*apfReceiveTask: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Scheduling deletion of Mobile Station: (callerId: 47) in 10 seconds *aaaQueueReader: Jul 26 17:51:02.585: AVP[02] Nas-Port.................................0x00000008 (8) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[03] Nas-Ip-Address...........................0x0a0e8101 (168722689) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[04] Framed-IP-Address........................0x0a130c10 (169020432) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[05] NAS-Identifier...........................LL-LL-WLC01112 (14 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[06] Airespace / WLAN-Identifier..............0x00000003 (3) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[07] Acct-Session-Id..........................5b59eddc/f0:d5:bf:fe:02:68/19100 (32 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[08] Nas-Port-Type............................0x00000013 (19) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[09] Acct-Authentic...........................0x00000003 (3) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[10] Acct-Event-Time..........................0x5b59ede6 (1532620262) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[11] Acct-Status-Type.........................0x00000002 (2) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[12] Acct-Input-Octets........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[13] Acct-Input-GigaWords.....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[14] Acct-Output-Octets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[15] Acct-Output-GigaWords....................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[16] Acct-Input-Packets.......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[17] Acct-Output-Packets......................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[18] Acct-Terminate-Cause.....................0x00000001 (1) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[19] Acct-Session-Time........................0x0000000a (10) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[20] Acct-Delay-Time..........................0x00000000 (0) (4 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[21] Calling-Station-Id.......................10.19.12.16 (11 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: AVP[22] Called-Station-Id........................10.14.129.1 (11 bytes)
*aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1813 index 1 active 1 *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Send Radius Acct Request with pktId:242 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1813 *aaaQueueReader: Jul 26 17:51:02.585: f0:d5:bf:fe:02:68 Successful transmission of Accounting-Stop (pktId 242) to 10.0.139.1:1813 from server queue 8, proxy state f0:d5:bf:fe:02:68-00:00 *aaaQueueReader: Jul 26 17:51:02.585: 00000000: 04 f2 00 df 46 01 ee e9 4a e9 ca 38 5e 95 a3 d1 ....F...J..8^... *aaaQueueReader: Jul 26 17:51:02.585: 00000010: 63 29 0a ae 01 13 66 30 2d 64 35 2d 62 66 2d 66 c)....f0-d5-bf-f *aaaQueueReader: Jul 26 17:51:02.585: 00000020: 65 2d 30 32 2d 36 38 05 06 00 00 00 08 04 06 0a e-02-68......... *aaaQueueReader: Jul 26 17:51:02.585: 00000030: 0e 81 01 08 06 0a 13 0c 10 20 10 4c 4c 2d 4c 4c ...........LL-LL *aaaQueueReader: Jul 26 17:51:02.585: 00000040: 2d 57 4c 43 30 31 31 31 32 1a 0c 00 00 37 63 01 -WLC01112....7c. *aaaQueueReader: Jul 26 17:51:02.585: 00000050: 06 00 00 00 03 2c 22 35 62 35 39 65 64 64 63 2f .....,"5b59eddc/ *aaaQueueReader: Jul 26 17:51:02.585: 00000060: 66 30 3a 64 35 3a 62 66 3a 66 65 3a 30 32 3a 36 f0:d5:bf:fe:02:6 *aaaQueueReader: Jul 26 17:51:02.585: 00000070: 38 2f 31 39 31 30 30 3d 06 00 00 00 13 2d 06 00 8/19100=.....-.. *aaaQueueReader: Jul 26 17:51:02.585: 00000080: 00 00 03 37 06 5b 59 ed e6 28 06 00 00 00 02 2a ...7.[Y..(.....* *aaaQueueReader: Jul 26 17:51:02.585: 00000090: 06 00 00 00 00 34 06 00 00 00 00 2b 06 00 00 00 .....4.....+.... *aaaQueueReader: Jul 26 17:51:02.585: 000000a0: 00 35 06 00 00 00 00 2f 06 00 00 00 00 30 06 00 .5...../.....0.. *aaaQueueReader: Jul 26 17:51:02.585: 000000b0: 00 00 00 31 06 00 00 00 01 2e 06 00 00 00 0a 29 ...1...........) *aaaQueueReader: Jul 26 17:51:02.585: 000000c0: 06 00 00 00 00 1f 0d 31 30 2e 31 39 2e 31 32 2e .......10.19.12. *aaaQueueReader: Jul 26 17:51:02.585: 000000d0: 31 36 1e 0d 31 30 2e 31 34 2e 31 32 39 2e 31 16..10.14.129.1 *radiusTransportThread: Jul 26 17:51:02.590: f0:d5:bf:fe:02:68 Counted 0 AVPs (processed 20 bytes, left 0) *radiusTransportThread: Jul 26 17:51:02.590: f0:d5:bf:fe:02:68 Accounting-Response received from RADIUS server 10.0.139.1 (qid:8) with port:1813, pktId:242 for mobile f0:d5:bf:fe:02:68 receiveId = 0 *radiusTransportThread: Jul 26 17:51:06.165: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:06.165: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:06.165: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *osapiBsnTimer: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 apfMsExpireCallback (apf_ms.c:638) Expiring Mobile! *apfReceiveTask: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0. *apfReceiveTask: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 10.19.12.16 START (0) Deleted mobile LWAPP rule on AP [88:1d:fc:8d:24:10] *apfReceiveTask: Jul 26 17:51:12.693: f0:d5:bf:fe:02:68 Deleting mobile on AP 88:1d:fc:8d:24:10(1)
*apfOpenDtlSocket: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Recevied management frame ASSOCIATION REQUEST on BSSID 88:1d:fc:8d:24:10 destination addr 88:1d:fc:8d:24:1e *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Processing assoc-req station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 ssid : La******************Internal thread:1c6a9380 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Created Acct-Session-ID (5b59edf4/f0:d5:bf:fe:02:68/19106) for the mobile *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Adding mobile on LWAPP AP 88:1d:fc:8d:24:10(1) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Association received from mobile on BSSID 88:1d:fc:8d:24:1d AP LL-LL-AP1505 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Station: F0:D5:BF:FE:02:68 11v BSS Transition not enabled on the AP 88:1D:FC:8D:24:10 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Global 200 Clients are allowed to AP radio
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Max Client Trap Threshold: 0 cur: 3
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 override for default ap group, marking intgrp NULL *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2955) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 In processSsidIE:6568 setting Central switched to FALSE *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Set Clinet MSCB as Central Association Disabled *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying site-specific Local Bridging override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying Local Bridging Interface Policy for station f0:d5:bf:fe:02:68 - vlan 129, interface id 0, interface 'management' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 override from ap group, removing intf group from mscb *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying site-specific override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Setting the NAS Id to AP group specific Id 'LL-LL-WLC01112' *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Set Clinet Non AP specific WLAN apfMsAccessVlan = 12 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 This apfMsAccessVlan may be changed later from AAA after L2 Auth *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Cleared localSwitchingVlan, may be assigned later based on AAA override *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 processSsidIE statusCode is 0 and status is 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 processSsidIE ssid_done_flag is 0 finish_flag is 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 suppRates statusCode is 0 and gotSuppRatesElement is 1 *apfMsConnTask_0: Jul 26 17:51:16.495: RSNIE in Assoc. Req.: (22)
*apfMsConnTask_0: Jul 26 17:51:16.495: [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f
*apfMsConnTask_0: Jul 26 17:51:16.495: [0016] ac 01 3c 00 00 00
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Processing RSN IE type 48, length 22 for mobile f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Selected Unicast cipher CCMP128 for client device *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Received 802.11i 802.1X key management suite, enabling dot1x Authentication *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 RSN Capabilities: 60 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Marking Mobile as non-11w Capable *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 8 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Updating AID for REAP AP Client 88:1d:fc:8d:24:10 - AID ===> 9 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 START (0) Initializing policy *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfVapSecurity=0x4000 L2=16384 SkipWeb=0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 AuthenticationRequired = 1 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Encryption policy is set to 0x80000001 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) DHCP required on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2for this client *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Not Using WMM Compliance code qosCap 00 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Vlan while overriding the policy = -1 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 sending to spamAddMobile vlanId -1 flex aclName = , flexAclId 65535
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2 flex-acl-name: *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfMsAssoStateInc *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfPemAddUser2 (apf_policy.c:416) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Idle to Associated
*apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Sending assoc-resp with status 0 station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 on apVapId 2 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 VHT Operation IE: width 20/0 ch 36 freq0 0 freq1 0 msc0 0x3f msc1 0x3f *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Sending Assoc Response (status: '0') to station on AP LL-LL-AP1505 on BSSID 88:1d:fc:8d:24:1e ApVapId 2 Slot 1, mobility role 0 *apfMsConnTask_0: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 apfProcessAssocReq (apf_80211.c:10975) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Associated
*spamApTask5: Jul 26 17:51:16.495: f0:d5:bf:fe:02:68 Successful transmission of LWAPP Add-Mobile to AP 88:1d:fc:8d:24:10 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 1 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:47 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Stopping reauth timeout for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Received EAPOL START, dot1x state = 2 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.566: f0:d5:bf:fe:02:68 Ignore EAPOL START as infra EAP is pending, mobile is in 2 state
*spamApTask5: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Received ADD_MOBILE ack - Initiating 1x to STA f0:d5:bf:fe:02:68 (idx 87) *spamApTask5: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Sent dot1x auth initiate message for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 reauth_sm state transition 1 ---> 0 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Connecting state *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.718: f0:d5:bf:fe:02:68 Sending EAP-Request/Identity to mobile f0:d5:bf:fe:02:68 (EAP Id 1) *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Received Identity Response (count=1) from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Resetting reauth count 1 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 EAP State update from Connecting to Authenticating for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticating state *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Created Cisco-Audit-Session-ID for the mobile: 01810e0a00003b65f4ed595b *aaaQueueReader: Jul 26 17:51:16.924: AuthenticationRequest: 0x7f55cae04c60
*aaaQueueReader: Jul 26 17:51:16.924: Callback.....................................0x754ca0
*aaaQueueReader: Jul 26 17:51:16.924: proxyState...................................F0:D5:BF:FE:02:68-01:00
*aaaQueueReader: Jul 26 17:51:16.924: Packet contains 19 AVPs (not shown)
*aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:56 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:16.924: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 56) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-01:00 *aaaQueueReader: Jul 26 17:51:16.924: 00000000: 01 38 01 47 fd bc 19 71 1e 9f 0f 4a 7c 5a 35 99 .8.G...q...J|Z5. *aaaQueueReader: Jul 26 17:51:16.924: 00000010: 3f d3 7e 92 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d ?.~...host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:16.924: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:16.924: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:16.924: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:16.924: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:16.924: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:16.924: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:16.924: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:16.924: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:16.924: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:16.924: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:16.924: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:16.924: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:16.924: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:16.924: 00000110: 32 39 4f 23 02 01 00 21 01 68 6f 73 74 2f 4c 4c 29O#...!.host/LL *aaaQueueReader: Jul 26 17:51:16.924: 00000120: 42 47 2d 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e BG-03649.lorrain *aaaQueueReader: Jul 26 17:51:16.924: 00000130: 65 2e 6d 73 74 50 12 fb 4d d4 e2 3a 99 aa ea da e.mstP..M..:.... *aaaQueueReader: Jul 26 17:51:16.924: 00000140: b2 0c bd 91 0a 00 2a ......* *radiusTransportThread: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 90 bytes, left 0) *radiusTransportThread: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Access-Challenge received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:56 for mobile f0:d5:bf:fe:02:68 receiveId = 1 *radiusTransportThread: Jul 26 17:51:16.970: AuthorizationResponse: 0xacf1ea0
*radiusTransportThread: Jul 26 17:51:16.970: structureSize................................262
*radiusTransportThread: Jul 26 17:51:16.970: resultCode...................................255
*radiusTransportThread: Jul 26 17:51:16.970: protocolUsed.................................0x00000001
*radiusTransportThread: Jul 26 17:51:16.970: proxyState...................................F0:D5:BF:FE:02:68-01:00
*radiusTransportThread: Jul 26 17:51:16.970: Packet contains 4 AVPs (not shown)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:16.970: f0:d5:bf:fe:02:68 Allocating EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.127: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.127: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 2, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.127: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:17.128: AuthenticationRequest: 0x7f55cad3e2d0
*aaaQueueReader: Jul 26 17:51:17.128: Callback.....................................0x754ca0
*aaaQueueReader: Jul 26 17:51:17.128: protocolType.................................0x00140001
*aaaQueueReader: Jul 26 17:51:17.128: proxyState...................................F0:D5:BF:FE:02:68-01:01
*aaaQueueReader: Jul 26 17:51:17.128: Packet contains 20 AVPs (not shown)
*aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:57 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:17.128: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 57) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-01:01 *aaaQueueReader: Jul 26 17:51:17.128: 00000000: 01 39 02 12 9a ba da fa 47 ea 65 5d 1e 40 92 77 .9......G.e].@.w *aaaQueueReader: Jul 26 17:51:17.128: 00000010: 82 77 cf 47 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d .w.G..host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:17.128: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:17.128: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:17.128: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:17.128: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:17.128: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:17.128: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:17.128: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:17.128: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:17.128: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:17.128: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:17.128: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:17.128: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:17.128: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:17.128: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:17.128: 00000110: 32 39 4f c8 02 02 00 c6 0d 80 00 00 00 bc 16 03 29O............. *aaaQueueReader: Jul 26 17:51:17.128: 00000120: 03 00 b7 01 00 00 b3 03 03 5b 59 ed f5 d8 d9 00 .........[Y..... *aaaQueueReader: Jul 26 17:51:17.128: 00000130: 1f 15 b8 a1 05 e0 72 8c 9a f2 29 96 76 fe 02 29 ......r...).v..) *aaaQueueReader: Jul 26 17:51:17.128: 00000140: 92 23 d4 71 dd f8 d3 35 99 20 c1 35 00 00 65 d8 .#.q...5...5..e. *aaaQueueReader: Jul 26 17:51:17.128: 00000150: 10 70 30 c6 07 f5 ca c7 6c 06 95 4a 8b da c4 e6 .p0.....l..J.... *aaaQueueReader: Jul 26 17:51:17.128: 00000160: 2a 17 83 47 82 a7 87 8c fe 06 00 2a c0 2c c0 2b *..G.......*.,.+ *aaaQueueReader: Jul 26 17:51:17.128: 00000180: c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c .............=.< *aaaQueueReader: Jul 26 17:51:17.128: 00000190: 00 35 00 2f 00 0a 01 00 00 40 00 05 00 05 01 00 .5./.....@...... *aaaQueueReader: Jul 26 17:51:17.128: 000001a0: 00 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 ................ *aaaQueueReader: Jul 26 17:51:17.128: 000001b0: 0b 00 02 01 00 00 0d 00 14 00 12 04 01 05 01 02 ................ *aaaQueueReader: Jul 26 17:51:17.128: 000001c0: 01 04 03 05 03 02 03 02 02 06 01 06 03 00 23 00 ..............#. *aaaQueueReader: Jul 26 17:51:17.128: 000001e0: 00 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 ...7............ *aaaQueueReader: Jul 26 17:51:17.128: 000001f0: 00 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 9f ............./T. *aaaQueueReader: Jul 26 17:51:17.128: 00000200: 50 12 c5 0d 53 11 12 89 6e dc 80 c9 ab 15 4e 1b P...S...n.....N. *aaaQueueReader: Jul 26 17:51:17.128: 00000210: d6 52 .R *radiusTransportThread: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 243 bytes, left 0) *radiusTransportThread: Jul 26 17:51:17.173: structureSize................................415
*radiusTransportThread: Jul 26 17:51:17.173: resultCode...................................255
*radiusTransportThread: Jul 26 17:51:17.173: protocolUsed.................................0x00000001
*radiusTransportThread: Jul 26 17:51:17.173: proxyState...................................F0:D5:BF:FE:02:68-01:01
*radiusTransportThread: Jul 26 17:51:17.173: Packet contains 4 AVPs (not shown)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Entering Backend Auth Req state (id=3) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 3) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.173: f0:d5:bf:fe:02:68 Reusing allocated memory for EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 3, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Resetting reauth count 0 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:17.349: Callback.....................................0x754ca0
*aaaQueueReader: Jul 26 17:51:17.349: protocolType.................................0x00140001
*aaaQueueReader: Jul 26 17:51:17.349: proxyState...................................F0:D5:BF:FE:02:68-01:02
*aaaQueueReader: Jul 26 17:51:17.349: Packet contains 20 AVPs (not shown)
*aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:58 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:17.349: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 58) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-01:02 *aaaQueueReader: Jul 26 17:51:17.349: 00000000: 01 3a 01 91 d8 fd 9e aa 95 c7 f1 1e f3 33 09 f1 .:...........3.. *aaaQueueReader: Jul 26 17:51:17.349: 00000010: 84 40 41 fc 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d .@A...host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:17.349: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:17.349: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:17.349: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:17.349: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:17.349: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:17.349: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:17.349: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:17.349: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:17.349: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:17.349: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:17.349: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:17.349: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:17.349: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:17.349: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:17.349: 00000110: 32 39 4f 47 02 03 00 45 0d 80 00 00 00 3b 14 03 29OG...E.....;.. *aaaQueueReader: Jul 26 17:51:17.349: 00000120: 01 00 01 01 16 03 01 00 30 f0 59 58 f1 73 14 1d ........0.YX.s.. *aaaQueueReader: Jul 26 17:51:17.349: 00000130: fa 43 86 d7 38 e4 78 3b 17 40 d4 c5 45 71 64 48 .C..8.x;.@..EqdH *aaaQueueReader: Jul 26 17:51:17.349: 00000140: 62 5c f5 b6 96 ae 23 bd a7 e2 51 44 e4 3e c6 27 b\....#...QD.>.' *aaaQueueReader: Jul 26 17:51:17.349: 00000160: 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 00 ..7............. *aaaQueueReader: Jul 26 17:51:17.349: 00000170: 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 9f 50 ............/T.P *aaaQueueReader: Jul 26 17:51:17.349: 00000180: 12 4f 2f 7d 2c dd 0c f1 5d 3d 21 93 d4 26 62 f0 .O/},...]=!..&b. *aaaQueueReader: Jul 26 17:51:17.349: 00000190: ad . *radiusTransportThread: Jul 26 17:51:17.400: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 16 atrlen 52) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 17 atrlen 52) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Counted 6 AVPs (processed 212 bytes, left 0) *radiusTransportThread: Jul 26 17:51:17.400: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 16, vendorLen: 52
*radiusTransportThread: Jul 26 17:51:17.400: 00000000: d6 2e 7b 25 17 2d 0a 03 0c 46 bf 7d 49 02 c2 ee ..{%.-...F.}I... *radiusTransportThread: Jul 26 17:51:17.400: 00000010: cd 71 cb 75 79 8e b5 f5 92 ed 95 80 14 b1 2d e7 .q.uy.........-. *radiusTransportThread: Jul 26 17:51:17.400: 00000020: f0 cd 9b 53 f8 06 cb 78 5b 7c 5f 6e 74 84 9b 0e ...S...x[|_nt... *radiusTransportThread: Jul 26 17:51:17.400: 00000030: f3 3e .> *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Radius AVP MPPE send key decrypted key: keylen: 32
*radiusTransportThread: Jul 26 17:51:17.400: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 17, vendorLen: 52
*radiusTransportThread: Jul 26 17:51:17.400: 00000000: d6 2f 31 11 cf f7 47 7b ce 5b 43 3f 26 56 7f f2 ./1...G{.[C?&V.. *radiusTransportThread: Jul 26 17:51:17.400: 00000020: 71 05 77 2b 49 6c 87 bc 06 e6 e4 51 fa d8 e3 b6 q.w+Il.....Q.... *radiusTransportThread: Jul 26 17:51:17.400: 00000030: 53 0b S. *radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Radius AVP MPPE recv key: keylen: 32
*radiusTransportThread: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Processed VSA 311, type 17, raw bytes 52, copied 32 bytes *radiusTransportThread: Jul 26 17:51:17.400: AuthorizationResponse: 0xacf1ea0
*radiusTransportThread: Jul 26 17:51:17.400: structureSize................................380
*radiusTransportThread: Jul 26 17:51:17.400: resultCode...................................0
*radiusTransportThread: Jul 26 17:51:17.400: protocolUsed.................................0x00000001
*radiusTransportThread: Jul 26 17:51:17.400: proxyState...................................F0:D5:BF:FE:02:68-01:02
*radiusTransportThread: Jul 26 17:51:17.400: Packet contains 6 AVPs:
*radiusTransportThread: Jul 26 17:51:17.400: AVP[02] EAP-Message..............................0x03030004 (50528260) (4 bytes)
*radiusTransportThread: Jul 26 17:51:17.400: AVP[03] Class....................................DATA (44 bytes)
*radiusTransportThread: Jul 26 17:51:17.400: AVP[05] Microsoft / MPPE-Recv-Key................DATA (32 bytes)
*radiusTransportThread: Jul 26 17:51:17.400: AVP[06] Message-Authenticator....................DATA (16 bytes)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Processing Access-Accept for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Received MPPE_SEND_KEY: KeyLen: 32
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Applying new AAA override for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Override values for station f0:d5:bf:fe:02:68 source: 4, valid bits: 0x0 qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1 vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Unable to apply override policy for station f0:d5:bf:fe:02:68 - VapAllowRadiusOverride is FALSE. *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Setting re-auth timeout to 0 seconds, got from WLAN config. *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Stopping reauth timeout for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Username entry (host/COMPUTERNAME.******************.mst) created for mobile, length = 253 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Username entry (host/COMPUTERNAME.******************.mst) created in mscb for mobile, length = 253 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Creating a PKC PMKID Cache entry for station f0:d5:bf:fe:02:68 (RSN 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 8 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Adding BSSID 88:1d:fc:8d:24:1e to PMKID cache at index 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: New PMKID: (16)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: [0000] 25 eb 78 65 c5 8a 8d 82 29 47 d9 7a b4 23 1f 24
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 apfCreatePmkCacheEntry: added a new pmk cache entry for f0:d5:bf:fe:02:68
*Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Zeroize AAA Overrides from local for station *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 1 PMK-update groupcast messages sent *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 PMK sent to mobility group *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Disabling re-auth since PMK lifetime can take care of same. *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Sending EAP-Success to mobile f0:d5:bf:fe:02:68 (EAP Id 3) *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Freeing AAACB from Dot1xCB as AAA auth is done for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Entering Backend Auth Success state (id=3) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 Received Auth Success while in Authenticating state for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:17.400: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticated state *apfOpenDtlSocket: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Recevied management frame ASSOCIATION REQUEST on BSSID 88:1d:fc:8d:24:10 destination addr 88:1d:fc:8d:24:1e *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Processing assoc-req station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 ssid : La******************Internal thread:1c6a9380 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Station: F0:D5:BF:FE:02:68 11v BSS Transition not enabled on the AP 88:1D:FC:8D:24:10 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Association received from mobile on BSSID 88:1d:fc:8d:24:1d AP LL-LL-AP1505 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Station: F0:D5:BF:FE:02:68 11v BSS Transition not enabled on the AP 88:1D:FC:8D:24:10 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Global 200 Clients are allowed to AP radio
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Max Client Trap Threshold: 0 cur: 4
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 override for default ap group, marking intgrp NULL *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 In processSsidIE:6568 setting Central switched to FALSE *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Set Clinet MSCB as Central Association Disabled *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Applying site-specific Local Bridging override for station f0:d5:bf:fe:02:68 - vapId 3, site 'APGRP_LOR', interface 'management' *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Applying Local Bridging Interface Policy for station f0:d5:bf:fe:02:68 - vlan 129, interface id 0, interface 'management' *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 override from ap group, removing intf group from mscb *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 12
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Not re-applying interface policy for local switching Client
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2914) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2934) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2955) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Setting the NAS Id to AP group specific Id 'LL-LL-WLC01112' *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Set Clinet Non AP specific WLAN apfMsAccessVlan = 12 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 This apfMsAccessVlan may be changed later from AAA after L2 Auth *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Cleared localSwitchingVlan, may be assigned later based on AAA override *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 processSsidIE statusCode is 0 and status is 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 processSsidIE ssid_done_flag is 0 finish_flag is 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 STA - rates (7): 12 152 36 48 72 96 108 0 0 0 0 0 0 0 0 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 suppRates statusCode is 0 and gotSuppRatesElement is 1 *apfMsConnTask_0: Jul 26 17:51:40.299: RSNIE in Assoc. Req.: (22)
*apfMsConnTask_0: Jul 26 17:51:40.299: [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f
*apfMsConnTask_0: Jul 26 17:51:40.299: [0016] ac 01 3c 00 00 00
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Processing RSN IE type 48, length 22 for mobile f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Selected Unicast cipher CCMP128 for client device *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Received 802.11i 802.1X key management suite, enabling dot1x Authentication *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 RSN Capabilities: 60 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Marking Mobile as non-11w Capable *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Received RSN IE with 0 PMKIDs from mobile f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Found an cache entry for BSSID 88:1d:fc:8d:24:1e in PMKID cache at index 0 of station f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Removing BSSID 88:1d:fc:8d:24:1e from PMKID cache of station f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Setting active key cache index 0 ---> 8 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 AID 9 in Assoc Req from flex AP 88:1d:fc:8d:24:10 is same as in mscb f0:d5:bf:fe:02:68 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Initializing policy *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfVapSecurity=0x4000 L2=16384 SkipWeb=0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 AuthenticationRequired = 1 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Encryption policy is set to 0x80000001 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) DHCP required on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2for this client *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Not Using WMM Compliance code qosCap 00 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Vlan while overriding the policy = -1 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 sending to spamAddMobile vlanId -1 flex aclName = , flexAclId 65535
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 88:1d:fc:8d:24:10 vapId 3 apVapId 2 flex-acl-name: *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfPemAddUser2 (apf_policy.c:416) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Associated
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfPemAddUser2:session timeout forstation f0:d5:bf:fe:02:68 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Sending assoc-resp with status 0 station:f0:d5:bf:fe:02:68 AP:88:1d:fc:8d:24:10-01 on apVapId 2 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 VHT Operation IE: width 20/0 ch 36 freq0 0 freq1 0 msc0 0x3f msc1 0x3f *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Sending Assoc Response (status: '0') to station on AP LL-LL-AP1505 on BSSID 88:1d:fc:8d:24:1e ApVapId 2 Slot 1, mobility role 0 *apfMsConnTask_0: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 apfProcessAssocReq (apf_80211.c:10975) Changing state for mobile f0:d5:bf:fe:02:68 on AP 88:1d:fc:8d:24:10 from Associated to Associated
*spamApTask5: Jul 26 17:51:40.299: f0:d5:bf:fe:02:68 Successful transmission of LWAPP Add-Mobile to AP 88:1d:fc:8d:24:10 *spamApTask5: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Received ADD_MOBILE ack - Initiating 1x to STA f0:d5:bf:fe:02:68 (idx 88) *spamApTask5: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Sent dot1x auth initiate message for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 0 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:53 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 EAP-PARAM Debug - eap-params for Wlan-Id :3 is enabled - applying Wlan specific eap timers and retries *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Disable re-auth, use PMK lifetime. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Connecting state *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.305: f0:d5:bf:fe:02:68 Sending EAP-Request/Identity to mobile f0:d5:bf:fe:02:68 (EAP Id 1) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Received EAPOL START, dot1x state = 2 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Reset the reauth counter since EAPOL START has been received!!! *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 reauth_sm state transition 0 ---> 1 for mobile f0:d5:bf:fe:02:68 at 1x_reauth_sm.c:47 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Received EAPOL START from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Connecting state *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.347: f0:d5:bf:fe:02:68 Sending EAP-Request/Identity to mobile f0:d5:bf:fe:02:68 (EAP Id 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.351: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.351: f0:d5:bf:fe:02:68 Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Received Identity Response (count=1) from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Resetting reauth count 1 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 EAP State update from Connecting to Authenticating for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticating state *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:40.356: AuthenticationRequest: 0x7f55cacf0f18
*aaaQueueReader: Jul 26 17:51:40.356: Callback.....................................0x754ca0
*aaaQueueReader: Jul 26 17:51:40.356: protocolType.................................0x00140001
*aaaQueueReader: Jul 26 17:51:40.356: proxyState...................................F0:D5:BF:FE:02:68-03:00
*aaaQueueReader: Jul 26 17:51:40.356: Packet contains 19 AVPs (not shown)
*aaaQueueReader: Jul 26 17:51:40.356: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:59 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:40.357: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 59) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-03:00 *aaaQueueReader: Jul 26 17:51:40.357: 00000000: 01 3b 01 47 44 a1 6d d6 e0 84 03 36 22 d5 83 29 .;.GD.m....6"..) *aaaQueueReader: Jul 26 17:51:40.357: 00000010: 0e 9e f2 4f 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d ...O..host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:40.357: 00000020: 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e 65 2e 6d 03649.******************.m *aaaQueueReader: Jul 26 17:51:40.357: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:40.357: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:40.357: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:40.357: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:40.357: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:40.357: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:40.357: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:40.357: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:40.357: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:40.357: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:40.357: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:40.357: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:40.357: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:40.357: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:40.357: 00000110: 32 39 4f 23 02 02 00 21 01 68 6f 73 74 2f 4c 4c 29O#...!.host/LL *aaaQueueReader: Jul 26 17:51:40.357: 00000120: 42 47 2d 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e BG-03649.lorrain *aaaQueueReader: Jul 26 17:51:40.357: 00000130: 65 2e 6d 73 74 50 12 be 90 ea 37 14 ea 04 7e 54 e.mstP....7...~T *aaaQueueReader: Jul 26 17:51:40.357: 00000140: 42 ff 6c 9d 41 66 d8 B.l.Af. *radiusTransportThread: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 90 bytes, left 0) *radiusTransportThread: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Access-Challenge received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:59 for mobile f0:d5:bf:fe:02:68 receiveId = 3 *radiusTransportThread: Jul 26 17:51:40.366: AuthorizationResponse: 0xacf1ea0
*radiusTransportThread: Jul 26 17:51:40.366: structureSize................................262
*radiusTransportThread: Jul 26 17:51:40.366: resultCode...................................255
*radiusTransportThread: Jul 26 17:51:40.366: protocolUsed.................................0x00000001
*radiusTransportThread: Jul 26 17:51:40.366: proxyState...................................F0:D5:BF:FE:02:68-03:00
*radiusTransportThread: Jul 26 17:51:40.366: Packet contains 4 AVPs (not shown)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Entering Backend Auth Req state (id=3) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 3) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.366: f0:d5:bf:fe:02:68 Reusing allocated memory for EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 3, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Resetting reauth count 0 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:40.372: AuthenticationRequest: 0x7f55cacf0f18
*aaaQueueReader: Jul 26 17:51:40.372: Callback.....................................0x754ca0
*aaaQueueReader: Jul 26 17:51:40.372: protocolType.................................0x00140001
*aaaQueueReader: Jul 26 17:51:40.372: proxyState...................................F0:D5:BF:FE:02:68-03:01
*aaaQueueReader: Jul 26 17:51:40.372: Packet contains 20 AVPs (not shown)
*aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:60 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:40.372: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 60) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-03:01 *aaaQueueReader: Jul 26 17:51:40.372: 00000000: 01 3c 02 12 8d 48 5e 9c d8 18 3f 4c 92 d8 be 56 .<...H^...?L...V *aaaQueueReader: Jul 26 17:51:40.372: 00000010: 22 4c f1 8a 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d "L....host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:40.372: 00000020: 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e 65 2e 6d 03649.******************.m *aaaQueueReader: Jul 26 17:51:40.372: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:40.372: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:40.372: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:40.372: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:40.372: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:40.372: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:40.372: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:40.372: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:40.372: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:40.372: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:40.372: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:40.372: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:40.372: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:40.372: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:40.372: 00000110: 32 39 4f c8 02 03 00 c6 0d 80 00 00 00 bc 16 03 29O............. *aaaQueueReader: Jul 26 17:51:40.372: 00000120: 03 00 b7 01 00 00 b3 03 03 5b 59 ee 0c 41 d3 69 .........[Y..A.i *aaaQueueReader: Jul 26 17:51:40.372: 00000130: ee c9 e7 85 a4 83 93 d6 3f 2a 0a f7 ab 9e 83 0f ........?*...... *aaaQueueReader: Jul 26 17:51:40.372: 00000140: c8 7d cb 04 22 e2 5a 92 03 20 c1 35 00 00 65 d8 .}..".Z....5..e. *aaaQueueReader: Jul 26 17:51:40.372: 00000150: 10 70 30 c6 07 f5 ca c7 6c 06 95 4a 8b da c4 e6 .p0.....l..J.... *aaaQueueReader: Jul 26 17:51:40.372: 00000160: 2a 17 83 47 82 a7 87 8c fe 06 00 2a c0 2c c0 2b *..G.......*.,.+ *aaaQueueReader: Jul 26 17:51:40.372: 00000170: c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 .0./.....$.#.(.' *aaaQueueReader: Jul 26 17:51:40.372: 00000180: c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c .............=.< *aaaQueueReader: Jul 26 17:51:40.372: 00000190: 00 35 00 2f 00 0a 01 00 00 40 00 05 00 05 01 00 .5./.....@...... *aaaQueueReader: Jul 26 17:51:40.372: 000001a0: 00 00 00 00 0a 00 08 00 06 00 1d 00 17 00 18 00 ................ *aaaQueueReader: Jul 26 17:51:40.372: 000001b0: 0b 00 02 01 00 00 0d 00 14 00 12 04 01 05 01 02 ................ *aaaQueueReader: Jul 26 17:51:40.372: 000001c0: 01 04 03 05 03 02 03 02 02 06 01 06 03 00 23 00 ..............#. *aaaQueueReader: Jul 26 17:51:40.372: 000001d0: 00 00 17 00 00 ff 01 00 01 00 18 26 18 40 02 9f ...........&.@.. *aaaQueueReader: Jul 26 17:51:40.372: 000001e0: 00 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 ...7............ *aaaQueueReader: Jul 26 17:51:40.372: 000001f0: 00 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 a0 ............./T. *aaaQueueReader: Jul 26 17:51:40.372: 00000200: 50 12 bc 39 20 5c 5a 10 76 7e ce fa 65 79 f7 2e P..9.\Z.v~..ey.. *aaaQueueReader: Jul 26 17:51:40.372: 00000210: a3 33 .3 *radiusTransportThread: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Counted 4 AVPs (processed 243 bytes, left 0) *radiusTransportThread: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Access-Challenge received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:60 for mobile f0:d5:bf:fe:02:68 receiveId = 3 *radiusTransportThread: Jul 26 17:51:40.377: AuthorizationResponse: 0xacf1ea0
*radiusTransportThread: Jul 26 17:51:40.377: structureSize................................415
*radiusTransportThread: Jul 26 17:51:40.377: resultCode...................................255
*radiusTransportThread: Jul 26 17:51:40.377: protocolUsed.................................0x00000001
*radiusTransportThread: Jul 26 17:51:40.377: proxyState...................................F0:D5:BF:FE:02:68-03:01
*radiusTransportThread: Jul 26 17:51:40.377: Packet contains 4 AVPs (not shown)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Processing Access-Challenge for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Entering Backend Auth Req state (id=4) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Sending EAP Request from AAA to mobile f0:d5:bf:fe:02:68 (EAP Id 4) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.377: f0:d5:bf:fe:02:68 Reusing allocated memory for EAP Pkt for retransmission to mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Received EAPOL EAPPKT from mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Received EAP Response from mobile f0:d5:bf:fe:02:68 (EAP Id 4, EAP Type 13) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Resetting reauth count 0 to 0 for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Entering Backend Auth Response state for mobile f0:d5:bf:fe:02:68 *aaaQueueReader: Jul 26 17:51:40.385: AuthenticationRequest: 0x7f55cacf0f18
*aaaQueueReader: Jul 26 17:51:40.385: Callback.....................................0x754ca0
*aaaQueueReader: Jul 26 17:51:40.385: protocolType.................................0x00140001
*aaaQueueReader: Jul 26 17:51:40.385: proxyState...................................F0:D5:BF:FE:02:68-03:02
*aaaQueueReader: Jul 26 17:51:40.385: Packet contains 20 AVPs (not shown)
*aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 10.0.139.1 port 1812 index 0 active 1 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 radiusServerFallbackPassiveStateUpdate: RADIUS server is maybe-ready 10.0.139.2 port 1812 index 1 active 1 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 NAI-Realm not enabled on Wlan, radius servers will be selected as usual *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Send Radius Auth Request with pktId:61 into qid:8 of server at index:0 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Sending the packet to v4 host 10.0.139.1:1812 *aaaQueueReader: Jul 26 17:51:40.385: f0:d5:bf:fe:02:68 Successful transmission of Authentication Packet (pktId 61) to 10.0.139.1:1812 from server queue 8, proxy state f0:d5:bf:fe:02:68-03:02 *aaaQueueReader: Jul 26 17:51:40.385: 00000000: 01 3d 01 91 a2 e0 5f 07 06 1f d4 38 0b d6 9e 32 .=...._....8...2 *aaaQueueReader: Jul 26 17:51:40.385: 00000010: 52 93 65 87 01 1e 68 6f 73 74 2f 4c 4c 42 47 2d R.e...host/COMPANYNAME *aaaQueueReader: Jul 26 17:51:40.385: 00000020: 30 33 36 34 39 2e 6c 6f 72 72 61 69 6e 65 2e 6d 03649.******************.m *aaaQueueReader: Jul 26 17:51:40.385: 00000030: 73 74 59 03 01 83 06 00 00 00 01 1f 13 66 30 2d stY..........f0- *aaaQueueReader: Jul 26 17:51:40.385: 00000040: 64 35 2d 62 66 2d 66 65 2d 30 32 2d 36 38 1e 26 d5-bf-fe-02-68.& *aaaQueueReader: Jul 26 17:51:40.385: 00000050: 38 38 2d 31 64 2d 66 63 2d 38 64 2d 32 34 2d 31 88-1d-fc-8d-24-1 *aaaQueueReader: Jul 26 17:51:40.385: 00000060: 30 3a 4c 61 4c 6f 72 72 61 69 6e 65 49 6e 74 65 0:La******************Inte *aaaQueueReader: Jul 26 17:51:40.385: 00000070: 72 6e 61 6c 05 06 00 00 00 08 1a 31 00 00 00 09 rnal.......1.... *aaaQueueReader: Jul 26 17:51:40.385: 00000080: 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d .+audit-session- *aaaQueueReader: Jul 26 17:51:40.385: 00000090: 69 64 3d 30 31 38 31 30 65 30 61 30 30 30 30 33 id=01810e0a00003 *aaaQueueReader: Jul 26 17:51:40.385: 000000a0: 62 36 35 66 34 65 64 35 39 35 62 2c 22 35 62 35 b65f4ed595b,"5b5 *aaaQueueReader: Jul 26 17:51:40.385: 000000b0: 39 65 64 66 34 2f 66 30 3a 64 35 3a 62 66 3a 66 9edf4/f0:d5:bf:f *aaaQueueReader: Jul 26 17:51:40.385: 000000c0: 65 3a 30 32 3a 36 38 2f 31 39 31 30 36 04 06 0a e:02:68/19106... *aaaQueueReader: Jul 26 17:51:40.385: 000000d0: 0e 81 01 20 10 4c 4c 2d 4c 4c 2d 57 4c 43 30 31 .....LL-LL-WLC01 *aaaQueueReader: Jul 26 17:51:40.385: 000000e0: 31 31 32 1a 0c 00 00 37 63 01 06 00 00 00 03 06 112....7c....... *aaaQueueReader: Jul 26 17:51:40.385: 000000f0: 06 00 00 00 02 0c 06 00 00 05 14 3d 06 00 00 00 ...........=.... *aaaQueueReader: Jul 26 17:51:40.385: 00000100: 13 40 06 00 00 00 0d 41 06 00 00 00 06 51 05 31 .@.....A.....Q.1 *aaaQueueReader: Jul 26 17:51:40.385: 00000110: 32 39 4f 47 02 04 00 45 0d 80 00 00 00 3b 14 03 29OG...E.....;.. *aaaQueueReader: Jul 26 17:51:40.385: 00000120: 01 00 01 01 16 03 01 00 30 02 63 57 ed 41 a3 29 ........0.cW.A.) *aaaQueueReader: Jul 26 17:51:40.385: 00000130: c5 c3 50 3e f9 5e 49 38 bc 90 49 2c 1e 40 85 73 ..P>.^I8..I,.@.s *aaaQueueReader: Jul 26 17:51:40.385: 00000140: c6 d0 84 68 eb 01 46 36 e1 29 8d 6e 3d a9 0e 77 ...h..F6.).n=..w *aaaQueueReader: Jul 26 17:51:40.385: 00000150: 04 57 e4 24 b5 bd f9 17 30 18 26 18 40 02 9f 00 .W.$....0.&.@... *aaaQueueReader: Jul 26 17:51:40.385: 00000160: 00 01 37 00 01 02 00 0a 00 8b 01 00 00 00 00 00 ..7............. *aaaQueueReader: Jul 26 17:51:40.385: 00000170: 00 00 00 00 00 00 00 00 00 00 04 a6 2f 54 a0 50 ............/T.P *aaaQueueReader: Jul 26 17:51:40.385: 00000180: 12 ee 64 6f ea 39 8e ae 26 02 df 5d 13 a9 6c 94 ..do.9..&..]..l. *aaaQueueReader: Jul 26 17:51:40.385: 00000190: 5e ^ *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 16 atrlen 52) *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 *** Counted VSA 922812416 AVP of length 58, code 17 atrlen 52) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Counted 6 AVPs (processed 212 bytes, left 0) *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 16, vendorLen: 52
*radiusTransportThread: Jul 26 17:51:40.390: 00000000: d6 30 a3 41 85 75 dd 82 a2 6b ab 21 20 24 f5 b8 .0.A.u...k.!.$.. *radiusTransportThread: Jul 26 17:51:40.390: 00000010: 28 c5 90 af 11 88 d1 d7 43 ce 1d 45 3c ce 0f b5 (.......C..E<... *radiusTransportThread: Jul 26 17:51:40.390: 00000020: 96 a4 e3 12 0d 40 ff fa 8c 99 0f 23 2d 0f dc 8b .....@.....#-... *radiusTransportThread: Jul 26 17:51:40.390: 00000030: 0e 7f .. *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Radius AVP MPPE send key decrypted key: keylen: 32
*radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Processed VSA 311, type 16, raw bytes 52, copied 32 bytes *radiusTransportThread: Jul 26 17:51:40.390: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 AVP: VendorId: 311, vendorType: 17, vendorLen: 52
*radiusTransportThread: Jul 26 17:51:40.390: 00000000: d6 31 a2 19 ee ea 4f e1 68 ea 94 5d 6f 33 20 57 .1....O.h..]o3.W *radiusTransportThread: Jul 26 17:51:40.390: 00000010: b6 94 c0 d1 97 47 6b f3 34 e9 37 50 ca 1c 61 95 .....Gk.4.7P..a. *radiusTransportThread: Jul 26 17:51:40.390: 00000020: d8 6d a8 9d da 50 53 3f a1 57 c5 a6 f0 80 a0 62 .m...PS?.W.....b *radiusTransportThread: Jul 26 17:51:40.390: 00000030: 87 08 .. *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Radius AVP MPPE recv key: keylen: 32
*radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Processed VSA 311, type 17, raw bytes 52, copied 32 bytes *radiusTransportThread: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Access-Accept received from RADIUS server 10.0.139.1 (qid:8) with port:1812, pktId:61 for mobile f0:d5:bf:fe:02:68 receiveId = 3 *radiusTransportThread: Jul 26 17:51:40.390: AuthorizationResponse: 0xacf1ea0
*radiusTransportThread: Jul 26 17:51:40.390: structureSize................................380
*radiusTransportThread: Jul 26 17:51:40.390: resultCode...................................0
*radiusTransportThread: Jul 26 17:51:40.390: protocolUsed.................................0x00000001
*radiusTransportThread: Jul 26 17:51:40.390: proxyState...................................F0:D5:BF:FE:02:68-03:02
*radiusTransportThread: Jul 26 17:51:40.390: Packet contains 6 AVPs:
*radiusTransportThread: Jul 26 17:51:40.390: AVP[01] Service-Type.............................0x00000002 (2) (4 bytes)
*radiusTransportThread: Jul 26 17:51:40.390: AVP[02] EAP-Message..............................0x03040004 (50593796) (4 bytes)
*radiusTransportThread: Jul 26 17:51:40.390: AVP[03] Class....................................DATA (44 bytes)
*radiusTransportThread: Jul 26 17:51:40.390: AVP[04] Microsoft / MPPE-Send-Key................DATA (32 bytes)
*radiusTransportThread: Jul 26 17:51:40.390: AVP[05] Microsoft / MPPE-Recv-Key................DATA (32 bytes)
*radiusTransportThread: Jul 26 17:51:40.390: AVP[06] Message-Authenticator....................DATA (16 bytes)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Processing Access-Accept for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Received MPPE_SEND_KEY: KeyLen: 32
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Received MPPE_RECV_KEY: KeyLen: 32
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Applying new AAA override for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Override values for station f0:d5:bf:fe:02:68 source: 4, valid bits: 0x0 qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1 vlanIfName: '', vlanId:0, aclName: ', ipv6AclName: , avcProfileName: '
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Unable to apply override policy for station f0:d5:bf:fe:02:68 - VapAllowRadiusOverride is FALSE. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Setting re-auth timeout to 0 seconds, got from WLAN config. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Station f0:d5:bf:fe:02:68 setting dot1x reauth timeout = 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Stopping reauth timeout for f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Creating a PKC PMKID Cache entry for station f0:d5:bf:fe:02:68 (RSN 2) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Resetting MSCB PMK Cache Entry 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 8 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Setting active key cache index 8 ---> 0 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 Adding BSSID 88:1d:fc:8d:24:1e to PMKID cache at index 0 for station f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: New PMKID: (16)
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: [0000] 47 da 24 2b 1a 42 7d 63 78 a4 36 c6 00 b7 4b d2
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 PMK: Sending cache delete *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.390: f0:d5:bf:fe:02:68 unsetting PmkIdValidatedByAp *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Zeroize AAA Overrides from local for station *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Adding Audit session ID payload in Mobility handoff
*Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 1 PMK-update groupcast messages sent *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 PMK sent to mobility group *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Disabling re-auth since PMK lifetime can take care of same. *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Sending EAP-Success to mobile f0:d5:bf:fe:02:68 (EAP Id 4) *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Freeing AAACB from Dot1xCB as AAA auth is done for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Entering Backend Auth Success state (id=4) for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 Received Auth Success while in Authenticating state for mobile f0:d5:bf:fe:02:68 *Dot1x_NW_MsgTask_0: Jul 26 17:51:40.391: f0:d5:bf:fe:02:68 dot1x - moving mobile f0:d5:bf:fe:02:68 into Authenticated state *radiusTransportThread: Jul 26 17:52:11.930: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:52:11.930: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:52:11.930: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311)
(Cisco Controller) >show clidn ent ? ap Displays information for all clients on a Cisco AP. calls Displays call information. ccx Display Cisco Client Extension(CCX) diagnostic options. detail Displays detailed information for a client by mac address. location-calibration Displays clients configured for location calibration probing Displays probing clients only roam-history Displays roam history information for a client by mac address. state Displays policy manager state information for client. summary Displays active clients. tclas Displays TCLAS associated with a client and User Priority tsm Displays traffic stream metrics for this client username Displays detailed information for a client by name. voice-diag Voice Diagnostics show commands wifiDirect-stats Displays Wifi Direct client stats wlan Displays Clients in a given WLAN (Cisco Controller) >show client detail ? <MAC addr> Enter a MAC address. (Cisco Controller) >show client detail *radiusTransportThread: Jul 26 17:53:17.678: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311) *radiusTransportThread: Jul 26 17:53:17.678: Vendor Specif Radius Attribute(code=26, avp_len=58, vId=311)
Incorrect input! Use 'show client detail <MAC addr>'
(Cisco Controller) >show client detail f0:d5:bf:fe:02:68 Client MAC Address............................... f0:d5:bf:fe:02:68 Client Username ................................. host/COMPUTERNAME.******************.mst AP MAC Address................................... 88:1d:fc:8d:24:10 AP Name.......................................... LL-LL-AP1505 AP radio slot Id................................. 1 Client State..................................... Associated Client User Group................................ host/COMPUTERNAME.******************.mst Client NAC OOB State............................. Access Wireless LAN Id.................................. 3 Wireless LAN Network Name (SSID)................. La******************Internal Wireless LAN Profile Name........................ La******************Internal Hotspot (802.11u)................................ Not Supported BSSID............................................ 88:1d:fc:8d:24:1e Connected For ................................... 108 secs Channel.......................................... 36 IP Address....................................... Unknown Gateway Address.................................. Unknown Netmask.......................................... Unknown Association Id................................... 9 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Client CCX version............................... 4
--More-- or (q)uit Client E2E version............................... 1 Re-Authentication Timeout........................ 86318 QoS Level........................................ Silver Avg data Rate.................................... 0 Burst data Rate.................................. 0 Avg Real time data Rate.......................... 0 Burst Real Time data Rate........................ 0 Avg Uplink data Rate............................. 0 Burst Uplink data Rate........................... 0 Avg Uplink Real time data Rate................... 0 Burst Uplink Real Time data Rate................. 0 802.1P Priority Tag.............................. disabled CTS Security Group Tag........................... Not Applicable KTS CAC Capability............................... No Qos Map Capability............................... Yes WMM Support...................................... Enabled APSD ACs....................................... BK BE VI VO Current Rate..................................... m8 ss2 Supported Rates.................................. 6.0,12.0,18.0,24.0,36.0,48.0, ............................................. 54.0 Mobility State................................... None Mobility Move Count.............................. 0 Security Policy Completed........................ No
--More-- or (q)uit Policy Manager State............................. 8021X_REQD Audit Session ID................................. 01810e0a00003b65f4ed595b AAA Role Type.................................... none Local Policy Applied............................. none IPv4 ACL Name.................................... none AAA FlexConnect ACL Applied Status............... Unavailable IPv4 ACL Applied Status.......................... Unavailable IPv6 ACL Name.................................... none IPv6 ACL Applied Status.......................... Unavailable Layer2 ACL Name.................................. none Layer2 ACL Applied Status........................ Unavailable URL ACL Name..................................... none URL ACL Applied Status........................... Unavailable Client Type...................................... SimpleIP mDNS Status...................................... Disabled mDNS Profile Name................................ none No. of mDNS Services Advertised.................. 0 Policy Type...................................... WPA2 Authentication Key Management.................... 802.1x Encryption Cipher................................ CCMP-128 (AES) Protected Management Frame ...................... No Management Frame Protection...................... No EAP Type......................................... EAP-TLS
--More-- or (q)uit FlexConnect Data Switching....................... Local FlexConnect Dhcp Status.......................... Local FlexConnect Vlan Based Central Switching......... No FlexConnect Authentication....................... Central FlexConnect Central Association.................. No FlexConnect VLAN NAME............................ management Quarantine VLAN.................................. 0 Access VLAN...................................... 12 Local Bridging VLAN.............................. 129 Client Capabilities: CF Pollable................................ Not implemented CF Poll Request............................ Not implemented Short Preamble............................. Not implemented PBCC....................................... Not implemented Channel Agility............................ Not implemented Listen Interval............................ 225 Fast BSS Transition........................ Not implemented 11v BSS Transition......................... Implemented Client Wifi Direct Capabilities: WFD capable................................ No Manged WFD capable......................... No Cross Connection Capable................... No Support Concurrent Operation............... No
--More-- or (q)uit Fast BSS Transition Details: Client Statistics: Number of Bytes Received................... 2511 Number of Bytes Sent....................... 848 Total Number of Bytes Sent................. 848 Total Number of Bytes Recv................. 2511 Number of Bytes Sent (last 90s)............ 848 Number of Bytes Recv (last 90s)............ 2511 Number of Packets Received................. 31 Number of Packets Sent..................... 22 Number of Interim-Update Sent.............. 0 Number of EAP Id Request Msg Timeouts...... 0 Number of EAP Id Request Msg Failures...... 0 Number of EAP Request Msg Timeouts......... 0 Number of EAP Request Msg Failures......... 0 Number of EAP Key Msg Timeouts............. 0 Number of EAP Key Msg Failures............. 0 Number of Data Retries..................... 21 Number of RTS Retries...................... 0 Number of Duplicate Received Packets....... 0 Number of Decrypt Failed Packets........... 0 Number of Mic Failured Packets............. 0 Number of Mic Missing Packets.............. 0
--More-- or (q)uit Number of RA Packets Dropped............... 0 Number of Policy Errors.................... 0 Radio Signal Strength Indicator............ -46 dBm Signal to Noise Ratio...................... 52 dB Client Rate Limiting Statistics: Number of Data Packets Received............ 0 Number of Data Rx Packets Dropped.......... 0 Number of Data Bytes Received.............. 0 Number of Data Rx Bytes Dropped............ 0 Number of Realtime Packets Received........ 0 Number of Realtime Rx Packets Dropped...... 0 Number of Realtime Bytes Received.......... 0 Number of Realtime Rx Bytes Dropped........ 0 Number of Data Packets Sent................ 0 Number of Data Tx Packets Dropped.......... 0 Number of Data Bytes Sent.................. 0 Number of Data Tx Bytes Dropped............ 0 Number of Realtime Packets Sent............ 0 Number of Realtime Tx Packets Dropped...... 0 Number of Realtime Bytes Sent.............. 0 Number of Realtime Tx Bytes Dropped........ 0 Nearby AP Statistics: LL-LL-AP1505(slot 0)
--More-- or (q)uit antenna0: 41 secs ago.................... -50 dBm antenna1: 41 secs ago.................... -50 dBm LL-LL-AP1505(slot 1) antenna0: 41 secs ago.................... -53 dBm antenna1: 41 secs ago.................... -49 dBm DNS Server details: DNS server IP ............................. 0.0.0.0 DNS server IP ............................. 0.0.0.0 Assisted Roaming Prediction List details:
Client Dhcp Required: False Allowed (URL)IP Addresses -------------------------
AVC Profile Name: ............................... none Fastlane Client: ................................ No
(Cisco Controller) >debug disable-all
(Cisco Controller) >lou gout The system has unsaved changes. Would you like to save them now? (y/N) n
When i run it through the Wireless debug analyzer tool i have the following output:
ul 26 17:51:40.299
*apfMsConnTask_0
Client made new Association to AP/BSSID BSSID 88:1d:fc:8d:24:1d AP LL-LL-AP1505
Jul 26 17:51:40.299
*apfMsConnTask_0
The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jul 26 17:51:40.299
*apfMsConnTask_0
The Reassociation Request from the client comes with 0 PMKID
Jul 26 17:51:40.299
*apfMsConnTask_0
Client is entering the 802.1x or PSK Authentication state
Jul 26 17:51:40.299
*apfMsConnTask_0
WLC/AP is sending an Association Response to the client with status code 0 = Successful association
Jul 26 17:51:40.305
*Dot1x_NW_MsgTask_0
WLC/AP is sending EAP-Identity-Request to the client
Jul 26 17:51:40.347
*Dot1x_NW_MsgTask_0
WLC/AP is sending EAP-Identity-Request to the client
Jul 26 17:51:40.356
*Dot1x_NW_MsgTask_0
Client sent EAP-Identity-Response to WLC/AP
Jul 26 17:51:40.357
*aaaQueueReader
Radius request with ID 59 sent to 10.0.139.1.
Jul 26 17:51:40.366
*radiusTransportThread
Radius challenge with ID 59 received from 10.0.139.1.
Jul 26 17:51:40.372
*aaaQueueReader
Radius request with ID 60 sent to 10.0.139.1.
Jul 26 17:51:40.377
*radiusTransportThread
Radius challenge with ID 60 received from 10.0.139.1.
Jul 26 17:51:40.385
*aaaQueueReader
Radius request with ID 61 sent to 10.0.139.1.
Jul 26 17:51:40.390
*radiusTransportThread
Access-Accept with ID 61 received from 10.0.139.1.
Jul 26 17:51:40.390
*Dot1x_NW_MsgTask_0
RADIUS Server permitted access
Jul 26 17:51:40.390
*Dot1x_NW_MsgTask_0
Client will be required to Reauthenticate in 0 seconds
... View more