Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1638
Views
0
Helpful
9
Replies

Inconsistent dynamic interface displayed.

DuJin0509
Level 1
Level 1

‎05-22-2017 01:42 AM - edited ‎07-05-2021 07:04 AM

Hello folks,

I am stumped by followings, you can see the specific WLAN 7 is associated to interface management,

WLC) >show wlan 7

< omitted >
WLAN Identifier.................................. 7
Interface........................................ management >>>>>>>>

< omitted >

and there are 2 clients are associating to wlan 7,  client A is associating to WLAN 7 as expected.

(WLC) >show client detail 00:17:23:f1:0c:ef>>>>>>>>>>>>client A

Wireless LAN Id.................................. 7 
Wireless LAN Network Name (SSID)................. WASSLogistics
IP Address....................................... 10.168.130.66
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ management >>>>>>>>>>
VLAN............................................. 0
Quarantine VLAN.................................. 0
Access VLAN...................................... 0
Local Bridging VLAN.............................. 103

the question is here the client B is associating to wlan 7 either but the associated interface is int_vlan103!!!

(WLC) >show client detail 00:17:23:f1:0d:af >>>>>>>>>>>>>>client B
Wireless LAN Id.................................. 7 
Wireless LAN Network Name (SSID)................. WASSLogistics
IP Address....................................... 10.168.132.21
Interface........................................ int_vlan103  >>>>>>>>>>>>>>>>>> ???
VLAN............................................. 103
Quarantine VLAN.................................. 0
Access VLAN...................................... 103
Local Bridging VLAN.............................. 103

Would you please let me understand why the client B is associating to Vlan 103 ?

(WLC) >show interface summary
 Number of Interfaces.......................... 11

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----

int_vlan103                      LAG  103      10.168.132.2    Dynamic No     No   
management                       LAG  untagged 10.168.130.2    Static  Yes    No  

Thanks a lot for your help.

Labels:
0 Helpful
9 Replies 9

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎05-22-2017 01:59 AM

paste the sh wlan 7 output.

also paste the switch-port config where WLC is connected.

My personal view: I will also recommend to use tagged VLAN for management.

Regards

Dont forget to rate helpful posts

0 Helpful

DuJin0509
Level 1
Level 1
In response to Sandeep Choudhary

‎05-22-2017 02:08 AM

Hello Sandeep,

following is switchport configuration,

Sw#sho run int g1/0/19
Building configuration...

Current configuration : 448 bytes
!
interface GigabitEthernet1/0/19
 description WLC
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 98
 switchport trunk allowed vlan 2,10,98,101-103,105
 switchport mode trunk
 no logging event link-status
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 no snmp trap link-status
 spanning-tree portfast
 channel-group 2 mode on
 service-policy input set-dscp
 ip dhcp snooping trust

 and  Show wlan 7 output,


(WLC) >show wlan 7


WLAN Identifier.................................. 7
Profile Name..................................... WASS_StCyr_new
Network Name (SSID).............................. WASSLogistics
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
    Radius Profiling ............................ Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
    Local Profiling ............................. Disabled
     DHCP ....................................... Disabled
     HTTP ....................................... Disabled
  Radius-NAC State............................... Disabled
  SNMP-NAC State................................. Disabled
  Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 20
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 65535 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... FRSCYWLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured 
mDNS Profile Name................................ unconfigured  
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
    PMIPv6 MAG Profile........................... Unconfigured
    PMIPv6 Default Realm......................... Unconfigured

--More-- or (q)uit
    PMIPv6 NAI Type.............................. Hexadecimal
    PMIPv6 MAG location.......................... AP
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Disabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None


Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Global Servers
   Accounting.................................... Global Servers
      Interim Update............................. Enabled
      Interim Update Interval.................... 0
      Framed IPv6 Acct AVP ...................... Prefix
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled
Security

   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled

      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Disabled
         PSK..................................... Enabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web Authentication Timeout.................... 300
   Web-Passthrough............................... Disabled

--More-- or (q)uit
   Mac-auth-server............................... 0.0.0.0
   Web-portal-server............................. 0.0.0.0
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   FlexConnect Local Switching................... Enabled
   FlexConnect Central Association............... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   flexconnect PPPoE pass-through................ Disabled
   flexconnect local-switching IP-source-guar.... Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
   Eap-params.................................... Disabled
AVC Visibilty.................................... Disabled
AVC Profile Name................................. None


Flow Monitor Name................................ None
Split Tunnel Configuration
    Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Enabled
802.11k Neighbor List............................ Enabled
802.11k Neighbor List Dual Band.................. Enabled
802.11v Directed Multicast Service............... Disabled
802.11v BSS Max Idle Service..................... Enabled
DMS DB is empty
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Universal Ap Admin............................... Disabled

 Mobility Anchor List
 WLAN ID     IP Address            Status
 -------     ---------------       ------


--More-- or (q)uit
802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy
----------------
Priority  Policy Name
--------  ------------

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to DuJin0509

‎05-22-2017 06:46 AM

config looks ok.

1. Check the WLC config again!!

2. My personal view: tag the management vlan as well and then try again.

Regards

Dont forget to rate helpful posts

0 Helpful

DuJin0509
Level 1
Level 1
In response to Sandeep Choudhary

‎05-22-2017 07:58 PM

Hello Sandeep,

 Would you please elaborate which part of the WLC configuration should I check ?

 I am wondering why there are two interfaces map to single WLAN?

And how to understand the feature "Local Bridging VLAN.............................. 103" ?

Would you please help me understand this or do you have any document regarding to this feature ? I suppose this feature is relevant with my issue but I have no any concrete instance to prove it.

Thanks .

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to DuJin0509

‎05-22-2017 10:21 PM

I think you are using flex-connect feature!

Check the WLAN and AP configuration as per this guide.

https://supportforums.cisco.com/document/98646/wireless-lan-flexconnect-configuration-example

there must be something wrong in your config.

Regards

Dont forget to rate helpful posts

0 Helpful

kkristian
Level 1
Level 1
In response to DuJin0509

‎03-25-2019 05:31 AM

Hi,

 

were you ever able to resolve that issue? Struggling with same, except that old clients (connected for years) are being assigned to correct vlan 237 and new clients to management vlan. All started all of sudden last monday.

0 Helpful

Ric Beeching
Level 7
Level 7
In response to kkristian

‎03-25-2019 06:25 PM

Kkristian,

Describe your setup and any changes in the environment. Is the WLAN FlexConnect or not FlexConnect? Often when clients are working fine but then 'suddenly' start going to the management VLAN it is because the FlexConnect APs have forgotten one of their settings such as VLAN Support. If you find this is the case, I recommend setting VLAN Support in the FlexConnect group and ticking 'override AP' to ensure they never revert to that.

Cheers,
Ric
-----------------------------
Please rate helpful / correct posts
0 Helpful

kkristian
Level 1
Level 1
In response to Ric Beeching

‎03-26-2019 12:16 AM

The only change I did was ISE upgrade to version 2.0. It's doing only radius, no profiling. Yes, I know about flexconnect AP's losing VLAN Mappings, but at this site I'm using local switching. Network settings must be fine, otherwise none of the clients would connect. Please see wlc debug for non working client:

 

vlan10 is the management domain (where my non working clients connect), however they should connect to vlan237.

 

(Cisco Controller) >*apfMsConnTask_2: Mar 25 11:44:58.815: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*emWeb: Mar 25 14:42:12.333: [PA] 90:9f:33:09:68:b0 apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 6, reasonCode 252

*emWeb: Mar 25 14:42:12.333: [PA] 90:9f:33:09:68:b0 Mscb del, deleteImm:yes, MS State:3, reasoncode:252 ANCHOR ROLE=0
*emWeb: Mar 25 14:42:12.333: [PA] 90:9f:33:09:68:b0 Scheduling deletion of Mobile Station: (callerId: 30) in 1 seconds
*emWeb: Mar 25 14:42:12.333: [PA] 90:9f:33:09:68:b0 PMK: Sending cache delete
*emWeb: Mar 25 14:42:12.333: [PA] 90:9f:33:09:68:b0 Removing PMK cache entry for station 90:9f:33:09:68:b0
*emWeb: Mar 25 14:42:12.333: [PA] 90:9f:33:09:68:b0 3 PMK-remove groupcast messages sent
*apfMsConnTask_6: Mar 25 14:42:12.586: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_6: Mar 25 14:42:12.586: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*osapiBsnTimer: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 apfMsExpireCallback (apf_ms.c:639) Expiring Mobile!
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 apfMsExpireMobileStation (apf_ms.c:7143) Changing state for mobile 90:9f:33:09:68:b0 on AP 64:a0:e7:db:32:20 from Associated to Disassociated

*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 apfSendDisAssocMsgDebug (apf_80211.c:3212) Changing state for mobile 90:9f:33:09:68:b0 on AP 64:a0:e7:db:32:20 from Disassociated to Disassociated

*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Sent Disassociate to mobile on AP 64:a0:e7:db:32:20-1 (reason 252, caller apf_ms.c:7237)
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Sent Deauthenticate to mobile on BSSID 64:a0:e7:db:32:20 slot 1(caller apf_ms.c:7239)
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Resetting MSCB PMK Cache Entry 0 for station 90:9f:33:09:68:b0
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Removing BSSID 64:a0:e7:db:32:2b from PMKID cache of station 90:9f:33:09:68:b0
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Setting active key cache index 0 ---> 8
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Deleting the PMK cache when de-authenticating the client.
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 Global PMK Cache deletion failed.
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 apfMsAssoStateDec
*apfReceiveTask: Mar 25 14:42:13.318: [PA] 90:9f:33:09:68:b0 apfMsExpireMobileStation (apf_ms.c:7281) Changing state for mobile 90:9f:33:09:68:b0 on AP 64:a0:e7:db:32:20 from Disassociated to Idle

*apfReceiveTask: Mar 25 14:42:13.319: [PA] 90:9f:33:09:68:b0 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Mar 25 14:42:13.319: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [64:a0:e7:db:32:20]
*apfReceiveTask: Mar 25 14:42:13.319: [PA] 90:9f:33:09:68:b0 Username entry 'linepc8888' is deleted for mobile from the UserName table
*apfReceiveTask: Mar 25 14:42:13.319: [PA] 90:9f:33:09:68:b0 Username entry linepc8888 deleted for mobile
*apfReceiveTask: Mar 25 14:42:13.319: [PA] 90:9f:33:09:68:b0 Deleting mobile on AP 64:a0:e7:db:32:20(1)
*spamApTask3: Mar 25 14:42:13.319: [PA] 90:9f:33:09:68:b0 Delete Mobile request sent to the AP 106.132.225.160:48136

*pemReceiveTask: Mar 25 14:42:13.320: [PA] 90:9f:33:09:68:b0 0.0.0.0 Removed NPU entry.
*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Processing assoc-req station:90:9f:33:09:68:b0 AP:64:a0:e7:db:37:30-01 thread:151c8140
*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Created Acct-Session-ID (5c98dab5/90:9f:33:09:68:b0/811) for the mobile
*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Adding mobile on LWAPP AP 64:a0:e7:db:37:30(1)
*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Reassociation received from mobile on BSSID 64:a0:e7:db:37:31 AP EEDC_PKG_Line_AP_9
*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Global 200 Clients are allowed to AP radio

*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Max Client Trap Threshold: 0 cur: 0

*apfMsConnTask_7: Mar 25 14:42:13.333: [PA] 90:9f:33:09:68:b0 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 override for default ap group, marking intgrp NULL
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Applying Interface(pkg-line wirless pc 2) policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Re-applying interface policy for client

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2453)
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2474)
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Check before Setting the NAS Id to WLAN specific Id ''
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 In processSsidIE:5766 setting Central switched to TRUE
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 In processSsidIE:5769 apVapId = 5 and Split Acl Id = 65535
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Applying site-specific Local Bridging override for station 90:9f:33:09:68:b0 - vapId 15, site 'PKG', interface 'management'
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Applying Local Bridging Interface Policy for station 90:9f:33:09:68:b0 - vlan 10, interface id 0, interface 'management', nasId:''
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 override from ap group, removing intf group from mscb
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Applying site-specific override for station 90:9f:33:09:68:b0 - vapId 15, site 'PKG', interface 'management'
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 237

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Re-applying interface policy for client

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2453)
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2474)
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Values before applying NASID - interfacetype:0, ovrd:0, mscb nasid:, interface nasid:, APgrpset:0
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 Setting the NAS Id to AP group specific Id 'EEDC_Line_WLC_1'
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 STA - rates (6): 152 36 176 72 96 108 0 0 0 0 0 0 0 0 0 0
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] RSNIE in Assoc. Req.: (20)

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] [0016] ac 01 00 00

*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Processing RSN IE type 48, length 20 for mobile 90:9f:33:09:68:b0
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 RSN Capabilities: 0
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Received RSN IE with 0 PMKIDs from mobile 90:9f:33:09:68:b0
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Setting active key cache index 8 ---> 8
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 unsetting PmkIdValidatedByAp
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)

*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Encryption policy is set to 0x80000001
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Vlan while overriding the policy = -1
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 sending to spamAddMobile vlanId -1 aclName = , flexAclId 65535

*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 64:a0:e7:db:37:30 vapId 15 apVapId 5 flex-acl-name:
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 apfMsAssoStateInc
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 apfPemAddUser2 (apf_policy.c:353) Changing state for mobile 90:9f:33:09:68:b0 on AP 64:a0:e7:db:37:30 from Idle to Associated

*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 apfPemAddUser2:session timeout forstation 90:9f:33:09:68:b0 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_7: Mar 25 14:42:13.335: [PA] 90:9f:33:09:68:b0 Sending assoc-resp with status 0 station:90:9f:33:09:68:b0 AP:64:a0:e7:db:37:30-01 on apVapId 5
*apfMsConnTask_7: Mar 25 14:42:13.336: [PA] 90:9f:33:09:68:b0 Sending Assoc Response to station on BSSID 64:a0:e7:db:37:3b (status 0) ApVapId 5 Slot 1
*apfMsConnTask_7: Mar 25 14:42:13.336: [PA] 90:9f:33:09:68:b0 apfProcessAssocReq (apf_80211.c:9629) Changing state for mobile 90:9f:33:09:68:b0 on AP 64:a0:e7:db:37:30 from Associated to Associated

*spamApTask6: Mar 25 14:42:13.336: [PA] 90:9f:33:09:68:b0 Successful transmission of LWAPP Add-Mobile to AP 64:a0:e7:db:37:30
*spamApTask6: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 Received ADD_MOBILE ack - Initiating 1x to STA 90:9f:33:09:68:b0 (idx 76)
*spamApTask6: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 Sent 1x initiate message to multi thread task for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 reauth_sm state transition 0 ---> 1 for mobile 90:9f:33:09:68:b0 at 1x_reauth_sm.c:47
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 EAP-PARAM Debug - eap-params for Wlan-Id :15 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 Station 90:9f:33:09:68:b0 setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 dot1x - moving mobile 90:9f:33:09:68:b0 into Connecting state
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.338: [PA] 90:9f:33:09:68:b0 Sending EAP-Request/Identity to mobile 90:9f:33:09:68:b0 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.350: [PA] 90:9f:33:09:68:b0 Received EAPOL EAPPKT from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.350: [PA] 90:9f:33:09:68:b0 Received Identity Response (count=1) from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.350: [PA] 90:9f:33:09:68:b0 Resetting reauth count 1 to 0 for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.350: [PA] 90:9f:33:09:68:b0 EAP State update from Connecting to Authenticating for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.350: [PA] 90:9f:33:09:68:b0 dot1x - moving mobile 90:9f:33:09:68:b0 into Authenticating state
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.350: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Response state for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.353: [PA] 90:9f:33:09:68:b0 Processing Access-Challenge for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.353: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Req state (id=2) for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.353: [PA] 90:9f:33:09:68:b0 Sending EAP Request from AAA to mobile 90:9f:33:09:68:b0 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.353: [PA] 90:9f:33:09:68:b0 Allocating EAP Pkt for retransmission to mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.355: [PA] 90:9f:33:09:68:b0 Received EAPOL EAPPKT from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.355: [PA] 90:9f:33:09:68:b0 Received EAP Response from mobile 90:9f:33:09:68:b0 (EAP Id 2, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.355: [PA] 90:9f:33:09:68:b0 Resetting reauth count 0 to 0 for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.355: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Response state for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.357: [PA] 90:9f:33:09:68:b0 Processing Access-Challenge for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.357: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Req state (id=3) for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.357: [PA] 90:9f:33:09:68:b0 Sending EAP Request from AAA to mobile 90:9f:33:09:68:b0 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.357: [PA] 90:9f:33:09:68:b0 Reusing allocated memory for EAP Pkt for retransmission to mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.360: [PA] 90:9f:33:09:68:b0 Received EAPOL EAPPKT from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.360: [PA] 90:9f:33:09:68:b0 Received EAP Response from mobile 90:9f:33:09:68:b0 (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.360: [PA] 90:9f:33:09:68:b0 Resetting reauth count 0 to 0 for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.360: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Response state for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.361: [PA] 90:9f:33:09:68:b0 Processing Access-Challenge for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.361: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Req state (id=6) for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.361: [PA] 90:9f:33:09:68:b0 WARNING: updated EAP-Identifier 3 ===> 6 for STA 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.361: [PA] 90:9f:33:09:68:b0 Sending EAP Request from AAA to mobile 90:9f:33:09:68:b0 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.361: [PA] 90:9f:33:09:68:b0 Reusing allocated memory for EAP Pkt for retransmission to mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.364: [PA] 90:9f:33:09:68:b0 Received EAPOL EAPPKT from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.364: [PA] 90:9f:33:09:68:b0 Received EAP Response from mobile 90:9f:33:09:68:b0 (EAP Id 6, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.364: [PA] 90:9f:33:09:68:b0 Resetting reauth count 0 to 0 for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.364: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Response state for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.365: [PA] 90:9f:33:09:68:b0 Processing Access-Accept for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Resetting web IPv4 acl from 255 to 255

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Resetting web IPv4 Flex acl from 65535 to 65535

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Station 90:9f:33:09:68:b0 setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Username entry (linepc8888) created for mobile, length = 253
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Username entry (linepc8888) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Creating a PKC PMKID Cache entry for station 90:9f:33:09:68:b0 (RSN 2)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Resetting MSCB PMK Cache Entry 0 for station 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Adding BSSID 64:a0:e7:db:37:3b to PMKID cache at index 0 for station 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] New PMKID: (16)

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] [0000] a7 6d 92 ef 41 76 2a 22 3b e3 07 1d e9 11 73 d9

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.366: [PA] 90:9f:33:09:68:b0 Zeroize AAA Overrides from local for station
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 3 PMK-update groupcast messages sent
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 PMK sent to mobility group
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Sending EAP-Success to mobile 90:9f:33:09:68:b0 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Found an cache entry for BSSID 64:a0:e7:db:37:3b in PMKID cache at index 0 of station 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Found an cache entry for BSSID 64:a0:e7:db:37:3b in PMKID cache at index 0 of station 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] Including PMKID in M1 (16)

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] [0000] a7 6d 92 ef 41 76 2a 22 3b e3 07 1d e9 11 73 d9

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Starting key exchange to mobile 90:9f:33:09:68:b0, data packets will be dropped
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Sending EAPOL-Key Message to mobile 90:9f:33:09:68:b0
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Reusing allocated memory for EAP Pkt for retransmission to mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Entering Backend Auth Success state (id=6) for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 Received Auth Success while in Authenticating state for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.367: [PA] 90:9f:33:09:68:b0 dot1x - moving mobile 90:9f:33:09:68:b0 into Authenticated state
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Received EAPOL-Key from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Received EAPOL-key in PTK_START state (message 2) from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Dumping RSNIE received in Association request:
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 00000000: 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 0...............
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 00000010: 00 0f ac 01 00 00 ......
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Dumping RSNIE received in EAPOL M2 :
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 00000000: 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ................
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 00000010: ac 01 00 00 ....
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Not Flex client. Do not distribute PMK Key cache.
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Stopping retransmission timer for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Sending EAPOL-Key Message to mobile 90:9f:33:09:68:b0
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.376: [PA] 90:9f:33:09:68:b0 Reusing allocated memory for EAP Pkt for retransmission to mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.378: [PA] 90:9f:33:09:68:b0 Received EAPOL-Key from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.378: [PA] 90:9f:33:09:68:b0 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Stopping retransmission timer for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Freeing EAP Retransmit Bufer for mobile 90:9f:33:09:68:b0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 apfMs1xStateInc
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 apfMsPeapSimReqCntInc
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 apfMsPeapSimReqSuccessCntInc
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Mobility query, PEM State: L2AUTHCOMPLETE

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Building Mobile Announce :

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Building Client Payload:

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Client Ip: 0.0.0.0

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Client Vlan Ip: 106.132.225.151, Vlan mask : 255.255.255.192

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Client Vap Security: 16384

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Virtual Ip: 1.1.1.1

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 ssid: EEDC_LINE_TEMP

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Building VlanIpPayload.

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Mobile Announce sent to 3 members of the local group.
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.379: [PA] 90:9f:33:09:68:b0 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 Vlan while overriding the policy = -1
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 sending to spamAddMobile vlanId -1 aclName = , flexAclId 65535

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 64:a0:e7:db:37:30 vapId 15 apVapId 5 flex-acl-name:
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6611, Adding TMP rule
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 64:a0:e7:db:37:30, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255, IP
*spamApTask6: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 Successful transmission of LWAPP Add-Mobile to AP 64:a0:e7:db:37:30
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 0 Local Bridging Vlan = 10, Local Bridging intf i
d = 0
*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0

*Dot1x_NW_MsgTask_0: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Mar 25 14:42:13.380: [PA] 90:9f:33:09:68:b0 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*apfOrphanSocketTask: Mar 25 14:42:13.382: [PA] 90:9f:33:09:68:b0 Orphan Packet from STA - IP 169.254.134.106
*IPv6_Msg_Task: Mar 25 14:42:13.383: [PA] 90:9f:33:09:68:b0 Not Advancing pem state, mscb in apfMsMmQueryRequested mobility state and client state APF_MS_STATE_ASSOCIATED
*DHCP Socket Task: Mar 25 14:42:13.385: [PA] 90:9f:33:09:68:b0 DHCP received op BOOTREQUEST (1) (len 308,vlan 10, port 13, encap 0xec03)
*DHCP Socket Task: Mar 25 14:42:13.385: [PA] 90:9f:33:09:68:b0 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Mar 25 14:42:13.385: [PA] 90:9f:33:09:68:b0 DHCP dropping packet due to ongoing mobility handshake exchange, (siaddr 0.0.0.0, mobility state = 'apfMsMmQueryRequested'
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 106.132.225.151
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6227, Adding TMP rule
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
type = Airespace AP - Learn IP address
on AP 64:a0:e7:db:37:30, slot 1, interface = 13, QOS = 0
IPv4 ACL ID = 255,
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 0 Local Bridging Vlan = 10, Local Bridging intf id =
0
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0

*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0

*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 Installing Orphan Pkt IP address 169.254.134.106 for station
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 In apfRegisterIpAddrOnMscb_debug: regType=2 Invalid src IP address, 169.254.134.106 is part of reserved ip address range (caller apf_foreignap.c:2890
)
*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 IPv4 Addr: 169:254:134:106

*apfReceiveTask: Mar 25 14:42:16.318: [PA] 90:9f:33:09:68:b0 Unsuccessfully installed IP address 169.254.134.106 for station
*pemReceiveTask: Mar 25 14:42:16.319: [PA] 90:9f:33:09:68:b0 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*pemReceiveTask: Mar 25 14:42:16.319: [PA] 90:9f:33:09:68:b0 Sent an XID frame
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP received op BOOTREQUEST (1) (len 308,vlan 10, port 13, encap 0xec03)
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP selected relay 1 - 106.132.224.2 (local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:16.762: [PA] 90:9f:33:09:68:b0 DHCP selected relay 1 - 106.132.224.2 (local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP xid: 0xbb1f8479 (3139404921), secs: 0, flags: 0
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP chaddr: 90:9f:33:09:68:b0
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP siaddr: 0.0.0.0, giaddr: 106.132.225.151
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP sending REQUEST to 106.132.225.129 (len 350, port 13, vlan 10)
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:16.763: [PA] 90:9f:33:09:68:b0 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 0.0.0.0, gateway 106.132.225.129, VLAN 10, port 13)
*apfMsConnTask_4: Mar 25 14:42:21.192: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_4: Mar 25 14:42:21.192: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*DHCP Socket Task: Mar 25 14:42:21.618: [PA] 90:9f:33:09:68:b0 DHCP received op BOOTREQUEST (1) (len 308,vlan 10, port 13, encap 0xec03)
*DHCP Socket Task: Mar 25 14:42:21.618: [PA] 90:9f:33:09:68:b0 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Mar 25 14:42:21.618: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:21.618: [PA] 90:9f:33:09:68:b0 DHCP selected relay 1 - 106.132.224.2 (local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:21.618: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP selected relay 1 - 106.132.224.2 (local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP xid: 0xbb1f8479 (3139404921), secs: 1024, flags: 0
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP chaddr: 90:9f:33:09:68:b0
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP siaddr: 0.0.0.0, giaddr: 106.132.225.151
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP sending REQUEST to 106.132.225.129 (len 350, port 13, vlan 10)
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:21.619: [PA] 90:9f:33:09:68:b0 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 0.0.0.0, gateway 106.132.225.129, VLAN 10, port 13)
*apfMsConnTask_7: Mar 25 14:42:22.377: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_7: Mar 25 14:42:22.377: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_7: Mar 25 14:42:22.415: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_7: Mar 25 14:42:22.415: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*apfMsConnTask_0: Mar 25 14:42:26.835: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
debug *apfMsConnTask_0: Mar 25 14:42:26.835: [PA] dot1xDoesPmkIdMatchPmk2, Received 11w Flag: 0
*DHCP Socket Task: Mar 25 14:42:30.365: [PA] 90:9f:33:09:68:b0 DHCP received op BOOTREQUEST (1) (len 308,vlan 10, port 13, encap 0xec03)
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selected relay 1 - 106.132.224.2 (local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 1 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selected relay 1 - 106.132.224.2 (local address 106.132.225.151, gateway 106.132.225.129, VLAN 10, port 13)
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP xid: 0xbb1f8479 (3139404921), secs: 3328, flags: 0
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP chaddr: 90:9f:33:09:68:b0
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP siaddr: 0.0.0.0, giaddr: 106.132.225.151
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP sending REQUEST to 106.132.225.129 (len 350, port 13, vlan 10)
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selecting relay 2 - control block settings:
dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 106.132.225.151 VLAN: 10
*DHCP Socket Task: Mar 25 14:42:30.366: [PA] 90:9f:33:09:68:b0 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 0.0.0.0, gateway 106.132.225.129, VLAN 10, port 13)

Preview file
18 KB
0 Helpful

Ric Beeching
Level 7
Level 7
In response to kkristian

‎03-26-2019 03:44 AM

Key log there is this:
*apfMsConnTask_7: Mar 25 14:42:13.334: [PA] 90:9f:33:09:68:b0 In processSsidIE:5766 setting Central switched to TRUE

There's a few ways this could occur:

1) Your WLAN is set to FlexConnect central switching - Check the WLAN
2) Your Flex AP does not have VLAN Support enabled (you've said they do)
3) Your Flex AP does not have a VLAN mapping for - Check that the WLAN -> VLAN 237 mapping is present in the Flex Group for that WLAN
4) Or, if using ISE to return VLAN 237 then AAA override must be enabled on the WLAN and the VLAN needs to be 'pushed' to the APs via FlexConnect Group under the AAA VLAN-ACL Mapping section. Simple create the VLAN ID (237) and set ingress/egress ACL to 'none'. This will map the VLAN locally on the AP.

Also confirm that all APs for that site are in the Flex Group and, if still not working, confirm each AP definitely has VLAN Support selected and local switchports are set to trunk.

Ric
-----------------------------
Please rate helpful / correct posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card