Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1315
Views
5
Helpful
0
Comments

What debugs to collect for 5760/3850 CWA issue with ISE

Viten Patel
Cisco Employee
Cisco Employee

‎06-05-2015 07:02 PM - edited ‎11-18-2020 03:10 AM

Below are some useful debugs to collect while working with TAC for CWA issue.
 
Description: these debugs are mainly for a scenario in which the end device is stuck in a redirect loop. Clients connect to CWA ssid and gets the AUP page with accept button. clicks on accept button and gets the AUP page again.
 
Here are the debugs/traces/show commands we plan to use on 5760, ISE and client side.
 

5760:

set trace group-wireless-secure filter mac xxxx.xxxx.xxxx
set trace aaa wireless events level debug
set trace aaa wireless events filter mac xxxx.xxxx.xxxx
set trace group-wireless-secure level debug

 

debug client mac-address
debug aaa wireless all
debug ip http transactions
debug ip http url
debug ip socket error
debug authentication all
debug authentication feature spi al
debug epm all
debug epm plugin acl all
debug epm plugin redirect all
debug epm plugin redirect detail

 

“log to buffer" “save to ftp" “confirm debug level"
logging buffered 16000000
no logging rate-limit

 

show wireless client mac-address detail
show authentication session mac detail
show platform acl le | be

 

CLIENT SIDE:

Wireshark if possible on laptop during failure and working.

Client mac address, model, ios and browser type on all clients being tested/reported.

Verify it works when opening new tab or new browser and if original browser fails does it work if you go back to original browser.
 

ISE:

 

GUI > Administration > logging > debug log config > click on node > runtime-aaa = debug.

GUI > Administration > logging > debug log config > click on node > > guestportal = debug

GUI > Administration > logging > debug log config > click on node >> guestauth = debug

 

After issue happen go to Operations > download logs > click on node > click on ‘include debug logs’ and ‘include monitoring and reporting logs.

Add encryption key then create support bundle. After completion, download the bundle.

TCPDump > operations > troubleshoot > tools > tcpdump > select node > filter = udp port 1700.

Reports,

Operations > reports > Radius Authentications > filter = endpoint ID = mac address > RUN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents