Re: Cisco 9800 Guest users getting disconnected post portal authentica - Page 2

Chandhuru sekaran marimuthu · ‎02-08-2023

Hello All,

We have Cisco 9800 Guest users getting disconnected post portal authentication. Not all users few of users.

Setup:

Foreign 9800-L --> Anchor WLC 9800-L

Guest SSID --> Open Layer 2 Security, Layer 3 Web-Auth External URL redirection(Aruba Clearpass)

Mobility Tunnel between Foreign and Anchor.

Issue:

Users able to connect to Guest SSID and they redirect to portal and they entering username and password and get connected. That time user status as Run in both Anchor and Foreign WLC. In couple of minutes they disconnecetd and ask for authenticate portal again. That time in Foreign is Run state. In Anchor side it says Web-Auth Penidng state.

Both Foreign and Anchor in 17.6.4.

If anyone came across this kind of issue. That would be great. We need to fix ASAP. Any clue on this.

Regards,

Chandhuru

Thanks and regards, Chandhuru.M

Chandhuru sekaran marimuthu · ‎08-31-2023

Hello All,

still there is no fix for this issue. Any help would be appreciated!!!

Thanks and regards, Chandhuru.M

Chandhuru sekaran marimuthu · ‎08-31-2023

Hello all,

this is debug logs collected from not working device.

2023/08/31 17:40:04.869692 {wncd_x_R0-0}{1}: [client-orch-sm] [17283]: (ERR): MAC: 4c44.5b59.5083 Client move to idle state, failed to get BSSID MAC

2023/08/31 17:40:04.869700 {wncd_x_R0-0}{1}: [client-iplearn] [17283]: (info): MAC: 4c44.5b59.5083 IP-learn state transition: S_IPLEARN_COMPLETE -> S_IPLEARN_IN_PROGRESS

2023/08/31 17:40:04.869739 {mobilityd_R0-0}{1}: [mm-client] [17837]: (debug): MAC: 4c44.5b59.5083 Received ipv4_address_update, sub type: 0 of XID (0) from (WNCD[0])

2023/08/31 17:40:04.869741 {wncd_x_R0-0}{1}: [apmgr-bssid] [17283]: (ERR): Failed to get the wlan_internal_policy record

2023/08/31 17:40:04.869743 {wncd_x_R0-0}{1}: [dpath_svc] [17283]: (ERR): MAC: 4c44.5b59.5083 Failed to get zone id of the client- error: 22, Invalid argument

2023/08/31 17:40:04.869744 {wncd_x_R0-0}{1}: [dpath_svc] [17283]: (ERR): Invalid BSSID handle, cannot check central NAT

2023/08/31 17:40:04.869830 {mobilityd_R0-0}{1}: [mm-client] [17837]: (info): MAC: 4c44.5b59.5083 Forwarding ipv4_address_update, sub type: 0 of XID (5595272) from (WNCD[0]) to (ipv4: 10.xx.xx.10 )

2023/08/31 17:40:04.869848 {wncd_x_R0-0}{1}: [client-orch-sm] [17283]: (info): MAC: 4c44.5b59.5083 Deleting the client, reason: 98, CO_CLIENT_DELETE_REASON_IP_DOWN_NO_IP, Client state S_CO_RUN

2023/08/31 17:40:04.869858 {mobilityd_R0-0}{1}: [mm-pmtu] [17837]: (debug): Peer IP: 10.xx.xx.10 PMTU size is 1385 and calculated additional header length is 76

2023/08/31 17:40:04.869877 {mobilityd_R0-0}{1}: [mm-client] [17837]: (debug): MAC: 4c44.5b59.5083 Sending ipv4_address_update of XID (5595272) to (ipv4: 10.xx.xx10 - Foreign WlC IP)

2023/08/31 17:40:04.869915 {wncd_x_R0-0}{1}: [client-orch-sm] [17283]: (note): MAC: 4c44.5b59.5083 Client delete initiated. Reason: CO_CLIENT_DELETE_REASON_IP_DOWN_NO_IP, details: , fsm-state transition 00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|aa|ab|ac|18|28|33|42|44|46|48|4d|5c|5d|64|7f|90|a6|

2023/08/31 17:40:04.870012 {wncd_x_R0-0}{1}: [apmgr-bssid] [17283]: (ERR): Failed to get bssid mac address from bssid handle.

2023/08/31 17:40:04.870012 {wncd_x_R0-0}{1}: [client-orch-sm] [17283]: (ERR): MAC: 4c44.5b59.5083 Failed to get ap mac from bssid handle required for sending the trap

2023/08/31 17:40:04.870018 {wncd_x_R0-0}{1}: [client-orch-state] [17283]: (note): MAC: 4c44.5b59.5083 Client state transition: S_CO_RUN -> S_CO_DELETE_IN_PROGRESS

2023/08/31 17:40:04.870459 {wncd_x_R0-0}{1}: [ewlc-qos-voice] [17283]: (info): MAC: 4c44.5b59.5083 Successfully freed the bw for sip client

2023/08/31 17:40:04.870523 {wncd_x_R0-0}{1}: [multicast-main] [17283]: (info): MAC: 4c44.5b59.5083 No Flex/Fabric main record exists for client

2023/08/31 17:40:04.870527 {wncd_x_R0-0}{1}: [rog-proxy-capwap] [17283]: (debug): Managed client state notification: client left run state: 4c44.5b59.5083

2023/08/31 17:40:04.870691 {wncd_x_R0-0}{1}: [client-iplearn] [17283]: (info): MAC: 4c44.5b59.5083 IP-learn state transition: S_IPLEARN_IN_PROGRESS -> S_IPLEARN_DELETE_IN_PROGRESS

2023/08/31 17:40:04.870789 {wncd_x_R0-0}{1}: [dpath_svc] [17283]: (note): MAC: 4c44.5b59.5083 Client datapath entry deleted for ifid 0xa0000076

2023/08/31 17:40:04.870797 {wncd_x_R0-0}{1}: [mm-transition] [17283]: (info): MAC: 4c44.5b59.5083 MMIF FSM transition: S_MA_ANCHOR -> S_MA_DELETE_PROCESSED_TR on E_MA_CO_DELETE_RCVD

2023/08/31 17:40:04.870841 {wncd_x_R0-0}{1}: [mm-client] [17283]: (info): MAC: 4c44.5b59.5083 Invalid transmitter ip in build client context

2023/08/31 17:40:04.870883 {wncd_x_R0-0}{1}: [mm-client] [17283]: (debug): MAC: 4c44.5b59.5083 Sending handoff_end of XID (0) to (MobilityD[0])

2023/08/31 17:40:04.870942 {mobilityd_R0-0}{1}: [mm-client] [17837]: (debug): MAC: 4c44.5b59.5083 Received handoff_end, sub type: 0 of XID (0) from (WNCD[0])

2023/08/31 17:40:04.871000 {wncd_x_R0-0}{1}: [auth-mgr] [17283]: (info): [4c44.5b59.5083:mobility_a0000002] Raised event DELETE (19)

2023/08/31 17:40:04.871004 {wncd_x_R0-0}{1}: [auth-mgr] [17283]: (info): [4c44.5b59.5083:mobility_a0000002] Disconnect request from SANET-SHIM (15) for 4c44.5b59.5083 / 0xb900087d - term: none, abort: Unknown, disc: (default)

2023/08/31 17:40:04.871005 {wncd_x_R0-0}{1}: [sanet-shim-translate] [17283]: (note): MAC: 4c44.5b59.5083 Session manager disconnect event called, session label: 0xb900087d

2023/08/31 17:40:04.871007 {mobilityd_R0-0}{1}: [mm-transition] [17837]: (info): MAC: 4c44.5b59.5083 MMFSM transition: S_MC_RUN -> S_MC_HANDOFF_END_RCVD_TR on E_MC_HANDOFF_END_RCVD from WNCD[0]

2023/08/31 17:40:04.871025 {wncd_x_R0-0}{1}: [aaa-attr-inf] [17283]: (info): [ Applied attribute : username 0 "4C44.5B59.5083" ]

2023/08/31 17:40:04.871033 {wncd_x_R0-0}{1}: [aaa-attr-inf] [17283]: (info): [ Applied attribute :bsn-vlan-interface-name 0 "Guest_DMZ" ]

2023/08/31 17:40:04.871035 {wncd_x_R0-0}{1}: [aaa-attr-inf] [17283]: (info): [ Applied attribute : timeout 0 86400 (0x15180) ]

2023/08/31 17:40:04.871041 {wncd_x_R0-0}{1}: [aaa-attr-inf] [17283]: (info): [ Applied attribute : url-redirect-acl 0 "IP-Adm-V4-LOGOUT-ACL" ]

2023/08/31 17:40:04.871047 {wncd_x_R0-0}{1}: [client-auth] [17283]: (info): MAC: 4c44.5b59.5083 Client auth-interface state transition: S_AUTHIF_WEBAUTH_DONE -> S_SANET_DELETE_IN_PROGRESS

2023/08/31 17:40:04.871060 {wncd_x_R0-0}{1}: [apmgr-db] [17283]: (ERR): 0000.0000.0000 Failed to get radio oper stat record. Invalid stats record for slot=0 error:0

2023/08/31 17:40:04.871063 {wncd_x_R0-0}{1}: [apmgr-db] [17283]: (ERR): 0000.0000.0000 Failed to update per radio per slot clients count in stats record, did not get record, error No such file or directory

2023/08/31 17:40:04.871088 {wncd_x_R0-0}{1}: [dot11] [17283]: (info): MAC: 4c44.5b59.5083 DOT11 state transition: S_DOT11_ASSOCIATED -> S_DOT11_DELETED

Thanks and regards, Chandhuru.M

JPavonM · ‎08-31-2023

You maybe hitting this bug CSCwb57391 that impacts IOS-XE 16.12 so recommendation is to move to any of the TAC recommended versions on 17.3, 17.6 or 17.9 trains.

Chandhuru sekaran marimuthu · ‎10-26-2023

Sorry for late reply. We already in 17.6.4 version. Still have same issue. Users get connected and dropped out in 1 minute to 2 minute max. Above debug log only we getting.

Thanks and regards, Chandhuru.M

gnijs · ‎06-27-2024

Hello, I have the same problem and am seeing the same log messages. did this ever get resolved ?