cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
278
Views
3
Helpful
2
Replies

Cisco WLC 5508, MS Network Policy Server, MAC Add not working

tombstone1
Level 1
Level 1

Hello everyone,

I have a WLC 5508 I am trying to setup to use a Radius Server (MS NPS) on our WLAN to stop people from connecting to our Wireless Lan. This is already setup and being used for current WLAN. I have to pass this across all my WLC (which there are 4) and MAC filtering will not work because of the client limit. I followed these directions

Configure NPS, Wireless LAN Controllers, and Wireless Networks - Cisco

I know this does it by user, but I want to do it by mac address. I have a Group for Wireless Mac, and the username is the MAC address (ex 60452E38FB8A). The keys are all the same. The specific user cannot connect. If I do the debug I get the following.


 

(Cisco Controller) >*apfOpenDtlSocket: Jun 14 08:55:21.996: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:21.997: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:21.997: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:21.997: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:21.997: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:21.998: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:21.998:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from Idle to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:21.998: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:23.055: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:23.055: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -51. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -51. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 2

*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:23.056: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:23.057: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:23.057:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:23.057:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:23.057: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:24.110: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -51. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -51. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 2

*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:24.111: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:24.112: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:24.112:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:24.112:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:24.112: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -50. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -50. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 2

*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:25.164: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:25.165: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:25.165:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:25.165:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:25.165: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:26.283: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -48. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -48. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 4

*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:26.284: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a STA - rates (8): 2 4 11 22 12 18 24 36 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:26.285: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:26.285:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:26.285:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_4: Jun 14 08:55:26.285: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:25:84:86:cb:30]
*apfMsConnTask_4: Jun 14 08:55:26.286: 60:45:2e:38:fb:8a New ctxOwnerMwarIp:  10.4.8.12 New ctxOwnerApMac:  00:25:84:86:CB:30 New ctxOwnerApEthMac:  00:22:BD:1A:D7:C1 New ctxOwnerApSlotId: 0
*apfMsConnTask_4: Jun 14 08:55:26.286: 60:45:2e:38:fb:8a Updated location for station old AP 00:25:84:86:cb:30 oldSlot 1, new AP 00:25:84:86:cb:30 newSlot 0, AID 0 MsType 0 MobilityRole 0
*apfMsConnTask_4: Jun 14 08:55:26.286: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:26.286: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:27.339: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:27.339: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -49. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -49. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 4

*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:27.340: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:27.341: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:27.341:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:27.341:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:27.341: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -48. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -48. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 4

*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:28.401: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:28.402: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:28.402:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:28.402:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:28.402: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:28.403: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:28.403: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:29.452: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:29.452: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:29.452: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -49. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:29.452: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:29.452: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:29.452: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -49. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 0
*apfMsConnTask_4: Jun 14 08:55:29.453: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:29.453: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:29.453: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 4

*apfMsConnTask_4: Jun 14 08:55:29.453: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a STA - rates (8): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:29.454: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a STA - rates (12): 2 4 11 22 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:29.455: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:29.455:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Jun 14 08:55:29.455:      [0016] ac 01 3c 00 00 00

*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Processing RSN IE type 48, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a RSN Capabilities:  60
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Received RSN IE with 0 PMKIDs from mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:29.455: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:31.989: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -50. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -50. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:31.990: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:31.991: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:31.991:      [0000] 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04

*apfMsConnTask_4: Jun 14 08:55:31.991:      [0016] 01 00 00 50 f2 01

*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Processing WPA IE type 221, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a RSN Capabilities:  0
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [00:25:84:86:cb:30]
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a New ctxOwnerMwarIp:  10.4.8.12 New ctxOwnerApMac:  00:25:84:86:CB:30 New ctxOwnerApEthMac:  00:22:BD:1A:D7:C1 New ctxOwnerApSlotId: 1
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Updated location for station old AP 00:25:84:86:cb:30 oldSlot 0, new AP 00:25:84:86:cb:30 newSlot 1, AID 0 MsType 0 MobilityRole 0
*apfMsConnTask_4: Jun 14 08:55:31.991: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:33.030: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -52. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -52. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 2

*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:33.031: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:33.032:      [0000] 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04

*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Processing WPA IE type 221, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a RSN Capabilities:  0
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:33.032: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfOpenDtlSocket: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -52. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -52. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 2

*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:34.070: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2963)
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a In processSsidIE:6558 setting Central switched to TRUE
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:34.071: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:34.071:      [0000] 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04

*apfMsConnTask_4: Jun 14 08:55:34.071:      [0016] 01 00 00 50 f2 01

*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Processing WPA IE type 221, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a RSN Capabilities:  0
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:34.071: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:35.125: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:3a destination addr 00:25:84:86:cb:3a
*apfMsConnTask_4: Jun 14 08:55:35.125: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:35.125: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -52. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Association received from mobile on BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  trying to join WLAN with RSSI -52. Checking for XOR roam conditions on AP:  00:25:84:86:CB:30  Slot: 1
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Station:  60:45:2E:38:FB:8A  is associating to AP  00:25:84:86:CB:30  which is not XOR roam capable
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Max Client Trap Threshold: 0  cur: 2

*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Re-applying interface policy for client

*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2922)
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2942)
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Setting the NAS Id to WLAN specific Id '2504'
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a In processSsidIE:6561 apVapId = 6 and Split Acl Id = 65535
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Applying site-specific Local Bridging override for station 60:45:2e:38:fb:8a - vapId 6, site 'default-group', interface 'management'
*apfMsConnTask_4: Jun 14 08:55:35.126: 60:45:2e:38:fb:8a Applying Local Bridging Interface Policy for station 60:45:2e:38:fb:8a - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a STA - rates (8): 12 18 24 36 48 72 96 108 48 72 96 108 0 0 0 0
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Jun 14 08:55:35.127: RSNIE in Assoc. Req.: (22)

*apfMsConnTask_4: Jun 14 08:55:35.127:      [0000] 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04

*apfMsConnTask_4: Jun 14 08:55:35.127:      [0016] 01 00 00 50 f2 01

*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a Processing WPA IE type 221, length 22 for mobile 60:45:2e:38:fb:8a
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a RSN Capabilities:  0
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a Marking Mobile as non-11w Capable
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a apfProcessAssocReq (apf_80211.c:10886) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to AAA Pending

*apfMsConnTask_4: Jun 14 08:55:35.127: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 20) in 10 seconds
*apfReceiveTask: Jun 14 08:55:36.030: 60:45:2e:38:fb:8a Received SGT for this Client.
*apfReceiveTask: Jun 14 08:55:36.030: 60:45:2e:38:fb:8a Sending assoc-resp with status 1 station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-01 on apVapId 6
*apfReceiveTask: Jun 14 08:55:36.030: 60:45:2e:38:fb:8a Sending Assoc Response (status: 'unspecified failure') to station on AP JLW_IT_Workroom on BSSID 00:25:84:86:cb:3a ApVapId 6 Slot 1, mobility role 0
*apfReceiveTask: Jun 14 08:55:36.030: 60:45:2e:38:fb:8a apfBlacklistMobileStationEntry2 (apf_ms.c:6809) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from AAA Pending to Exclusion-li (1)

*apfReceiveTask: Jun 14 08:55:36.030: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 44) in 10 seconds
*apfOpenDtlSocket: Jun 14 08:55:36.122: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:36.122: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:36.122: 60:45:2e:38:fb:8a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfOpenDtlSocket: Jun 14 08:55:37.180: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:37.181: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:37.181: 60:45:2e:38:fb:8a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfOpenDtlSocket: Jun 14 08:55:38.244: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:38.244: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:38.244: 60:45:2e:38:fb:8a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*apfOpenDtlSocket: Jun 14 08:55:39.293: 60:45:2e:38:fb:8a Recevied management frame ASSOCIATION REQUEST  on BSSID 00:25:84:86:cb:35 destination addr 00:25:84:86:cb:35
*apfMsConnTask_4: Jun 14 08:55:39.293: 60:45:2e:38:fb:8a Processing assoc-req station:60:45:2e:38:fb:8a AP:00:25:84:86:cb:30-00 ssid : Test thread:1a94ad20
*apfMsConnTask_4: Jun 14 08:55:39.293: 60:45:2e:38:fb:8a Ignoring assoc request due to mobile in exclusion list or marked for deletion
*osapiBsnTimer: Jun 14 08:55:45.873: 60:45:2e:38:fb:8a apfMsExpireCallback (apf_ms.c:639) Expiring Mobile!
*apfReceiveTask: Jun 14 08:55:45.873: 60:45:2e:38:fb:8a Scheduling deletion of Mobile Station:  (callerId: 46) in 60 seconds
*apfReceiveTask: Jun 14 08:55:45.873: 60:45:2e:38:fb:8a apfMsExpireMobileStation (apf_ms.c:7813) Changing state for mobile 60:45:2e:38:fb:8a on AP 00:25:84:86:cb:30 from Exclusion-list (1) to Exclusion-li (2)

*apfReceiveTask: Jun 14 08:55:45.873: 60:45:2e:38:fb:8a pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.

 

I have been spinning my wheels on this on week. Can't figure out why it isn't working. Any help would be appreciated. TIA

1 Accepted Solution

Accepted Solutions

tombstone1
Level 1
Level 1

Thank you for pointing out the Wireless Debug Analyzer. Yes, we know the WLC is EOL, and it is at its latest and greatest. It seems that the WLC is not communicating with the NPS. I ran test aaa radius on the WLC and got back "No response received from server." I looked in the logs for the NPS and it is completely blank.

I followed these steps, and now the it looks like I am getting event logs

 

 

On Windows Server 2019 with NPS role installed, open an admin command prompt & run the following command:

1.sc sidtype IAS unrestricted

2.Reboot the server

3.Attempt the connection

If it still doesn't work, the following may be required:

Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "RADIUS" | Set-NetFirewallRule -Service Any

And to validate:

Get-NetFirewallServiceFilter -PolicyStore ActiveStore | Format-Table - Property *

 

 

Now it looks like the server is responding and getting logs. Tried to reconnect here is my debug log from the WLC, this is just one.

Jun 14 11:57:54.943*apfMsConnTask_4Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 11:57:54.944*apfMsConnTask_4The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 11:57:54.944*apfMsConnTask_4The Reassociation Request from the client comes with 0 PMKID
Jun 14 11:57:54.944*apfMsConnTask_4Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Jun 14 11:57:54.954*apfReceiveTaskWLC/AP is sending an Association Response to the client with status code 1 = Unspecified failure. For example, when there is no ssid specified in the association request
Jun 14 11:57:54.954*apfReceiveTaskClient expiration timer code set for 10 seconds. The reason: Delete request due to authentication error

Here is the server log

 

 

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
	Security ID:			NULL SID
	Account Name:			60452e38fb8a
	Account Domain:			TOMBSTONE
	Fully Qualified Account Name:	TOMBSTONE\60452e38fb8a

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	Called Station Identifier:		10f3119946a0
	Calling Station Identifier:		60452e38fb8a

NAS:
	NAS IPv4 Address:		10.4.8.12
	NAS IPv6 Address:		-
	NAS Identifier:			2504
	NAS Port-Type:			Wireless - IEEE 802.11
	NAS Port:			1

RADIUS Client:
	Client Friendly Name:		WLC-JLW
	Client IP Address:			10.4.8.12

Authentication Details:
	Connection Request Policy Name:	Secure Wireless Connections
	Network Policy Name:		-
	Authentication Provider:		Windows
	Authentication Server:		DISTRICTSERVER2.Tombstone.k12.az.us
	Authentication Type:		PAP
	EAP Type:			-
	Account Session Identifier:		36363663383461322F36303A34353A32653A33383A66623A38612F31303139
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			36
	Reason:				The user's authentication attempts have exceeded the maximum allowed number of failed attempts specified by the account lockout threshold setting in Account Lockout Policy in Group Policy. To unlock the account, edit the user account properties.

 

The authentication issues are due to the Radius server using the MAC Address as the username and password. Complexity policies may not allow you to use the MAC Address as password though. Suggestion to append Password Policy to all OU's that require it and not the one you are storing MAC Address accounts in.

View solution in original post

2 Replies 2

marce1000
VIP
VIP

 

   = The 5508 controller platform is EOL  , remember to use the last release for it as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
                       That being 8.5.182.12 (8.5.182.13 for 3504s), this to have the last and or up to date bug fixes
   
Below you will find the result of your client debug when analyzed with Wireless Debug Analyzer
  have a look at what I have highlighted in red (I only did that for the first ones) , you will probably have to examine the logs on the NPS radius server for the 
  particular authentication. Remember to use Wireless Debug Analyzer for future client debugging and testing too.
                                                                    It is very useful!!

 

Connection attempt #1
Jun 14 08:55:21.998 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:21.998 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:21.998 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #2
Jun 14 08:55:23.056 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 08:55:23.057 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:23.057 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:23.057 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #3
Jun 14 08:55:24.111 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 08:55:24.112 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:24.112 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:24.112 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #4
Jun 14 08:55:25.164 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 08:55:25.165 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:25.165 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:25.165 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #5
Jun 14 08:55:26.284 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
Jun 14 08:55:26.285 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:26.285 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:26.286 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #6
Jun 14 08:55:27.340 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
Jun 14 08:55:27.341 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:27.341 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:27.341 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #7
Jun 14 08:55:28.401 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
Jun 14 08:55:28.402 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:28.402 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:28.403 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #8
Jun 14 08:55:29.452 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:35 AP JLW_IT_Workroom
Jun 14 08:55:29.455 *apfMsConnTask_4 The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 08:55:29.455 *apfMsConnTask_4 The Reassociation Request from the client comes with 0 PMKID
Jun 14 08:55:29.455 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #9
Jun 14 08:55:31.990 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 08:55:31.991 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #10
Jun 14 08:55:33.031 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Connection attempt #11
Jun 14 08:55:34.070 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 08:55:34.071 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Connection attempt #12
Jun 14 08:55:35.126 *apfMsConnTask_4 Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 08:55:35.127 *apfMsConnTask_4 Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request


-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

tombstone1
Level 1
Level 1

Thank you for pointing out the Wireless Debug Analyzer. Yes, we know the WLC is EOL, and it is at its latest and greatest. It seems that the WLC is not communicating with the NPS. I ran test aaa radius on the WLC and got back "No response received from server." I looked in the logs for the NPS and it is completely blank.

I followed these steps, and now the it looks like I am getting event logs

 

 

On Windows Server 2019 with NPS role installed, open an admin command prompt & run the following command:

1.sc sidtype IAS unrestricted

2.Reboot the server

3.Attempt the connection

If it still doesn't work, the following may be required:

Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "RADIUS" | Set-NetFirewallRule -Service Any

And to validate:

Get-NetFirewallServiceFilter -PolicyStore ActiveStore | Format-Table - Property *

 

 

Now it looks like the server is responding and getting logs. Tried to reconnect here is my debug log from the WLC, this is just one.

Jun 14 11:57:54.943*apfMsConnTask_4Client made new Association to AP/BSSID BSSID 00:25:84:86:cb:3a AP JLW_IT_Workroom
Jun 14 11:57:54.944*apfMsConnTask_4The WLC/AP has found from client association request Information Element that claims PMKID Caching support
Jun 14 11:57:54.944*apfMsConnTask_4The Reassociation Request from the client comes with 0 PMKID
Jun 14 11:57:54.944*apfMsConnTask_4Client expiration timer code set for 10 seconds. The reason: No response from radius server for mac filtering request
Jun 14 11:57:54.954*apfReceiveTaskWLC/AP is sending an Association Response to the client with status code 1 = Unspecified failure. For example, when there is no ssid specified in the association request
Jun 14 11:57:54.954*apfReceiveTaskClient expiration timer code set for 10 seconds. The reason: Delete request due to authentication error

Here is the server log

 

 

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
	Security ID:			NULL SID
	Account Name:			60452e38fb8a
	Account Domain:			TOMBSTONE
	Fully Qualified Account Name:	TOMBSTONE\60452e38fb8a

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	Called Station Identifier:		10f3119946a0
	Calling Station Identifier:		60452e38fb8a

NAS:
	NAS IPv4 Address:		10.4.8.12
	NAS IPv6 Address:		-
	NAS Identifier:			2504
	NAS Port-Type:			Wireless - IEEE 802.11
	NAS Port:			1

RADIUS Client:
	Client Friendly Name:		WLC-JLW
	Client IP Address:			10.4.8.12

Authentication Details:
	Connection Request Policy Name:	Secure Wireless Connections
	Network Policy Name:		-
	Authentication Provider:		Windows
	Authentication Server:		DISTRICTSERVER2.Tombstone.k12.az.us
	Authentication Type:		PAP
	EAP Type:			-
	Account Session Identifier:		36363663383461322F36303A34353A32653A33383A66623A38612F31303139
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			36
	Reason:				The user's authentication attempts have exceeded the maximum allowed number of failed attempts specified by the account lockout threshold setting in Account Lockout Policy in Group Policy. To unlock the account, edit the user account properties.

 

The authentication issues are due to the Radius server using the MAC Address as the username and password. Complexity policies may not allow you to use the MAC Address as password though. Suggestion to append Password Policy to all OU's that require it and not the one you are storing MAC Address accounts in.

Review Cisco Networking for a $25 gift card