FlexConnect Groups

awatson20 · ‎04-05-2013

I have several 2602 AP's that I want to operate in FlexConnect mode. The WLC is at a central HQ and the Ap's are remote. There are central radius servers at the HQ for the wlans. At the remote lcoation, there is a local radius server we want to use for the primary radius server for these AP's. This radius server has been added to the WLC. I have setup a FlexConnect Group, designated the the primary and secondary servers, and then added the AP's to the group. It does not look like radius requests are being sent to the local controller.

For this to work, do we have to check the box under the wlan for FlexConnect Local Auth? Currently, we only have FlexConnect local switching selected.

Scott Fella · ‎04-05-2013

Do you see any replies hitting the radius server? You see the clients associating on the WLC but failing?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

awatson20 · ‎04-05-2013

We do not see any requests ever hitting the radius server.

Scott Fella · ‎04-05-2013

You see the clients hitting the AP? What happens if you remove the AP from the flexconnect group and test, do you see any errors?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎04-05-2013

Couple more questions....

What radius server are you using?

Can you post the following for the WLC?

show radius summary

show wlan summary

show wlan

show ap config general

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Saravanan Lakshmanan · ‎04-07-2013

This info is not documented yet.

#When flexconnect local authentication is enabled, irrespective of Flex AP on connected or standalone mode the AP will act as NAS and packet goes off capwap to the configured Radius.

#When flexconnect local authentication is disabled, AP on connected mode will use WLC as NAS but AP as NAS while its on standalone mode"

#Mentioned the authenticator and source of the radius packet when local authentication enabled vs disabled on connected Vs standalone mode, see the table for reference.

Flexconnect AP Local Auth NAS client/Authenticator

connected mode Enabled AP

standalone mode Enabled AP

connected mode Disabled WLC

standalone mode Disabled AP

Note: Above are the options available, If we don't want to use central radius at all via wlc then enable local auth on that wlan. Have seen design where trying to use central radius server as primary and local/site radius as secondary. Looks like you're trying to do the other way.

Scott Fella · ‎04-07-2013

+5 Saravanan for the explanation!!!!

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Saravanan Lakshmanan · ‎04-08-2013

Scott, you're welcome.

awatson20 · ‎04-15-2013

Sorry I have not got back on this.

Can someone please confirm if intermittent high latency from the central location where the WLC is located to the remote site where the Flexconnect AP's are located could cause intermittent issues with client connectivity? I am noticing that at some of our remote sites that are on a 3MB mpls network, some clients have issues where they cannot access the netowrk. From the WLC, it appears that the client is authenticated and associated, but they are not getting an IP Address. I have a debug client when this was happening. I have attached it below. Thank you for all of the great input an feedback.

I did notice that while I was troubleshooting, this location was experiencing higher latency than normal, around 300 to 500ms.

*apfMsConnTask_5: Apr 15 15:21:19.561: Association request from the P2P Client Process P2P Ie and Upadte CB

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 Association received from mobile on AP 08:cc:68:0a:55:c0

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 Global 200 Clients are allowed to AP radio

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 Max Client Trap Threshold: 0 cur: 5

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 177

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 Re-applying interface policy for client

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1851)

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)

*apfMsConnTask_3: Apr 15 15:21:26.093: 24:77:03:16:ce:48 In processSsidIE:3937 setting Central switched to FALSE

*apfMsConnTask_3: Apr 15 15:21:26.094: 24:77:03:16:ce:48 Applying site-specific Local Bridging override for station 24:77:03:16:ce:48 - vapId 1, site 'WPA-LEAP-Remote-1', interface 'remote_wpa_1'

*apfMsConnTask_3: Apr 15 15:21:26.094: 24:77:03:16:ce:48 Applying Local Bridging Interface Policy for station 24:77:03:16:ce:48 - vlan 177, interface id 17, interface 'remote_wpa_1'

*apfMsConnTask_3: Apr 15 15:21:26.094: 24:77:03:16:ce:48 Applying site-specific override for station 24:77:03:16:ce:48 - vapId 1, site 'WPA-LEAP-Remote-1', interface 'remote_wpa_1'

*apfMsConnTask_3: Apr 15 15:21:26.094: 24:77:03:16:ce:48 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 180

*apfMsConnTask_3: Apr 15 15:21:26.094: 24:77:03:16:ce:48 Re-applying interface policy for client

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1851)

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2018)

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 processSsidIE statusCode is 0 and status is 0

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 processSsidIE ssid_done_flag is 0 finish_flag is 0

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 STA - rates (8): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 suppRates statusCode is 0 and gotSuppRatesElement is 1

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 Processing RSN IE type 48, length 22 for mobile 24:77:03:16:ce:48

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 Received RSN IE with 0 PMKIDs from mobile 24:77:03:16:ce:48

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 Found an cache entry for BSSID 70:10:5c:e6:4a:10 in PMKID cache at index 0 of station 24:77:03:16:ce:48

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 Removing BSSID 70:10:5c:e6:4a:10 from PMKID cache of station 24:77:03:16:ce:48

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 Resetting MSCB PMK Cache Entry 0 for station 24:77:03:16:ce:48

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 Setting active key cache index 0 ---> 8

*apfMsConnTask_3: Apr 15 15:21:26.095: 24:77:03:16:ce:48 unsetting PmkIdValidatedByAp

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Deleted mobile LWAPP rule on AP [70:10:5c:e6:4a:10]

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 Updated location for station old AP 70:10:5c:e6:4a:10-0, new AP 08:cc:68:0a:55:c0-0

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 apfMsRunStateDec

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 apfMs1xStateDec

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Change state to START (0) last state RUN (20)

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 START (0) Initializing policy

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 START (0) Change state to AUTHCHECK (2) last state START (0)

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 8021X_REQD (3) DHCP required on AP 08:cc:68:0a:55:c0 vapId 1 apVapId 1for this client

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 Not Using WMM Compliance code qosCap 00

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 172.29.72.15 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 08:cc:68:0a:55:c0 vapId 1 apVapId 1 flex-acl-name:

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 apfPemAddUser2 (apf_policy.c:273) Changing state for mobile 24:77:03:16:ce:48 on AP 08:cc:68:0a:55:c0 from Associated to Associated

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 Stopping deletion of Mobile Station: (callerId: 48)

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 Sending Assoc Response to station on BSSID 08:cc:68:0a:55:c0 (status 0) ApVapId 1 Slot 0

*apfMsConnTask_3: Apr 15 15:21:26.096: 24:77:03:16:ce:48 apfProcessAssocReq (apf_80211.c:6719) Changing state for mobile 24:77:03:16:ce:48 on AP 08:cc:68:0a:55:c0 from Associated to Associated

*apfMsConnTask_3: Apr 15 15:21:26.145: 24:77:03:16:ce:48 Updating AID for REAP AP Client 08:cc:68:0a:55:c0 - AID ===> 3

*dot1xMsgTask: Apr 15 15:21:26.146: 24:77:03:16:ce:48 Disable re-auth, use PMK lifetime.

*dot1xMsgTask: Apr 15 15:21:26.146: 24:77:03:16:ce:48 dot1x - moving mobile 24:77:03:16:ce:48 into Connecting state

*dot1xMsgTask: Apr 15 15:21:26.146: 24:77:03:16:ce:48 Sending EAP-Request/Identity to mobile 24:77:03:16:ce:48 (EAP Id 1)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.260: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.260: 24:77:03:16:ce:48 Received Identity Response (count=1) from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.260: 24:77:03:16:ce:48 EAP State update from Connecting to Authenticating for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.260: 24:77:03:16:ce:48 dot1x - moving mobile 24:77:03:16:ce:48 into Authenticating state

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.260: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.265: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.265: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=2) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.265: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 2)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.404: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.404: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 2, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.404: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.405: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.405: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=3) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.405: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 3)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.464: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.464: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 3, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.464: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.465: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.465: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=4) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.465: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 4)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.532: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.532: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 4, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.532: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.533: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.533: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=5) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.533: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 5)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.590: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.590: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 5, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.590: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.591: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.592: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=6) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.592: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 6)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.687: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.687: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 6, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.687: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.689: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.689: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=7) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.689: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 7)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.737: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.737: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 7, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.737: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.738: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.738: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=8) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.739: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 8)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.802: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.802: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 8, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.802: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.813: 24:77:03:16:ce:48 Processing Access-Challenge for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.813: 24:77:03:16:ce:48 Entering Backend Auth Req state (id=9) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.813: 24:77:03:16:ce:48 Sending EAP Request from AAA to mobile 24:77:03:16:ce:48 (EAP Id 9)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.876: 24:77:03:16:ce:48 Received EAPOL EAPPKT from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.876: 24:77:03:16:ce:48 Received EAP Response from mobile 24:77:03:16:ce:48 (EAP Id 9, EAP Type 13)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.876: 24:77:03:16:ce:48 Entering Backend Auth Response state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.877: 24:77:03:16:ce:48 Processing Access-Accept for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.877: 24:77:03:16:ce:48 Resetting web IPv4 acl from 255 to 255

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.877: 24:77:03:16:ce:48 Resetting web IPv4 Flex acl from 65535 to 65535

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.877: 24:77:03:16:ce:48 Setting re-auth timeout to 1800 seconds, got from WLAN config.

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.877: 24:77:03:16:ce:48 Station 24:77:03:16:ce:48 setting dot1x reauth timeout = 1800

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.877: 24:77:03:16:ce:48 Creating a PKC PMKID Cache entry for station 24:77:03:16:ce:48 (RSN 2)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Resetting MSCB PMK Cache Entry 0 for station 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Setting active key cache index 8 ---> 8

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Setting active key cache index 8 ---> 0

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Adding BSSID 08:cc:68:0a:55:c0 to PMKID cache at index 0 for station 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: New PMKID: (16)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: [0000] 00 b9 ff 20 8f eb 43 b2 6f 20 50 a1 29 99 85 a3

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Disabling re-auth since PMK lifetime can take care of same.

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 unsetting PmkIdValidatedByAp

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 PMK sent to mobility group

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Sending EAP-Success to mobile 24:77:03:16:ce:48 (EAP Id 9)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Found an cache entry for BSSID 08:cc:68:0a:55:c0 in PMKID cache at index 0 of station 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: Including PMKID in M1 (16)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: [0000] 00 b9 ff 20 8f eb 43 b2 6f 20 50 a1 29 99 85 a3

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Starting key exchange to mobile 24:77:03:16:ce:48, data packets will be dropped

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Sending EAPOL-Key Message to mobile 24:77:03:16:ce:48

state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.878: 24:77:03:16:ce:48 Entering Backend Auth Success state (id=9) for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.879: 24:77:03:16:ce:48 Received Auth Success while in Authenticating state for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.879: 24:77:03:16:ce:48 dot1x - moving mobile 24:77:03:16:ce:48 into Authenticated state

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.937: 24:77:03:16:ce:48 Received EAPOL-Key from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.937: 24:77:03:16:ce:48 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.937: 24:77:03:16:ce:48 Received EAPOL-key in PTK_START state (message 2) from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.937: 24:77:03:16:ce:48 PMK: Sending cache add

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.937: 24:77:03:16:ce:48 Stopping retransmission timer for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.937: 24:77:03:16:ce:48 Sending EAPOL-Key Message to mobile 24:77:03:16:ce:48

state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 Received EAPOL-Key from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 Stopping retransmission timer for mobile 24:77:03:16:ce:48

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 apfMs1xStateInc

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 172.29.72.15 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 172.29.72.15 L2AUTHCOMPLETE (4) DHCP required on AP 08:cc:68:0a:55:c0 vapId 1 apVapId 1for this client

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 Not Using WMM Compliance code qosCap 00

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 172.29.72.15 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 08:cc:68:0a:55:c0 vapId 1 apVapId 1 flex-acl-name:

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 apfMsRunStateInc

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.987: 24:77:03:16:ce:48 172.29.72.15 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)

*Dot1x_NW_MsgTask_0: Apr 15 15:21:26.989: 24:77:03:16:ce:48 172.29.72.15 RUN (20) Reached PLUMBFASTPATH: from line 5982

*apfMsConnTask_1: Apr 15 15:21:30.000: Association request from the P2P Client Process P2P Ie and Upadte CB

*apfMsConnTask_7: Apr 15 15:22:28.508: Association request from the P2P Client Process P2P Ie and Upadte CB

*apfMsConnTask_0: Apr 15 15:22:52.690: Association request from the P2P Client Process P2P Ie and Upadte CB

*apfMsConnTask_5: Apr 15 15:23:00.276: Association request from the P2P Client Process P2P Ie and Upadte CB