Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1681
Views
0
Helpful
12
Replies

Only iphone users facing issue with same ssid

jain.manish94
Spotlight
Spotlight

‎03-09-2019 03:18 AM - edited ‎07-05-2021 10:01 AM

Some iPhone users are connecting successfully with same Ssid but some are getting stuck with 0.0.0.0 and eap-tls.

Can some one help

This is central wlc. 2. Central radius server.

But still some are connecting but some r not why ?

Labels:
0 Helpful
12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

‎03-09-2019 06:34 AM

Can you give more information about wireless setup, what is the version of WAP code running and WLC running.

and models of WLC and WAP.

 

Do you see the Applve IOs version difference  on the device connecting vs not connecting ?

show us some logs why it failing, you can capture the information on the WAP or WLC.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Haydn Andrews
VIP
VIP

‎03-09-2019 05:25 PM

Are the iphones all using the same IOS? There were a number of bugs in recent IOS upgrades relating to wireless.

 

Is the phone going into a RUN state? and not getting an IP address?

Any information on the RADIUS server as to why authentication failed?

Is it always the same clients failing?

Do you have multiple RADIUS servers defined on the WLAN? Have you tried testing against each one and making sure not a single radius server with an issue.

 

For one of the failed clients from WLC

 

Debug client <MAC>

For it to re-auth and post the output.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

jain.manish94
Spotlight
Spotlight
In response to Haydn Andrews

‎03-10-2019 01:24 AM

I tried and got logs all are in 802.1x with no ip address but another one in same location is connecting.
One more thing some iphone are in eap-tls and some are in peap. But I checked there in only one profile in i-tune for iPhone.
0 Helpful

jain.manish94
Spotlight
Spotlight
In response to Haydn Andrews

‎03-11-2019 10:08 AM

Please check this debug file and please help me what is the issue why iphone is not connecting with Corp-Mobile-Wlan. 

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.03.11 16:46:52 =~=~=~=~=~=~=~=~=~=~=~=

(Cisco Controller) >debug client ma   ?

<MAC addr1> Enter MAC address

(Cisco Controller) >debug client bc:54:36:54:17:68

(Cisco Controller) >*apfMsConnTask_4: Mar 11 06:44:38.372: bc:54:36:54:17:68 Processing assoc-req station:bc:54:36:54:17:68 AP:a8:9d:21:5c:b4:d0-01 ssid : CORP-MOBILE-WLAN thread:18d08920
*spamApTask0: Mar 11 06:44:38.520: bc:54:36:54:17:68 Sent dot1x auth initiate message for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.520: bc:54:36:54:17:68 reauth_sm state transition 0 ---> 1 for mobile bc:54:36:54:17:68 at 1x_reauth_sm.c:47
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.520: bc:54:36:54:17:68 EAP-PARAM Debug - eap-params for Wlan-Id :5 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.520: bc:54:36:54:17:68 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.520: bc:54:36:54:17:68 Station bc:54:36:54:17:68 setting dot1x reauth timeout = 36000
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.520: bc:54:36:54:17:68 dot1x - moving mobile bc:54:36:54:17:68 into Connecting state
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.520: bc:54:36:54:17:68 Sending EAP-Request/Identity to mobile bc:54:36:54:17:68 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.680: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.680: bc:54:36:54:17:68 Received Identity Response (count=1) from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.680: bc:54:36:54:17:68 Resetting reauth count 1 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.680: bc:54:36:54:17:68 EAP State update from Connecting to Authenticating for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.680: bc:54:36:54:17:68 dot1x - moving mobile bc:54:36:54:17:68 into Authenticating state
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.680: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.698: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.698: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.698: bc:54:36:54:17:68 Allocating EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.848: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.848: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.848: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.861: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.861: bc:54:36:54:17:68 Entering Backend Auth Req state (id=3) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.861: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:38.861: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.016: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.016: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.016: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.031: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.031: bc:54:36:54:17:68 Entering Backend Auth Req state (id=4) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.031: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.031: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.198: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.198: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.198: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.210: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.210: bc:54:36:54:17:68 Entering Backend Auth Req state (id=5) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.210: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 5)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.210: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.443: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.444: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.444: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.455: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.455: bc:54:36:54:17:68 Entering Backend Auth Req state (id=6) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.455: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.455: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.626: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.626: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.626: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.639: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.639: bc:54:36:54:17:68 Entering Backend Auth Req state (id=7) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.639: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 7)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.824: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.824: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.824: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.838: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.838: bc:54:36:54:17:68 Entering Backend Auth Req state (id=8) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.838: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 8)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.838: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.987: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.987: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 8, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.987: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.987: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.999: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.999: bc:54:36:54:17:68 Entering Backend Auth Req state (id=9) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.999: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 9)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:39.999: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.244: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.244: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.244: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.257: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.257: bc:54:36:54:17:68 Entering Backend Auth Req state (id=10) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.257: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 10)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.257: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.406: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.406: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 10, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.406: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.406: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.419: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.419: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 11)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:40.419: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Processing assoc-req station:bc:54:36:54:17:68 AP:a8:9d:21:5c:b4:d0-01 ssid : CORP-MOBILE-WLAN thread:18d08920
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Station: BC:54:36:54:17:68 11v BSS Transition not enabled on the AP A8:9D:21:5C:B4:D0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Association received from mobile on BSSID a8:9d:21:5c:b4:db AP bsacnwwa89ff-VS
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Station: BC:54:36:54:17:68 11v BSS Transition not enabled on the AP A8:9D:21:5C:B4:D0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Max Client Trap Threshold: 0 cur: 20

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 2409

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Re-applying interface policy for client

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2711)
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2732)
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 In processSsidIE:6332 setting Central switched to TRUE
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 In processSsidIE:6335 apVapId = 5 and Split Acl Id = 65535
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Applying site-specific Local Bridging override for station bc:54:36:54:17:68 - vapId 5, site 'SAC2', interface 'management'
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Applying Local Bridging Interface Policy for station bc:54:36:54:17:68 - vlan 2409, interface id 0, interface 'management'
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 override from ap group, removing intf group from mscb
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Applying site-specific override for station bc:54:36:54:17:68 - vapId 5, site 'SAC2', interface 'management'
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 2409

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Re-applying interface policy for client

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2711)
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2732)
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Mar 11 06:44:44.673: [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Mar 11 06:44:44.673: [0016] ac 01 0c 00

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Processing RSN IE type 48, length 20 for mobile bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 RSN Capabilities: 12
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Marking Mobile as non-11w Capable
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Received RSN IE with 0 PMKIDs from mobile bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 AID 10 in Assoc Req from flex AP a8:9d:21:5c:b4:d0 is same as in mscb bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 apfVapSecurity=0x6040 L2=16384 SkipWeb=0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 AuthenticationRequired = 1
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Encryption policy is set to 0x80000001
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Vlan while overriding the policy = -1
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 sending to spamAddMobile vlanId -1 flex aclName = , flexAclId 65535

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP a8:9d:21:5c:b4:d0 vapId 5 apVapId 5 flex-acl-name:
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 apfPemAddUser2 (apf_policy.c:362) Changing state for mobile bc:54:36:54:17:68 on AP a8:9d:21:5c:b4:d0 from Associated to Associated

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 apfPemAddUser2:session timeout forstation bc:54:36:54:17:68 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Sending assoc-resp with status 0 station:bc:54:36:54:17:68 AP:a8:9d:21:5c:b4:d0-01 on apVapId 5
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 VHT Operation IE: width 20/0 ch 52 freq0 0 freq1 0 msc0 0x3f msc1 0x3f
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 Sending Assoc Response to station on BSSID a8:9d:21:5c:b4:db (status 0) ApVapId 5 Slot 1
*apfMsConnTask_4: Mar 11 06:44:44.673: bc:54:36:54:17:68 apfProcessAssocReq (apf_80211.c:10552) Changing state for mobile bc:54:36:54:17:68 on AP a8:9d:21:5c:b4:d0 from Associated to Associated

*spamApTask0: Mar 11 06:44:44.820: bc:54:36:54:17:68 Sent dot1x auth initiate message for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:44.820: bc:54:36:54:17:68 reauth_sm state transition 1 ---> 0 for mobile bc:54:36:54:17:68 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_0: Mar 11 06:44:44.820: bc:54:36:54:17:68 EAP-PARAM Debug - eap-params for Wlan-Id :5 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Mar 11 06:44:44.820: bc:54:36:54:17:68 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_0: Mar 11 06:44:44.820: bc:54:36:54:17:68 dot1x - moving mobile bc:54:36:54:17:68 into Connecting state
*Dot1x_NW_MsgTask_0: Mar 11 06:44:44.820: bc:54:36:54:17:68 Sending EAP-Request/Identity to mobile bc:54:36:54:17:68 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.006: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.006: bc:54:36:54:17:68 Received Identity Response (count=1) from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.006: bc:54:36:54:17:68 Resetting reauth count 1 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.006: bc:54:36:54:17:68 EAP State update from Connecting to Authenticating for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.006: bc:54:36:54:17:68 dot1x - moving mobile bc:54:36:54:17:68 into Authenticating state
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.006: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.023: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.023: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.023: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.176: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.176: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.176: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.189: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.189: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.189: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.344: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.344: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.344: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.359: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.359: bc:54:36:54:17:68 Entering Backend Auth Req state (id=4) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.359: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.359: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.520: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.520: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.520: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.532: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.532: bc:54:36:54:17:68 Entering Backend Auth Req state (id=5) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.532: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 5)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.532: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.735: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.735: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.735: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.747: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.747: bc:54:36:54:17:68 Entering Backend Auth Req state (id=6) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.747: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 6)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.747: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.937: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.937: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.937: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.950: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.950: bc:54:36:54:17:68 Entering Backend Auth Req state (id=7) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.950: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 7)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:45.950: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.181: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.181: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.181: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.193: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.193: bc:54:36:54:17:68 Entering Backend Auth Req state (id=8) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.193: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 8)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.193: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.344: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.344: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.344: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.356: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.356: bc:54:36:54:17:68 Entering Backend Auth Req state (id=9) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.356: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 9)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.356: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.585: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.585: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.585: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.598: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.598: bc:54:36:54:17:68 Entering Backend Auth Req state (id=10) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.598: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 10)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.598: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.749: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.749: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 10, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.749: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.749: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.762: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.762: bc:54:36:54:17:68 Entering Backend Auth Req state (id=11) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:46.762: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 11)
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Processing assoc-req station:bc:54:36:54:17:68 AP:a8:9d:21:5c:b4:d0-01 ssid : CORP-MOBILE-WLAN thread:18d08920
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Station: BC:54:36:54:17:68 11v BSS Transition not enabled on the AP A8:9D:21:5C:B4:D0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Association received from mobile on BSSID a8:9d:21:5c:b4:db AP bsacnwwa89ff-VS
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Station: BC:54:36:54:17:68 11v BSS Transition not enabled on the AP A8:9D:21:5C:B4:D0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Global 200 Clients are allowed to AP radio

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Max Client Trap Threshold: 0 cur: 21

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 override for default ap group, marking intgrp NULL
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 2409

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Re-applying interface policy for client

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2711)
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2732)
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 In processSsidIE:6332 setting Central switched to TRUE
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 In processSsidIE:6335 apVapId = 5 and Split Acl Id = 65535
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Applying site-specific Local Bridging override for station bc:54:36:54:17:68 - vapId 5, site 'SAC2', interface 'management'
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Applying Local Bridging Interface Policy for station bc:54:36:54:17:68 - vlan 2409, interface id 0, interface 'management'
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 override from ap group, removing intf group from mscb
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Applying site-specific override for station bc:54:36:54:17:68 - vapId 5, site 'SAC2', interface 'management'
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 2409

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Re-applying interface policy for client

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2711)
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2732)
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 STA - rates (8): 140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_4: Mar 11 06:44:51.042: RSNIE in Assoc. Req.: (20)

*apfMsConnTask_4: Mar 11 06:44:51.042: [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_4: Mar 11 06:44:51.042: [0016] ac 01 0c 00

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Processing RSN IE type 48, length 20 for mobile bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 RSN Capabilities: 12
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Marking Mobile as non-11w Capable
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Received RSN IE with 0 PMKIDs from mobile bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Setting active key cache index 8 ---> 8
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 unsetting PmkIdValidatedByAp
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 AID 10 in Assoc Req from flex AP a8:9d:21:5c:b4:d0 is same as in mscb bc:54:36:54:17:68
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 apfVapSecurity=0x6040 L2=16384 SkipWeb=0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 AuthenticationRequired = 1
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Encryption policy is set to 0x80000001
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Vlan while overriding the policy = -1
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 sending to spamAddMobile vlanId -1 flex aclName = , flexAclId 65535

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP a8:9d:21:5c:b4:d0 vapId 5 apVapId 5 flex-acl-name:
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 apfPemAddUser2 (apf_policy.c:362) Changing state for mobile bc:54:36:54:17:68 on AP a8:9d:21:5c:b4:d0 from Associated to Associated

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 apfPemAddUser2:session timeout forstation bc:54:36:54:17:68 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Sending assoc-resp with status 0 station:bc:54:36:54:17:68 AP:a8:9d:21:5c:b4:d0-01 on apVapId 5
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 VHT Operation IE: width 20/0 ch 52 freq0 0 freq1 0 msc0 0x3f msc1 0x3f
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 Sending Assoc Response to station on BSSID a8:9d:21:5c:b4:db (status 0) ApVapId 5 Slot 1
*apfMsConnTask_4: Mar 11 06:44:51.042: bc:54:36:54:17:68 apfProcessAssocReq (apf_80211.c:10552) Changing state for mobile bc:54:36:54:17:68 on AP a8:9d:21:5c:b4:d0 from Associated to Associated

*spamApTask0: Mar 11 06:44:51.189: bc:54:36:54:17:68 Sent dot1x auth initiate message for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.189: bc:54:36:54:17:68 reauth_sm state transition 0 ---> 0 for mobile bc:54:36:54:17:68 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.189: bc:54:36:54:17:68 EAP-PARAM Debug - eap-params for Wlan-Id :5 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.189: bc:54:36:54:17:68 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.189: bc:54:36:54:17:68 dot1x - moving mobile bc:54:36:54:17:68 into Connecting state
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.189: bc:54:36:54:17:68 Sending EAP-Request/Identity to mobile bc:54:36:54:17:68 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.347: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.347: bc:54:36:54:17:68 Received Identity Response (count=1) from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.347: bc:54:36:54:17:68 Resetting reauth count 1 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.347: bc:54:36:54:17:68 EAP State update from Connecting to Authenticating for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.347: bc:54:36:54:17:68 dot1x - moving mobile bc:54:36:54:17:68 into Authenticating state
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.347: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.364: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.364: bc:54:36:54:17:68 Entering Backend Auth Req state (id=2) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.364: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.364: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.515: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.515: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.515: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.528: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.528: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 3)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.528: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.687: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.687: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.687: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.701: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.701: bc:54:36:54:17:68 Entering Backend Auth Req state (id=4) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.701: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 4)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.701: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.942: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.942: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.942: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.955: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.955: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 5)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:51.955: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.153: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.153: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 5, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.153: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.153: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.166: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.166: bc:54:36:54:17:68 Entering Backend Auth Req state (id=6) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.166: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.361: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.361: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.361: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.374: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.374: bc:54:36:54:17:68 Entering Backend Auth Req state (id=7) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.374: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 7)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.568: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.568: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 7, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.568: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.568: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.580: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.580: bc:54:36:54:17:68 Entering Backend Auth Req state (id=8) for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.580: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 8)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.580: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.731: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.731: bc:54:36:54:17:68 Received EAP Response from mobile bc:54:36:54:17:68 (EAP Id 8, EAP Type 25)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.731: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.743: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.743: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 9)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.987: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.987: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:52.987: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.000: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.000: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 10)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.000: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.152: bc:54:36:54:17:68 Received EAPOL EAPPKT from mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.152: bc:54:36:54:17:68 Resetting reauth count 0 to 0 for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.152: bc:54:36:54:17:68 Entering Backend Auth Response state for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.165: bc:54:36:54:17:68 Processing Access-Challenge for mobile bc:54:36:54:17:68
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.165: bc:54:36:54:17:68 Sending EAP Request from AAA to mobile bc:54:36:54:17:68 (EAP Id 11)
*Dot1x_NW_MsgTask_0: Mar 11 06:44:53.165: bc:54:36:54:17:68 Reusing allocated memory for EAP Pkt for retransmission to mobile bc:54:36:54:17:68

(Cisco Controller) >logout

0 Helpful

ajc
Level 7
Level 7

‎03-13-2019 01:31 PM

802.1x requires authentication first before requesting an IP, that's why you see 0.0.0.0. What kind of AAA Server do you have?. I suspect you have a certificate installed issue but please post the result of:

 

debug aaa all enable 

 

I do not see the following (expected) in your debug:

 

Wed Oct 31 10:46:15 2007: 00:1b:77:42:07:69 0.0.0.0 8021X_REQD (3) Change
    state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)

 

0 Helpful

jain.manish94
Spotlight
Spotlight
In response to ajc

‎03-14-2019 09:21 AM

plz check attach file. please check at the last output as well. because i enable this command first and after 5 min user tried. 

 

 

 

 

 

 

 

 

Preview file
915 KB
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to jain.manish94

‎03-18-2019 05:50 AM

First of all, please fix these two Radius servers:
*radiusTransportThread: Mar 14 05:16:34.979: setRadiusServerFallbackState: RADIUS accounting server is not ready 10.209.200.43 port 1813
*radiusTransportThread: Mar 14 05:16:34.979: setRadiusServerFallbackState: RADIUS accounting server is not ready 10.209.200.43 port 1812
*radiusTransportThread: Mar 14 05:16:40.163: setRadiusServerFallbackState: RADIUS accounting server is not ready 10.209.42.15 port 1812
*radiusTransportThread: Mar 14 05:16:40.163: setRadiusServerFallbackState: RADIUS accounting server is not ready 10.209.42.15 port 1813

Second, it looks like the client doesn't end the required credentials. In other words, it looks like the client doesn't trust the certificate of the Radius:
*radiusTransportThread: Mar 14 05:16:53.724: ****Enter radiusMessagesRxProcess: Received Radius response (code=11)
I'm not 100% sure that is the main reason, but I would check that first.
0 Helpful

jain.manish94
Spotlight
Spotlight
In response to patoberli

‎03-19-2019 03:40 AM

thanks for reply , first let me tell you one thing. 

 

10.209.42.15 and 10.209.42.16 there are two entry under the WLAN in Security tab. 

 

Second : how you are saying that client does not trust the certificate . please let me know so that i can share that logs to my radius team. 

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to jain.manish94

‎03-20-2019 03:25 AM

I would still first fix the radius server configuration of those two servers, as they are configured on the WLC and not working. That would get rid of some of the logfiles.

The certificate question, I don't have an iPhone, so I can't test that exactly. I only know, if you connect manually (without having a profile installed) with the iPhone to the SSID, you should get a certificate prompt, where a VALID certificate must be shown and accepted. If that doesn't happen, then the certificate is not valid and ignored by the iPhone and you are unable to connect.
0 Helpful

jain.manish94
Spotlight
Spotlight
In response to patoberli

‎03-25-2019 10:45 AM

But other iPhone users are connecting with same network. I am not understanding what to do. Plz help
0 Helpful

jain.manish94
Spotlight
Spotlight
In response to patoberli

‎03-25-2019 10:47 AM

Other connected iPhone are also using same radius server that is why I am facing issue. What should I check plz help

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to jain.manish94

‎03-26-2019 12:55 AM

Please check the logfiles on the radius, they should log every connection attempt. You can try to filter with the mac-address of one of the not working phones and check there.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card