Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2603
Views
4
Helpful
19
Replies

SSID stop broadcasting when NAC State is enabled in WLAN & Flexconnect

Tibor M
Level 1
Level 1

‎08-12-2024 12:36 PM - edited ‎08-12-2024 01:04 PM

Hi,

we have new deployment of C9800-CL on version 17.14.1. We are trying to implement Cisco ISE with C9800-CL and make rule which redirect all mobile phones using random MAC to hotspot portal of ISE based on this guide https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216021-using-hotspot-portal-to-instruct-users-o.html

Even it's not written there, we know we must have AAA Override and NAC State enabled on WLAN policy. Problem is that, immediately when I enable NAC State, SSID stop broadcasting and never returns to working state. But immediately I uncheck/disable NAC State option, SSID works fine. There is know bug that NAC State must be enabled from CLI, which we do.

We are using full Flexconnect mode for APs because we are deploying that config remotely and we want that all is working even controller is down. Full flexconnect I mean disabled Central Switching (because controller is remote), Central Authentication (because we want that authentication is from AP itself even in disconnected mode), Central DHCP (because DHCP relay is configured on VLAN interface on switch), Flex NAT/PAT (I do not know the purpose, but it's disabled )

And I do not know if it is related to this NAC State (but from other forums it looks like yes), Hotspot portal is not launched at all on iPhone even authorization rule is matched for random MAC.

Any thoughts? I have raised Cisco support ticket, but still no answer from them.

Thanks

Labels:
19 Replies 19

Haydn Andrews
VIP
VIP

‎08-12-2024 03:30 PM

What authentication are you using for the non MAC randomised devices? 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

Tibor M
Level 1
Level 1
In response to Haydn Andrews

‎08-13-2024 12:07 AM

@Haydn Andrews SSID is configured as L2 802.1x only. No L3, just AAA server group configured. It's not MAB authentication, it should be only 802.1x but MAC address should be checked on ISA for random address and if calling-station-id is random mac put there authorization rule which redirect that client to Hotspot portal as said in link I have written in original post.

0 Helpful

marce1000
Hall of Fame
Hall of Fame

‎08-12-2024 11:24 PM - edited ‎08-12-2024 11:26 PM

 

   >... Problem is that, immediately when I enable NAC State, SSID stop broadcasting and never returns to working state. 
  - When that happens check the logs on the controller's logs with the CLI command show logging

     + Have a checkup of the 9800-CL configuration with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
                              ( use the full command as mention in green = do not use a simple show tech as input for this procedure)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Tibor M
Level 1
Level 1
In response to marce1000

‎08-13-2024 12:05 AM

@marce1000 honestly, review logs on 9800-CL is still nightmare for us, as we have migrated from 2504 and its totally different here. but I'll try.

regarding wireless config analyzer - didn't show me anything as error, just few warnings, but not related to this SSID

marce1000
Hall of Fame
Hall of Fame
In response to Tibor M

‎08-13-2024 12:07 AM

 

    - Ok , but CLI command show logging is a simple command, 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Tibor M
Level 1
Level 1
In response to marce1000

‎08-13-2024 12:13 AM - edited ‎08-13-2024 12:16 AM

@marce1000 I have just tried... 

 

controller-01(config)# wireless profile policy test-ise
controller-01(config)# shut
controller-01(config)# nac
controller-01(config)# no shut

 

show logging does not show anything... SSID just stop broadcasting. When I do following it starts broadcasting again

 

controller-01(config)# wireless profile policy test-ise
controller-01(config)# shut
controller-01(config)# no nac
controller-01(config)# no shut

and our config is

wireless profile policy test-ise
 aaa-override
 accounting-interim
 accounting-list AAA-accounting-ident-ise
 no central authentication
 no central dhcp
 no central switching
 dhcp-tlv-caching
 exclusionlist timeout 1
 http-tlv-caching
 idle-timeout 7200
 ipv4 flow monitor wireless-avc-basic input
 ipv4 flow monitor wireless-avc-basic output
 ipv6 flow monitor wireless-avc-basic-ipv6 input
 ipv6 flow monitor wireless-avc-basic-ipv6 output
 nac
 radius-profiling
 session-timeout 57600
 vlan 524
 no shutdown
wlan test-ise 3 test-ise
 radio policy dot11 24ghz
 radio policy dot11 5ghz
 no security ft adaptive
 security dot1x authentication-list AAA-Authentication-ISE
 no shutdown

 

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to Tibor M

‎08-13-2024 12:22 AM

 

 - An option could be to compare the issue against the gold starred advisory release 17.12.3 ;
   the benefit of a vm/cloud controller is that it can easily be deployed besides another vm-based controller.
   Though I presume that testing then is elaborate and 'not quick'

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MHM Cisco World
VIP
VIP
In response to Tibor M

‎08-13-2024 01:46 AM

You use flex AP diable central auth and as I know nac state and nac type only done if ypu use central auth' the can wlc check nac state but ap can not.

MHM

Tibor M
Level 1
Level 1
In response to MHM Cisco World

‎08-13-2024 03:42 AM

@MHM Cisco World and do you have any link to docs? each time I search for NAC State, there is nothing in configuration guide for 17.14.1. It's even hard to find the meaning of that setting. Central Authentication is problem in case controller drops or site-to-site vpn drops, when remote APs in branch office will not be able to reach controller.

Rich R
VIP
VIP
In response to Tibor M

‎08-26-2024 06:37 PM

@Tibor M 
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/feature-matrix/ap-feature-matrix.html#_Toc118737963

FlexConnect Feature Matrix (IOS XE)

Table 6 FlexConnect Feature Matrix for Cisco Catalyst Controllers and Embedded Wireless Controllers

Features

C9105/C9115/
C9117

C9120/C9124/
C9130

C9136

CW9162/CW9164/
CW9166

CW9163

BYOD, NAC RADIUS, CWA Flex Central Auth.

Yes(Central Auth)
No(local Auth)

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

BYOD, NAC RADIUS, CWA Local Auth

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

Yes(Central Auth)
 No(local Auth)

Same applies for Wave 2 APs further down the document. So NAC is not supported for your setup which is why the SSID goes inactive when you configure it.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

marce1000
Hall of Fame
Hall of Fame

‎08-13-2024 03:14 AM

 

  - Another thing I was thinking of is the ISE version being used ,although I can not see an immediate correlation
    For IOS-XE 17.14.1 , it's best to not have an older ISE version in place and or greater then 3.0 or above,

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Tibor M
Level 1
Level 1
In response to marce1000

‎08-13-2024 03:34 AM

@marce1000 we have ISE 3.4 now

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to Tibor M

‎08-13-2024 03:43 AM - edited ‎08-13-2024 03:47 AM

 

(sorry making some changes)

  - That's good!  Next onehttps://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213949-wireless-debugging-and-log-collection-on.html#toc-hId--476703037

          Use the commands as mentioned (for wireless profile logging)  , then enable your NAC state , after the SSID get's disabled check the content of the log files (on the bootflash: for instance) , as you named them.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Tibor M
Level 1
Level 1
In response to marce1000

‎08-13-2024 06:21 AM

so I used wireless profile for logging and I just get following, nothing special why SSID stop broadcasting.

2024/08/13 15:15:48.148783465 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Begin local cert chain retrieval.
2024/08/13 15:15:48.149071437 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Done with local cert chain fetch 0.
2024/08/13 15:15:48.220206441 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty1:user=copyrightbanneruser cmd: 'show banner login' SUCCESS 2024/08/13 15:15:48.216 CET
2024/08/13 15:15:48.564198589 {iosrp_R0-0}{1}: [iosrp] [23434]: (note):  Aug 13 13:15:48.564: %WEBSERVER-5-SESS_TIMEOUT: Chassis 1 Session timeout from host 10.11.12.13 by user 'admin' using crypto cipher 'TLS_AES_256_GCM_SHA384'
2024/08/13 15:15:49.859996997 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Begin local cert chain retrieval.
2024/08/13 15:15:49.860357284 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Done with local cert chain fetch 0.
2024/08/13 15:15:49.897354259 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Begin local cert chain retrieval.
2024/08/13 15:15:49.897652136 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Done with local cert chain fetch 0.
2024/08/13 15:15:49.937042223 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty1:user=copyrightbanneruser cmd: 'show banner login' SUCCESS 2024/08/13 15:15:49.936 CET
2024/08/13 15:15:49.958509755 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Begin local cert chain retrieval.
2024/08/13 15:15:49.958872360 {iosrp_R0-0}{1}: [pki] [23434]: (note): CRYPTO_PKI: Done with local cert chain fetch 0.
2024/08/13 15:15:49.963354948 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty1:user=copyrightbanneruser cmd: 'show banner login' SUCCESS 2024/08/13 15:15:49.963 CET
2024/08/13 15:15:57.099583217 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'conf t' SUCCESS 2024/08/13 15:15:57.097 CET
2024/08/13 15:16:02.397388756 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'wireless profile policy ssid-ise' SUCCESS 2024/08/13 15:16:02.391 CET
2024/08/13 15:16:07.170911164 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: UP, ref-count: 0, state: No notifications
2024/08/13 15:16:07.170912543 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:07.171306984 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Started processing Policy profile modify; profile: ssid-ise
2024/08/13 15:16:07.171318238 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): PROPAGATE: policy tag name company-policy-prague-ise used by policy profile ssid-ise
2024/08/13 15:16:07.171412273 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Map found for wlan ssid-ise,policy ssid-ise in  tag company-policy-prague-ise
2024/08/13 15:16:07.171499441 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): 70db.987e.7740 &&& propogating data to this AP &&&  wlan ssid-ise,policy ssid-ise and  tag company-policy-prague-ise
2024/08/13 15:16:07.171590447 {wncd_x_R0-0}{1}: [apmgr-capwap-config] [14288]: (note): MAC: 70db.987e.7740  Defer config update : Event already scheduled. Tag revalidate : 0
2024/08/13 15:16:07.171720205 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (ERR): Failed to get first WLAN-VRF record
2024/08/13 15:16:07.172127809 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile config modify notified, profile: ssid-ise, status: UP, ref-count: 0, state: No notifications
2024/08/13 15:16:07.172131678 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:07.172491615 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile config modify notified, profile: ssid-ise, status: UP, ref-count: 0, state: No notifications
2024/08/13 15:16:07.172529047 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:07.173261785 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:0 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Disable radio restart:Yes
2024/08/13 15:16:07.173294040 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Do not resend OWE transition mode: wlan profile unavailable
2024/08/13 15:16:07.173295229 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:1 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Disable radio restart:Yes
2024/08/13 15:16:07.173297248 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Do not resend OWE transition mode: wlan profile unavailable
2024/08/13 15:16:07.174175326 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'shut' SUCCESS 2024/08/13 15:16:07.166 CET
2024/08/13 15:16:10.529215995 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:10.529217574 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:10.529641181 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:10.529642470 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:10.529782203 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:10.529783412 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:10.530564697 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'no nac' SUCCESS 2024/08/13 15:16:10.525 CET
2024/08/13 15:16:13.014388771 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:13.014389810 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: enabled
2024/08/13 15:16:13.014541217 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (ERR): Failed to retrieve VLAN Config from policy profile
2024/08/13 15:16:13.014593712 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Started processing Policy profile modify; profile: ssid-ise
2024/08/13 15:16:13.014597011 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): PROPAGATE: policy tag name company-policy-prague-ise used by policy profile ssid-ise
2024/08/13 15:16:13.014611004 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Map found for wlan ssid-ise,policy ssid-ise in  tag company-policy-prague-ise
2024/08/13 15:16:13.014633263 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): 70db.987e.7740 &&& propogating data to this AP &&&  wlan ssid-ise,policy ssid-ise and  tag company-policy-prague-ise
2024/08/13 15:16:13.014703599 {wncd_x_R0-0}{1}: [apmgr-capwap-config] [14288]: (note): MAC: 70db.987e.7740  Defer config update : Event already scheduled. Tag revalidate : 0
2024/08/13 15:16:13.015014650 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:13.015015650 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile external config admin status: enabled
2024/08/13 15:16:13.015153903 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:13.015155133 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile external config admin status: enabled
2024/08/13 15:16:13.015690416 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:0 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Enable radio restart:Yes
2024/08/13 15:16:13.015746319 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): Anchor table root is NULL for policy
2024/08/13 15:16:13.015929271 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Enable BSSID context: Updating WLAN policy info for slot-id:0, VAP-id: 1
2024/08/13 15:16:13.015958597 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): Invalid bssid or bssid ctxt not yet enabled.Bssid mac : 70db.987e.7740  ,State : 2, Error : Success
2024/08/13 15:16:13.015958847 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): Failed to get radio type from BSSID. Invalid (NULL) bssid handle
2024/08/13 15:16:13.016331818 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:1 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Enable radio restart:Yes
2024/08/13 15:16:13.016343202 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): Anchor table root is NULL for policy
2024/08/13 15:16:13.016399845 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Enable BSSID context: Updating WLAN policy info for slot-id:1, VAP-id: 1
2024/08/13 15:16:13.016406352 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): Invalid bssid or bssid ctxt not yet enabled.Bssid mac : 70db.987e.774f  ,State : 2, Error : Success
2024/08/13 15:16:13.016406522 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): Failed to get radio type from BSSID. Invalid (NULL) bssid handle
2024/08/13 15:16:13.019345930 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'no shut' SUCCESS 2024/08/13 15:16:13.011 CET
2024/08/13 15:16:21.871842253 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: UP, ref-count: 2, state: No notifications
2024/08/13 15:16:21.871845292 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:21.871845442 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Ref-count not zero, delayed update will happen
2024/08/13 15:16:21.871972850 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Started processing Policy profile modify; profile: ssid-ise
2024/08/13 15:16:21.871975769 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): PROPAGATE: policy tag name company-policy-prague-ise used by policy profile ssid-ise
2024/08/13 15:16:21.871994850 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Map found for wlan ssid-ise,policy ssid-ise in  tag company-policy-prague-ise
2024/08/13 15:16:21.872033521 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): 70db.987e.7740 &&& propogating data to this AP &&&  wlan ssid-ise,policy ssid-ise and  tag company-policy-prague-ise
2024/08/13 15:16:21.872091773 {wncd_x_R0-0}{1}: [apmgr-capwap-config] [14288]: (note): MAC: 70db.987e.7740  Defer config update : Event already scheduled. Tag revalidate : 0
2024/08/13 15:16:21.872133483 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Successfully initiated policy ref count cleanup timer for 120-sec
2024/08/13 15:16:21.872405913 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile config modify notified, profile: ssid-ise, status: UP, ref-count: 0, state: No notifications
2024/08/13 15:16:21.872406982 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:21.872560228 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile config modify notified, profile: ssid-ise, status: UP, ref-count: 0, state: No notifications
2024/08/13 15:16:21.872561278 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:21.872781882 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (ERR): Failed to get first WLAN-VRF record
2024/08/13 15:16:21.872976698 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:0 bss:0 curr state:1 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Disable radio restart:Yes
2024/08/13 15:16:21.872977348 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process bssid ctxt update-  Disable bssid context for update. Sending disable notification to CO
2024/08/13 15:16:21.873007444 {wncd_x_R0-0}{1}: [client-orch-sm] [14288]: (note): CO process BSSID event from apmgr . Received BSSID event 1 from AP manager for bssid 70db.987e.7740  wtp mac 70db.987e.7740  vap id 1, slot id 0, per BSSID client count: 0
2024/08/13 15:16:21.873038789 {wncd_x_R0-0}{1}: [client-orch-sm] [14288]: (note): Delete client from bssid. Sending ack notification to apmgr for bssid disable/delete reason: 6, CO_CLIENT_DELETE_REASON_BSSID_DOWN, BSSID: 70db.987e.7740
2024/08/13 15:16:21.873053661 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:1 bss:0 curr state:1 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Disable radio restart:Yes
2024/08/13 15:16:21.873053861 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process bssid ctxt update-  Disable bssid context for update. Sending disable notification to CO
2024/08/13 15:16:21.873055191 {wncd_x_R0-0}{1}: [client-orch-sm] [14288]: (note): CO process BSSID event from apmgr . Received BSSID event 1 from AP manager for bssid 70db.987e.774f  wtp mac 70db.987e.7740  vap id 1, slot id 1, per BSSID client count: 0
2024/08/13 15:16:21.873056290 {wncd_x_R0-0}{1}: [client-orch-sm] [14288]: (note): Delete client from bssid. Sending ack notification to apmgr for bssid disable/delete reason: 6, CO_CLIENT_DELETE_REASON_BSSID_DOWN, BSSID: 70db.987e.774f
2024/08/13 15:16:21.873386322 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Client delete ACK from co for bssid 70db.987e.7740 slot id 0, state: 4
2024/08/13 15:16:21.873522686 {wncd_x_R0-0}{1}: [apmgr-db] [14288]: (ERR): 70db.987e.7740 Failed to add AP radio wlan-id stats record.Reason: Success
2024/08/13 15:16:21.873549883 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Disable bssid : Slot : 0, Bssid :0, IFID : 0, WLAN : ssid-ise
2024/08/13 15:16:21.873564596 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:0 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Disable radio restart:Yes
2024/08/13 15:16:21.874046885 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Client delete ACK from co for bssid 70db.987e.774f slot id 1, state: 4
2024/08/13 15:16:21.874096861 {wncd_x_R0-0}{1}: [apmgr-db] [14288]: (ERR): 70db.987e.7740 Failed to add AP radio wlan-id stats record.Reason: Success
2024/08/13 15:16:21.874098120 {wncd_x_R0-0}{1}: [apmgr-db] [14288]: (ERR): 70db.987e.7740 Failed to add AP radio wlan-id stats record.Reason: Success
2024/08/13 15:16:21.874099040 {wncd_x_R0-0}{1}: [apmgr-db] [14288]: (ERR): 70db.987e.7740 Failed to add AP radio wlan-id stats record.Reason: Success
2024/08/13 15:16:21.874107406 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Disable bssid : Slot : 1, Bssid :0, IFID : 0, WLAN : ssid-ise
2024/08/13 15:16:21.874114682 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Successfully stopped policy ref count data cleanup timer
2024/08/13 15:16:21.874122069 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: Update pending
2024/08/13 15:16:21.874122238 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:21.874145028 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Successfully stopped wlan ref count data cleanup timer
2024/08/13 15:16:21.874145507 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): No notifications pending for WlanId: 3, profile: ssid-ise, SSID: ssid-ise; Triggering record updates if any.
2024/08/13 15:16:21.874146327 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:1 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Disable radio restart:Yes
2024/08/13 15:16:21.875088864 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'shut' SUCCESS 2024/08/13 15:16:21.868 CET
2024/08/13 15:16:24.219285201 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:24.219287090 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:24.219825212 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:24.219827041 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:24.220044627 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:24.220046236 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile external config admin status: disabled
2024/08/13 15:16:24.222692985 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'nac' SUCCESS 2024/08/13 15:16:24.214 CET
2024/08/13 15:16:28.166350923 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:28.166351962 {wncd_x_R0-0}{1}: [wlanmgr-db] [14288]: (note): Policy profile external config admin status: enabled
2024/08/13 15:16:28.166585940 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (ERR): Failed to retrieve VLAN Config from policy profile
2024/08/13 15:16:28.166597604 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Started processing Policy profile modify; profile: ssid-ise
2024/08/13 15:16:28.166603831 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): PROPAGATE: policy tag name company-policy-prague-ise used by policy profile ssid-ise
2024/08/13 15:16:28.166634527 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): Map found for wlan ssid-ise,policy ssid-ise in  tag company-policy-prague-ise
2024/08/13 15:16:28.166689330 {wncd_x_R0-0}{1}: [tag-manager-db] [14288]: (note): 70db.987e.7740 &&& propogating data to this AP &&&  wlan ssid-ise,policy ssid-ise and  tag company-policy-prague-ise
2024/08/13 15:16:28.166780556 {wncd_x_R0-0}{1}: [apmgr-capwap-config] [14288]: (note): MAC: 70db.987e.7740  Defer config update : Event already scheduled. Tag revalidate : 0
2024/08/13 15:16:28.167083621 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:28.167117475 {mobilityd_R0-0}{1}: [wlanmgr-db] [15681]: (note): Policy profile external config admin status: enabled
2024/08/13 15:16:28.167335030 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile config modify notified, profile: ssid-ise, status: Down, ref-count: 0, state: No notifications
2024/08/13 15:16:28.167336040 {wncmgrd_R0-0}{1}: [wlanmgr-db] [14067]: (note): Policy profile external config admin status: enabled
2024/08/13 15:16:28.167893232 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:0 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Enable radio restart:Yes
2024/08/13 15:16:28.167922758 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): 70db.987e.7740 Enable bssid ctxt : Not a valid local auth config slot: 0, WLAN ID: 3
2024/08/13 15:16:28.167930554 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Do not resend OWE transition mode: wlan profile unavailable
2024/08/13 15:16:28.167931404 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Process update on bssid context slot:1 bss:0 curr state:2 radio-admin:Enable radio-confg:Enable map:Enable wlan:Enable policy:Enable radio restart:Yes
2024/08/13 15:16:28.167935152 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (ERR): 70db.987e.7740 Enable bssid ctxt : Not a valid local auth config slot: 1, WLAN ID: 3
2024/08/13 15:16:28.167937101 {wncd_x_R0-0}{1}: [apmgr-bssid] [14288]: (note): MAC: 70db.987e.7740  Do not resend OWE transition mode: wlan profile unavailable
2024/08/13 15:16:28.168517352 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'no shut' SUCCESS 2024/08/13 15:16:28.163 CET
2024/08/13 15:16:29.659424027 {iosrp_R0-0}{1}: [iosrp] [23434]: (note):  Aug 13 13:16:29.659: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.11.12.13)
2024/08/13 15:16:29.659612036 {iosrp_R0-0}{1}: [parser_cmd] [23434]: (note): id= 10.11.12.13@vty0:user=admin cmd: 'end' SUCCESS 2024/08/13 15:16:29.658 CET

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card