Wireless authentication has stopped working

martin.fox · ‎08-09-2011

Can anyone throw any light on this trace - users are unable to get onto wireless - possibly authentication failing but for all users, seemed to happen after patches were put on our radius server at 4am this morning, however they were removed but things are still not working:

(Cisco Controller) >debug client 00:21:00:43:76:ad

(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >debug
(Cisco Controller) debug>dhcp m*spamReceiveTask: Aug 09 16:07:46.679: CCKM: Send CCKM cache entry
*osapiBsnTimer: Aug 09 16:07:47.585: 00:21:00:43:76:ad 802.1x 'txWhen' Timer expired for station 00:21:00:43:76:ad
*dot1xMsgTask: Aug 09 16:07:47.587: 00:21:00:43:76:ad Reached Max EAP-Identity Request retries (3) for STA 00:21:00:43:76:ad
*dot1xMsgTask: Aug 09 16:07:47.587: 00:21:00:43:76:ad Sent Deauthenticate to mobile on BSSID 9c:4e:20:72:01:20 slot 0(caller 1x_auth_pae.c:2943)
*dot1xMsgTask: Aug 09 16:07:47.588: 00:21:00:43:76:ad Scheduling deletion of Mobile Station: (callerId: 6) in 10 seconds
*dot1xMsgTask: Aug 09 16:07:47.588: 00:21:00:43:76:ad dot1x - moving mobile 00:21:00:43:76:ad into Disconnected state
essage

disable        Disables debug.
enable         Enables debug.

(Cisco Controller) debug>dhcp message enable

(Cisco Controller) debug>
(Cisco Controller) debug>
(Cisco Controller) debug>*dot1xMsgTask: Aug 09 16:07:47.588: 00:21:00:43:76:ad Not sending EAP-Failure for STA 00:21:00:43:76:ad
*apfMsConnTask_0: Aug 09 16:07:50.049: 00:21:00:43:76:ad Reassociation received from mobile on AP 9c:4e:20:72:01:20
*apfMsConnTask_0: Aug 09 16:07:50.049: 00:21:00:43:76:ad 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: Aug 09 16:07:50.049: 00:21:00:43:76:ad Applying site-specific IPv6 override for station 00:21:00:43:76:ad - vapId 8, site 'default-group', interface 'staff'
*apfMsConnTask_0: Aug 09 16:07:50.049: 00:21:00:43:76:ad 0.0.0.0 8021X_REQD (3) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)
*apfMsConnTask_0: Aug 09 16:07:50.049: 00:21:00:43:76:ad Applying IPv6 Interface Policy for station 00:21:00:43:76:ad - vlan 156, interface id 11, interface 'staff'
*apfMsConnTask_0: Aug 09 16:07:50.049: 00:21:00:43:76:ad STA - rates (6): 152 36 176 72 96 108 96 108 12 0 0 0 0 0 0 0
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad Processing RSN IE type 48, length 20 for mobile 00:21:00:43:76:ad
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad Received RSN IE with 0 PMKIDs from mobile 00:21:00:43:76:ad
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad 0.0.0.0 8021X_REQD (3) Deleted mobile LWAPP rule on AP [9c:4e:20:72:01:20]
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad Updated location for station old AP 9c:4e:20:72:01:20-0, new AP 9c:4e:20:72:01:20-1
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad 0.0.0.0 8021X_REQD (3) Initializing policy
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad 0.0.0.0 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)

*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state 8021X_REQD (3)

*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 9c:4e:20:72:01:20 vapId 8 apVapId 8
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 00:21:00:43:76:ad on AP 9c:4e:20:72:01:20 from Associated to Associated

*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad Sending Assoc Response to station on BSSID 9c:4e:20:72:01:20 (status 0) ApVapId 8 Slot 1
*apfMsConnTask_0: Aug 09 16:07:50.050: 00:21:00:43:76:ad apfProcessAssocReq (apf_80211.c:4672) Changing state for mobile 00:21:00:43:76:ad on AP 9c:4e:20:72:01:20 from Associated to Associated

*dot1xMsgTask: Aug 09 16:07:50.055: 00:21:00:43:76:ad Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Aug 09 16:07:50.055: 00:21:00:43:76:ad Station 00:21:00:43:76:ad setting dot1x reauth timeout = 1800
*dot1xMsgTask: Aug 09 16:07:50.055: 00:21:00:43:76:ad dot1x - moving mobile 00:21:00:43:76:ad into Connecting state
*dot1xMsgTask: Aug 09 16:07:50.055: 00:21:00:43:76:ad Sending EAP-Request/Identity to mobile 00:21:00:43:76:ad (EAP Id 1)
*Dot1x_NW_MsgTask_0: Aug 09 16:07:50.062: 00:21:00:43:76:ad Received EAPOL START from mobile 00:21:00:43:76:ad
*Dot1x_NW_MsgTask_0: Aug 09 16:07:50.062: 00:21:00:43:76:ad dot1x - moving mobile 00:21:00:43:76:ad into Connecting state
*Dot1x_NW_MsgTask_0: Aug 09 16:07:50.062: 00:21:00:43:76:ad Sending EAP-Request/Identity to mobile 00:21:00:43:76:ad (EAP Id 2)

(Cisco Controller) debug>
(Cisco Controller) debug>
(Cisco Controller) debug>dot1?
dot1x          dot11
(Cisco Controller) debug>dot1?
dot1x          dot11
(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x *apfLbsTask: Aug 09 16:07:57.985: 00:21:00:43:76:ad Copy AP LOCP - mode:0 slotId:1, apMac 0x9c:4e:20:72:1:20
*apfLbsTask: Aug 09 16:07:57.985: 00:21:00:43:76:ad Copy WLAN LOCP EssIndex:8 aid:1 ssid:   Maple
*apfLbsTask: Aug 09 16:07:57.986: 00:21:00:43:76:ad Copy Security LOCP ecypher:0x0 ptype:0x2, p:0x1, eaptype:0x6 w:0x1 aalg:0x0, PMState: 8021X_REQD
*apfLbsTask: Aug 09 16:07:57.986: 00:21:00:43:76:ad Copy 802.11 LOCP a:0x0 b:0x0 c:0x0 d:0x0 e:0x0 protocol2:0x1 statuscode 0, reasoncode 1, status 3
*apfLbsTask: Aug 09 16:07:57.986: 00:21:00:43:76:ad Copy CCX LOCP 4
*apfLbsTask: Aug 09 16:07:57.986: 00:21:00:43:76:ad Copy MobilityData LOCP status:0, anchorip:0x0

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x

aaa            Configures debug of 802.1X AAA interactions.
all            Configures debug of all 802.1X messages.
events         Configures debug of 802.1X events.
packet         Configures debug of 802.1X packets.
states         Configures debug of 802.1x state transitions.

(Cisco Controller) debug>dot1x states

disable        Disables debug.
enable         Enables debug.

(Cisco Controller) debug>dot1x states

disable        Disables debug.
enable         Enables debug.

(Cisco Controller) debug>dot1x states enable
(Cisco Controller) debug>dot1x states enable

(Cisco Controller) debug>dot1x events

disable        Disables debug.
enable         Enables debug.

(Cisco Controller) debug>dot1x events enable
(Cisco Controller) debug>dot1x events enable

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa *spamReceiveTask: Aug 09 16:08:05.201: CCKM: Send CCKM cache entry
*spamReceiveTask: Aug 09 16:08:14.124: CCKM: Send CCKM cache entry

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa

all            Configures debug of all AAA messages.
detail         Configures debug of AAA detailed events.
events         Configures debug of AAA events.
packet         Configures debug of AAA packets.
ldap           Configures debug of AAA LDAP events.
local-auth     Configures debug of AAA Local Authentication.
tacacs         Configures debug of AAA TACACS+ events.

(Cisco Controller) debug>aaa events

disable        Disables debug.
enable         Enables debug.

(Cisco Controller) debug>aaa events

disable        Disables debug.
enable         Enables debug.

(Cisco Controller) debug>aaa events

Incorrect usage. Use the '?' or <TAB> key to list commands.

(Cisco Controller) debug>

aaa            Configures the AAA debug options.
airewave-director Configures the Airewave Director debug options
ap             Configures debug of Cisco AP.
arp            Configures debug of ARP.
media-stream   Configures debug of ARP.
bcast          Configures debug of broadcast.
cac            Configures the call admission control (CAC) debug options.
cckm           Configures the CCKM debug options.
dtls           Configures the DTLS debug options.
ccxdiag        Configures the CCX Diagnostic debug options.
call-control   Configures the call control (CC) debug options.
MC             debug mc events
ccxrm          Configures the CCX_RM debug options.
ccxs69         Configures the CCX S69 debug options.
capwap         Configures the CAPWAP debug options
cdp            Configures debug of cdp.
client         Enables debugs for common client problems.
crypto         Configures the Hardware Crypto debug options.
dhcp           Configures the DHCP debug options.
disable-all    Disables all debug messages.
dot1x          Configures the 802.1X debug options.

--More-- or (q)uit
(Cisco Controller) debug>aaa events enable *spamReceiveTask: Aug 09 16:08:15.597: CCKM: Send CCKM cache entry
*osapiBsnTimer: Aug 09 16:08:19.997: 00:21:00:43:76:ad 802.1x 'txWhen' Timer expired for station 00:21:00:43:76:ad
*dot1xMsgTask: Aug 09 16:08:19.998: 00:21:00:43:76:ad dot1x - moving mobile 00:21:00:43:76:ad into Connecting state
*dot1xMsgTask: Aug 09 16:08:19.998: 00:21:00:43:76:ad Sending EAP-Request/Identity to mobile 00:21:00:43:76:ad (EAP Id 3)

(Cisco Controller) debug>
(Cisco Controller) debug>*spamReceiveTask: Aug 09 16:08:31.911: CCKM: Send CCKM cache entry
*spamReceiveTask: Aug 09 16:08:35.460: CCKM: Send CCKM cache entry
*aaaQueueReader: Aug 09 16:08:42.604: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:42.630: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:42.630: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:42.719: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:42.722: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:42.722: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:42.743: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:42.748: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:42.748: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:42.757: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:42.765: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:42.765: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:42.771: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:42.776: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:42.776: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:42.784: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:42.788: ****Enter processIncomingMessages: response code=2

*radiusTransportThread: Aug 09 16:08:42.788: ****Enter processRadiusResponse: response code=2

*aaaQueueReader: Aug 09 16:08:47.037: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.040: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.040: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.078: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.082: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.082: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.154: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.158: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.158: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.169: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.173: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.173: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.194: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.197: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.197: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.338: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.362: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.362: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.438: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.441: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.441: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.461: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.465: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.465: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.475: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.483: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.483: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.488: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.493: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:47.493: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:47.503: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:47.506: ****Enter processIncomingMessages: response code=2

*radiusTransportThread: Aug 09 16:08:47.506: ****Enter processRadiusResponse: response code=2

*osapiBsnTimer: Aug 09 16:08:49.997: 00:21:00:43:76:ad 802.1x 'txWhen' Timer expired for station 00:21:00:43:76:ad
*dot1xMsgTask: Aug 09 16:08:49.997: 00:21:00:43:76:ad Reached Max EAP-Identity Request retries (3) for STA 00:21:00:43:76:ad
*dot1xMsgTask: Aug 09 16:08:49.998: 00:21:00:43:76:ad Sent Deauthenticate to mobile on BSSID 9c:4e:20:72:01:20 slot 1(caller 1x_auth_pae.c:2943)
*dot1xMsgTask: Aug 09 16:08:49.998: 00:21:00:43:76:ad Scheduling deletion of Mobile Station: (callerId: 6) in 10 seconds
*dot1xMsgTask: Aug 09 16:08:49.998: 00:21:00:43:76:ad dot1x - moving mobile 00:21:00:43:76:ad into Disconnected state
*dot1xMsgTask: Aug 09 16:08:49.998: 00:21:00:43:76:ad Not sending EAP-Failure for STA 00:21:00:43:76:ad
*spamReceiveTask: Aug 09 16:08:50.279: CCKM: Send CCKM cache entry
*aaaQueueReader: Aug 09 16:08:51.800: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:51.803: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:51.803: ****Enter processRadiusResponse: response code=11

*aaaQueueReader: Aug 09 16:08:51.870: apfVapRadiusInfoGet: WLAN(8) dynamic int attributes srcAddr:0x0, gw:0x0, mask:0x0, vlan:0, dpPort:0, srcPort:0
*radiusTransportThread: Aug 09 16:08:51.873: ****Enter processIncomingMessages: response code=11

*radiusTransportThread: Aug 09 16:08:51.873: ****Enter processRadiusResponse: response code

Nicolas Darchis · ‎08-09-2011

Your clients are not replying to identity requests :

dot1xMsgTask: Aug 09 16:08:49.997: 00:21:00:43:76:ad Reached Max EAP-Identity Request retries (3) for STA 00:21:00:43:76:ad

I have no idea what's the relation with the upgrade on your radius server (there isn't probably).

martin.fox · ‎08-11-2011

This problem affected 200+ clients at once - so not sure why it suddenly started happening. Also got this in the trace:

*Dot1x_NW_MsgTask_0: Aug 10 09:40:08.508: 00:21:00:43:76:ad Received EAPOL-key in PTK_START state (message 2) from mobile 00:21:00:43:76:ad
*Dot1x_NW_MsgTask_0: Aug 10 09:40:08.508: 00:21:00:43:76:ad Received EAPOL-key M2 with invalid MIC from mobile 00:21:00:43:76:ad
*osapiBsnTimer: Aug 10 09:40:09.361: 00:21:00:43:76:ad 802.1x 'timeoutEvt' Timer expired for station 00:21:00:43:76:ad
*dot1xMsgTask: Aug 10 09:40:09.362: 00:21:00:43:76:ad Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 00:21:00:43:76:ad

And its from all clients.

Can someone tell me the EAPOL handshake is that between the client and Ap, or client and Controller, client and radius server.

Thank you

Nicolas Darchis · ‎08-11-2011

Such errors can be due to bad client drivers or to high level of retransmissions and the eapol handshake can never really finish.

That handshake if between client and AP. They both know the master secret (user credentials) and derive a session encryption key from that

romainpage · ‎08-16-2011

Hi,

Did you find any fix to your issue ?

I am currently facing the same kind of issue but only with Apple devices.

Thanks.

Best Regards.

Romain