- Cisco Community
- Technology and Support
- Wireless - Mobility
- Wireless
- Zebra Wireless Printers issue with Cisco ISE
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Zebra Wireless Printers issue with Cisco ISE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2017 01:24 PM - edited 07-05-2021 07:25 AM
Hello guys, I would like your input in an issue I'm facing with Zebra Wireless Printers model RW420 with Cisco Infrastructure with 3700 series APs, Local WLC 5508 and offsite authentication RADIUS with Cisco ISE.
When we move the WLAN to authenticate through Cisco ISE, we see that in roaming action the printer can't back communicate in the network, we see the IP address as 0.0.0.0 in the controller, the only way to get this printer back is turning it off for 10 minutes and then turning on again. That doesn't happen when the WLAN is authenticating through Cisco ACS. Both auth servers are offsite, so it is a WAN communication to reach them.
Can you guys give some light on this?
Thanks,
Robson
Below some logs I've got from the debug.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.321: 00:19:70:b1:79:42 Processing Access-Challenge for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.321: 00:19:70:b1:79:42 Entering Backend Auth Req state (id=173) for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.322: 00:19:70:b1:79:42 Sending EAP Request from AAA to mobile 00:19:70:b1:79:42 (EAP Id 173)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.322: 00:19:70:b1:79:42 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.326: 00:19:70:b1:79:42 Received EAPOL EAPPKT from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.326: 00:19:70:b1:79:42 Received EAP Response from mobile 00:19:70:b1:79:42 (EAP Id 173, EAP Type 25)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.327: 00:19:70:b1:79:42 Resetting reauth count 0 to 0 for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.327: 00:19:70:b1:79:42 Entering Backend Auth Response state for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.403: 00:19:70:b1:79:42 Processing Access-Accept for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.403: 00:19:70:b1:79:42 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.403: 00:19:70:b1:79:42 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.403: 00:19:70:b1:79:42 Username entry (bmwi011) created for mobile, length = 253
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.403: 00:19:70:b1:79:42 Username entry (bmwi011) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 override for default ap group, marking intgrp NULL
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 51
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Re-applying interface policy for client
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2435)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2456)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Values before applying NASID - interfacetype:3, ovrd:0, mscb nasid:brwag-montfac-cntl-1, interface nasid:
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Check before Setting the NAS Id to WLAN specific Id ''
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 override from ap group, removing intf group from mscb
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Applying site-specific override for station 00:19:70:b1:79:42 - vapId 10, site 'Montenegro', interface 'mont_m0b1l3'
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Applying Interface policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 51
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Re-applying interface policy for client
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 0.0.0.0 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2435)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 0.0.0.0 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2456)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Values before applying NASID - interfacetype:3, ovrd:0, mscb nasid:brwag-montfac-cntl-1, interface nasid:
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Applying AP group specific NAS Id 'brwag-montfac-cntl-1'
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Inserting AAA Override struct for mobile
MAC: 00:19:70:b1:79:42, source 4
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Setting re-auth timeout to 0 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Station 00:19:70:b1:79:42 setting dot1x reauth timeout = 0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Stopping reauth timeout for 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Creating a PKC PMKID Cache entry for station 00:19:70:b1:79:42 (RSN 2)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Resetting MSCB PMK Cache Entry 0 for station 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.404: 00:19:70:b1:79:42 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Adding BSSID 00:f2:8b:c0:cc:33 to PMKID cache at index 0 for station 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: New PMKID: (16)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: [0000] ea bd 44 5d c9 23 cc a8 dd d5 a7 cc 99 c9 7d 2b
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Zeroize AAA Overrides from local for station
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 1 PMK-update groupcast messages sent
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 PMK sent to mobility group
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Sending EAP-Success to mobile 00:19:70:b1:79:42 (EAP Id 173)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Found an cache entry for BSSID 00:f2:8b:c0:cc:33 in PMKID cache at index 0 of station 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Found an cache entry for BSSID 00:f2:8b:c0:cc:33 in PMKID cache at index 0 of station 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: [0000] ea bd 44 5d c9 23 cc a8 dd d5 a7 cc 99 c9 7d 2b
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Starting key exchange to mobile 00:19:70:b1:79:42, data packets will be dropped
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Sending EAPOL-Key Message to mobile 00:19:70:b1:79:42
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.405: 00:19:70:b1:79:42 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.406: 00:19:70:b1:79:42 Entering Backend Auth Success state (id=173) for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.406: 00:19:70:b1:79:42 Received Auth Success while in Authenticating state for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.406: 00:19:70:b1:79:42 dot1x - moving mobile 00:19:70:b1:79:42 into Authenticated state
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.415: 00:19:70:b1:79:42 Received EAPOL-Key from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.415: 00:19:70:b1:79:42 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.415: 00:19:70:b1:79:42 Received EAPOL-key in PTK_START state (message 2) from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00:19:70:b1:79:42 Dumping RSNIE received in Association request:
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00000000: 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 0...............
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00000010: 00 0f ac 01 28 00 ....(.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00:19:70:b1:79:42 Dumping RSNIE received in EAPOL M2 :
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00000000: 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ................
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00:19:70:b1:79:42 Not Flex client. Do not distribute PMK Key cache.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00:19:70:b1:79:42 Stopping retransmission timer for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00:19:70:b1:79:42 Sending EAPOL-Key Message to mobile 00:19:70:b1:79:42
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.416: 00:19:70:b1:79:42 Reusing allocated memory for EAP Pkt for retransmission to mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Received EAPOL-Key from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Stopping retransmission timer for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Freeing EAP Retransmit Bufer for mobile 00:19:70:b1:79:42
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 apfMs1xStateInc
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 apfMsPeapSimReqCntInc
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 apfMsPeapSimReqSuccessCntInc
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Mobility query, PEM State: L2AUTHCOMPLETE
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Building Mobile Announce :
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.421: 00:19:70:b1:79:42 Client Ip: 0.0.0.0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 Client Vlan Ip: 10.148.23.250, Vlan mask : 255.255.255.0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 Client Vap Security: 16384
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 Virtual Ip: 10.203.255.254
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 ssid: m0b1l3_test
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 Building VlanIpPayload.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 Mobile Announce sent to 1 members of the local group.
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:f2:8b:c0:cc:30 vapId 10 apVapId 4 flex-acl-name:
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6575, Adding TMP rule
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:f2:8b:c0:cc:30, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255, IP
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 13 Local Bridging Vlan = 51, Local Bridging intf id = 13
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*Dot1x_NW_MsgTask_2: Jul 11 19:21:16.422: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*pemReceiveTask: Jul 11 19:21:16.423: 00:19:70:b1:79:42 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0
*apfOrphanSocketTask: Jul 11 19:21:16.483: 00:19:70:b1:79:42 Orphan Packet from DS - IP 10.148.23.225
*pemReceiveTask: Jul 11 19:21:16.483: 00:19:70:b1:79:42 0.0.0.0 Removed NPU entry.
*apfReceiveTask: Jul 11 19:21:19.409: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 192.168.19.246
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6191, Adding TMP rule
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
type = Airespace AP - Learn IP address
on AP 00:f2:8b:c0:cc:30, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255, IP
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 13 Local Bridging Vlan = 51, Local Bridging intf id = 13
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
BELOW the printer started to work again.
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 Installing Orphan Pkt IP address 10.148.23.225 for station
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 Static IP client associated to interface mont_m0b1l3 which can support client subnet.
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 apfMsRunStateInc
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 10.148.23.225 DHCP_REQD (7) Change state to RUN (20) last state DHCP_REQD (7)
*apfReceiveTask: Jul 11 19:21:19.410: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Reached PLUMBFASTPATH: from line 7241
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Replacing Fast Path rule
type = Airespace AP Client
on AP 00:f2:8b:c0:cc:30, slot 0, interface = 13, QOS = 0
IPv4 ACL ID = 255, IPv6 ACL I
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206, IntfId = 13 Local Bridging Vlan = 51, Local Bridging intf id = 13
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Fast Path rule (contd...) AVC Ratelimit: AppID = 0 ,AppAction = 0, AppToken = 15206 AverageRate = 0, BurstRate = 0
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 Accounting NAI-Realm: bmwi011, from Mscb username : bmwi011
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 10.148.23.225 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255)
*apfReceiveTask: Jul 11 19:21:19.411: 00:19:70:b1:79:42 Assigning Address 10.148.23.225 to mobile
- Labels:
-
ISE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2017 04:59 AM
Can I someone give me a light on this?
I've tested a lot of different configuration and none worked.
thanks
Robson Oliveira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2017 12:58 PM
"That doesn't happen when the WLAN is authenticating through Cisco ACS."
If it is only happen when you use ISE and not with ACS, I would think it is not related to end device behaviour. May be there is a difference in ISE when compare to ACS. Check in ISE if there any auth timers set for 10min
Do you have TAC support with ISE ? If so I would channel through them
HTH
Rasika
*** Pls rate all useful responses ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2017 01:01 PM
In regards of the logs above do you think could be something related to passive clients though? The printers have static IP address applied and the issue happens when they are moving from one AP to another.
Thanks again man
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
