Mobility Express override VLAN NPS problema DHCP

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
francofranco
Cisco fan
Messaggi: 44
Iscritto il: mer 25 mar , 2015 7:13 pm

Buongiorno,
ho un problema e non riesco a venirne a capo.
Sto configurando un AP 2802i con Cisco Mobility Express a bordo.
La WLAN utilizza il VLAN tagging ed è impostata per usare la VLAN 30. L'autenticazione degli utenti avviene tramite server RADIUS realizzato con servizio NPS su macchina Windows Server 2012 R2. I server DHCP sono esterni e risiedono su una appliance PFSENSE. Ho attiviato sulla Wlan l'AAA override in modo che a secondo del gruppo utente di appartenenza venga passato l'attributo della VLAN con valore 10, 20 o 30.
Funziona tutto nel senso che il cliente che si autentica riceve la corretta VLAN.

Il problema è il dhcp utilizzato non è coerente con la VLAN "ovverrata" ma viene sempre utilizzato quello della VLAN impostata staticamente sulla WLAN (in questo caso VLAN 30 con quindi l'ip in quel pool 172.16.30.11).

Ho provato anche a disabilitare il dhcp proxy mode, ma nulla. Ovviamente se cambio la VLAN impostata sulla WLAN utilizza il relativo pool dhcp. E' come se l'AAA override non avesse effetto sul dhcp.

Posto il debug... le ultime righe potrebbero essere utili?

Codice: Seleziona tutto

*apfReceiveTask: Jun 10 11:07:20.963: 70:18:8b:93:b6:31 Received management frame ASSOCIATION REQUEST  on BSSID c4:b2:39:97:7f:40 destination addr c4:b2:39:97:7f:40
*apfMsConnTask_0: Jun 10 11:07:20.963: 70:18:8b:93:b6:31 Processing assoc-req station:70:18:8b:93:b6:31 AP:c4:b2:39:97:7f:40-00 ssid : DNC thread:5e168650
*apfMsConnTask_0: Jun 10 11:07:20.963: 70:18:8b:93:b6:31 apfCreateMobileStationEntryWrapper (apf_ms.c:4471) Changing state for mobile 70:18:8b:93:b6:31 on AP c4:b2:39:97:7f:40 from Idle to Idle

*apfMsConnTask_0: Jun 10 11:07:20.963: 70:18:8b:93:b6:31 Adding mobile on LWAPP AP c4:b2:39:97:7f:40(0)
*apfMsConnTask_0: Jun 10 11:07:20.963: 70:18:8b:93:b6:31 Created Acct-Session-ID (5ee0a2c8/70:18:8b:93:b6:31/5) for the mobile
*apfMsConnTask_0: Jun 10 11:07:20.963: 70:18:8b:93:b6:31  Setting hasApChnaged Flag as true. It is a fresh assoc request.

*apfMsConnTask_0: Jun 10 11:07:20.964: 70:18:8b:93:b6:31 Setting RTTS enabled to 0
*apfMsConnTask_0: Jun 10 11:07:20.964: 70:18:8b:93:b6:31 Association received from mobile on BSSID c4:b2:39:97:7f:40 AP APA0B4.398D.9504
*apfMsConnTask_0: Jun 10 11:07:20.964: 70:18:8b:93:b6:31 Station:  70:18:8B:93:B6:31  trying to join WLAN with RSSI -57. Checking for XOR roam conditions on AP:  C4:B2:39:97:7F:40  Slot: 0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Station:  70:18:8B:93:B6:31  is associating to AP  C4:B2:39:97:7F:40  which is not XOR roam capable
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Global 200 Clients are allowed to AP radio

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Max Client Trap Threshold: 0  cur: 0

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Updated local bridging VLAN to 0 while applying WLAN policy
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Updated session timeout to 0 and Sleep timeout to 720 while applying WLAN policy
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 override for default ap group, marking intgrp NULL
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Not re-applying interface policy for local switching Client

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 After applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:3284)
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255),Default action is '0' --- (caller apf_policy.c:3304)
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:3325)
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Values before applying NASID - interfacetype:0, ovrd:0, mscb nasid:, interface nasid:, APgrpset:0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Check before Setting the NAS Id to WLAN specific Id ''
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 apf_policy.c:2569 Assigning the SGT 0 to mobile (earlier sgt 0)
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 In processSsidIE:7127 setting Central switched to FALSE
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Set Clinet MSCB as Central Association Disabled
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Applying site-specific Local Bridging override for station 70:18:8b:93:b6:31 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Applying Local Bridging Interface Policy for station 70:18:8b:93:b6:31 - vlan 0, interface id 0, interface 'management', nasId:''
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Set Clinet Non AP specific WLAN apfMsAccessVlan = 30
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 This apfMsAccessVlan may be changed later from AAA after L2 Auth
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Cleared localSwitchingVlan, may be assigned later based on AAA override
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 processSsidIE  statusCode is 0 and status is 0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 processSsidIE  ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 STA - rates (8): 150 12 18 24 36 48 72 96 0 0 0 0 0 0 0 0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 suppRates  statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 STA - rates (9): 150 12 18 24 36 48 72 96 108 0 0 0 0 0 0 0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 extSuppRates  statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_0: Jun 10 11:07:20.965: RSNIE in Assoc. Req.: (20)

*apfMsConnTask_0: Jun 10 11:07:20.965:      [0000] 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_0: Jun 10 11:07:20.965:      [0016] ac 01 00 00

*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Processing RSN IE type 48, length 20 for mobile 70:18:8b:93:b6:31
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Selected Unicast cipher CCMP128 for client device
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 RSN Capabilities:  0
*apfMsConnTask_0: Jun 10 11:07:20.965: 70:18:8b:93:b6:31 non-11w Capable mobile
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Received RSN IE with 0 PMKIDs from mobile 70:18:8b:93:b6:31
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Received RSN IE with 0 PMKIDs from mobile 70:18:8b:93:b6:31
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Setting active key cache index 8 ---> 8
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 unsetting PmkIdValidatedByAp
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Assigning flex webauth IPv4-ACL ID :65535, IPv6-ACL ID:65535 for AP WLAN ID : 1
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Assigned flex post-auth IPv4-ACL ID :65535, IPv6-ACL ID:65535 for AP WLAN ID : 1
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Updating AID for REAP AP Client c4:b2:39:97:7f:40 - AID ===> 2
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)

*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31  apfVapSecurity=0x4000 L2=16384 SkipWeb=0
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31  AuthenticationRequired = 1
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Encryption policy is set to 0x80000001
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Setting the action to initiate 1x 4 way handshake upon Add_Mobile_Ack for station with encrypt policy:[80000001]
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 0.0.0.0 8021X_REQD (3) DHCP required on AP c4:b2:39:97:7f:40 vapId 1 apVapId 1for this client
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 flex webauth acl id to be sent :65535 name : client acl id :65535 name :
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 flex webauth ipv6 acl id to be sent :65535 name : client acl id :65535 name :
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Vlan while overriding the policy = -1
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 sending to spamAddMobile vlanId -1 aclName = , flexAclId 65535

*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP c4:b2:39:97:7f:40 vapId 1 apVapId 1 flex acl-name: v6acl-name
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 apfMsAssoStateInc
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 apfPemAddUser2 (apf_policy.c:451) Changing state for mobile 70:18:8b:93:b6:31 on AP c4:b2:39:97:7f:40 from Idle to Associated

*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 apfPemAddUser2:session timeout forstation 70:18:8b:93:b6:31 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is  0
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Sending assoc-resp with status 0 station:70:18:8b:93:b6:31 AP:c4:b2:39:97:7f:40-00 on apVapId 1
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Sending Assoc Response (status: '0') to station on AP APA0B4.398D.9504 on BSSID c4:b2:39:97:7f:40 ApVapId 1 Slot 0, mobility role 0
*apfMsConnTask_0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 apfProcessAssocReq (apf_80211.c:12284) Changing state for mobile 70:18:8b:93:b6:31 on AP c4:b2:39:97:7f:40 from Associated to Associated

*spamApTask0: Jun 10 11:07:20.966: 70:18:8b:93:b6:31 Add SGT:0 to AP c4:b2:39:97:7f:40
*spamApTask0: Jun 10 11:07:20.967: 70:18:8b:93:b6:31 Add CTS mobile SGT - Encoded the capwap payload for the mobile with SGT 0
*spamApTask0: Jun 10 11:07:20.967: 70:18:8b:93:b6:31 Flex Ipv6 pre-auth acl is not present, not Encoding Flex Ipv6 acl for add mobile Payload
*spamApTask0: Jun 10 11:07:20.967: 70:18:8b:93:b6:31 Flex Ipv6 post auth acl is not present, not updating add mobile Payload
*spamApTask0: Jun 10 11:07:20.967: 70:18:8b:93:b6:31 Successful transmission of LWAPP Add-Mobile to AP c4:b2:39:97:7f:40 idx@52
*spamApTask0: Jun 10 11:07:20.967: 70:18:8b:93:b6:31 Setting ADD_MOBILE (idx 0, seqno 0, action 1, count 204718626) ack state for STA on AP c4:b2:39:97:7f:40
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.971: 70:18:8b:93:b6:31 reauth_sm state transition 0 ---> 1 for mobile 70:18:8b:93:b6:31 at 1x_reauth_sm.c:47
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.971: 70:18:8b:93:b6:31 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.971: 70:18:8b:93:b6:31 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.971: 70:18:8b:93:b6:31 Station 70:18:8b:93:b6:31 setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.971: 70:18:8b:93:b6:31 Received EAPOL START from mobile in dot1x state = 2
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.971: 70:18:8b:93:b6:31 Ignoring EAPOL-Start as client still ongoing AddMnAckPend:1 or EAPOL-Key HS state:0)
*spamApTask0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 Received ADD_MOBILE ack - Initiating 1x to STA 70:18:8b:93:b6:31 (idx 52)
*spamApTask0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 APF Initiating 1x to STA 70:18:8b:93:b6:31
*spamApTask0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 Sent dot1x auth initiate message for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 dot1xProcessInitiate1XtoMobile to mobile station 70:18:8b:93:b6:31 (mscb 1, msg 1)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 reauth_sm state transition 1 ---> 0 for mobile 70:18:8b:93:b6:31 at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 EAP-PARAM Debug - eap-params for Wlan-Id :1 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 dot1x - moving mobile 70:18:8b:93:b6:31 into Connecting state
*Dot1x_NW_MsgTask_0: Jun 10 11:07:20.974: 70:18:8b:93:b6:31 Sending EAP-Request/Identity to mobile 70:18:8b:93:b6:31 (EAP Id 1)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.747: 70:18:8b:93:b6:31 Received EAPOL EAPPKT from mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.747: 70:18:8b:93:b6:31 Received Identity Response (count=1) from mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Resetting reauth count 1 to 0 for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 EAP State update from Connecting to Authenticating for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 dot1x - moving mobile 70:18:8b:93:b6:31 into Authenticating state
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Entering Backend Auth Response state for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Created Cisco-Audit-Session-ID for the mobile: 3c0510ac00000002d6a2e05e type: local
*aaaQueueReader: Jun 10 11:07:34.748: AuthenticationRequest: 0x505bfb58


*aaaQueueReader: Jun 10 11:07:34.748:   Callback.....................................0x5592bed4

*aaaQueueReader: Jun 10 11:07:34.748:   protocolType.................................0x00140001

*aaaQueueReader: Jun 10 11:07:34.748:   Packet contains 16 AVPs:

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[01] User-Name................................utente (5 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[02] Chargeable-User-Identity.................0x3c (60) '<' (1 byte)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[03] Location-Capable.........................0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[04] Calling-Station-Id.......................70-18-8b-93-b6-31 (17 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[05] Called-Station-Id........................c4-b2-39-97-7f-40:DNC (21 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[06] Nas-Port.................................0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[07] Cisco / Audit-Session-Id.................3c0510ac00000002d6a2e05e (24 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[08] Acct-Session-Id..........................5ee0a2c8/70:18:8b:93:b6:31/5 (28 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[09] Nas-Ip-Address...........................0xac10053c (-1408236228) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[10] NAS-Identifier...........................CiscoWLC (8 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[11] Airespace / WLAN-Identifier..............0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[12] Service-Type.............................0x00000002 (2) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[13] Framed-MTU...............................0x00000514 (1300) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[14] Nas-Port-Type............................0x00000013 (19) (4 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[15] EAP-Message..............................DATA (10 bytes)

*aaaQueueReader: Jun 10 11:07:34.748:       AVP[16] Message-Authenticator....................DATA (16 bytes)

*aaaQueueReader: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 192.168.1.200 port 1812 index 0 active 1
*aaaQueueReader: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Found a server : 192.168.1.200 from the WLAN server list of radius server index 1
*aaaQueueReader: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Send Radius Auth Request with pktId:10 into qid:1 of server at index:0
*aaaQueueReader: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Sending the packet to v4 host 192.168.1.200:1812 of length 239
*aaaQueueReader: Jun 10 11:07:34.748: 70:18:8b:93:b6:31 Successful transmission of Authentication Packet (pktId 10) to 192.168.1.200:1812 from server queue 1, proxy state 70:18:8b:93:b6:31-01:00
*aaaQueueReader: Jun 10 11:07:34.749: 00000000: 01 0a 00 ef 24 f5 f5 55  1e db d5 bd 85 92 ac d1  ....$..U........
*aaaQueueReader: Jun 10 11:07:34.749: 00000010: ac 7b 38 87 01 07 73 61  6d 61 66 59 03 3c 83 06  .{8...utenteY.<..
*aaaQueueReader: Jun 10 11:07:34.749: 00000020: 00 00 00 01 1f 13 37 30  2d 31 38 2d 38 62 2d 39  ......70-18-8b-9
*aaaQueueReader: Jun 10 11:07:34.749: 00000030: 33 2d 62 36 2d 33 31 1e  17 63 34 2d 62 32 2d 33  3-b6-31..c4-b2-3
*aaaQueueReader: Jun 10 11:07:34.749: 00000040: 39 2d 39 37 2d 37 66 2d  34 30 3a 44 4e 43 05 06  9-97-7f-40:DNC..
*aaaQueueReader: Jun 10 11:07:34.749: 00000050: 00 00 00 01 1a 31 00 00  00 09 01 2b 61 75 64 69  .....1.....+audi
*aaaQueueReader: Jun 10 11:07:34.749: 00000060: 74 2d 73 65 73 73 69 6f  6e 2d 69 64 3d 33 63 30  t-session-id=3c0
*aaaQueueReader: Jun 10 11:07:34.749: 00000070: 35 31 30 61 63 30 30 30  30 30 30 30 32 64 36 61  510ac00000002d6a
*aaaQueueReader: Jun 10 11:07:34.749: 00000080: 32 65 30 35 65 2c 1e 35  65 65 30 61 32 63 38 2f  2e05e,.5ee0a2c8/
*aaaQueueReader: Jun 10 11:07:34.749: 00000090: 37 30 3a 31 38 3a 38 62  3a 39 33 3a 62 36 3a 33  70:18:8b:93:b6:3
*aaaQueueReader: Jun 10 11:07:34.749: 000000a0: 31 2f 35 04 06 ac 10 05  3c 20 0a 43 69 73 63 6f  1/5.....<..Cisco
*aaaQueueReader: Jun 10 11:07:34.749: 000000b0: 57 4c 43 1a 0c 00 00 37  63 01 06 00 00 00 01 06  WLC....7c.......
*aaaQueueReader: Jun 10 11:07:34.749: 000000c0: 06 00 00 00 02 0c 06 00  00 05 14 3d 06 00 00 00  ...........=....
*aaaQueueReader: Jun 10 11:07:34.749: 000000d0: 13 4f 0c 02 01 00 0a 01  73 61 6d 61 66 50 12 e9  .O......utenteP..
*aaaQueueReader: Jun 10 11:07:34.749: 000000e0: cc 99 57 14 34 35 34 ae  3e c0 75 3d 53 cd 53     ..W.454.>.u=S.S
*radiusTransportThread: Jun 10 11:07:35.005: 70:18:8b:93:b6:31 Counted 4 AVPs (processed 90 bytes, left 0)
*radiusTransportThread: Jun 10 11:07:35.005: 70:18:8b:93:b6:31 Access-Challenge received from RADIUS server 192.168.1.200 (qid:1) with port:1812, pktId:10
*radiusTransportThread: Jun 10 11:07:35.005: AuthorizationResponse: 0x5c0ced94


*radiusTransportThread: Jun 10 11:07:35.005: RadiusIndexSet(0), Index(0)
*radiusTransportThread: Jun 10 11:07:35.005:    structureSize................................250

*radiusTransportThread: Jun 10 11:07:35.005:    resultCode...................................255

*radiusTransportThread: Jun 10 11:07:35.005:    protocolUsed.................................0x00000001

*radiusTransportThread: Jun 10 11:07:35.005:    proxyState...................................70:18:8B:93:B6:31-01:00

*radiusTransportThread: Jun 10 11:07:35.005:    Packet contains 4 AVPs:

*radiusTransportThread: Jun 10 11:07:35.005:        AVP[01] Session-Timeout..........................0x0000001e (30) (4 bytes)

*radiusTransportThread: Jun 10 11:07:35.005:        AVP[02] EAP-Message..............................DATA (6 bytes)

*radiusTransportThread: Jun 10 11:07:35.005:        AVP[03] State....................................DATA (36 bytes)

*radiusTransportThread: Jun 10 11:07:35.005:        AVP[04] Message-Authenticator....................DATA (16 bytes)

*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.005: 70:18:8b:93:b6:31 Processing Access-Challenge for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.006: 70:18:8b:93:b6:31 Entering Backend Auth Req state (id=2) for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.006: 70:18:8b:93:b6:31 Sending EAP Request from AAA to mobile 70:18:8b:93:b6:31 (EAP Id 2)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.006: 70:18:8b:93:b6:31 Allocating EAP Pkt for retransmission to mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.010: 70:18:8b:93:b6:31 Received EAPOL EAPPKT from mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.010: 70:18:8b:93:b6:31 Received EAP Response from mobile 70:18:8b:93:b6:31 (EAP Id 2, EAP Type 25)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.010: 70:18:8b:93:b6:31 Resetting reauth count 0 to 0 for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:35.010: 70:18:8b:93:b6:31 Entering Backend Auth Response state for mobile 70:18:8b:93:b6:31
*aaaQueueReader: Jun 10 11:07:35.010: AuthenticationRequest: 0x5fdaba04


*aaaQueueReader: Jun 10 11:07:35.010:   Callback.....................................0x5592bed4

*aaaQueueReader: Jun 10 11:07:35.010:   protocolType.................................0x00140001

*aaaQueueReader: Jun 10 11:07:35.010:   proxyState...................................70:18:8B:93:B6:31-01:01

*aaaQueueReader: Jun 10 11:07:35.010:   Packet contains 17 AVPs:

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[01] User-Name................................utente (5 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[02] Chargeable-User-Identity.................0x3c (60) '<' (1 byte)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[03] Location-Capable.........................0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[04] Calling-Station-Id.......................70-18-8b-93-b6-31 (17 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[05] Called-Station-Id........................c4-b2-39-97-7f-40:DNC (21 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[06] Nas-Port.................................0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[07] Cisco / Audit-Session-Id.................3c0510ac00000002d6a2e05e (24 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[08] Acct-Session-Id..........................5ee0a2c8/70:18:8b:93:b6:31/5 (28 bytes)

*aaaQueueReader: Jun 10 11:07:35.010:       AVP[09] Nas-Ip-Address...........................0xac10053c (-1408236228) (4 bytes)

*debugger Jun 10 11:07:42.949: %DEBUGGER-3-WLC_CONSOLE_LOGGING_HWM
*debugger Jun 10 11:07:45.360: %DEBUGGER-3-WLC_CONSOLE_LOGGING_LWM
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31  Applying Fabric vnid override for client 70:18:8b:93:b6:31, client->reap 22 ,over bits 1,isover FALSE
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Updated local bridging VLAN to 0 while applying WLAN policy
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Updated session timeout to 0 and Sleep timeout to 720 while applying WLAN policy
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 override for default ap group, marking intgrp NULL
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Check before Setting the NAS Id to WLAN specific Id ''
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Inserting AAA Override struct for mobile
        MAC: 70:18:8b:93:b6:31, source: L2 Auth

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Inserting new RADIUS override into chain for station 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Override values for station 70:18:8b:93:b6:31
        source: 4, valid bits: 0x1
        qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1         Interim Interval: -1
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
        vlanIfName: '20', vlanId:20, aclName: ', ipv6AclName: , avcProfileName: '

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Override values (cont..2) dataAvgCUs: -1, rTAvgCUs: -1, dataBurstCUs: -1, rTimeBurstCUs: -1
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.528: 70:18:8b:93:b6:31 Applying override policy from source Override Summation: with value 1

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Override values for station 70:18:8b:93:b6:31
        source: 256, valid bits: 0x1
        qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1         Interim Interval:
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1
        vlanIfName: '20', vlanId:20, aclName: ', ipv6AclName: , avcProfileName: '

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Override values (cont..2) dataAvgCUs: -1, rTAvgCUs: -1, dataBurstCUs: -1, rTimeBurstCUs: -1
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Not computing ipsk-tag for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 AAA override is enabled and interface doesnot exist use the VLAN id in the nac payload 20 for 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Flex Local switching client, Changed local switching vlan to 20
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Setting re-auth timeout to 1800 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Station 70:18:8b:93:b6:31 setting dot1x reauth timeout = 1800
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Username entry (utente) created for mobile, length = 253
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Username entry (utente) created in mscb for mobile, length = 253
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Creating a PKC PMKID Cache entry for station 70:18:8b:93:b6:31 (RSN 2)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Resetting MSCB PMK Cache Entry @index 0 for station 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Created PMKID PMK Cache for BSSID c4:b2:39:97:7f:40  at index 0 for station 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: New PMKID: (16)

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529:      [0000] 5d 78 c7 7a 3c 52 f0 da 40 6f 3d 81 71 d8 b5 7d

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 802.11i: Create a global PMK cache entry, AKM-type = 1
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 apfCreatePmkCacheEntry: added a new pmk cache entry for 70:18:8b:93:b6:31

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 1x: Updated the audit-session-id of PMK-Cache from client mscb: 3c0510ac00000002d6a2e05e
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Zeroize AAA Overrides from local for station
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Adding Audit session ID payload in Mobility handoff

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 0 PMK-update groupcast messages sent
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 PMK sent to mobility group
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Sending EAP-Success to mobile 70:18:8b:93:b6:31 (EAP Id 12)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.529: 70:18:8b:93:b6:31 Freeing AAACB from Dot1xCB as AAA auth is done for  mobile 70:1*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 Compare RSN IE in association and EAPOL-M2 frame(rsnie_len :20, and grpMgmtCipherLen:0)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 rsnieCapabilty = 0 rsnie_len =20
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 Dumping RSNIE received in Association request(len = 22):
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 00000000: 30 14 01 00 00 0f ac 04  01 00 00 0f ac 04 01 00  0...............
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 00000010: 00 0f ac 01 00 00                                 ......
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 Dumping RSNIE received in EAPOL M2 (len = 20):
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 00000000: 01 00 00 0f ac 04 01 00  00 0f ac 04 01 00 00 0f  ................
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 00000010: ac 01 00 00                                       ....
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 Stopping retransmission timer for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 key Desc Version FT - 0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 key Desc Version FT - 0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 Sending EAPOL-Key Message to mobile 70:18:8b:93:b6:31
   state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.535: 70:18:8b:93:b6:31 Reusing allocated memory for  EAP Pkt for retransmission to mobile 70:18:8b:93:b6:31
*CAPWAP DATA: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 validating eapol pkt: key version = 2
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Received EAPOL-Key from mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 key Desc Version FT - 0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Stopping retransmission timer for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Freeing EAP Retransmit Bufer for mobile 70:18:8b:93:b6:31
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 apfMs1xStateInc
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 apfMsPeapSimReqCntInc
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 apfMsPeapSimReqSuccessCntInc
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Mobility query, PEM State: L2AUTHCOMPLETE

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 0.0.0.0 L2AUTHCOMPLETE (4) NO release MSCB
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31 Building Mobile Announce :

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31   Building Client Payload:

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31     Client Ip: 0.0.0.0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31     Client Vlan Ip: 172.16.5.60, Vlan mask : 255.255.255.0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31     Client Vap Security: 16384

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31     Virtual Ip: 192.0.2.1

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31     ssid: DNC

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.537: 70:18:8b:93:b6:31   Building VlanIpPayload.

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 L2AUTHCOMPLETE (4) DHCP required on AP c4:b2:39:97:7f:40 vapId 1 apVapId 1for this client
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 flex webauth acl id to be sent :65535 name : client acl id :65535 name :
q*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 flex webauth ipv6 acl id to be sent :65535 name : client acl id :65535 name :
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 Vlan while overriding the policy = 20
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 sending to spamAddMobile vlanId 20 aclName = , flexAclId 65535

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP c4:b2:39:97:7f:40 vapId 1 apVapId 1 flex acl-name: v6acl-name
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4)

*spamApTask0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 Add SGT:0 to AP c4:b2:39:97:7f:40
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 7231, Adding TMP rule
*spamApTask0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 Add CTS mobile SGT - Encoded the capwap payload for the mobile with SGT 0
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule
  type = Airespace AP - Learn IP address
  on AP c4:b2:39:97:7f:40, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID = 255, IPv
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 1706, IntfId = 0  Local Bridging Vlan = 0, Local Bridging intf id = 0
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 1706  AverageRate = 0, BurstRate = 0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 1706  AverageRate = 0, BurstRate = 0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 1706  AverageRate = 0, BurstRate = 0

*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255, L2 ACL ID 255,URL ACL ID 255,URL ACL Action 0)
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 Updating info change db with CMX bitmap 0x0000
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) NO release MSCB
*Dot1x_NW_MsgTask_0: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 Successfully Plumbed PTK session Keysfor mobile 70:18:8b:93:b6:31
*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
  Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 172.16.5.60
*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 pemAdvanceState2 (pem_api.c:6735) Changing state for mobile 70:18:8b:93:b6:31 on AP c4:b2:39:97:7f:40 from Associated to Associated

*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 6869, Adding TMP rule
*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Replacing Fast Path rule
  type = Airespace AP - Learn IP address
  on AP c4:b2:39:97:7f:40, slot 0, interface = 1, QOS = 0
  IPv4 ACL ID = 255,
*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 1706, IntfId = 0  Local Bridging Vlan = 0, Local Bridging intf id = 0
*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 1706  AverageRate = 0, BurstRate = 0

*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 1706  AverageRate = 0, BurstRate = 0

*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) AVC Ratelimit:  AppID = 0 ,AppAction = 0, AppToken = 1706  AverageRate = 0, BurstRate = 0

*apfReceiveTask: Jun 10 11:07:36.538: 70:18:8b:93:b6:31 0.0.0.0 DHCP_REQD (7) Successfully plumbed 11:07:36.558: 70:18:8b:93:b6:31 DHCP success event for client. Clearing dhcp failure count for interface management.
*aaaQueueReader: Jun 10 11:07:36.558:       AVP[05] Class....................................DATA (44 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[06] NAS-Identifier...........................CiscoWLC (8 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[07] Airespace / WLAN-Identifier..............0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[08] Acct-Session-Id..........................5ee0a2c8/70:18:8b:93:b6:31/5 (28 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[09] Nas-Port-Type............................0x00000013 (19) (4 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[10] Cisco / Audit-Session-Id.................3c0510ac00000002d6a2e05e (24 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[11] Acct-Authentic...........................0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[12] Acct-Event-Time..........................0x5ee0a2d8 (1591780056) (4 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[13] Acct-Status-Type.........................0x00000001 (1) (4 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[14] Calling-Station-Id.......................70-18-8b-93-b6-31 (17 bytes)

*aaaQueueReader: Jun 10 11:07:36.558:       AVP[15] Called-Station-Id........................a0-b4-39-8d-95-00 (17 bytes)

*aaaQueueReader: Jun 10 11:07:36.558: 70:18:8b:93:b6:31 radiusServerFallbackPassiveStateUpdate: RADIUS server is ready 192.168.1.200 port 1813 index 0 active 1
*aaaQueueReader: Jun 10 11:07:36.558: 70:18:8b:93:b6:31 NAI-Realm not enabled on Wlan, radius servers will be selected as usual
*aaaQueueReader: Jun 10 11:07:36.558: 70:18:8b:93:b6:31 Found a server : 192.168.1.200 from the WLAN server list of radius server index 1
*aaaQueueReader: Jun 10 11:07:36.558: 70:18:8b:93:b6:31 Send Radius Acct Request with pktId:2 into qid:1 of server at index:0
*aaaQueueReader: Jun 10 11:07:36.558: 70:18:8b:93:b6:31 Sending the packet to v4 host 192.168.1.200:1813 of length 254
*aaaQueueReader: Jun 10 11:07:36.558: 70:18:8b:93:b6:31 Successful transmission of Accounting-Start (pktId 2) to 192.168.1.200:1813 from server queue 1, proxy state 70:18:8b:93:b6:31-00:00
*aaaQueueReader: Jun 10 11:07:36.559: 00000000: 04 02 00 fe 21 06 36 e1  6e 41 ba f2 d8 29 75 43  ....!.6.nA...)uC
*aaaQueueReader: Jun 10 11:07:36.559: 00000010: 97 ca 93 4e 01 07 73 61  6d 61 66 05 06 00 00 00  ...N..utente.....
*aaaQueueReader: Jun 10 11:07:36.559: 00000020: 01 04 06 ac 10 05 3c 08  06 ac 10 1e 0b 19 2e 78  ......<........x
*aaaQueueReader: Jun 10 11:07:36.559: 00000030: ab 06 51 00 00 01 37 00  01 02 00 c0 a8 01 c8 00  ..Q...7.........
*aaaQueueReader: Jun 10 11:07:36.559: 00000040: 00 00 00 00 00 00 00 00  00 00 00 01 d6 3d 9e 4d  .............=.M
*aaaQueueReader: Jun 10 11:07:36.559: 00000050: 64 8d d2 00 00 00 00 00  00 01 21 20 0a 43 69 73  d.........!..Cis
*aaaQueueReader: Jun 10 11:07:36.559: 00000060: 63 6f 57 4c 43 1a 0c 00  00 37 63 01 06 00 00 00  coWLC....7c.....
*aaaQueueReader: Jun 10 11:07:36.559: 00000070: 01 2c 1e 35 65 65 30 61  32 63 38 2f 37 30 3a 31  .,.5ee0a2c8/70:1
*aaaQueueReader: Jun 10 11:07:36.559: 00000080: 38 3a 38 62 3a 39 33 3a  62 36 3a 33 31 2f 35 3d  8:8b:93:b6:31/5=
*aaaQueueReader: Jun 10 11:07:36.559: 00000090: 06 00 00 00 13 1a 31 00  00 00 09 01 2b 61 75 64  ......1.....+aud
*aaaQueueReader: Jun 10 11:07:36.559: 000000a0: 69 74 2d 73 65 73 73 69  6f 6e 2d 69 64 3d 33 63  it-session-id=3c
*aaaQueueReader: Jun 10 11:07:36.559: 000000b0: 30 35 31 30 61 63 30 30  30 30 30 30 30 32 64 36  0510ac00000002d6
*aaaQueueReader: Jun 10 11:07:36.559: 000000c0: 61 32 65 30 35 65 2d 06  00 00 00 01 37 06 5e e0  a2e05e-.....7.^.
*aaaQueueReader: Jun 10 11:07:36.559: 000000d0: a2 d8 28 06 00 00 00 01  1f 13 37 30 2d 31 38 2d  ..(.......70-18-
*aaaQueueReader: Jun 10 11:07:36.559: 000000e0: 38 62 2d 39 33 2d 62 36  2d 33 31 1e 13 61 30 2d  8b-93-b6-31..a0-

(Cisco Controller) >*aaaQueueReader: Jun 10 11:07:36.559: 000000f0: 62 34 2d 33 39 2d 38 64  2d 39 35 2d 30 30        b4-39-8d-95-00
*radiusTransportThread: Jun 10 11:07:36.560: 70:18:8b:93:b6:31 Counted 0 AVPs (processed 20 bytes, left 0)
*radiusTransportThread: Jun 10 11:07:36.560: 70:18:8b:93:b6:31 Accounting-Response received from RADIUS server 192.168.1.200 (qid:1) with port:1813, pktId:2
*apfReceiveTask: Jun 10 11:07:36.587: 70:18:8b:93:b6:31 Recieved MS IPv4 Addr= 172.16.30.11
*apfReceiveTask: Jun 10 11:07:36.587: 70:18:8b:93:b6:31 Updating MS IPv6[1] Addr=   fe80:0000:0000:0000:e577:0371:3ce4:c0be
*apfReceiveTask: Jun 10 11:07:36.587: 70:18:8b:93:b6:31 WcdbClientUpdate: IP Binding from WCDB ip_learn_type 2, add_or_delete 1
*apfReceiveTask: Jun 10 11:07:36.587: 70:18:8b:93:b6:31 IPv4 Addr: 172:16:30:11

*apfReceiveTask: Jun 10 11:07:36.587: 70:18:8b:93:b6:31 Static IP client associated to interface management which cannot support client subnet.
*apfReceiveTask: Jun 10 11:07:36.587: 70:18:8b:93:b6:31 No DHCP scope for IP scope name none.
*apfReceiveTask: Jun 10 11:07:39.680: 70:18:8b:93:b6:31 WcdbClientUpdate: IP Binding from WCDB ip_learn_type 2, add_or_delete 1
*apfReceiveTask: Jun 10 11:07:39.680: 70:18:8b:93:b6:31 IPv4 Addr: 172:16:30:11

*apfReceiveTask: Jun 10 11:07:39.680: 70:18:8b:93:b6:31 Static IP client associated to interface management which cannot support client subnet.
*apfReceiveTask: Jun 10 11:07:39.680: 70:18:8b:93:b6:31 No DHCP scope for IP scope name none.
Cosa potrebbe essere?
Grazie mille.
Rispondi