Sem fio/Mobilidade : LAN Wireless (WLAN)

WPA2-PSK e autenticação aberta com exemplo de configuração de Cisco 5760 WLC

14 Outubro 2016 - Tradução por Computador
Outras Versões: Versão em PDFpdf | Inglês (21 Abril 2016) | Feedback

Introdução

Este documento explica as vantagens do uso do acesso protegido por wi-fi 2 (WPA2) em um Wireless LAN (WLAN). O documento fornece dois exemplos de configuração para a aplicação do WPA2 em um WLAN:

  • Configuração de uma chave pré-compartilhada WPA2 (PSK)
  • Configuração da autenticação aberta

Contribuído por Surendra BG, engenheiro de TAC da Cisco.

Pré-requisitos

Requisitos

A Cisco recomenda que você tenha conhecimento destes tópicos:

  • Acesso protegido Sem fio (WPA)
  • Soluções da Segurança de WLAN

Componentes Utilizados

As informações neste documento são baseadas nestas versões de software e hardware:

  • Um controlador do Wireless LAN do Cisco 5700 Series (WLC) com software do ® XE do Cisco IOS, liberação 3.3
  • Access point do peso leve do 3600 Series do Cisco Aironet
  • Suplicante wireless nativo de Microsoft Windows 7

As informações neste documento foram criadas a partir de dispositivos em um ambiente de laboratório específico. Todos os dispositivos utilizados neste documento foram iniciados com uma configuração (padrão) inicial. Se a sua rede estiver ativa, certifique-se de que entende o impacto potencial de qualquer comando.

Configurar

Nota: Use a Command Lookup Tool ( somente clientes registrados) para obter mais informações sobre os comandos usados nesta seção.

Diagrama de Rede

Esta ilustração indica o diagrama da rede:

Figura 1. diagrama da rede

Configuração WPA2-PSK com CLI

Este exemplo descreve o procedimento para usar o comando line interface(cli) a fim configurar a espião DHCP para os VLAN que são usados para clientes.

O VLAN20 é usado para clientes e o pool é configurado no mesmo WLC. O TenGigabitEthernet1/0/1 de Cisco 5700 WLC é conectado ao interruptor do uplink. Se o servidor DHCP é configurado no servidor além o WLC ou em um servidor de DHCP externo, você deve confiar a espião DHCP e retransmitir a informação.

ip device tracking
ip dhcp snooping vlan 12,20,30,40
ip dhcp snooping
!
ip dhcp pool vlan20
 network 20.20.20.0 255.255.255.0
 default-router 20.20.20.1

interface Vlan20
 ip address 20.20.20.1 255.255.255.0

interface TenGigabitEthernet1/0/1
 switchport trunk native vlan 12
 switchport mode trunk
 ip dhcp relay information trusted
 ip dhcp snooping trust

wlan wpa2psk 1 wpa2psk
 client vlan 20
 no security wpa akm dot1x
 security wpa akm psk set-key ascii 0 Cisco123
 no shutdown

Nota: Se sua configuração contém um espaço na senha PSK, a seguir use o formato “senha PSK”. O mesmo formato deve ser usado se você configura com o GUI igualmente.

Exemplo

security wpa akm psk set-key ascii 0 "Cisco 123"

Configuração WPA2-PSK com GUI

Termine estas etapas a fim configurar um WPA2 PSK no WLC GUI:

  1. Navegue à configuração > ao Sem fio > ao WLAN > aos WLAN, e crie um WLAN novo:



  2. Permita o WPA2, e trace-o à interface desejada:



  3. Clique a ABA de segurança, verifique a caixa de seleção da política WPA2, e selecione o AES como a criptografia WPA2. Na lista de drop-down de Mgmt da chave do AUTH, selecione o PSK. Incorpore o PSK que o cliente usará a fim conectar:

Configuração da autenticação aberta com CLI

Este é um exemplo de como usar o CLI a fim configurar a espião DHCP para os VLAN que estão sendo usados para clientes; neste exemplo, o VLAN20 é usado para clientes. O pool é configurado no mesmo WLC.

TenGigabitEthernet1/0/1 dos 5760 WLC é conectado ao interruptor do uplink. Se você tem o servidor DHCP configurado no servidor além o WLC ou em um servidor de DHCP externo, você deve confiar a espião DHCP e retransmitir a informação.

ip device tracking
ip dhcp snooping vlan 12,20,30,40
ip dhcp snooping
!
ip dhcp pool vlan20
 network 20.20.20.0 255.255.255.0
 default-router 20.20.20.1

interface Vlan20
 ip address 20.20.20.1 255.255.255.0

interface TenGigabitEthernet1/0/1
 switchport trunk native vlan 12
 switchport mode trunk
 ip dhcp relay information trusted
 ip dhcp snooping trust

wlan open 5 open
 client vlan VLAN0020
 no security wpa
 no security wpa akm dot1x
 no security wpa wpa2
 no security wpa wpa2 ciphers aes
 session-timeout 1800
 no shutdown

Configuração da autenticação aberta com GUI

Este procedimento descreve como configurar a autenticação aberta no WLC GUI:

  1. Navegue à configuração > ao Sem fio > ao WLAN > aos WLAN, e crie um WLAN novo:



  2. Clique na guia Security. Sob a aba Layer2 e a aba Layer3, ajuste tudo a nenhuns. Este é um exemplo dos resultados da configuração:

Verificar

Use esta seção para confirmar se a sua configuração funciona corretamente.

Confirme que o cliente WPA2-PSK está conectado:

Confirme que o cliente está conectado à autenticação aberta:

Troubleshooting

Esta seção fornece informações que podem ser usadas para o troubleshooting da sua configuração.

Notas:

A ferramenta Output Interpreter (clientes registrados somente) apoia determinados comandos de exibição. Use a ferramenta Output Interpreter a fim ver uma análise do emissor de comando de execução.

Consulte Informações Importantes sobre Comandos de Depuração antes de usar comandos debug.

Este é um exemplo de saída de útil debuga e comandos trace:

debug client mac XXXX.XXXX.XXXX

Controller#sh debugging
Nova Platform:
    dot11/state debugging is on
    pem/events debugging is on
    client/mac-addr debugging is on
    dot11/detail debugging is on
    mac/ filters[string 0021.5c8c.c761] debugging is on
    dot11/error debugging is on
    dot11/mobile debugging is on
    pem/state debugging is on

set trace group-wireless-client filter mac XXXX.XXXX.XXXX
set trace wcm-dot1x event filter mac XXXX.XXXX.XXXX
set trace wcm-dot1x aaa filter mac XXXX.XXXX.XXXX
set trace aaa wireless events filter mac XXXX.XXXX.XXXX
set trace access-session core sm filter mac XXXX.XXXX.XXXX
set trace access-session method dot1x filter XXXX.XXXX.XXXX

*Sep  1 05:55:01.321: 0021.5C8C.C761 Association received from mobile on AP 
C8F9.F983.4260  1 wcm: i.D^Iw for client
*Sep  1 05:55:01.321: 0021.5C8C.C761 qos upstream policy is unknown and
downstream policy is unknown 1 wcm: r client
*Sep  1 05:55:01.321: 0021.5C8C.C761 apChanged 0 wlanChanged 1 mscb ipAddr
20.20.20.3, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: nJ^Iwy_status 0
attr len^G$8\227v^K
*Sep  1 05:55:01.321: 0021.5C8C.C761 Applying WLAN policy on MSCB. 1 wcm: 
ipAddr 20.20.20.3, apf RadiusOverride 0x0, numIPv6Addr=0
*Sep  1 05:55:01.321: 0021.5C8C.C761 Scheduling deletion of Mobile Station: 1
wcm:   (callerId: 50) in 1 seconds
*Sep  1 05:55:01.321: 0021.5C8C.C761 Disconnecting client due to switch of
WLANs from 6(wep) to 5(open) 1 wcm:
*Sep  1 05:55:02.193: 0021.5C8C.C761 apfMsExpireCallback (apf_ms.c: 1 wcm: 664)
Expiring Mobile!
*Sep  1 05:55:02.193: 0021.5C8C.C761 apfMsExpireMobileStation (apf_ms.c: 1 wcm:
6953) Changing state for mobile  0021.5C8C.C761  on AP  C8F9.F983.4260  from
Associated to Disassociated
*Sep  1 05:55:02.193: 0021.5C8C.C761 Sent Deauthenticate to mobile on BSSID 
C8F9.F983.4260  slot 1(caller apf_ms.c: 1 wcm: 7036)
*Sep  1 05:55:02.193: 0021.5C8C.C761 apfMsExpireMobileStation (apf_ms.c: 1 wcm:
7092) Changing state for mobile  0021.5C8C.C761  on AP  C8F9.F983.4260  from
Disassociated to Idle
*Sep  1 05:55:02.193:  0021.5C8C.C761  20.20.20.3 RUN (20) Deleted mobile LWAPP
rule on AP [ C8F9.F983.4260 ] 1 wcm: 5C8C.C761  on AP  C8F9.F983.4260  from
Disassociated to Idle
*Sep  1 05:55:02.193:  0021.5C8C.C761  20.20.20.3 RUN (20) FastSSID for the
client [ C8F9.F983.4260 ] NOTENABLED 1 wcm: C.C761  on AP  C8F9.F983.4260 
from Disassociated to Idle
*Sep  1 05:55:02.193: 0021.5C8C.C761 Incrementing the Reassociation Count 1 for
client (of interface VLAN0020) 1 wcm: D
*Sep  1 05:55:02.193: 0021.5C8C.C761 Clearing Address 20.20.20.3 on mobile  1
wcm: for client (of interface VLAN0020)
*Sep  1 05:55:02.193: PEM recv processing msg Del SCB(4)  1 wcm: 0.20.3 on
mobile
*Sep  1 05:55:02.193:  0021.5C8C.C761  20.20.20.3 RUN (20) Skipping TMP rule
add 1 wcm: lient (of interface VLAN0020)
*Sep  1 05:55:02.193:  0021.5C8C.C761  20.20.20.3 RUN (20) Change state to
DHCP_REQD (7) last state RUN (20) 1 wcm:
*Sep  1 05:55:02.193: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0x8959800000004a, bssid
C8F9.F983.4260
*Sep  1 05:55:02.193: 0021.5C8C.C761 WCDB_AUTH: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.193: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Suppressing SPI
(client pending deletion) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep  1 05:55:02.193: 0021.5C8C.C761 Sending SPI spi_epm_epm_terminate_session
successfull 1 wcm:  pemstate 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep  1 05:55:02.194: 0021.5C8C.C761 Sending SPI spi_epm_epm_terminate_session
successfull 1 wcm:  pemstate 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep  1 05:55:02.194: 0021.5C8C.C761 Deleting wireless client; Reason code 0,
Preset 1, AAA cause 1 1 wcm:  7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep  1 05:55:02.194: 0021.5C8C.C761 WCDB_DEL: 1 wcm:  Successfully sent
*Sep  1 05:55:02.194: 0021.5C8C.C761  Expiring mobile state delete 1 wcm: on
code 0, Preset 1, AAA cause 1
*Sep  1 05:55:02.194:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) Handling pemDelScb
Event skipping delete 1 wcm:  state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep  1 05:55:02.197: 0021.5C8C.C761 WCDB SPI response msg handler client code
1 mob state 1 1 wcm: g delete
*Sep  1 05:55:02.197: 0021.5C8C.C761 apfProcessWcdbClientDelete: 1 wcm:  Delete
ACK from WCDB.
*Sep  1 05:55:02.197: 0021.5C8C.C761 WCDB_DELACK: 1 wcm:  wcdbAckRecvdFlag
updated
*Sep  1 05:55:02.197: 0021.5C8C.C761 WCDB_DELACK: 1 wcm:  Client IIF Id dealloc
SUCCESS w/ 0xac70800000004b.
*Sep  1 05:55:02.197: 0021.5C8C.C761 Invoked platform delete and cleared handle
1 wcm: w/ 0xac70800000004b.
*Sep  1 05:55:02.197: 0021.5C8C.C761 Deleting mobile on AP  C8F9.F983.4260 (1)
1 wcm: w/ 0xac70800000004b.
*Sep  1 05:55:02.197: 0021.5C8C.C761 Unlinked and freed mscb 1 wcm:
8F9.F983.4260 (1)
*Sep  1 05:55:02.197: WCDB_IIF: 1 wcm:  Ack Message ID: 0xac70800000004b code
1003
*Sep  1 05:55:02.379: 0021.5C8C.C761 Adding mobile on LWAPP AP  C8F9.F983.4260
(1)  1 wcm: xac7080000.D^Iwb.
*Sep  1 05:55:02.379: 0021.5C8C.C761  Creating WL station entry for client - 
rc 0 1 wcm:
*Sep  1 05:55:02.379: 0021.5C8C.C761 Association received from mobile on AP 
C8F9.F983.4260  1 wcm: 0.D^Iwb.
*Sep  1 05:55:02.379: 0021.5C8C.C761 qos upstream policy is unknown and
downstream policy is unknown 1 wcm:
*Sep  1 05:55:02.379: 0021.5C8C.C761 apChanged 0 wlanChanged 0 mscb ipAddr
0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: \2105HnJ^Iwlient_id
0xac708000^G$8\227v^K
*Sep  1 05:55:02.379: 0021.5C8C.C761 Applying WLAN policy on MSCB. 1 wcm: 
ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
*Sep  1 05:55:02.379: 0021.5C8C.C761 Applying WLAN ACL policies to client 1
wcm:  0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
*Sep  1 05:55:02.379: 0021.5C8C.C761 No Interface ACL used for Wireless client
in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
*Sep  1 05:55:02.379: 0021.5C8C.C761 Applying site-specific IPv6 override for
station  0021.5C8C.C761  - vapId 5, site 'default-group', interface
'VLAN0020' 1 wcm:
*Sep  1 05:55:02.379: 0021.5C8C.C761 Applying local bridging Interface Policy
for station  0021.5C8C.C761  - vlan 20, interface 'VLAN0020' 1 wcm: erface
'VLAN0020'
*Sep  1 05:55:02.379: 0021.5C8C.C761 STA - rates (8): 1 wcm: 
140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*Sep  1 05:55:02.379: 0021.5C8C.C761 new capwap_wtp_iif_id b6818000000038,
sm capwap_wtp_iif_id 0 1 wcm: 8C.C761  - vlan 20, interface 'VLAN0020'
*Sep  1 05:55:02.379: 0021.5C8C.C761 WCDB_ADD: 1 wcm:  Radio IIFID
0xbfcdc00000003a, BSSID IIF Id 0xbb30c000000046, COS 4
*Sep  1 05:55:02.379: Load Balancer: 1 wcm:  Success, Resource allocated are:
Active Switch number: 1, Active Asic number : 0, Reserve Switch number 0
Reserve Asic number 0. AP Asic num 0
*Sep  1 05:55:02.379: 0021.5C8C.C761 WCDB_ADD: 1 wcm:  Anchor Sw  1, Doppler 0
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_ALLOCATE: 1 wcm:  Client IIF Id alloc
SUCCESS w/ client 8e7bc00000004d (state 0).
*Sep  1 05:55:02.380: 0021.5C8C.C761 iifid Clearing Ack flag 1 wcm: F Id alloc
SUCCESS w/ client 8e7bc00000004d (state 0).
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm:  Cleaering Ack flag
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm:  ssid open bssid
C8F9.F983.4260 vlan 20 auth=ASSOCIATION(0) wlan(ap-group/global) 5/5
client 0 assoc 1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src
0xb6818000000038 dst 0x0 cid 0x8e7bc00000004d glob rsc id 14dhcpsrv 
0.0.0.0  ty
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm:  mscb iifid
0x8e7bc00000004d msinfo iifid 0x0
*Sep  1 05:55:02.380:  0021.5C8C.C761  0.0.0.0 START (0) Initializing policy 1
wcm: info iifid 0x0
*Sep  1 05:55:02.380:  0021.5C8C.C761  0.0.0.0 START (0) Change state to
AUTHCHECK (2) last state AUTHCHECK (2) 1 wcm: -group/global) 5/5 client 0
assoc 1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src 0xb6818000000038
dst 0x0 cid 0x8e7bc00000004d glob rsc id 14dhcpsrv  0.0.0.0  ty
*Sep  1 05:55:02.380:  0021.5C8C.C761  0.0.0.0 AUTHCHECK (2) Change state to
L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4) 1 wcm:  5/5 client 0 assoc
1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src 0xb6818000000038 dst 0x0
cid 0x8e7bc00000004d glob rsc id 14dhcpsrv  0.0.0.0 ty
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_AUTH: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_LLM: 1 wcm:  NoRun Prev Mob 0, Curr
Mob 0 llmReq 1, return False
*Sep  1 05:55:02.380: 0021.5C8C.C761 auth state 1 mob state 0 setWme 0 wme 1
roam_sent 0 1 wcm: rn False
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  auth=L2_AUTH(1) vlan
20 radio 1 client_id 0x8e7bc00000004d mobility=Unassoc(0) src_int
0xb6818000000038 dst_int 0x0 ackflag 0 reassoc_client 0 llm_notif 0 ip 
0.0.0.0 ip_learn_type UNKNOWN
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  In L2 auth but l2ack
waiting lfag not set,so set
*Sep  1 05:55:02.380:  0021.5C8C.C761  0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not
required on AP  C8F9.F983.4260  vapId 5 apVapId 5for this client 1 wcm:
6818000000038 dst_int 0x0 ackflag 0 reassoc_client 0 llm_notif 0 i$=6v.0.0.0
it^_Dv^\7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^ r^D6H>&5v^D6Ht^M^Lw^\7H8^ r
*Sep  1 05:55:02.380: WCDB_IIF: 1 wcm:  Ack Message ID: 0x8e7bc00000004d code
1001
*Sep  1 05:55:02.380: 0021.5C8C.C761 Not Using WMM Compliance code qosCap 00 1
wcm: quired on AP  C8F9.F983.4260  vapId 5 apVapId 5for this client
*Sep  1 05:55:02.380:  0021.5C8C.C761  0.0.0.0 L2AUTHCOMPLETE (4) Plumbed
mobile LWAPP rule on AP  C8F9.F983.4260  vapId 5 apVapId 5 1 wcm: client
*Sep  1 05:55:02.380:  0021.5C8C.C761  0.0.0.0 L2AUTHCOMPLETE (4) Change state
to DHCP_REQD (7) last state DHCP_REQD (7) 1 wcm:  apVapId 5
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_AUTH: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Suppressing SPI
(Mobility state not known) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Unassoc(0) ackflag 1 dropd 0
*Sep  1 05:55:02.380: 0021.5C8C.C761 Incrementing the Reassociation Count 1 for
client (of interface VLAN0020) 1 wcm: EARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Unassoc(0) ackflag 1 dropd 0
*Sep  1 05:55:02.380: 0021.5C8C.C761 apfPemAddUser2 (apf_policy.c: 1 wcm: 161)
Changing state for mobile  0021.5C8C.C761  on AP  C8F9.F983.4260  from Idle
to Associated
*Sep  1 05:55:02.380: 0021.5C8C.C761 Scheduling deletion of Mobile Station: 1
wcm:   (callerId: 49) in 1800 seconds
*Sep  1 05:55:02.380: 0021.5C8C.C761 Ms Timeout = 1800, Session Timeout = 1800
1 wcm: llerId: 49) in 1800 seconds
*Sep  1 05:55:02.381: 0021.5C8C.C761 Sending Assoc Response to station on BSSID
C8F9.F983.4260  (status 0) ApVapId 5 Slot 1 1 wcm: .F983.4260  from Idle to
Associated
*Sep  1 05:55:02.381: 0021.5C8C.C761 apfProcessAssocReq (apf_80211.c: 1 wcm:
5260) Changing state for mobile  0021.5C8C.C761  on AP  C8F9.F983.4260 
from Associated to Associated
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) pemAdvanceState2:
1 wcm:  MOBILITY-INCOMPLETE with state 7.
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) pemAdvanceState2:
1 wcm:  MOBILITY-INCOMPLETE with state 7.
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) pemAdvanceState2:
1 wcm:  MOBILITY-COMPLETE with state 7.
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) State Update from
Mobility-Incomplete to Mobility-Complete, mobility role=Local, client
state=APF_MS_STATE_ASSOCIATED 1 wcm:  1 dropd 0
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) pemAdvanceState2
3611, Adding TMP rule 1 wcm: o Mobility-Complete, mobility role=Local,
client state=APF_MS_STATE_ASSOCIATED
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) Adding Fast Path
rule on AP  C8F9.F983.4260 , slot 1 802.1P = 0 1 wcm: role=Local, client
state=APF_MS_STATE_ASSOCIATED
*Sep  1 05:55:02.381:  0021.5C8C.C761  0.0.0.0 DHCP_REQD (7) Successfully
plumbed mobile rule  1 wcm: F9.F983.4260 , slot 1 802.1P = 0^M
*Sep  1 05:55:02.381: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep  1 05:55:02.381: 0021.5C8C.C761 WCDB_AUTH: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.381: 0021.5C8C.C761 WCDB_LLM: 1 wcm:  NoRun Prev Mob 0, Curr
Mob 1 llmReq 1, return False
*Sep  1 05:55:02.381: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Suppressing SPI (ACK
message not recvd) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep  1 05:55:02.381: 0021.5C8C.C761 Error updating wcdb on mobility complete 
1 wcm: not recvd) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep  1 05:55:02.381: PEM recv processing msg Epm spi response(12)  1 wcm: 
complete
*Sep  1 05:55:02.381: 0021.5C8C.C761 aaa attribute list length is 79 1 wcm:
complete
*Sep  1 05:55:02.381: 0021.5C8C.C761 Sending SPI spi_epm_epm_session_create
successfull 1 wcm: ) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep  1 05:55:02.381: PEM recv processing msg Add SCB(3)  1 wcm:
pm_session_create successfull
*Sep  1 05:55:02.381: 0021.5C8C.C761 0.0.0.0, auth_state 7 mmRole Local !!! 1
wcm: successfull
*Sep  1 05:55:02.381: 0021.5C8C.C761 0.0.0.0, auth_state 7 mmRole Local,
updating wcdb not needed 1 wcm:  7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep  1 05:55:02.381: 0021.5C8C.C761 Tclas Plumb needed: 1 wcm:  0
*Sep  1 05:55:02.384: EPM: 1 wcm:  Session create resp - client handle
8e7bc00000004d session b8000020
*Sep  1 05:55:02.384: EPM: 1 wcm:  Netflow session create resp - client handle
8e7bc00000004d sess b8000020
*Sep  1 05:55:02.384: PEM recv processing msg Epm spi response(12)  1 wcm:
le 8e7bc00000004d sess b8000020
*Sep  1 05:55:02.384: 0021.5C8C.C761 Received session_create_response for
client handle 40105511256850509 1 wcm:  LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep  1 05:55:02.384: 0021.5C8C.C761 Received session_create_response with EPM
session handle 3087007776 1 wcm:
*Sep  1 05:55:02.384: 0021.5C8C.C761 Send request to EPM 1 wcm: ate_response
with EPM session handle 3087007776
*Sep  1 05:55:02.384: 0021.5C8C.C761 aaa attribute list length is 5 1 wcm: e
with EPM session handle 3087007776
*Sep  1 05:55:02.384: 0021.5C8C.C761 Sending Activate request for session
handle 3087007776 successful 1 wcm: 6
*Sep  1 05:55:02.384: 0021.5C8C.C761 Post-auth policy request sent! Now wait
for post-auth policy ACK from EPM 1 wcm: N_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep  1 05:55:02.384: 0021.5C8C.C761 WCDB SPI response msg handler client code
0 mob state 0 1 wcm: licy ACK from EPM
*Sep  1 05:55:02.384: 0021.5C8C.C761 WcdbClientUpdate: 1 wcm:  L2 Auth ACK from
WCDB
*Sep  1 05:55:02.384: 0021.5C8C.C761 WCDB_L2ACK: 1 wcm:  wcdbAckRecvdFlag
updated
*Sep  1 05:55:02.384: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep  1 05:55:02.384: 0021.5C8C.C761 WCDB_AUTH: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.384: 0021.5C8C.C761 WCDB_LLM: 1 wcm:  NoRun Prev Mob 0, Curr
Mob 1 llmReq 1, return False
*Sep  1 05:55:02.385: 0021.5C8C.C761 auth state 2 mob state 1 setWme 0 wme 1
roam_sent 0 1 wcm: rn False
*Sep  1 05:55:02.385: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  auth=LEARN_IP(2) vlan
20 radio 1 client_id 0x8e7bc00000004d mobility=Local(1) src_int
0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip 
0.0.0.0 ip_learn_type UNKNOWN
*Sep  1 05:55:02.385: EPM: 1 wcm:  Init feature, client handle 8e7bc00000004d
session b8000020 authz ec00000e
*Sep  1 05:55:02.385: EPM: 1 wcm:  Activate feature client handle
8e7bc00000004d sess b8000020 authz ec00000e
*Sep  1 05:55:02.385: PEM recv processing msg Epm spi response(12)  1 wcm: 004d
sess b8000020 authz ec00000e
*Sep  1 05:55:02.385: 0021.5C8C.C761 Received activate_features_resp for client
handle 40105511256850509 1 wcm: 004d mobility=Local(1) src_int
0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0
ip$=6v0.0.0 ipt^_Dv^\7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^
r^D6H>&5v^D6Ht^M^Lw^\7H8^ r
*Sep  1 05:55:02.385: 0021.5C8C.C761 Received activate_features_resp for EPM
session handle 3087007776 1 wcm: 9
*Sep  1 05:55:02.385: EPM: 1 wcm:  Policy enforcement -  client handle
8e7bc00000004d session 2800000e authz ec00000e
*Sep  1 05:55:02.385: EPM: 1 wcm:  Netflow policy enforcement - client handle
8e7bc00000004d sess 2800000e authz ec00000e msg_type 0 policy_status 0 attr
len 0
*Sep  1 05:55:02.385: PEM recv processing msg Epm spi response(12)  1 wcm: e
8e7bc00000004d sess 2800000e authz ec00000e msg_type 0 policy_status 0 attr
len 0
*Sep  1 05:55:02.385: 0021.5C8C.C761 Received policy_enforcement_response for
client handle 40105511256850509 1 wcm: 00e msg_type 0 policy_status 0 attr
len 0
*Sep  1 05:55:02.385: 0021.5C8C.C761 Received policy_enforcement_response for
EPM session handle 671088654 1 wcm: 09
*Sep  1 05:55:02.385: 0021.5C8C.C761 Received response for
_EPM_SPI_ACTIVATE_FEATURES request sent for client 1 wcm: 00e msg_type 0
policy_status 0 attr len 0
*Sep  1 05:55:02.385: 0021.5C8C.C761 Received _EPM_SPI_STATUS_SUCCESS for
request sent for client 1 wcm:  for client
*Sep  1 05:55:02.385: 0021.5C8C.C761 Post-auth policy ACK recvd from EPM, unset
flag on MSCB 1 wcm: ient
*Sep  1 05:55:02.400: 0021.5C8C.C761 WCDB_IP_BIND: 1 wcm:  w/ IPv4 20.20.20.3
ip_learn_type DHCP add_delete 1,options_length 0
*Sep  1 05:55:02.400: 0021.5C8C.C761 WcdbClientUpdate: 1 wcm:  IP Binding from
WCDB ip_learn_type 1, add_or_delete 1
*Sep  1 05:55:02.400: 0021.5C8C.C761 IPv4 Addr: 1 wcm:  20:20:20:3
*Sep  1 05:55:02.400: 0021.5C8C.C761 MS got the IP, resetting the Reassociation
Count 0 for client 1 wcm: _delete 1
*Sep  1 05:55:02.400:  0021.5C8C.C761  20.20.20.3 DHCP_REQD (7) Change state to
RUN (20) last state RUN (20) 1 wcm: length 0
*Sep  1 05:55:02.400: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep  1 05:55:02.400: 0021.5C8C.C761 WCDB_AUTH: 1 wcm:  Adding opt82 len 0
*Sep  1 05:55:02.401: 0021.5C8C.C761 WCDB_LLM: 1 wcm:  prev Mob state 1 curr
Mob State 1 llReq flag 0
*Sep  1 05:55:02.401: 0021.5C8C.C761 auth state 4 mob state 1 setWme 0 wme 1
roam_sent 0 1 wcm: g 0
*Sep  1 05:55:02.401: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm:  auth=RUN(4) vlan 20
radio 1 client_id 0x8e7bc00000004d mobility=Local(1) src_int
0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip 
20.20.20.3 ip_learn_type DHCP
*Sep  1 05:55:02.401:  0021.5C8C.C761  20.20.20.3 RUN (20) Reached
PLUMBFASTPATH: 1 wcm:  from line 4430
*Sep  1 05:55:02.401:  0021.5C8C.C761  20.20.20.3 RUN (20) Replacing Fast Path
rule on AP  C8F9.F983.4260 , slot 1 802.1P = 0
 1 wcm: 0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip
20.$=6v0.3 ip_lt^_Dv^\7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^
r^D6H>&5v^D6Ht^M^Lw^\7H8^ r
*Sep  1 05:55:02.401:  0021.5C8C.C761  20.20.20.3 RUN (20) Successfully plumbed
mobile rule  1 wcm:  C8F9.F983.4260 , slot 1 802.1P = 0^M
*Sep  1 05:55:02.401: 0021.5C8C.C761
 Sending IPv4 update to Controller 10.105.135.176 1 wcm: e
*Sep  1 05:55:02.401: 0021.5C8C.C761 Assigning Address 20.20.20.3 to mobile  1
wcm: 05.135.176  
*Sep  1 05:55:02.401: PEM recv processing msg Add SCB(3)  1 wcm: 20.20.3 to
mobile
*Sep  1 05:55:02.401: 0021.5C8C.C761 20.20.20.3, auth_state 20 mmRole Local !!!
1 wcm: 135.176  
*Sep  1 05:55:02.401: 0021.5C8C.C761 20.20.20.3, auth_state 20 mmRole Local,
updating wcdb not needed 1 wcm: 3.4260 , slot 1 802.1P = 0^M
*Sep  1 05:55:02.401: 0021.5C8C.C761 Tclas Plumb needed: 1 wcm:  0
*Sep  1 05:55:20.083: 0021.5C8C.C761
Client stats update: 1 wcm:  Time now in sec 1378014920, Last Acct Msg Sent at
1378014902 sec


Document ID: 116880