Comprendere il flusso del traffico nella configurazione di una porta esterna tra 9800 WLC

Opzioni per il download

  • PDF     (7.2 MB)
    Visualizza con Adobe Reader su diversi dispositivi
Aggiornato:22 giugno 2026
ID documento:226071

Linguaggio senza pregiudizi

La documentazione per questo prodotto è stata redatta cercando di utilizzare un linguaggio senza pregiudizi. Ai fini di questa documentazione, per linguaggio senza di pregiudizi si intende un linguaggio che non implica discriminazioni basate su età, disabilità, genere, identità razziale, identità etnica, orientamento sessuale, status socioeconomico e intersezionalità. Le eventuali eccezioni possono dipendere dal linguaggio codificato nelle interfacce utente del software del prodotto, dal linguaggio utilizzato nella documentazione RFP o dal linguaggio utilizzato in prodotti di terze parti a cui si fa riferimento. Scopri di più sul modo in cui Cisco utilizza il linguaggio inclusivo.

Informazioni su questa traduzione

Cisco ha tradotto questo documento utilizzando una combinazione di tecnologie automatiche e umane per offrire ai nostri utenti in tutto il mondo contenuti di supporto nella propria lingua. Si noti che anche la migliore traduzione automatica non sarà mai accurata come quella fornita da un traduttore professionista. Cisco Systems, Inc. non si assume alcuna responsabilità per l’accuratezza di queste traduzioni e consiglia di consultare sempre il documento originale in inglese (disponibile al link fornito).

Sommario

Introduzione
Prerequisiti
Requisiti
Componenti usati
Panoramica sullo scenario di ancoraggio esterno
Topologia
WLAN con autenticazione di layer 2
Requisiti di configurazione
Flusso per SSID basato su ancoraggio esterno di livello 2
Analisi del flusso SSID di layer 2 nella configurazione dell'ancoraggio esterno tramite i log
Registri da controller esterno
Registri dal controller Anchor 9800
Stato client su controller esterno e ancoraggio
WLAN con autenticazione di layer 3
Autenticazione Web locale
Flusso per SSID autenticazione Web locale nell'installazione dell'ancoraggio esterno
Analisi del flusso SSID dell'autenticazione Web locale nell'impostazione dell'ancoraggio esterno tramite log
Registri da controller esterno
Registri da controller di ancoraggio
Stato client su controller esterno e ancoraggio
Autenticazione Web centrale
Flusso per SSID autenticazione Web centrale nell'impostazione dell'ancoraggio esterno
Analisi del flusso SSID Webauth centrale nella configurazione dell'ancoraggio esterno tramite i log
Registri da controller esterno
Registri da controller di ancoraggio
Stato client su controller esterno e ancoraggio
Autenticazione Web esterna
Flusso per SSID Webauth esterno nell'installazione di una porta esterna
Analisi del flusso SSID Webauth esterno nell'impostazione dell'ancoraggio esterno tramite i log
Registri da controller esterno
Registri da controller di ancoraggio
Stato client su controller esterno e ancoraggio
Bilanciamento del carico tra più controller di ancoraggio
Risoluzione dei problemi di connettività dei client nello scenario di ancoraggio esterno
Raccolta registri da controller esterno e ancoraggio
Informazioni correlate

Introduzione

Questo documento descrive il flusso del traffico nell'impostazione Foreign-Anchor tra i WLC di Cisco 9800, includendo l'onboarding e la risoluzione dei problemi dei client L2/L3.

Prerequisiti

Tunnel di mobilità tra controller esterno e ancoraggio.

Le porte UDP 1666 e 1667 sono consentite tra due WLC.

Profilo criteri configurato per la commutazione centrale.

Mobility Tunnel Status on Foreign WLC 1Stato tunnel Mobility su WLC esterno

Mobility Tunnel Status on Anchor WLC 2Stato tunnel mobilità su WLC ancorato

Requisiti

Cisco raccomanda la conoscenza dei seguenti argomenti:

  • Accesso ai controller wireless tramite interfaccia a riga di comando (CLI) o interfaccia grafica utente (GUI)
  • Mobilità sui Cisco Wireless LAN Controller (WLC)
  • 9800 Wireless Controller
  • Tracce radioattive e acquisizione di pacchetti su 9800 WLC

Componenti usati

Le informazioni fornite in questo documento si basano sulle seguenti versioni software e hardware:

  • 9800 modello WLC
  • Cisco IOS XE versione 17.15.5
  • Serie 9100 AP Model

Le informazioni discusse in questo documento fanno riferimento a dispositivi usati in uno specifico ambiente di emulazione. Su tutti i dispositivi menzionati nel documento la configurazione è stata ripristinata ai valori predefiniti. Se la rete è operativa, valutare attentamente eventuali conseguenze derivanti dall'uso dei comandi.

Panoramica sullo scenario di ancoraggio esterno

  • Controller esterno: Questo WLC gestisce il layer 2 o il lato wireless della rete. Ha dei punti di accesso connessi e tutto il traffico dei client per le WLAN ancorate viene incapsulato nel tunnel della mobilità e inviato al controller di ancoraggio. Il traffico non esiste localmente nel controller esterno.
  • Controller di ancoraggio: Questo serve come punto di uscita di livello 3. Riceve il traffico del client tramite il tunnel della mobilità dai controller esterni e decapsula o termina il traffico del client nel punto di uscita (VLAN). In questa posizione i client vengono visualizzati nella rete.

I punti di accesso sul WLC esterno trasmettono gli SSID WLAN e hanno un tag di policy assegnato che collega il profilo WLAN al profilo di policy appropriato. Quando un client wireless si connette a questo SSID, il controller esterno invia sia il nome SSID che il profilo dei criteri come parte delle informazioni client al WLC di ancoraggio. Al momento della ricezione, il WLC di ancoraggio controlla la propria configurazione in modo che corrisponda al nome dell'SSID e al nome del profilo dei criteri. Quando Anchor WLC trova una corrispondenza, applica la configurazione corrispondente e fornisce un punto di uscita per il client wireless. Pertanto, è obbligatorio che i nomi e le configurazioni del profilo della WLAN e delle policy corrispondano sui WLC esteri e ancorati alla WLC 9800, con l'eccezione della VLAN in Policy Profile.

Topologia

Foreign-Anchor Setup bewteen 9800 WLCConfigurazione di un'ancora esterna tra 9800 WLC

WLAN con autenticazione di layer 2

Requisiti di configurazione 

1. Verificare che il nome e la configurazione della WLAN siano identici sui WLC esterni e di ancoraggio e che sia configurata per l'autenticazione di layer 2 (PSK o 802.1x).
2. Creare un profilo criteri con lo stesso nome sui WLC esterni e ancorati con la stessa configurazione.
3. Sul WLC esterno, configurare il mapping del WLC di ancoraggio all'interno del rispettivo profilo criteri.
4. Sul WLC di ancoraggio, configurare il profilo dei criteri per designare il controller come ancoraggio di esportazione.
5. Sul WLC esterno, mappare la WLAN al profilo della policy appropriato utilizzando un codice di matricola.

Flusso per SSID basato su ancoraggio esterno di livello 2

1. Il client avvia una connessione al SSID trasmesso dal WLC esterno. Il WLC esterno esegue l'autenticazione di layer 2, convalidando le credenziali localmente o tramite un server AAA esterno, a seconda dei criteri di sicurezza configurati.
2. Una volta completata l'autenticazione, la sessione client viene ancorata al WLC di ancoraggio. Al client viene assegnato un indirizzo IP e viene eseguita la transizione allo stato RUN sul WLC di ancoraggio.
3. Una volta stabilita la sessione, tutto il traffico di dati dei client viene tunneling dal WLC esterno al WLC di ancoraggio, dove viene reindirizzato alla rete.

Layer 2 Foreign Anchor Based WLAN Flow DiagramDiagramma di flusso WLAN basata su ancoraggio esterno di layer 2

Analisi del flusso SSID di layer 2 nella configurazione dell'ancoraggio esterno tramite i log

In questa sezione viene illustrato il flusso della connettività del client di layer 2 tramite l'utilizzo di Traccia radioattiva (RSA Trace), di EPC (Embedded Packet Capture) e dello stato del client sui controller esterno e di ancoraggio.

Registri da controller esterno

Tracce radioattive

!! Client Association started !!
[client-orch-sm] Association received. BSSID BSSID-addr, WLAN DMZ_PSK, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_PSK_PP, Switching Central, Socket delay 0ms
[dot11] [17047] (info) MAC Client-MAC dot11 send association response. Sending assoc response of length 137 with resp_status_code 0, DOT11_STATUS DOT11_STATUS_SUCCESS
[dot11] [17047] (info) MAC Client-MAC DOT11 state transition S_DOT11_INIT -> S_DOT11_ASSOCIATED


!! Layer 2 Authentication started !!
[client-orch-state] Client state transition S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
[client-auth] L2 Authentication initiated. method PSK, Policy VLAN 31, AAA override = 0, NAC = 0
[client-keymgmt] EAP key M1 Sent successfully
[client-keymgmt] M2 Status EAP key M2 validation success
[client-keymgmt]EAP key M3 Sent successfully
[client-keymgmt] M4 Status EAP key M4 validation is successful

[client-keymgmt] EAP Key management successful. AKMPSK CipherCCMP WPA Version WPA2 >> !! client succesfully authenticated !!

!! Mobility Handoff !!

{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING

{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state

Acquisizione pacchetti

Il client invia una richiesta di associazione ed esegue l'autenticazione di layer 2, gestita dal controller esterno.

Client Association + Layer 2 Authentication TrafficAssociazione client + traffico di autenticazione di livello 2

 Viene attivato un handoff di mobilità tra i controller esteri e ancorati tramite la porta UDP 16667. Se un evento di mobilità ha esito positivo, lo stato del client passa a ESEGUI con un ruolo Esporta esterno.
Il controller esterno riceve il traffico DHCP del client tramite il tunnel CAPWAP e lo inoltra al controller di ancoraggio per un'ulteriore elaborazione.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelIl traffico DHCP client ricevuto sul controller esterno viene inoltrato al controller di ancoraggio tramite il tunnel della mobilità

Registri dal controller Anchor 9800

Tracce radioattive dall'ancoraggio

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored

!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete

{wncd_x_R0-0}{1} [avc-afc] [24229] (info) ReAnchor [client MAC Client-MAC] Client has Anchor role {wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state

Acquisizione pacchetto su ancoraggio

Dopo il passaggio della mobilità, il controller di ancoraggio riceve il traffico DHCP dal controller esterno tramite il tunnel della mobilità.
Al completamento del processo DORA, il client entra in stato RUN con un ruolo Export Anchor. Da questo punto in avanti, il controller di ancoraggio funge da punto di uscita per il traffico di dati del client.

Client DHCP Traffic on Anchor Controller Recieved from Foreign ControllerTraffico DHCP client su controller di ancoraggio ricevuto da controller esterno


Stato client su controller esterno e ancoraggio

Client State on ForeignStato client all'esterno  Client State on AnchorStato client su ancoraggio

Client Properties on ForeignProprietà client su esterno  Client Properties on AnchorProprietà client su ancoraggio

WLAN con autenticazione di layer 3

Autenticazione Web locale

Flusso per SSID autenticazione Web locale nell'installazione dell'ancoraggio esterno

1. Il client avvia una connessione al SSID annunciato dal WLC esterno.
2. Poiché non viene eseguita alcuna autenticazione di layer 2, il client viene immediatamente ancorato al WLC di ancoraggio. Il client entra in stato RUN sul WLC esterno, con il ruolo di mobilità designato come Esporta esterno.
3. Il client ottiene un indirizzo IP e viene reindirizzato a una pagina Web. Questo traffico viene gestito dal controller di ancoraggio.
4. Una volta completata l'autenticazione sul portale, il client passa allo stato RUN sul WLC di ancoraggio, con il ruolo di ancoraggio di esportazione.

Client Connectivity Flow Diagram for Local Webauth SSID in Foreign-Anchor SetupDiagramma di flusso della connettività client per SSID autenticazione Web locale in configurazione ancoraggio esterno

Analisi del flusso SSID dell'autenticazione Web locale nell'impostazione dell'ancoraggio esterno tramite log

In questa sezione viene illustrato il flusso della connettività client per l'SSID dell'autenticazione Web locale tramite la traccia radioattiva (RA Trace), l'EPC (Embedded Packet Capture) e lo stato del client sui controller esterno e di ancoraggio.

Registri da controller esterno

Tracce radioattive

!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_LWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_LWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING

{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS

!! L2 Auth : None !!
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS

!! Mobility Handoff Phase !!

{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN

!! Client AAA Traffic handling !!
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (10452) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (10452) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (10452) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_Foreign -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Guest1 username_len=6
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-pmtu] [18401]: (debug): Peer IP: Anchor-WLC-IP PMTU size is 1006 and calculated additional header length is 76
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (ipv4: Anchor-WLC-IP )
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [17047]: (info): [Client_MAC:capwap_90000003] SM Notified attribute Add/Update username Guest1
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa handoff ack successfully forwarded.

Acquisizione pacchetti

Il client invia una richiesta di associazione, che viene gestita dal controller esterno.

Client Association Phase with Foreign ControllerFase di associazione client con controller esterno

Viene attivato un handoff di mobilità tra i controller esteri e ancorati tramite la porta UDP 16667. Se un evento di mobilità ha esito positivo, lo stato del client passa a ESEGUI con un ruolo Esporta esterno.
Il controller esterno riceve il traffico DHCP del client tramite il tunnel CAPWAP e lo inoltra al controller di ancoraggio per un'ulteriore elaborazione.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelIl traffico DHCP client ricevuto sul controller esterno viene inoltrato al controller di ancoraggio tramite il tunnel della mobilità

Analogamente, il client invia lo stato della connettività di rete e il traffico di controllo dell'accesso alla pagina Web al WLC esterno tramite il tunnel CAPWAP; il WLC esterno lo inoltra al WLC di ancoraggio utilizzando il tunnel per la mobilità, dove il controller di ancoraggio intercetta o elabora il traffico.

Network Connectivity Status Check on Foreign ControllerControllo stato connettività di rete su controller esterno

Redirect URL Sent to ClientReindirizza URL inviato al client

Client Access to Local Webauth Page to Provide Authentication DetailsPagina Accesso client a autenticazione Web locale per fornire i dettagli di autenticazione

Registri da controller di ancoraggio

Tracce radioattive

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: IP-Adm-V4-Int-ACL-global, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored


!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP

!! Local Web Athentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication initiated. LWA 
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Remove IO ctx and close socket, id [1F000051]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Remove IO ctx and close socket, id [86000054]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 Remove IO ctx and close socket, id [4200004C]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52923/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/login.html?redirect=http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 10
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> LOGIN
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth login form, len 8137
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Remove IO ctx and close socket, id [1D000064]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53008/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Remove IO ctx and close socket, id [D1000066]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 Remove IO ctx and close socket, id [77000069]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53020/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53022/235 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]POST rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]get url: /login.html
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 4
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -1526718499,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:4000544] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list 1761615853,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-author] [24229]: (info): [CAAA:AUTHOR:4000544] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv4 intecept ACL via SVM, name IP-Adm-V4-Int-ACL-global, pri 50, IIF 0 
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Authc success from WebAuth, Auth event success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event APPLY_USER_PROFILE (14)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event RX_METHOD_AUTHC_SUCCESS (3)

{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Guest1
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-type 0 1 (0x1)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-service 0 16 (0x10)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : addr 0 0xa693ce2
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Guest1
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Guest1 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Applying IPv4 logout ACL via SVM, name: IP-Adm-V4-LOGOUT-ACL, priority: 51, IIF-ID: 0
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Applying Svc Templ IP-Adm-V4-LOGOUT-ACL (ML:NONE)
{wncd_x_R0-0}{1}: [epm] [24229]: (info): [Client_MAC:mobility_a0000001] Feature (EPM URL PLUG-IN) has been started (status Success)
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Response of epm is SYNC with return code Success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Activated (9) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [24229]: (ERR): authc policy update from SANet vlan 31
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Remove IO ctx and close socket, id [EC00006C]
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] SM will not send event Template Activated to PRE for 0x4000544
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [rog-proxy-capwap] [24229]: (debug): Managed client RUN state notification: Client_MAC
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Client has Anchor role
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Guest client detected. Skip it
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN State !!

Acquisizione pacchetti


Dopo il passaggio della mobilità, il controller di ancoraggio riceve il traffico DHCP dal controller esterno tramite il tunnel della mobilità. 

Client DHCP Traffic on Anchor Controller Received from Foreign ControllerTraffico DHCP client su controller di ancoraggio ricevuto da controller esterno

Il controller di ancoraggio riceve i controlli di connettività, le richieste di accesso alle pagine Web e i dettagli di autenticazione per continuare l'elaborazione.

Network Connectivity Status Check on Anchor ControllerControllo dello stato della connettività di rete sul controller di ancoraggio

Redirect URL Sent to ClientReindirizza URL inviato al client

Client Access to Local Webauth Page to Provide Authentication DetailsPagina Accesso client a autenticazione Web locale per fornire i dettagli di autenticazione

Una volta completata correttamente l'autenticazione Web locale, il client passa allo stato RUN con un ruolo di ancoraggio di esportazione. Da questo punto in avanti, il controller di ancoraggio funge da punto di uscita per il traffico di dati del client.

Stato client su controller esterno e ancoraggio

Client State on ForeignStato client all'esternoClient State on AnchorStato client su ancoraggio

Client Properties on ForeignProprietà client su esterno  Client Properties on AnchorProprietà client su ancoraggio

Autenticazione Web centrale

Flusso per SSID autenticazione Web centrale nell'impostazione dell'ancoraggio esterno

1. Il client invia una richiesta di associazione per il SSID trasmesso dal controller WLC (Foreign Wireless LAN Controller).
2. Il WLC esterno esegue il filtro MAC inviando una richiesta di accesso al server RADIUS. Il server RADIUS risponde con un comando Access-Accept, che include l'URL di reindirizzamento e l'elenco di controllo di accesso (ACL) necessari.
3. Il WLC esterno invia la risposta dell'associazione al client.
4. Il client è ancorato al WLC di ancoraggio. Il client entra nello stato RUN sul WLC esterno, con il ruolo mobility impostato su Export Foreign.
5. Il client ottiene un indirizzo IP. In questa fase, il WLC di ancoraggio gestisce il traffico di reindirizzamento, indirizzando il client al portale di autenticazione.
6. Una volta reindirizzato, il client comunica direttamente con il server RADIUS. Il traffico viene tunneling attraverso il WLC di ancoraggio verso il server RADIUS.
7. Il client immette le credenziali di autenticazione nel server RADIUS. Una volta completata l'autenticazione, il server RADIUS invia una richiesta di modifica dell'autorizzazione (CoA) al WLC esterno.
8. Il WLC esterno invia una risposta di CoA al server RADIUS. Il client passa allo stato RUN sul WLC di ancoraggio, con il ruolo impostato su Export Anchor.
9. Tutto il traffico client successivo viene tunneling dal WLC esterno al WLC di ancoraggio, dove esce dalla rete.

Client Connectivity Flow Diagram for Central Webauth SSID in Foreign-Anchor SetupDiagramma di flusso della connettività client per SSID autenticazione Web centrale in configurazione ancoraggio esterno

Analisi del flusso SSID Webauth centrale nella configurazione dell'ancoraggio esterno tramite i log

In questa sezione viene illustrato il flusso della connettività client per l'SSID di autenticazione Web centrale tramite la traccia radioattiva (RA Trace), l'EPC (Embedded Packet Capture) e lo stato del client sia sul controller esterno che sul controller di ancoraggio.

Registri da controller esterno

Tracce radioattive

!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_CWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_CWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING

!! MAC Authentication !!
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_MAB_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_MACAUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (note): MAC: Client_MAC MAB Authentication initiated. Policy VLAN 31, AAA override = 1, NAC = 1
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authc_list: DMZ_CWA_Authorization
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authz_list: Not present under wlan configuration
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_MAB_AUTH_START_RESP
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_MAB_AUTH_START_RESP -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_CONTINUE' on (Client_MAC)
{wncd_x_R0-0}{1}: [caaa-author] [17047]: (info): [CAAA:AUTHOR:a30003a6] NULL ATTR LIST

{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/245, len 370
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 14 user-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Password [2] 18 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Service-Type [6] 6 Call Check [10]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 service-type=Call Check
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Framed-MTU [12] 6 1485 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: EAP-Key-Name [102] 2 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=1E4F6B0A000003D247203276
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 18
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 12 method=mab
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 32
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 26 client-iif-id=3556776730
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-IP-Address [4] 6 10.107.79.30 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port [5] 6 141522 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Called-Station-Id [30] 27 called-station-id
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Calling-Station-Id [31] 19 client-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Airespace-WLAN-ID [1] 6 12 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Nas-Identifier [32] 16 ForeignSiteWLC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Received from id 1812/245 10.106.32.130:0, Access-Accept, len 383
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 37
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 31 url-redirect-acl=REDIRECT_ACL
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 191
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 185 url-redirect=https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation

{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB received an Access-Accept for (Client_MAC)
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC Processing MAB authentication result status: 0, CO_AUTH_STATUS_SUCCESS
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_MACAUTH_IN_PROGRESS -> S_CO_ASSOCIATING
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS >> Association Successful 
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_MAB_PENDING -> S_DOT11_ASSOCIATED
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS

!! Mobility Handoff !!

{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN state !!

!! Post Succesful Web authentication, Change of Authorization !!
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Processing CoA request under Command Handler ctx.
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Reauthenticate request (0x5d71d3ad10e8) for Client_MAC
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list -50323943,sm_ctx = 0x80806aad00, num_ipv6 = 1
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB re-authentication started for (Client_MAC)
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Context changing state from 'Authz Success' to 'Running'
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Method mab changing state from 'Authc Success' to 'Running'
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): radius coa proxy relay coa resp(wncd)
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): CoA Response Details
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << ssg-command-code 0 32 >>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << formatted-clid 0 Client_MAC>>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << error-cause 0 1 [Success]>>
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): server:10.107.79.30 cfg_saddr:10.107.79.30 udpport:51304 sport:0, tableid:0iden:2 rad_code:43 msg_auth_rcvd:TRUE coa_resp:ACK
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER] CoA response sent
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Identity preserved: MAC (Client_MAC), ip (0), audit_sid (1E4F6B0A000003D247203276), aaa_session_id (0)
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_REAUTHENTICATE' on (Client_MAC)
{smd_R0-0}{1}: [aaa-coa] [18867]: (info): ++++++ Received CoA response Attribute List ++++++
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS(00000000): Send CoA Ack Response to 10.106.32.130:51304 id 2, len 69
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: authenticator 
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Vendor, Cisco [26] 9
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: ssg-command-code [252] 3 ...
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Calling-Station-Id [31] 16 Client_MAC
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Dynamic-Author-Error-Cause[101] 6 Success [200]
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Message-Authenticator[80] 18 ...
{smd_R0-0}{1}: [aaa-pod] [18867]: (info): CoA response source port = 0, udpport = 51304, 
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list 1627397682,sm_ctx = 0x80806aad00, num_ipv6 = 1

Acquisizione pacchetti

Il client invia una richiesta di associazione ed esegue l'autenticazione MAC. Questo traffico viene gestito dal controller esterno.

Client Association Phase on Foreign Controller with Wireless MABFase associazione client su controller esterno con MAB wireless

Viene attivato un handoff di mobilità tra i controller esteri e ancorati tramite la porta UDP 16667. Se un evento di mobilità ha esito positivo, lo stato del client passa a ESEGUI con un ruolo Esporta esterno.

Il controller esterno riceve il traffico DHCP del client tramite il tunnel CAPWAP e lo inoltra al controller di ancoraggio per un'ulteriore elaborazione.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelIl traffico DHCP client ricevuto sul controller esterno viene inoltrato al controller di ancoraggio tramite il tunnel della mobilità

Analogamente, il client invia lo stato della connettività di rete e il traffico di controllo dell'accesso alla pagina Web al WLC esterno tramite il tunnel CAPWAP; il WLC esterno lo inoltra al WLC di ancoraggio utilizzando il tunnel per la mobilità, dove il controller di ancoraggio intercetta o elabora il traffico.

Network Connectivity Status Check on Foreign ControllerControllo stato connettività di rete su controller esterno

Redirect URL Sent to ClientReindirizza URL inviato al client

Client Access to Central Webauth Page to Provide Authentication DetailsAccesso client alla pagina WebAuth centrale per fornire i dettagli di autenticazione

Il controller esterno elabora la richiesta CoA dopo la riuscita autenticazione Web centrale.

Change of Authorization (COA) with Foreign ControllerCambio di autorizzazione (COA) con controller esterno

Registri da controller di ancoraggio

Tracce radioattive

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_PUSH_START_RESP -> S_AUTHIF_SESSION_PUSH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_SESSION_PUSH_PENDING -> S_AUTHIF_L2_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 1
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MACMMIF FSM transition: S_MA_INIT -> S_MA_ANCHORING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_ANCHOR_REQ_ASSOC_RCVD
{wncd_x_R0-0}{1}: [mm-client] [24229]: (info): MAC: Client_MACRoam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored

!! Central Web Authentication Applied !!

{wncd_x_R0-0}{1}: [webauth-dev] [24229]: (info): Central Webauth URL Redirect, Received a request to create a CWA session for a MAC [d0:37:45:88:25:52]
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]State Invalid State -> INIT
{wncd_x_R0-0}{1}: [epm-redirect] [24229]: (info): [0000.0000.0000:unknown] URL-Redirect = https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: method 0 2 [mab]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: clid-MAC-addr 0 Client_MAC
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: intf-id 0 2415919107 (0x90000003)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: username 0 D0-37-45-88-25-52
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: class 0 43 41 43 53 3a 31 45 34 46 36 42 30 41 30 30 30 30 30 33 44 32 34 37 32 30 33 32 37 36 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 31 38 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect-acl 0 REDIRECT_ACL
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect 0 https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a

!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.249 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.249 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP


!! Central Web Authentication !!

{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59495/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): Captive bypass: No parameter map associated. Falling on global parameter map
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Remove IO ctx and close socket, id [1200007E]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending export_anchor_rsp of XID (182425) to (ipv4: Foreign-WLC-IP )
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN

Acquisizione pacchetti

Dopo il passaggio della mobilità, il controller di ancoraggio riceve il traffico DHCP dal controller esterno tramite il tunnel della mobilità.

Client DHCP traffic on Anchor Controller Recieved from Foreign ControllerTraffico DHCP client su controller di ancoraggio ricevuto da controller esterno

Il controller di ancoraggio riceve i controlli di connettività, le richieste di accesso alle pagine Web e i dettagli di autenticazione per continuare l'elaborazione.

Network Connectivity Status Check on Anchor ControllerControllo dello stato della connettività di rete sul controller di ancoraggio

Redirect URL Sent to ClientReindirizza URL inviato al client

Client Access to Local Webauth page to Provide Authentication DetailsPagina Accesso client a autenticazione Web locale per fornire i dettagli di autenticazione

Quando l'autenticazione Web centrale ha esito positivo, viene attivato il processo di modifica dell'autorizzazione (CoA). Dopo un'operazione di CoA riuscita, il client passa allo stato RUN con un ruolo di ancoraggio di esportazione.

Stato client su controller esterno e ancoraggio

Client State on ForeignStato client all'esterno  Client State on AnchorStato client su ancoraggio

Client Properties on ForeignProprietà client su esterno  Client Properties on AnchorProprietà client su ancoraggio

Autenticazione Web esterna

Flusso per SSID Webauth esterno nell'installazione di una porta esterna

1. Il client avvia una connessione al SSID trasmesso dal WLC esterno.
2. Poiché non è richiesta l'autenticazione di layer 2, il client è ancorato al WLC di ancoraggio. Il client passa allo stato RUN sul WLC esterno, con il ruolo di mobilità designato come Esporta esterno.
3. Il client acquisisce un indirizzo IP. Il WLC di ancoraggio intercetta il traffico e reindirizza il client al portale del server Web esterno, come definito nei parametri di autenticazione Web.
4. Il client invia le credenziali di autenticazione tramite il portale. Queste credenziali vengono convalidate localmente sul WLC o tramite un server di autenticazione esterno, a seconda dei criteri di sicurezza configurati.
5. Una volta completata l'autenticazione, il client passa allo stato RUN sul WLC di ancoraggio, assumendo il ruolo di ancoraggio di esportazione.
6. Dopo aver completato l'autenticazione, tutto il traffico client successivo viene tunneling dal WLC esterno al WLC di ancoraggio, dove esce dalla rete.

Client Connectivity Flow Diagram for External Webauth SSID in Foreign-Anchor SetupDiagramma di flusso della connettività client per SSID Webauth esterno in configurazione ancoraggio esterno

Analisi del flusso SSID Webauth esterno nell'impostazione dell'ancoraggio esterno tramite i log

In questa sezione viene illustrato il flusso della connettività client per SSID di autenticazione Web esterna tramite la traccia radioattiva (RA Trace), l'EPC (Embedded Packet Capture) e lo stato del client sui controller esterno e di ancoraggio.

Registri da controller esterno

Tracce radioattive

!! Client Association Phase !!
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_EWA, Slot 1 AP AP-MAC, AP-NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_EWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS
{wncd_x_R0-1}{1}: [dot11] [17162]: (note): MAC: Client_MAC Association success. AID 1, Roaming = False, WGB = False, 11r = False, 11w = False Fast roam = False
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_ASSOCIATED

!! Layer 2 Authentication None !!
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-auth] [17162]: (note): MAC: Client_MAC L2 Authentication initiated. method WEBAUTH, Policy VLAN 31, AAA override = 0
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRES

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN

!! Client AAAA Traffic !!
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff base check is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_FOREIGN -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Test321 username_len=7
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (38840) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )

Acquisizione pacchetti

Il client invia una richiesta di associazione, che viene gestita dal controller esterno.

Client Association Phase with Foreign ControllerFase di associazione client con controller esterno

Viene attivato un handoff di mobilità tra i controller esteri e ancorati tramite la porta UDP 16667. Se un evento di mobilità ha esito positivo, lo stato del client passa a ESEGUI con un ruolo Esporta esterno.
Il controller esterno riceve il traffico DHCP del client tramite il tunnel CAPWAP e lo inoltra al controller di ancoraggio per un'ulteriore elaborazione.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelIl traffico DHCP client ricevuto sul controller esterno viene inoltrato al controller di ancoraggio tramite il tunnel della mobilità

Analogamente, il client invia lo stato della connettività di rete e il traffico di controllo dell'accesso alla pagina Web al WLC esterno tramite il tunnel CAPWAP; il WLC esterno lo inoltra al WLC di ancoraggio utilizzando il tunnel per la mobilità, dove il controller di ancoraggio intercetta o elabora il traffico.

Network Connectivity Status Check on Foreign ControllerControllo stato connettività di rete su controller esterno

Redirect URL Sent to ClientReindirizza URL inviato al client

Client Access to External Webauth Page to Provide Authentication DetailsAccesso client alla pagina WebAuth esterna per fornire i dettagli di autenticazione

Registri da controller di ancoraggio

Tracce radioattive

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: WA-v4-int-10.106.32.130-7, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored


!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.254 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.254 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP

!! External Web Authentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62441/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): RX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179 
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): TX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179 
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62480/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62481/239 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [192.0.2.1] url Login URL
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -654303708,sm_ctx = 0x80806adfc8, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:910007e3] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/3, len 418
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Calling-Station-Id [31] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=723C690A000007ED659D99E5
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Framed-IP-Address [8] 6 10.105.60.254 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 12 vlan-id=31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-IP-Address [4] 6 10.105.60.114 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port-Type [61] 6 Virtual [5]
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port [5] 6 0 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Called-Station-Id [30] 27 Called-Station-ID
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Airespace-WLAN-ID [1] 6 7 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Nas-Identifier [32] 12 DMZSiteWLC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Received from id 1812/3 10.106.32.130:0, Access-Accept, len 145
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation
{wncd_x_R0-0}{1}: [radius] [24229]: (info): Valid Response Packet, Free the identifier
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv4 intecept ACL via SVM, name WA-v4-int-10.106.32.130-7, pri 50, IIF 0 
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Test321
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : class 0 43 41 43 53 3a 37 32 33 43 36 39 30 41 30 30 30 30 30 37 45 44 36 35 39 44 39 39 45 35 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 34 34 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : Message-Authenticator 0 <hidden>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 d0 37 45 88 25 52 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Test321
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Test321 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Remove IO ctx and close socket, id [4400004C]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN

{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_ANCHOR -> S_MA_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MA_CO_AAA_HANDOFF_RCVD
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (0) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff base check is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [26021]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_ANCHOR_WAIT_AAA_HANDOFF_ACK -> S_MC_ANCHOR_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from ipv4: Foreign-WLC-IP

Acquisizione pacchetti

Dopo il passaggio della mobilità, il controller di ancoraggio riceve il traffico DHCP dal controller esterno tramite il tunnel della mobilità. 

Client DHCP Traffic on Anchor Controller Recieved from Foreign ControllerTraffico DHCP client su controller di ancoraggio ricevuto da controller esterno

Il controller di ancoraggio riceve i controlli di connettività, le richieste di accesso alle pagine Web e i dettagli di autenticazione per continuare l'elaborazione.

Network Connectivity Status Check on Anchor ControllerControllo dello stato della connettività di rete sul controller di ancoraggio

Redirect URL Sent to ClientReindirizza URL inviato al client

Il client invia le credenziali di autenticazione tramite il portale. Queste credenziali vengono convalidate localmente sul WLC o tramite un server di autenticazione esterno, a seconda dei criteri di sicurezza configurati.

Client Access to External Webauth Page to Provide Authentication DetailsAccesso client alla pagina WebAuth esterna per fornire i dettagli di autenticazione

Stato client su controller esterno e ancoraggio

Client State on ForeignStato client all'esternoClient State on AnchorStato client su ancoraggio

Client Properties on ForeignProprietà client su esternoClient Properties on AnchorProprietà client su ancoraggio

Bilanciamento del carico tra più controller di ancoraggio

Quando si esegue il mapping di più controller di ancoraggio a una singola WLAN, la distribuzione del traffico dipende dalla priorità. È possibile configurare tre livelli di priorità: Principale, Secondario e Terziario. La funzione di priorità di ancoraggio guest fornisce un meccanismo per la distribuzione del carico attivo/standby tra i controller di ancoraggio. Ciò si ottiene assegnando una priorità fissa a ciascun controller di ancoraggio: il carico viene distribuito al controller con la priorità più alta e in modo round robin tra i controller che condividono lo stesso valore di priorità.

Mapping Anchor PriorityMappatura della priorità di ancoraggio

note-icon

Nota: Per impostazione predefinita, il terziario di priorità viene configurato durante il mapping del controller di ancoraggio sul controller esterno.

Risoluzione dei problemi di connettività dei client nello scenario di ancoraggio esterno

  1. Problemi di caricamento client
    1. Stato tunnel: Verificare che il tunnel di mobilità tra i controller esterni e di ancoraggio rimanga attivo.
    2. Configurazione non corrispondente: Verificare la parità di configurazione tra entrambi i controller. Le discrepanze nei nomi delle WLAN, nei nomi dei profili delle policy o nelle impostazioni avanzate, ad esempio l'override AAA, i requisiti DHCP IPv4 e il NAC, possono causare errori di mancata corrispondenza dei profili o di rifiuto di ancoraggio.
    3. Altro: Se il tunnel è attivo senza problemi di configurazione, l'approccio per la risoluzione dei problemi è simile al normale problema di connettività dei client e consente di controllare il rispettivo controller che gestisce il traffico interessato.

  2. Connettività intermittente
    1. Tunnel Flap: Se i pacchetti keepalive tra i due controller non arrivano, il tunnel si blocca, impedendo al client di mantenere una connessione con l'SSID.
    2. Larghezza di banda bassa: Se la PMTU (Path MTU) tra peer mobili scende a un valore inferiore (576), le prestazioni dei client diminuiscono. Questo si verifica in genere quando i messaggi keepalive mtu del percorso non vengono visualizzati tra entrambi i peer mobilità
      note-icon

      Nota: Il controller con l'indirizzo MAC con mobilità inferiore avvia sia i messaggi keepalive standard che i messaggi keepalive MTU percorso.

  3. Problemi specifici di accesso al sito Web
    1. Le intestazioni del traffico di mobilità includono gli identificatori dei gruppi di mobilità, gli indirizzi MAC, gli indirizzi IP e i pacchetti DTLS CAPWAP crittografati scambiati sulle porte UDP 1666 e 1667. Questo sovraccarico si aggiunge all'intestazione CAPWAP esistente. Nel caso del traffico TCP, dopo la regolazione del valore TCP MSS configurato per il punto di accesso, se le dimensioni del pacchetto superano la PMTU di mobilità (massimo 1385 byte) a causa di questo sovraccarico aggiuntivo, si verifica la frammentazione. Mentre la frammentazione è in genere gestita dalla rete, si verificano problemi se i pacchetti arrivano fuori servizio o in ritardo. Queste condizioni influiscono sul riassemblaggio dei pacchetti e determinano errori di accessibilità dei dati per siti Web specifici.

Raccolta registri da controller esterno e ancoraggio

  1. Abilitare il timestamp del prompt di esecuzione dei termini per avere un riferimento temporale per tutti i comandi.
  2. Utilizzare show tech-support wireless !! per rivedere la configurazione.
  3. È possibile controllare lo stato del tunnel per la mobilità e visualizzare il riepilogo della mobilità wireless.
  4. Le statistiche per Mobility Peer che includono lo stato del collegamento, i dati e gli eventi del client, le statistiche keep-alive mostrano l'ip peer mobilità wireless <IP>
  5. Abilitare la traccia radioattiva per l'indirizzo IP/MAC del peer mobilità e l'indirizzo MAC del client.

    Via CLI:


    debug {MAC wireless | ip} {aaaa.bbbb.ccc | x.x.x.x } {tempo-monitor} {N secondi} !! L'impostazione della durata consente di attivare le tracce per un massimo di 24 giorni.

    nessun {MAC} wireless di debug | ip} {aaaa.bbbb.ccc | x.x.x!! Per disattivare il debug

    WLC genera un file di traccia di debug con Client_info, comando per controllare se il file di traccia di debug è stato generato con dir bootflash: | esegui il debug!!

    warning-icon

    Avviso: Il debug condizionale abilita la registrazione a livello di debug che a sua volta aumenta il volume dei log generati. Se si lascia attiva questa opzione, si riduce il tempo di visualizzazione dei log. Si consiglia pertanto di disattivare sempre il debug al termine della sessione di risoluzione dei problemi.

  6. Per disabilitare tutte le operazioni di debug, eseguire i seguenti comandi:

    # cancellazione di tutte le condizioni della piattaforma !!

    # undebug all !!
    Tramite GUI:



    Passaggio 1. Passare a Risoluzione dei problemi > Traccia radioattiva.

    Passaggio 2. Fare clic su Add (Aggiungi) e immettere un indirizzo MAC/IP Mobility Peer o un indirizzo MAC client che si desidera risolvere.
    Passaggio 3. Quando si è pronti per avviare il rilevamento radioattivo, fare clic su Start (Avvia). Una volta avviato, il log di debug viene scritto su disco in relazione a qualsiasi elaborazione del control plane correlata agli indirizzi MAC tracciati.
    Passaggio 4. Quando si riproduce il problema che si desidera risolvere, fare clic su Stop.
    Passaggio 5. Per ogni indirizzo MAC sottoposto a debug, è possibile generare un file di log che fascicola tutti i log relativi a tale indirizzo MAC facendo clic su Genera.
    Passaggio 6. Scegliere il periodo di tempo che deve trascorrere prima che il file di log fascicolato venga completato e fare clic su Applica al dispositivo.
    Passaggio 7. È ora possibile scaricare il file facendo clic sull'icona piccola accanto al nome del file. Questo file è presente nell'unità flash di avvio del controller e può anche essere copiato dalla CLI.

  7. Acquisizioni incorporate 



Via CLI:
cattura monitor MYCAP cancellata!!
il monitor acquisisce l'interfaccia MYCAP Po1!!
monitoraggio acquisizione buffer MYCAP dimensione 100 !!
monitor capture MYCAP match access-list name !! (se si tiene traccia del traffico del tunnel di mobilità tra WLC)
monitor capture MYCAP match any/ipv4/ipv6.MAC !!
avvio cattura MYCAP!!
!!Riproduci
cattura monitor MYCAP stop
acquisizione del monitor flash di esportazione MYCAP:|tftp:|http:.../filename.pcap



Tramite GUI:


Passaggio 1. Passare a Risoluzione dei problemi > Acquisizione pacchetti > +Aggiungi.
Passaggio 2. Definire il nome dell'acquisizione del pacchetto. È consentito un massimo di 8 caratteri.
Passaggio 3. Definire gli eventuali filtri.
Passaggio 4. Selezionare la casella per monitorare il traffico di controllo se si desidera visualizzare il traffico puntato alla CPU del sistema e inserito nuovamente nel piano dati.
Passaggio 5. Definire le dimensioni del buffer. È consentito un massimo di 100 MB.
Passaggio 6. Definire il limite, in base alla durata, per un intervallo da 1 a 1000000 secondi, o in base al numero di pacchetti, per un intervallo da 1 a 100000 pacchetti, in base alle esigenze.
Passaggio 7. Scegliere l'interfaccia dall'elenco di interfacce nella colonna sinistra e selezionare la freccia per spostarla nella colonna destra.
Passaggio 8. Fare clic su Save and Apply to Device (Salva e applica al dispositivo).
Passaggio 9. Per avviare l'acquisizione, selezionare Start.
Passaggio 10. È possibile eseguire l'acquisizione fino al limite definito. Per interrompere manualmente la cattura, selezionare Interrompi.
Passaggio 11. Una volta arrestato, diventa disponibile un pulsante Esporta con l'opzione di scaricare il file di acquisizione (.pcap) sul desktop locale tramite server HTTP o TFTP o server FTP o disco rigido o flash del sistema locale.

Informazioni correlate

Configurazione delle topologie di mobilità sui WLC di Catalyst 9800

Configurazione della funzione WLAN Anchor Mobility su Catalyst 9800

Documentazione e supporto tecnico – Cisco Systems

Cronologia delle revisioni

Revisione Data di pubblicazione Commenti
1.0
22-Jun-2026
Versione iniziale
TAC Authored

Contributo dei tecnici Cisco

  • Shalini Choubey
    Tecnico di consulenza

Questo documento ti è stato utile?

FeedbackFeedback

Contattaci

Questo documento si applica a questi prodotti