Verkeersstroom in buitenlandse ankeropstelling tussen 9800 WLC begrijpen

Downloadopties

  • PDF     (7.2 MB)
    Met Adobe Reader op diverse apparaten bekijken
Bijgewerkt:22 juni 2026
Document-id:226071

Inclusief taalgebruik

De documentatie van dit product is waar mogelijk geschreven met inclusief taalgebruik. Inclusief taalgebruik wordt in deze documentatie gedefinieerd als taal die geen discriminatie op basis van leeftijd, handicap, gender, etniciteit, seksuele oriëntatie, sociaaleconomische status of combinaties hiervan weerspiegelt. In deze documentatie kunnen uitzonderingen voorkomen vanwege bewoordingen die in de gebruikersinterfaces van de productsoftware zijn gecodeerd, die op het taalgebruik in de RFP-documentatie zijn gebaseerd of die worden gebruikt in een product van een externe partij waarnaar wordt verwezen. Lees meer over hoe Cisco gebruikmaakt van inclusief taalgebruik.

Over deze vertaling

Cisco heeft dit document vertaald via een combinatie van machine- en menselijke technologie om onze gebruikers wereldwijd ondersteuningscontent te bieden in hun eigen taal. Houd er rekening mee dat zelfs de beste machinevertaling niet net zo nauwkeurig is als die van een professionele vertaler. Cisco Systems, Inc. is niet aansprakelijk voor de nauwkeurigheid van deze vertalingen en raadt aan altijd het oorspronkelijke Engelstalige document (link) te raadplegen.

Inhoud

Inleiding
Voorwaarden
Vereisten
Gebruikte componenten
Overzicht van Foreign-Anchor Scenario
Topologie
WLAN met Layer 2-verificatie
Configuratievereiste
Flow voor Layer 2 SSID op basis van externe ankers
Layer 2 SSID-stroom analyseren in configuratie met vreemde ankers via logs
Logboeken van buitenlandse controller
Logs van de 9800-controller voor anker
Cliëntstatus op zowel buitenlandse als ankercontroller
WLAN met Layer 3-verificatie
Lokale webverificatie
Flow voor lokale website-SSID in buitenlandse ankerinstellingen
Analyseren van lokale webgebaseerde SSID-stroom in buitenlandse ankerinstellingen via logboeken
Logboeken van buitenlandse controller
Logboeken van de ankercontroller
Cliëntstatus op zowel buitenlandse als ankercontroller
Centrale webverificatie
Flow voor centrale webgebaseerde SSID in buitenlandse ankerinstellingen
Centrale webgebaseerde SSID-stroom analyseren in configuratie met buitenlandse ankers via logboeken
Logboeken van buitenlandse controller
Logboeken van de ankercontroller
Cliëntstatus op zowel buitenlandse als ankercontroller
Externe webverificatie
Flow voor externe website-SSID in buitenlandse ankerinstellingen
Externe webgebaseerde SSID-stroom analyseren in configuratie met buitenlandse ankers via logboeken
Logboeken van buitenlandse controller
Logboeken van de ankercontroller
Cliëntstatus op zowel buitenlandse als ankercontroller
taakverdeling tussen meerdere ankercontrollers
Problemen oplossen met clientconnectiviteit in scenario met buitenlandse ankers
Logboekverzameling van buitenlandse en ankercontroller
Gerelateerde informatie

Inleiding

In dit document wordt de verkeersstroom beschreven in de configuratie van Foreign-Anchor tussen Cisco 9800 WLC's, waarbij de onboarding en probleemoplossing van de L2/L3-client wordt behandeld.

Voorwaarden

Mobiliteitstunnel tussen buitenlandse en ankercontroller.

UDP-poort 16666 en 16667 toegestaan tussen beide WLC.

Beleidsprofiel geconfigureerd voor centrale switching.

Mobility Tunnel Status on Foreign WLC 1Mobiliteitstunnelstatus op buitenlandse WLC

Mobility Tunnel Status on Anchor WLC 2Status van mobiliteitstunnel op WLC-anker

Vereisten

Cisco raadt u aan om kennis te hebben van deze onderwerpen:

  • Toegang tot de draadloze controllers via de Command Line Interface (CLI) of de grafische gebruikersinterface (GUI)
  • Mobiliteit op draadloze LAN-controllers (WLC's) van Cisco
  • 9800 draadloze controllers
  • Radioactieve sporen en pakketopname op 9800 WLC

Gebruikte componenten

De informatie in dit document is gebaseerd op de volgende software- en hardware-versies:

  • 9800 Model WLC
  • Cisco IOS XE 17.15.5-versie
  • 9100 reeks AP Model

De informatie in dit document is gebaseerd op de apparaten in een specifieke laboratoriumomgeving. Alle apparaten die in dit document worden beschreven, hadden een opgeschoonde (standaard)configuratie. Als uw netwerk live is, moet u zorgen dat u de potentiële impact van elke opdracht begrijpt.

Overzicht van Foreign-Anchor Scenario

  • Foreign Controller: Deze WLC beheert Layer 2 of de draadloze kant van het netwerk. Er zijn toegangspunten op aangesloten en al het clientverkeer voor de verankerde WLAN's wordt ingekapseld in de mobiliteitstunnel en naar de ankercontroller verzonden. Het verkeer wordt niet lokaal afgesloten op de Foreign Controller.
  • Anchor Controller: Dit dient als het Layer 3-afsluitpunt. Het ontvangt clientverkeer via de mobiliteitstunnel van de Foreign Controllers en decapsuleert of beëindigt het clientverkeer naar het uitgangspunt (VLAN). Dit is waar klanten worden gezien in het netwerk.

Toegangspunten op de Foreign WLC zenden de WLAN-SSID's uit en hebben een beleidstag toegewezen die het WLAN-profiel koppelt aan het juiste beleidsprofiel. Wanneer een draadloze client verbinding maakt met deze SSID, verzendt de Foreign Controller zowel de SSID-naam als het beleidsprofiel als onderdeel van de clientgegevens naar de WLC-verankering. Na ontvangst controleert de WLC Anchor zijn eigen configuratie om te voldoen aan de SSID-naam en de naam van het beleidsprofiel. Zodra het WLC-ankerpunt een overeenkomst heeft gevonden, past het de bijbehorende configuratie toe en biedt het een afsluitpunt voor de draadloze client. Daarom is het verplicht dat de namen en configuraties van de WLAN- en beleidsprofielen overeenkomen op de WLC's Foreign en Anchor 9800, met uitzondering van het VLAN onder het beleidsprofiel.

Topologie

Foreign-Anchor Setup bewteen 9800 WLCOpstelling voor buitenlands anker tussen 9800 WLC

WLAN met Layer 2-verificatie

Configuratievereiste 

1. Zorg ervoor dat de WLAN-naam en -configuratie identiek zijn op zowel de Foreign als Anchor WLC's en dat deze zijn geconfigureerd voor Layer 2-verificatie (PSK of 802.1x).
2. Maak een beleidsprofiel met dezelfde naam op de WLC's voor Buitenlandse en Anker met dezelfde configuratie.
3. Configureer op de Foreign WLC de WLC-toewijzing voor ankers in het respectieve beleidsprofiel.
4. Configureer op de WLC Anker het beleidsprofiel om de controller aan te wijzen als een exportanker.
5. Koppel het WLAN op de Foreign WLC aan het juiste beleidsprofiel met behulp van een beleidstag.

Flow voor Layer 2 SSID op basis van externe ankers

1. De client initieert een verbinding met de SSID die wordt uitgezonden door de Foreign WLC. De Foreign WLC voert Layer 2-verificatie uit en valideert referenties lokaal of via een externe AAA-server, afhankelijk van het geconfigureerde beveiligingsbeleid.
2. Na succesvolle verificatie is de cliensessie verankerd in de WLC voor anker. De client krijgt een IP-adres toegewezen en gaat over naar de status RUN op de WLC voor anker.
3. Zodra de sessie is ingesteld, wordt al het clientgegevensverkeer van de Foreign WLC naar de Anchor WLC geleid, waar het naar het netwerk wordt geleid.

Layer 2 Foreign Anchor Based WLAN Flow DiagramLayer 2 Foreign Anchor Based WLAN Flow Diagram

Layer 2 SSID-stroom analyseren in configuratie met vreemde ankers via logs

In dit gedeelte wordt de stroom van Layer 2-clientconnectiviteit uitgelegd met behulp van Radioactive Trace (RA Trace), Embedded Packet Captures (EPC) en de status van de client op zowel de buitenlandse als de ankercontrollers.

Logboeken van buitenlandse controller

radioactieve sporen

!! Client Association started !!
[client-orch-sm] Association received. BSSID BSSID-addr, WLAN DMZ_PSK, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_PSK_PP, Switching Central, Socket delay 0ms
[dot11] [17047] (info) MAC Client-MAC dot11 send association response. Sending assoc response of length 137 with resp_status_code 0, DOT11_STATUS DOT11_STATUS_SUCCESS
[dot11] [17047] (info) MAC Client-MAC DOT11 state transition S_DOT11_INIT -> S_DOT11_ASSOCIATED


!! Layer 2 Authentication started !!
[client-orch-state] Client state transition S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
[client-auth] L2 Authentication initiated. method PSK, Policy VLAN 31, AAA override = 0, NAC = 0
[client-keymgmt] EAP key M1 Sent successfully
[client-keymgmt] M2 Status EAP key M2 validation success
[client-keymgmt]EAP key M3 Sent successfully
[client-keymgmt] M4 Status EAP key M4 validation is successful

[client-keymgmt] EAP Key management successful. AKMPSK CipherCCMP WPA Version WPA2 >> !! client succesfully authenticated !!

!! Mobility Handoff !!

{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING

{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state

Packet capture

De client stuurt een associatieverzoek en voert Layer 2-verificatie uit, die wordt afgehandeld door de Foreign Controller.

Client Association + Layer 2 Authentication TrafficClientkoppeling + Layer 2-verificatieverkeer

 Een mobiliteitsafgifte tussen de Foreign en Anchor Controllers via UDP-poort 16667. Na een succesvol mobiliteitsevenement gaat de cliëntstatus over naar RUN met een rol in Export Foreign.
De Foreign Controller ontvangt het DHCP-verkeer van de klant via de CAPWAP-tunnel en stuurt het door naar de Anchor Controller voor verdere verwerking.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelDHCP-clientverkeer ontvangen op buitenlandse controller wordt doorgestuurd naar ankercontroller met behulp van mobiliteitstunnel

Logs van de 9800-controller voor anker

Radioactieve sporen van anker

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored

!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete

{wncd_x_R0-0}{1} [avc-afc] [24229] (info) ReAnchor [client MAC Client-MAC] Client has Anchor role {wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state

Pakketvastlegging op anker

Na de mobiliteitsoverdracht ontvangt de Anchor Controller DHCP-verkeer van de Foreign Controller via de mobiliteitstunnel.
Na voltooiing van het DORA-proces komt de client in de STATUS RUN met een rol voor Exportanker. Vanaf dit punt dient de ankercontroller als het afsluitpunt voor clientgegevensverkeer.

Client DHCP Traffic on Anchor Controller Recieved from Foreign ControllerDHCP-clientverkeer op ankercontroller ontvangen van buitenlandse controller


Cliëntstatus op zowel buitenlandse als ankercontroller

Client State on ForeignCliëntstaat op buitenlands  Client State on AnchorClientstatus voor anker

Client Properties on ForeignKlanteigenschappen op buitenlands  Client Properties on AnchorClienteigenschappen voor anker

WLAN met Layer 3-verificatie

Lokale webverificatie

Flow voor lokale website-SSID in buitenlandse ankerinstellingen

1. De client initieert een verbinding met de SSID die wordt geadverteerd door de Foreign WLC.
2. Aangezien er geen Layer 2-verificatie wordt uitgevoerd, wordt de client onmiddellijk verankerd aan de WLC voor anker. De klant betreedt de RUN-status op de Foreign WLC, met zijn mobiliteitsrol aangeduid als Export Foreign.
3. De client krijgt een IP-adres en wordt doorgestuurd naar een webpagina. Dit verkeer wordt afgehandeld door Anchor Controller.
4. Na succesvolle verificatie op het portaal gaat de client over naar de status RUN op de WLC Anker, met de rol Exportanker.

Client Connectivity Flow Diagram for Local Webauth SSID in Foreign-Anchor SetupClientconnectiviteitsstroomdiagram voor lokale website-SSID in installatie voor buitenlandse ankers

Analyseren van lokale webgebaseerde SSID-stroom in buitenlandse ankerinstellingen via logboeken

In dit gedeelte wordt de stroom van clientconnectiviteit voor lokale webverificatie-SSID uitgelegd met behulp van Radioactive Trace (RA Trace), Embedded Packet Captures (EPC) en clientstatus op zowel de buitenlandse als de ankercontrollers.

Logboeken van buitenlandse controller

radioactieve sporen

!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_LWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_LWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING

{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS

!! L2 Auth : None !!
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS

!! Mobility Handoff Phase !!

{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN

!! Client AAA Traffic handling !!
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (10452) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (10452) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (10452) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_Foreign -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Guest1 username_len=6
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-pmtu] [18401]: (debug): Peer IP: Anchor-WLC-IP PMTU size is 1006 and calculated additional header length is 76
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (ipv4: Anchor-WLC-IP )
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [17047]: (info): [Client_MAC:capwap_90000003] SM Notified attribute Add/Update username Guest1
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa handoff ack successfully forwarded.

pakketopname

De opdrachtgever stuurt een associatieverzoek, dat door de Foreign Controller wordt afgehandeld.

Client Association Phase with Foreign ControllerClientassociatiefase met buitenlandse controller

Een mobiliteitsafgifte tussen de Foreign en Anchor Controllers via poort UDP 16667. Na een succesvol mobiliteitsevenement gaat de cliëntstatus over naar RUN met een rol in Export Foreign.
De Foreign Controller ontvangt het DHCP-verkeer van de klant via de CAPWAP-tunnel en stuurt het door naar de Anchor Controller voor verdere verwerking.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelDHCP-clientverkeer ontvangen op buitenlandse controller wordt doorgestuurd naar ankercontroller met behulp van mobiliteitstunnel

Op dezelfde manier stuurt de client netwerkconnectiviteitsstatus en webpaginatoegangsverkeer naar de Foreign WLC via de CAPWAP-tunnel; de Foreign WLC stuurt dit door naar de Anchor WLC met behulp van de mobiliteitstunnel, waar de Anchor Controller het verkeer onderschept of verwerkt.

Network Connectivity Status Check on Foreign ControllerControle van netwerkconnectiviteitsstatus op buitenlandse controller

Redirect URL Sent to ClientURL voor doorsturen naar klant verzonden

Client Access to Local Webauth Page to Provide Authentication DetailsClienttoegang tot de lokale webpagina om verificatiegegevens op te geven

Logboeken van de ankercontroller

radioactieve sporen

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: IP-Adm-V4-Int-ACL-global, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored


!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP

!! Local Web Athentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication initiated. LWA 
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Remove IO ctx and close socket, id [1F000051]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Remove IO ctx and close socket, id [86000054]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 Remove IO ctx and close socket, id [4200004C]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52923/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/login.html?redirect=http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 10
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> LOGIN
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth login form, len 8137
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Remove IO ctx and close socket, id [1D000064]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53008/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Remove IO ctx and close socket, id [D1000066]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 Remove IO ctx and close socket, id [77000069]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53020/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53022/235 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]POST rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]get url: /login.html
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 4
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -1526718499,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:4000544] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list 1761615853,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-author] [24229]: (info): [CAAA:AUTHOR:4000544] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv4 intecept ACL via SVM, name IP-Adm-V4-Int-ACL-global, pri 50, IIF 0 
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Authc success from WebAuth, Auth event success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event APPLY_USER_PROFILE (14)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event RX_METHOD_AUTHC_SUCCESS (3)

{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Guest1
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-type 0 1 (0x1)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-service 0 16 (0x10)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : addr 0 0xa693ce2
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Guest1
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Guest1 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Applying IPv4 logout ACL via SVM, name: IP-Adm-V4-LOGOUT-ACL, priority: 51, IIF-ID: 0
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Applying Svc Templ IP-Adm-V4-LOGOUT-ACL (ML:NONE)
{wncd_x_R0-0}{1}: [epm] [24229]: (info): [Client_MAC:mobility_a0000001] Feature (EPM URL PLUG-IN) has been started (status Success)
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Response of epm is SYNC with return code Success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Activated (9) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [24229]: (ERR): authc policy update from SANet vlan 31
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Remove IO ctx and close socket, id [EC00006C]
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] SM will not send event Template Activated to PRE for 0x4000544
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [rog-proxy-capwap] [24229]: (debug): Managed client RUN state notification: Client_MAC
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Client has Anchor role
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Guest client detected. Skip it
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN State !!

pakketopname


Na de mobiliteitsoverdracht ontvangt de Anchor Controller DHCP-verkeer van de Foreign Controller via de mobiliteitstunnel. 

Client DHCP Traffic on Anchor Controller Received from Foreign ControllerDHCP-clientverkeer op ankercontroller ontvangen van buitenlandse controller

De ankercontroller ontvangt connectiviteitscontroles, verzoeken om toegang tot webpagina's en verificatiegegevens om deze verder te verwerken.

Network Connectivity Status Check on Anchor ControllerControle van de netwerkverbindingsstatus op de ankercontroller

Redirect URL Sent to ClientURL voor doorsturen naar klant verzonden

Client Access to Local Webauth Page to Provide Authentication DetailsClienttoegang tot de lokale webpagina om verificatiegegevens op te geven

Nadat de lokale webverificatie is voltooid, voert de client de status RUN in met de rol Exportanker. Vanaf dit punt dient de ankercontroller als het afsluitpunt voor clientgegevensverkeer.

Cliëntstatus op zowel buitenlandse als ankercontroller

Client State on ForeignCliëntstaat op buitenlandsClient State on AnchorClientstatus voor anker

Client Properties on ForeignKlanteigenschappen op buitenlands  Client Properties on AnchorClienteigenschappen voor anker

Centrale webverificatie

Flow voor centrale webgebaseerde SSID in buitenlandse ankerinstellingen

1. De client verzendt een associatieverzoek voor de SSID die wordt uitgezonden door de WLC (Foreign Wireless LAN Controller).
2. De Foreign WLC voert MAC-filtering uit door een Access-Request naar de RADIUS-server te sturen. De RADIUS-server reageert met een Access-Accept, die de nodige Redirect URL en Access Control List (ACL) bevat.
3. De Foreign WLC stuurt het verenigingsantwoord naar de opdrachtgever.
4. De client is verankerd in het WLC-anker. De client gaat de RUN-status in op de Foreign WLC, waarbij de mobiliteitsrol is ingesteld op Export Foreign.
5. De klant krijgt een IP-adres. In dit stadium verwerkt de WLC Anchor het omleidingsverkeer en wordt de client naar het verificatieportaal geleid.
6. Na omleiding communiceert de client rechtstreeks met de RADIUS-server. Dit verkeer wordt via de Anchor WLC naar de RADIUS-server geleid.
7. De client voert de verificatiereferenties in op de RADIUS-server. Na succesvolle authenticatie stuurt de RADIUS-server een verzoek tot wijziging van de autorisatie (CoA) naar de Foreign WLC.
8. De Foreign WLC stuurt een CoA-antwoord naar de RADIUS-server. De client gaat over naar de status RUN op de WLC Anker, waarbij de rol is ingesteld op Anker exporteren.
9. Al het daaropvolgende clientverkeer wordt van de Foreign WLC naar de Anchor WLC geleid, waar het het netwerk verlaat.

Client Connectivity Flow Diagram for Central Webauth SSID in Foreign-Anchor SetupClientconnectiviteitsstroomdiagram voor centrale webgebaseerde SSID in installatie voor buitenlandse ankers

Centrale webgebaseerde SSID-stroom analyseren in configuratie met buitenlandse ankers via logboeken

In dit gedeelte wordt de stroom van clientconnectiviteit voor de SSID voor centrale webverificatie uitgelegd met behulp van Radioactive Trace (RA Trace), Embedded Packet Captures (EPC) en de clientstatus op zowel de buitenlandse als de ankercontrollers.

Logboeken van buitenlandse controller

radioactieve sporen

!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_CWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_CWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING

!! MAC Authentication !!
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_MAB_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_MACAUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (note): MAC: Client_MAC MAB Authentication initiated. Policy VLAN 31, AAA override = 1, NAC = 1
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authc_list: DMZ_CWA_Authorization
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authz_list: Not present under wlan configuration
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_MAB_AUTH_START_RESP
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_MAB_AUTH_START_RESP -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_CONTINUE' on (Client_MAC)
{wncd_x_R0-0}{1}: [caaa-author] [17047]: (info): [CAAA:AUTHOR:a30003a6] NULL ATTR LIST

{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/245, len 370
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 14 user-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Password [2] 18 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Service-Type [6] 6 Call Check [10]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 service-type=Call Check
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Framed-MTU [12] 6 1485 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: EAP-Key-Name [102] 2 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=1E4F6B0A000003D247203276
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 18
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 12 method=mab
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 32
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 26 client-iif-id=3556776730
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-IP-Address [4] 6 10.107.79.30 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port [5] 6 141522 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Called-Station-Id [30] 27 called-station-id
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Calling-Station-Id [31] 19 client-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Airespace-WLAN-ID [1] 6 12 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Nas-Identifier [32] 16 ForeignSiteWLC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Received from id 1812/245 10.106.32.130:0, Access-Accept, len 383
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 37
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 31 url-redirect-acl=REDIRECT_ACL
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 191
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 185 url-redirect=https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation

{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB received an Access-Accept for (Client_MAC)
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC Processing MAB authentication result status: 0, CO_AUTH_STATUS_SUCCESS
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_MACAUTH_IN_PROGRESS -> S_CO_ASSOCIATING
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS >> Association Successful 
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_MAB_PENDING -> S_DOT11_ASSOCIATED
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS

!! Mobility Handoff !!

{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN state !!

!! Post Succesful Web authentication, Change of Authorization !!
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Processing CoA request under Command Handler ctx.
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Reauthenticate request (0x5d71d3ad10e8) for Client_MAC
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list -50323943,sm_ctx = 0x80806aad00, num_ipv6 = 1
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB re-authentication started for (Client_MAC)
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Context changing state from 'Authz Success' to 'Running'
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Method mab changing state from 'Authc Success' to 'Running'
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): radius coa proxy relay coa resp(wncd)
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): CoA Response Details
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << ssg-command-code 0 32 >>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << formatted-clid 0 Client_MAC>>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << error-cause 0 1 [Success]>>
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): server:10.107.79.30 cfg_saddr:10.107.79.30 udpport:51304 sport:0, tableid:0iden:2 rad_code:43 msg_auth_rcvd:TRUE coa_resp:ACK
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER] CoA response sent
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Identity preserved: MAC (Client_MAC), ip (0), audit_sid (1E4F6B0A000003D247203276), aaa_session_id (0)
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_REAUTHENTICATE' on (Client_MAC)
{smd_R0-0}{1}: [aaa-coa] [18867]: (info): ++++++ Received CoA response Attribute List ++++++
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS(00000000): Send CoA Ack Response to 10.106.32.130:51304 id 2, len 69
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: authenticator 
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Vendor, Cisco [26] 9
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: ssg-command-code [252] 3 ...
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Calling-Station-Id [31] 16 Client_MAC
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Dynamic-Author-Error-Cause[101] 6 Success [200]
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Message-Authenticator[80] 18 ...
{smd_R0-0}{1}: [aaa-pod] [18867]: (info): CoA response source port = 0, udpport = 51304, 
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list 1627397682,sm_ctx = 0x80806aad00, num_ipv6 = 1

Packet capture

De client verzendt een associatieverzoek en voert MAC-verificatie uit, dit verkeer wordt afgehandeld door de Foreign Controller.

Client Association Phase on Foreign Controller with Wireless MABClient Association Phase on Foreign Controller with Wireless MAB

Een mobiliteitsafgifte tussen de Foreign en Anchor Controllers via poort UDP 16667. Na een succesvol mobiliteitsevenement gaat de cliëntstatus over naar RUN met een rol in Export Foreign.

De Foreign Controller ontvangt het DHCP-verkeer van de klant via de CAPWAP-tunnel en stuurt het door naar de Anchor Controller voor verdere verwerking.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelDHCP-clientverkeer ontvangen op buitenlandse controller wordt doorgestuurd naar ankercontroller met behulp van mobiliteitstunnel

Op dezelfde manier stuurt de client netwerkconnectiviteitsstatus en webpaginatoegangsverkeer naar de Foreign WLC via de CAPWAP-tunnel; de Foreign WLC stuurt dit door naar de Anchor WLC met behulp van de mobiliteitstunnel, waar de Anchor Controller het verkeer onderschept of verwerkt.

Network Connectivity Status Check on Foreign ControllerControle van netwerkconnectiviteitsstatus op buitenlandse controller

Redirect URL Sent to ClientURL voor doorsturen naar klant verzonden

Client Access to Central Webauth Page to Provide Authentication DetailsClienttoegang tot centrale webpagina om verificatiegegevens op te geven

De Foreign Controller verwerkt het CoA-verzoek na succesvolle Central Web Authentication.

Change of Authorization (COA) with Foreign ControllerWijziging van autorisatie (COA) met buitenlandse controller

Logboeken van de ankercontroller

radioactieve sporen

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_PUSH_START_RESP -> S_AUTHIF_SESSION_PUSH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_SESSION_PUSH_PENDING -> S_AUTHIF_L2_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 1
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MACMMIF FSM transition: S_MA_INIT -> S_MA_ANCHORING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_ANCHOR_REQ_ASSOC_RCVD
{wncd_x_R0-0}{1}: [mm-client] [24229]: (info): MAC: Client_MACRoam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored

!! Central Web Authentication Applied !!

{wncd_x_R0-0}{1}: [webauth-dev] [24229]: (info): Central Webauth URL Redirect, Received a request to create a CWA session for a MAC [d0:37:45:88:25:52]
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]State Invalid State -> INIT
{wncd_x_R0-0}{1}: [epm-redirect] [24229]: (info): [0000.0000.0000:unknown] URL-Redirect = https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: method 0 2 [mab]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: clid-MAC-addr 0 Client_MAC
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: intf-id 0 2415919107 (0x90000003)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: username 0 D0-37-45-88-25-52
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: class 0 43 41 43 53 3a 31 45 34 46 36 42 30 41 30 30 30 30 30 33 44 32 34 37 32 30 33 32 37 36 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 31 38 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect-acl 0 REDIRECT_ACL
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect 0 https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a

!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.249 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.249 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP


!! Central Web Authentication !!

{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59495/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): Captive bypass: No parameter map associated. Falling on global parameter map
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Remove IO ctx and close socket, id [1200007E]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending export_anchor_rsp of XID (182425) to (ipv4: Foreign-WLC-IP )
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN

Packet capture

Na de mobiliteitsoverdracht ontvangt de Anchor Controller DHCP-verkeer van de Foreign Controller via de mobiliteitstunnel.

Client DHCP traffic on Anchor Controller Recieved from Foreign ControllerDHCP-clientverkeer op ankercontroller ontvangen van buitenlandse controller

De ankercontroller ontvangt connectiviteitscontroles, verzoeken om toegang tot webpagina's en verificatiegegevens om deze verder te verwerken.

Network Connectivity Status Check on Anchor ControllerControle van de netwerkverbindingsstatus op de ankercontroller

Redirect URL Sent to ClientURL voor doorsturen naar klant verzonden

Client Access to Local Webauth page to Provide Authentication DetailsClienttoegang tot de lokale webpagina om verificatiegegevens op te geven

Wanneer centrale webverificatie succesvol is, wordt een wijziging van de autorisatie (CoA) geactiveerd. Na een succesvolle CoA gaat de client over naar de status RUN met een rol voor Exportanker.

Cliëntstatus op zowel buitenlandse als ankercontroller

Client State on ForeignCliëntstaat op buitenlands  Client State on AnchorClientstatus voor anker

Client Properties on ForeignKlanteigenschappen op buitenlands  Client Properties on AnchorClienteigenschappen voor anker

Externe webverificatie

Flow voor externe website-SSID in buitenlandse ankerinstellingen

1. De client initieert een verbinding met de SSID die wordt uitgezonden door de Foreign WLC.
2. Aangezien er geen Layer 2-verificatie vereist is, is de client verankerd aan de WLC voor anker. De klant gaat over naar de RUN-status op de Foreign WLC, met de mobiliteitsrol aangeduid als Export Foreign.
3. De klant krijgt een IP-adres. De WLC Anchor onderschept het verkeer en leidt de client door naar het externe webserverportaal zoals gedefinieerd in de webverificatieparameters.
4. De client dient de verificatiegegevens in via het portaal. Deze referenties worden lokaal op de WLC of via een externe verificatieserver gevalideerd, afhankelijk van het geconfigureerde beveiligingsbeleid.
5. Na succesvolle verificatie gaat de client over naar de status RUN op de WLC Anker, waarbij de rol Exportanker wordt aangenomen.
6. Na succesvolle verificatie wordt al het daaropvolgende clientverkeer van de Foreign WLC naar de Anchor WLC geleid, waar het het netwerk verlaat.

Client Connectivity Flow Diagram for External Webauth SSID in Foreign-Anchor SetupClientconnectiviteitsstroomdiagram voor externe webgebaseerde SSID in installatie voor buitenlandse ankers

Externe webgebaseerde SSID-stroom analyseren in configuratie met buitenlandse ankers via logboeken

In dit gedeelte wordt de stroom van clientconnectiviteit voor de SSID voor externe webverificatie uitgelegd met behulp van Radioactive Trace (RA Trace), Embedded Packet Captures (EPC) en de clientstatus op zowel de buitenlandse als de ankercontrollers.

Logboeken van buitenlandse controller

radioactieve sporen

!! Client Association Phase !!
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_EWA, Slot 1 AP AP-MAC, AP-NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_EWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS
{wncd_x_R0-1}{1}: [dot11] [17162]: (note): MAC: Client_MAC Association success. AID 1, Roaming = False, WGB = False, 11r = False, 11w = False Fast roam = False
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_ASSOCIATED

!! Layer 2 Authentication None !!
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-auth] [17162]: (note): MAC: Client_MAC L2 Authentication initiated. method WEBAUTH, Policy VLAN 31, AAA override = 0
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRES

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP 
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])

{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD

{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )

{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP 

{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.

{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed
[mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN

!! Client AAAA Traffic !!
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff base check is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_FOREIGN -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Test321 username_len=7
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (38840) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )

Packet capture

De opdrachtgever stuurt een associatieverzoek, dat door de Foreign Controller wordt afgehandeld.

Client Association Phase with Foreign ControllerClientassociatiefase met buitenlandse controller

Een mobiliteitsafgifte tussen de Foreign en Anchor Controllers via poort UDP 16667. Na een succesvol mobiliteitsevenement gaat de cliëntstatus over naar RUN met een rol in Export Foreign.
De Foreign Controller ontvangt het DHCP-verkeer van de klant via de CAPWAP-tunnel en stuurt het door naar de Anchor Controller voor verdere verwerking.

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility TunnelDHCP-clientverkeer ontvangen op buitenlandse controller wordt doorgestuurd naar ankercontroller met behulp van mobiliteitstunnel

Op dezelfde manier stuurt de client netwerkconnectiviteitsstatus en webpaginatoegangsverkeer naar de Foreign WLC via de CAPWAP-tunnel; de Foreign WLC stuurt dit door naar de Anchor WLC met behulp van de mobiliteitstunnel, waar de Anchor Controller het verkeer onderschept of verwerkt.

Network Connectivity Status Check on Foreign ControllerControle van netwerkconnectiviteitsstatus op buitenlandse controller

Redirect URL Sent to ClientURL voor doorsturen naar klant verzonden

Client Access to External Webauth Page to Provide Authentication DetailsClienttoegang tot externe webpagina om verificatiegegevens op te geven

Logboeken van de ankercontroller

radioactieve sporen

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: WA-v4-int-10.106.32.130-7, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD

{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{
wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored


!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS 

{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.254 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.254 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP

!! External Web Authentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62441/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): RX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179 
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): TX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179 
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62480/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62481/239 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [192.0.2.1] url Login URL
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -654303708,sm_ctx = 0x80806adfc8, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:910007e3] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/3, len 418
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Calling-Station-Id [31] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=723C690A000007ED659D99E5
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Framed-IP-Address [8] 6 10.105.60.254 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 12 vlan-id=31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-IP-Address [4] 6 10.105.60.114 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port-Type [61] 6 Virtual [5]
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port [5] 6 0 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Called-Station-Id [30] 27 Called-Station-ID
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Airespace-WLAN-ID [1] 6 7 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Nas-Identifier [32] 12 DMZSiteWLC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Received from id 1812/3 10.106.32.130:0, Access-Accept, len 145
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation
{wncd_x_R0-0}{1}: [radius] [24229]: (info): Valid Response Packet, Free the identifier
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv4 intecept ACL via SVM, name WA-v4-int-10.106.32.130-7, pri 50, IIF 0 
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Test321
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : class 0 43 41 43 53 3a 37 32 33 43 36 39 30 41 30 30 30 30 30 37 45 44 36 35 39 44 39 39 45 35 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 34 34 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : Message-Authenticator 0 <hidden>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 d0 37 45 88 25 52 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Test321
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Test321 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Remove IO ctx and close socket, id [4400004C]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN

{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_ANCHOR -> S_MA_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MA_CO_AAA_HANDOFF_RCVD
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (0) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff base check is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [26021]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_ANCHOR_WAIT_AAA_HANDOFF_ACK -> S_MC_ANCHOR_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from ipv4: Foreign-WLC-IP

Packet capture

Na de mobiliteitsoverdracht ontvangt de Anchor Controller DHCP-verkeer van de Foreign Controller via de mobiliteitstunnel. 

Client DHCP Traffic on Anchor Controller Recieved from Foreign ControllerDHCP-clientverkeer op ankercontroller ontvangen van buitenlandse controller

De ankercontroller ontvangt connectiviteitscontroles, verzoeken om toegang tot webpagina's en verificatiegegevens om deze verder te verwerken.

Network Connectivity Status Check on Anchor ControllerControle van de netwerkverbindingsstatus op de ankercontroller

Redirect URL Sent to ClientURL voor doorsturen naar klant verzonden

De client dient de verificatiegegevens in via het portaal. Deze referenties worden lokaal op de WLC of via een externe verificatieserver gevalideerd, afhankelijk van het geconfigureerde beveiligingsbeleid.

Client Access to External Webauth Page to Provide Authentication DetailsClienttoegang tot externe webpagina om verificatiegegevens op te geven

Cliëntstatus op zowel buitenlandse als ankercontroller

Client State on ForeignCliëntstaat op buitenlandsClient State on AnchorClientstatus voor anker

Client Properties on ForeignKlanteigenschappen op buitenlandsClient Properties on AnchorClienteigenschappen voor anker

taakverdeling tussen meerdere ankercontrollers

Wanneer meer dan één ankercontroller is toegewezen aan één WLAN, hangt de verkeersverdeling af van de prioriteit. Er kunnen drie prioriteitsniveaus worden geconfigureerd: Primair, Secundair en Tertiair. De functie Guest Anchor Priority biedt een mechanisme voor actieve/standby-lastverdeling tussen de ankercontrollers. Dit wordt bereikt door een vaste prioriteit toe te kennen aan elke ankercontroller: de belasting wordt verdeeld over de controller met de hoogste prioriteit en op round-robin-wijze onder controllers die dezelfde prioriteitswaarde delen.

Mapping Anchor PriorityPrioriteit anker in kaart brengen

note-icon

Opmerking: Standaard wordt de tertiaire prioriteit geconfigureerd tijdens de toewijzing van de ankercontroller op de buitenlandse controller.

Problemen oplossen met clientconnectiviteit in scenario met buitenlandse ankers

  1. Problemen met onboarding van clients
    1. Tunnel Status: Controleer of de mobiliteitstunnel tussen de Foreign en Anchor Controllers actief blijft.
    2. Mismatch in configuratie: zorg voor configuratiepariteit tussen beide controllers. Discrepanties in WLAN-namen, namen van beleidsprofielen of geavanceerde instellingen, zoals AAA-overschrijving, IPv4-DHCP-vereisten en NAC, leiden tot fouten in de profielovereenkomst of ankerweigering.
    3. Anders: als Tunnel is ingeschakeld zonder configuratieproblemen, is de aanpak voor probleemoplossing vergelijkbaar met een normaal probleem met de clientconnectiviteit, waarbij wordt gecontroleerd op de respectieve controller die het getroffen verkeer verwerkt.

  2. Intermitterende connectiviteit
    1. Tunnel Flaps: Als pakketjes tussen de twee controllers niet aankomen, kleppen de tunnelkleppen, waardoor de client geen verbinding met de SSID kan onderhouden.
    2. Lage bandbreedte: als de Path MTU (PMTU) tussen mobiliteitspeers daalt naar een lagere waarde (576), ervaren klanten een verslechtering van de prestaties. Dit gebeurt meestal wanneer path mtu keepalive-berichten worden gemist tussen beide mobiliteitsgenoten
      note-icon

      Opmerking: De controller met het MAC-adres met lagere mobiliteit initieert zowel de standaard keepalive als de Path MTU keepalive-berichten.

  3. Specifieke problemen met toegang tot de website
    1. Mobiliteitsverkeer headers omvatten mobiliteit groep identifiers, MAC-adressen, IP-adressen, en gecodeerde CAPWAP DTLS pakketten uitgewisseld over UDP poorten 16666 en 16667. Deze overhead wordt toegevoegd aan de bestaande CAPWAP-header. Voor TCP-verkeer, na het aanpassen van TCP MSS geconfigureerd voor AP, als de pakketgrootte groter is dan de Mobility PMTU (maximaal 1385 bytes) als gevolg van deze extra overhead, treedt fragmentatie op.Hoewel fragmentatie over het algemeen wordt afgehandeld door het netwerk, ontstaan er problemen als pakketten buiten bedrijf of te laat komen. Deze voorwaarden hebben invloed op het opnieuw samenstellen van pakketten en leiden tot fouten in de toegankelijkheid van gegevens voor specifieke websites.

Logboekverzameling van buitenlandse en ankercontroller

  1. Schakel de term exec prompt timestamp in om een tijdreferentie te hebben voor alle opdrachten.
  2. Gebruik show tech-support wireless!! om de configuratie te bekijken.
  3. U kunt de status van de mobiliteitstunnel controleren en een overzicht van de draadloze mobiliteit weergeven!
  4. Statistieken voor Peer Mobility die linkstatus, clientgegevens en gebeurtenissen, keep-alive-statistieken bevatten, tonen peer-ip voor draadloze mobiliteit <IP>
  5. Radioactief traceren inschakelen voor IP/MAC-adres van mobiliteitspeer en MAC-adres van client.

    Via CLI:


    foutopsporing draadloos {MAC | ip} {aaaa.bbbb.cccc | x.x.x.x } {monitor-time} {N seconden}! Met het instellen van de tijd kunnen we traces tot 24 dagen inschakelen.

    geen foutopsporing draadloos {MAC | ip} {aaaa.bbbb.cccc | x.x.x! De foutopsporing uitschakelen

    WLC genereert een debug trace bestand met Client_info, opdracht om te controleren op debug trace bestand gegenereerd dir bootflash: | i debug!

    warning-icon

    Waarschuwing: Het voorwaardelijk debuggen maakt het mogelijk om op debug-niveau te loggen, wat op zijn beurt het volume van de gegenereerde logs verhoogt. Als u dit actief laat, neemt de afstand terug in de tijd af waarvandaan u logs kunt bekijken. Het wordt dus aanbevolen om foutopsporing altijd uit te schakelen aan het einde van de sessie voor probleemoplossing.

  6. Voer de volgende opdrachten uit om alle foutopsporing uit te schakelen:

    # Duidelijke platformconditie allemaal!

    #undebug alles!
    Via GUI:



    Stap 1. Ga naar Problemen oplossen > Radioactief spoor.

    Stap 2. Klik op Toevoegen en voer een Mobility Peer MAC/IP-adres of client MAC-adres in dat u wilt oplossen.
    Stap 3. Wanneer u klaar bent om het radioactieve traceren te starten, klikt u op Start. Eenmaal gestart, wordt debug logging geschreven naar schijf over elke control plane verwerking met betrekking tot de bijgehouden MAC-adressen.
    Stap 4. Klik op Stoppen wanneer u het probleem dat u wilt oplossen, reproduceert.
    Stap 5. Voor elk MAC-adres waarvoor een foutopsporing is opgetreden, kunt u een logbestand genereren waarin alle logs met betrekking tot dat MAC-adres zijn verzameld door op Genereren te klikken.
    Stap 6. Kies hoe lang terug u wilt dat het samengevoegde logbestand gaat en klik op Toepassen op apparaat.
    Stap 7. U kunt het bestand nu downloaden door op het kleine pictogram naast de bestandsnaam te klikken. Dit bestand is aanwezig in de opstartflashdrive van de controller en kan ook uit de doos worden gekopieerd via CLI.

  7. Ingebouwde opnamen 



Via CLI:
monitor capture MYCAP clear!
monitor capture MYCAP interface Po1 beide!
monitor capture MYCAP buffer size 100!
monitor capture MYCAP match access-list naam! (indien het traceren van mobiliteitstunnelverkeer tussen WLC)
monitor capture MYCAP match any/ipv4/ipv6.MAC!
monitor capture MYCAP start!
! Voortplanten
monitor capture MYCAP stop
monitor capture MYCAP export flash:|tftp:|http:.../filename.pcap



Via GUI:


Stap 1. Navigeer naar Problemen oplossen > Pakketvastlegging > +Toevoegen.
Stap 2. Definieer de naam van de pakketopname. Er zijn maximaal 8 tekens toegestaan.
Stap 3. Definieer eventuele filters.
Stap 4. Schakel het selectievakje in om het verkeer te controleren als u wilt zien dat het verkeer op de CPU van het systeem wordt weergegeven en opnieuw in het gegevensvlak wordt geïnjecteerd.
Stap 5. Definieer de buffergrootte. Maximaal 100 MB is toegestaan.
Stap 6. Definieer de limiet, hetzij door de duur die een bereik van 1 - 1000000 seconden mogelijk maakt, hetzij door het aantal pakketten dat een bereik van 1 - 100000 pakketten mogelijk maakt, zoals gewenst.
Stap 7. Kies de interface uit de lijst met interfaces in de linkerkolom en selecteer de pijl om deze naar de rechterkolom te verplaatsen.
Stap 8. Klik op Opslaan en Toepassen op apparaat.
Stap 9. Selecteer Start om het vastleggen te starten.
Stap 10. U kunt de opname tot de gedefinieerde limiet laten lopen. Selecteer Stoppen als u het vastleggen handmatig wilt stoppen.
Stap 11. Zodra deze is gestopt, wordt een knop Exporteren beschikbaar om te klikken met de optie om het opnamebestand (.pcap) op het lokale bureaublad te downloaden via HTTP- of TFTP-server of FTP-server of lokale systeemharde schijf of flash.

Gerelateerde informatie

Mobiliteitstopologieën configureren op Catalyst 9800 WLC's

WLAN Anchor Mobility Feature configureren op Catalyst 9800

Technische ondersteuning en documentatie – Cisco Systems

Revisiegeschiedenis

Revisie Publicatiedatum Opmerkingen
1.0
22-Jun-2026
Eerste vrijgave
TAC Authored

Bijgedragen door Cisco-engineers

  • Shalini Choubey
    technisch adviseur

Was dit document nuttig?

FeedbackFeedback

Contact Cisco

Dit document is van toepassing op deze producten