了解9800 WLC之间的外部锚点设置中的流量

下载选项

PDF (7.4 MB)
在各种设备上使用 Adobe Reader 查看

已更新: 2026 年 6 月 22 日

文档 ID:226071

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中，非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言，文档中可能无法确保完全使用非歧视性语言。深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言，希望全球的用户都能通过各自的语言得到支持性的内容。请注意：即使是最好的机器翻译，其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任，并建议您总是参考英文原始文档（已提供链接）。

简介

本文档介绍Cisco 9800 WLC之间的外部锚点设置中的流量，包括L2/L3客户端自注册和故障排除。

先决条件

外部和锚点控制器之间的移动隧道。

两个WLC之间允许UDP端口16666和16667。

为中央交换配置的策略配置文件。

Mobility Tunnel Status on Foreign WLC 1 外部WLC上的移动隧道状态

Mobility Tunnel Status on Anchor WLC 2 锚点WLC上的移动隧道状态

要求

思科建议您了解以下主题：

对无线控制器的命令行界面(CLI)或图形用户界面(GUI)访问
思科无线局域网控制器(WLC)上的移动性
9800无线控制器
9800 WLC上的放射性痕迹和数据包捕获

使用的组件

本文档中的信息基于以下软件和硬件版本：

9800型WLC
Cisco IOS XE 17.15.5版本
9100系列无线接入点型号

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

外部锚点方案概述

外部控制器：此WLC管理网络的第2层或无线端。它连接了接入点，并且锚定WLAN的所有客户端流量都封装到移动隧道中并发送到锚点控制器。流量不会在外部控制器上本地退出。
锚控制器:这用作第3层出口点。它通过移动隧道从外部控制器接收客户端流量，并将客户端流量解封或终止到出口点(VLAN)。这是网络中客户端所在的位置。

外部WLC上的接入点广播WLAN SSID，并分配了一个策略标记，用于将WLAN配置文件与相应的策略配置文件链接。当无线客户端连接到此SSID时，外部控制器将SSID名称和策略配置文件作为客户端信息的一部分发送到锚点WLC。接收时，锚点WLC检查自己的配置以匹配SSID名称以及策略配置文件名称。锚点WLC找到匹配项后，它会应用相应的配置并为无线客户端提供出口点。因此，除了策略配置文件下的VLAN外，必须匹配外部和锚点9800 WLC上的WLAN和策略配置文件名称和配置。

拓扑

Foreign-Anchor Setup bewteen 9800 WLC 9800 WLC之间的外部锚点设置

采用第2层身份验证的WLAN

配置要求

1.确保外部WLC和锚点WLC上的WLAN名称和配置相同，并且配置为第2层身份验证（PSK或802.1x）。
2.在具有相同配置的外部WLC和锚点WLC上创建具有相同名称的策略配置文件。
3.在外部WLC上，在各自的策略配置文件中配置锚点WLC映射。
4.在锚点WLC上，配置策略配置文件以将控制器指定为导出锚点。
5.在外部WLC上，使用策略标记将WLAN映射到相应的策略配置文件。

第2层基于外部锚点的SSID的流

1.客户端发起到外部WLC广播的SSID的连接。外部WLC执行第2层身份验证，根据配置的安全策略在本地或通过外部AAA服务器验证凭证。
2.身份验证成功后，客户端会话将锚定到锚点WLC。为客户端分配IP地址，并在锚点WLC上转换为RUN状态。
3.建立会话后，所有客户端数据流量通过隧道从外部WLC传输到锚点WLC，从锚点WLC进入网络。

Layer 2 Foreign Anchor Based WLAN Flow Diagram 基于第2层外部锚点的WLAN流程图

通过日志分析外部锚点设置中的第2层SSID流

本部分介绍通过使用外部和锚点控制器上的放射性跟踪（RA跟踪）、嵌入式数据包捕获(EPC)和客户端状态的第2层客户端连接的流程。

来自外部控制器的日志

无线电主动跟踪

!! Client Association started !!
[client-orch-sm] Association received. BSSID BSSID-addr, WLAN DMZ_PSK, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_PSK_PP, Switching Central, Socket delay 0ms
[dot11] [17047] (info) MAC Client-MAC dot11 send association response. Sending assoc response of length 137 with resp_status_code 0, DOT11_STATUS DOT11_STATUS_SUCCESS
[dot11] [17047] (info) MAC Client-MAC DOT11 state transition S_DOT11_INIT -> S_DOT11_ASSOCIATED 

!! Layer 2 Authentication started !!
[client-orch-state] Client state transition S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
[client-auth] L2 Authentication initiated. method PSK, Policy VLAN 31, AAA override = 0, NAC = 0
[client-keymgmt] EAP key M1 Sent successfully
[client-keymgmt] M2 Status EAP key M2 validation success
[client-keymgmt]EAP key M3 Sent successfully
[client-keymgmt] M4 Status EAP key M4 validation is successful 
[client-keymgmt] EAP Key management successful. AKMPSK CipherCCMP WPA Version WPA2 >> !! client succesfully authenticated !!

!! Mobility Handoff !!
 {mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP  {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
 {wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
 {wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD 
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0]) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP ) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP  
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
 {wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS

{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
 {wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING

{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state

数据包捕获

客户端发送关联请求并执行第2层身份验证，由外部控制器处理。

Client Association + Layer 2 Authentication Traffic 客户端关联+第2层身份验证流量

移动切换通过UDP端口16667在外部控制器和锚点控制器之间触发。移动事件成功后，客户端状态将转换为RUN并具有“导出外部”角色。
外部控制器通过CAPWAP隧道接收客户端DHCP流量并将其转发到锚点控制器进行进一步处理。

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility Tunnel 在外部控制器上接收的客户端DHCP流量使用移动隧道转发到锚点控制器

来自Anchor 9800控制器的日志

锚上的放射性痕迹

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 
 {wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored

!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS  
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete

{wncd_x_R0-0}{1} [avc-afc] [24229] (info) ReAnchor [client MAC Client-MAC] Client has Anchor role {wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state

锚点上的数据包捕获

在移动切换后，锚点控制器通过移动隧道接收来自外部控制器的DHCP流量。
完成DORA进程后，客户端将进入具有导出锚点角色的RUN状态。从此以后，锚点控制器将作为客户端数据流量的出口点。

Client DHCP Traffic on Anchor Controller Recieved from Foreign Controller 从外部控制器接收的锚点控制器上的客户端DHCP流量

外部和锚点控制器上的客户端状态

Client State on Foreign 外部客户端状态 Client State on Anchor 锚点上的客户端状态

Client Properties on Foreign 外部客户端属性 Client Properties on Anchor 锚点上的客户端属性

采用第3层身份验证的WLAN

本地Web身份验证

外部锚点设置中本地Webauth SSID的流

1.客户端发起到外部WLC通告的SSID的连接。
2.由于未执行第2层身份验证，因此客户端会立即锚定到锚点WLC。客户端在外部WLC上进入RUN状态，其移动角色指定为Export Foreign。
3.客户端获取IP地址并重定向到网页。此流量由锚点控制器处理。
4.成功在门户进行身份验证后，客户端将在锚点WLC上转换为RUN状态，并具有“导出锚点”角色。

外部锚点设置中本地Webauth SSID的客户端连接流程图

通过日志分析外部锚点设置中的本地Webauth SSID流

本部分介绍通过使用外部控制器和锚点控制器上的放射性跟踪（RA跟踪）、嵌入式数据包捕获(EPC)和客户端状态进行本地Web身份验证SSID的客户端连接流程。

来自外部控制器的日志

无线电主动跟踪

!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_LWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_LWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING 
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS

!! L2 Auth : None !!
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS

!! Mobility Handoff Phase !!
 {mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP  {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
 {wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
 {wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD 
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0]) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP ) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP  
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
 {wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN

!! Client AAA Traffic handling !!
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (10452) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (10452) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (10452) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_Foreign -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Guest1 username_len=6
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-pmtu] [18401]: (debug): Peer IP: Anchor-WLC-IP PMTU size is 1006 and calculated additional header length is 76
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (ipv4: Anchor-WLC-IP )
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [17047]: (info): [Client_MAC:capwap_90000003] SM Notified attribute Add/Update username Guest1
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa handoff ack successfully forwarded.

数据包捕获

客户端发送关联请求，由外部控制器处理。

Client Association Phase with Foreign Controller 客户端与外部控制器的关联阶段

移动切换通过端口UDP 16667在外部控制器和锚点控制器之间触发。移动事件成功后，客户端状态将转换为RUN并具有“导出外部”角色。
外部控制器通过CAPWAP隧道接收客户端DHCP流量并将其转发到锚点控制器进行进一步处理。

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility Tunnel 在外部控制器上接收的客户端DHCP流量使用移动隧道转发到锚点控制器

同样，客户端通过CAPWAP隧道将网络连接状态和网页访问检查流量发送到外部WLC;外部WLC使用移动隧道将此流量转发到锚点WLC，锚点控制器在该隧道中拦截或处理流量。

Network Connectivity Status Check on Foreign Controller 外部控制器的网络连接状态检查

Redirect URL Sent to Client 重定向发送到客户端的URL

Client Access to Local Webauth Page to Provide Authentication Details 客户端访问本地Webauth页面以提供身份验证详细信息

来自锚点控制器的日志

无线电主动跟踪

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 
 {wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: IP-Adm-V4-Int-ACL-global, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored


!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS  
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP

!! Local Web Athentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication initiated. LWA 
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Remove IO ctx and close socket, id [1F000051]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Remove IO ctx and close socket, id [86000054]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 Remove IO ctx and close socket, id [4200004C]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52923/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/login.html?redirect=http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 10
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> LOGIN
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth login form, len 8137
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Remove IO ctx and close socket, id [1D000064]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53008/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Remove IO ctx and close socket, id [D1000066]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 Remove IO ctx and close socket, id [77000069]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53020/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53022/235 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]POST rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]get url: /login.html
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 4
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -1526718499,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:4000544] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list 1761615853,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-author] [24229]: (info): [CAAA:AUTHOR:4000544] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv4 intecept ACL via SVM, name IP-Adm-V4-Int-ACL-global, pri 50, IIF 0 
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Authc success from WebAuth, Auth event success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event APPLY_USER_PROFILE (14)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event RX_METHOD_AUTHC_SUCCESS (3)

{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Guest1
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-type 0 1 (0x1)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-service 0 16 (0x10)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : addr 0 0xa693ce2
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Guest1
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Guest1 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Applying IPv4 logout ACL via SVM, name: IP-Adm-V4-LOGOUT-ACL, priority: 51, IIF-ID: 0
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Applying Svc Templ IP-Adm-V4-LOGOUT-ACL (ML:NONE)
{wncd_x_R0-0}{1}: [epm] [24229]: (info): [Client_MAC:mobility_a0000001] Feature (EPM URL PLUG-IN) has been started (status Success)
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Response of epm is SYNC with return code Success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Activated (9) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [24229]: (ERR): authc policy update from SANet vlan 31
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Remove IO ctx and close socket, id [EC00006C]
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] SM will not send event Template Activated to PRE for 0x4000544
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [rog-proxy-capwap] [24229]: (debug): Managed client RUN state notification: Client_MAC
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Client has Anchor role
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Guest client detected. Skip it
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN State !!

数据包捕获

在移动切换后，锚点控制器通过移动隧道接收来自外部控制器的DHCP流量。

Client DHCP Traffic on Anchor Controller Received from Foreign Controller 从外部控制器接收的锚点控制器上的客户端DHCP流量

锚点控制器接收连接检查、网页访问请求和身份验证详细信息以进行进一步处理。

Network Connectivity Status Check on Anchor Controller 锚点控制器上的网络连接状态检查

Redirect URL Sent to Client 重定向发送到客户端的URL

Client Access to Local Webauth Page to Provide Authentication Details 客户端访问本地Webauth页面以提供身份验证详细信息

成功进行本地Web身份验证后，客户端将进入具有导出锚点角色的RUN状态。从此以后，锚点控制器将作为客户端数据流量的出口点。

外部和锚点控制器上的客户端状态

Client State on Foreign 外部客户端状态 Client State on Anchor 锚点上的客户端状态

Client Properties on Foreign 外部客户端属性 Client Properties on Anchor 锚点上的客户端属性

集中Web身份验证

外部锚点设置中集中式Webauth SSID的流程

1.客户端向外部无线局域网控制器(WLC)广播的SSID发送关联请求。
2.外部WLC通过向RADIUS服务器发送访问请求来执行MAC过滤。RADIUS服务器以访问接受响应，包括必要的重定向URL和访问控制列表(ACL)。
3.外部WLC将关联响应发送到客户端。
4.客户端锚定到锚点WLC。客户端在外部WLC上进入RUN状态，移动角色设置为Export Foreign。
5.客户端获取IP地址。在此阶段，锚点WLC处理重定向流量，将客户端定向到身份验证门户。
6.重定向后，客户端将直接与RADIUS服务器通信。此流量通过锚点WLC隧道传输到RADIUS服务器。
7.客户端向RADIUS服务器输入身份验证凭证。身份验证成功后，RADIUS服务器向外部WLC发送授权更改(CoA)请求。
8.外部WLC向RADIUS服务器发送CoA响应。客户端在锚点WLC上转换为RUN状态，角色设置为Export Anchor。
9.所有后续客户端流量通过隧道从外部WLC传输到锚点WLC，从锚点WLC退出网络。

Client Connectivity Flow Diagram for Central Webauth SSID in Foreign-Anchor Setup 外部锚点设置中中心Webauth SSID的客户端连接流程图

通过日志分析外部锚点设置中的中心Webauth SSID流

本部分介绍通过使用外部控制器和锚点控制器上的放射性跟踪（RA跟踪）、嵌入式数据包捕获(EPC)和客户端状态，实现中心Web身份验证SSID的客户端连接流程。

来自外部控制器的日志

无线电主动跟踪

!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_CWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_CWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING

!! MAC Authentication !!
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_MAB_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_MACAUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (note): MAC: Client_MAC MAB Authentication initiated. Policy VLAN 31, AAA override = 1, NAC = 1
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authc_list: DMZ_CWA_Authorization
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authz_list: Not present under wlan configuration
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_MAB_AUTH_START_RESP
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_MAB_AUTH_START_RESP -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_CONTINUE' on (Client_MAC)
{wncd_x_R0-0}{1}: [caaa-author] [17047]: (info): [CAAA:AUTHOR:a30003a6] NULL ATTR LIST

{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/245, len 370
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 14 user-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Password [2] 18 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Service-Type [6] 6 Call Check [10]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 service-type=Call Check
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Framed-MTU [12] 6 1485 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: EAP-Key-Name [102] 2 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=1E4F6B0A000003D247203276
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 18
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 12 method=mab
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 32
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 26 client-iif-id=3556776730
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-IP-Address [4] 6 10.107.79.30 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port [5] 6 141522 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Called-Station-Id [30] 27 called-station-id
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Calling-Station-Id [31] 19 client-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Airespace-WLAN-ID [1] 6 12 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Nas-Identifier [32] 16 ForeignSiteWLC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Received from id 1812/245 10.106.32.130:0, Access-Accept, len 383
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 37
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 31 url-redirect-acl=REDIRECT_ACL
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 191
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 185 url-redirect=https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation

{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB received an Access-Accept for (Client_MAC)
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC Processing MAB authentication result status: 0, CO_AUTH_STATUS_SUCCESS
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_MACAUTH_IN_PROGRESS -> S_CO_ASSOCIATING
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS >> Association Successful 
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_MAB_PENDING -> S_DOT11_ASSOCIATED
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS

!! Mobility Handoff !!
 {mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP  {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
 {wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
 {wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD 
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0]) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP ) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP  
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
 {wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
 {wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN state !!

!! Post Succesful Web authentication, Change of Authorization !!
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Processing CoA request under Command Handler ctx.
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Reauthenticate request (0x5d71d3ad10e8) for Client_MAC
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list -50323943,sm_ctx = 0x80806aad00, num_ipv6 = 1
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB re-authentication started for (Client_MAC)
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Context changing state from 'Authz Success' to 'Running'
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Method mab changing state from 'Authc Success' to 'Running'
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): radius coa proxy relay coa resp(wncd)
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): CoA Response Details
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << ssg-command-code 0 32 >>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << formatted-clid 0 Client_MAC>>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << error-cause 0 1 [Success]>>
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): server:10.107.79.30 cfg_saddr:10.107.79.30 udpport:51304 sport:0, tableid:0iden:2 rad_code:43 msg_auth_rcvd:TRUE coa_resp:ACK
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER] CoA response sent
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Identity preserved: MAC (Client_MAC), ip (0), audit_sid (1E4F6B0A000003D247203276), aaa_session_id (0)
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_REAUTHENTICATE' on (Client_MAC)
{smd_R0-0}{1}: [aaa-coa] [18867]: (info): ++++++ Received CoA response Attribute List ++++++
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS(00000000): Send CoA Ack Response to 10.106.32.130:51304 id 2, len 69
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: authenticator 
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Vendor, Cisco [26] 9
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: ssg-command-code [252] 3 ...
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Calling-Station-Id [31] 16 Client_MAC
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Dynamic-Author-Error-Cause[101] 6 Success [200]
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Message-Authenticator[80] 18 ...
{smd_R0-0}{1}: [aaa-pod] [18867]: (info): CoA response source port = 0, udpport = 51304, 
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list 1627397682,sm_ctx = 0x80806aad00, num_ipv6 = 1

数据包捕获

客户端发送关联请求并执行MAC身份验证，此流量由外部控制器处理。

Client Association Phase on Foreign Controller with Wireless MAB 外部控制器上与无线MAB的客户端关联阶段

移动切换通过端口UDP 16667在外部控制器和锚点控制器之间触发。移动事件成功后，客户端状态将转换为RUN并具有“导出外部”角色。

外部控制器通过CAPWAP隧道接收客户端DHCP流量并将其转发到锚点控制器进行进一步处理。

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility Tunnel 在外部控制器上接收的客户端DHCP流量使用移动隧道转发到锚点控制器

Network Connectivity Status Check on Foreign Controller 外部控制器的网络连接状态检查

Redirect URL Sent to Client 重定向发送到客户端的URL

Client Access to Central Webauth Page to Provide Authentication Details 客户端访问中心Webauth页面以提供身份验证详细信息

外部控制器在中心Web身份验证成功后处理CoA请求。

Change of Authorization (COA) with Foreign Controller 使用外部控制器的授权更改(COA)

来自锚点控制器的日志

无线电主动跟踪

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP 
 {wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_PUSH_START_RESP -> S_AUTHIF_SESSION_PUSH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_SESSION_PUSH_PENDING -> S_AUTHIF_L2_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 1
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MACMMIF FSM transition: S_MA_INIT -> S_MA_ANCHORING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_ANCHOR_REQ_ASSOC_RCVD
{wncd_x_R0-0}{1}: [mm-client] [24229]: (info): MAC: Client_MACRoam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored

!! Central Web Authentication Applied !!

{wncd_x_R0-0}{1}: [webauth-dev] [24229]: (info): Central Webauth URL Redirect, Received a request to create a CWA session for a MAC [d0:37:45:88:25:52]
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]State Invalid State -> INIT
{wncd_x_R0-0}{1}: [epm-redirect] [24229]: (info): [0000.0000.0000:unknown] URL-Redirect = https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: method 0 2 [mab]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: clid-MAC-addr 0 Client_MAC
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: intf-id 0 2415919107 (0x90000003)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: username 0 D0-37-45-88-25-52
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: class 0 43 41 43 53 3a 31 45 34 46 36 42 30 41 30 30 30 30 30 33 44 32 34 37 32 30 33 32 37 36 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 31 38 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect-acl 0 REDIRECT_ACL
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect 0 https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a

!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS  
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.249 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.249 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP


!! Central Web Authentication !!

{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59495/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): Captive bypass: No parameter map associated. Falling on global parameter map
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Remove IO ctx and close socket, id [1200007E]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending export_anchor_rsp of XID (182425) to (ipv4: Foreign-WLC-IP )
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN

数据包捕获

在移动切换后，锚点控制器通过移动隧道接收来自外部控制器的DHCP流量。

Client DHCP traffic on Anchor Controller Recieved from Foreign Controller 从外部控制器接收的锚点控制器上的客户端DHCP流量

锚点控制器接收连接检查、网页访问请求和身份验证详细信息以进行进一步处理。

Network Connectivity Status Check on Anchor Controller 锚点控制器上的网络连接状态检查

Redirect URL Sent to Client 重定向发送到客户端的URL

Client Access to Local Webauth page to Provide Authentication Details 客户端访问本地Webauth页面以提供身份验证详细信息

当中心Web身份验证成功时，将触发授权更改(CoA)。CoA成功后，客户端将转换为具有导出锚点角色的RUN状态。

外部和锚点控制器上的客户端状态

Client State on Foreign 外部客户端状态 Client State on Anchor 锚点上的客户端状态

Client Properties on Foreign 外部客户端属性 Client Properties on Anchor 锚点上的客户端属性

外部Web身份验证

外部锚点设置中的外部Webauth SSID流

1.客户端发起到外部WLC广播的SSID的连接。
2.由于不需要第2层身份验证，因此客户端将锚定到锚点WLC。客户端在外部WLC上转换为RUN状态，移动角色指定为Export Foreign。
3.客户端获取IP地址。锚点WLC会拦截流量并将客户端重定向到Web身份验证参数中定义的外部Web服务器门户。
4.客户端通过门户提交身份验证凭证。这些凭证在WLC上进行本地验证，或通过外部身份验证服务器进行验证，具体取决于配置的安全策略。
5.身份验证成功后，客户端将在锚点WLC上转换到RUN状态，并承担导出锚点角色。
6.身份验证成功后，所有后续客户端流量通过隧道从外部WLC传输到锚点WLC，从锚点WLC流出网络。

Client Connectivity Flow Diagram for External Webauth SSID in Foreign-Anchor Setup 外部锚点设置中外部Webauth SSID的客户端连接流程图

通过日志分析外部锚点设置中的外部Webauth SSID流

本部分介绍通过使用外部和锚点控制器上的放射性跟踪（RA跟踪）、嵌入式数据包捕获(EPC)和客户端状态的外部Web身份验证SSID的客户端连接流程。

来自外部控制器的日志

无线电主动跟踪

!! Client Association Phase !!
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_EWA, Slot 1 AP AP-MAC, AP-NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_EWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS
{wncd_x_R0-1}{1}: [dot11] [17162]: (note): MAC: Client_MAC Association success. AID 1, Roaming = False, WGB = False, 11r = False, 11w = False Fast roam = False
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_ASSOCIATED

!! Layer 2 Authentication None !!
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-auth] [17162]: (note): MAC: Client_MAC L2 Authentication initiated. method WEBAUTH, Policy VLAN 31, AAA override = 0
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRES

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP  {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
 {wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
 {wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD 
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0]) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP ) 
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP  
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
 {wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN

!! Client AAAA Traffic !!
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff base check is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_FOREIGN -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Test321 username_len=7
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (38840) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )

数据包捕获

客户端发送关联请求，由外部控制器处理。

Client Association Phase with Foreign Controller 客户端与外部控制器的关联阶段

Client DHCP Traffic Received on Foreign Controller is Forwarded to Anchor Controller using Mobility Tunnel 在外部控制器上接收的客户端DHCP流量使用移动隧道转发到锚点控制器

Network Connectivity Status Check on Foreign Controller 外部控制器的网络连接状态检查

Redirect URL Sent to Client 重定向发送到客户端的URL

Client Access to External Webauth Page to Provide Authentication Details 客户端访问外部Webauth页面以提供身份验证详细信息

来自锚点控制器的日志

无线电主动跟踪

!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP

!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: WA-v4-int-10.106.32.130-7, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD
 {wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored


!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS 
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS  
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, 
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC 
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.254 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.254 
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn 
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP

!! External Web Authentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62441/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): RX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179 
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): TX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179 
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62480/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62481/239 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [192.0.2.1] url Login URL
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -654303708,sm_ctx = 0x80806adfc8, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:910007e3] NULL ATTR LIST 
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/3, len 418
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Calling-Station-Id [31] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=723C690A000007ED659D99E5
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Framed-IP-Address [8] 6 10.105.60.254 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 12 vlan-id=31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-IP-Address [4] 6 10.105.60.114 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port-Type [61] 6 Virtual [5]
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port [5] 6 0 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Called-Station-Id [30] 27 Called-Station-ID
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Airespace-WLAN-ID [1] 6 7 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Nas-Identifier [32] 12 DMZSiteWLC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Received from id 1812/3 10.106.32.130:0, Access-Accept, len 145
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator 
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation
{wncd_x_R0-0}{1}: [radius] [24229]: (info): Valid Response Packet, Free the identifier
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv4 intecept ACL via SVM, name WA-v4-int-10.106.32.130-7, pri 50, IIF 0 
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Test321
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : class 0 43 41 43 53 3a 37 32 33 43 36 39 30 41 30 30 30 30 30 37 45 44 36 35 39 44 39 39 45 35 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 34 34 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : Message-Authenticator 0 <hidden>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 d0 37 45 88 25 52 
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Test321
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Test321 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Remove IO ctx and close socket, id [4400004C]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN

{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_ANCHOR -> S_MA_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MA_CO_AAA_HANDOFF_RCVD
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (0) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff base check is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [26021]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID 
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID 
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_ANCHOR_WAIT_AAA_HANDOFF_ACK -> S_MC_ANCHOR_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from ipv4: Foreign-WLC-IP

数据包捕获

在移动切换后，锚点控制器通过移动隧道接收来自外部控制器的DHCP流量。

Client DHCP Traffic on Anchor Controller Recieved from Foreign Controller 从外部控制器接收的锚点控制器上的客户端DHCP流量

锚点控制器接收连接检查、网页访问请求和身份验证详细信息以进行进一步处理。

Network Connectivity Status Check on Anchor Controller 锚点控制器上的网络连接状态检查

Redirect URL Sent to Client 重定向发送到客户端的URL

客户端通过门户提交身份验证凭证。这些凭证在WLC上进行本地验证，或通过外部身份验证服务器进行验证，具体取决于配置的安全策略。

Client Access to External Webauth Page to Provide Authentication Details 客户端访问外部Webauth页面以提供身份验证详细信息

外部和锚点控制器上的客户端状态

Client State on Foreign 外部客户端状态 Client State on Anchor 锚点上的客户端状态

Client Properties on Foreign 外部客户端属性 Client Properties on Anchor 锚点上的客户端属性

多个锚点控制器之间的负载均衡

当多个锚点控制器映射到单个WLAN时，流量分配取决于优先级。可以配置三个优先级：小学、中学和高等教育。访客锚点优先级功能提供了在锚点控制器之间分配主用/备用负载的机制。这通过为每个锚点控制器分配固定优先级来实现：负载以轮询方式分配到共享相同优先级值的控制器中的最高优先级控制器。

Mapping Anchor Priority 映射锚点优先级

注意：默认情况下，优先级三级是在外部控制器上的锚点控制器映射期间配置的。

排除外部锚点方案中的客户端连接故障

客户端自注册问题
1. 通道状态:验证外部控制器和锚点控制器之间的移动隧道保持活动状态。
2. 配置不匹配：确保两个控制器之间的配置奇偶校验。WLAN名称、策略配置文件名称或高级设置（例如AAA覆盖、IPv4 DHCP要求和NAC）之间的差异会导致配置文件不匹配或锚点拒绝错误。
3. 其他：如果Tunnel is up without any configuration issue，则故障排除方法类似于正常的客户端连接问题，确保检查处理受影响流量的相应控制器。
间歇性连接
1. 隧道抖动：如果两个控制器之间的keepalive数据包无法到达，隧道将会摆动，使客户端无法保持与SSID的连接。
2. 低带宽:如果移动对等体之间的路径MTU(PMTU)降至较低的值(576)，客户端会经历性能下降。当两个移动对等体之间的路径mtu keepalive消息丢失时，通常会发生这种情况
  
  注意：具有较低移动MAC地址的控制器会启动标准keepalive消息和路径MTU keepalive消息。
特定网站访问问题
1. 移动流量报头包括通过UDP端口16666和16667交换的移动组标识符、MAC地址、IP地址和加密CAPWAP DTLS数据包。此开销会添加到现有的CAPWAP报头。对于TCP流量，如果数据包大小因这种额外开销而超过移动PMTU（最大1385字节），则调整后为AP配置的TCP MSS，则会发生分段。虽然分段通常由网络处理，但如果数据包到达顺序混乱或延迟，则会出现问题。这些情况会影响数据包的重组，并导致特定网站的数据访问失败。

从外部和锚点控制器收集日志

启用term exec prompt timestamp，以便为所有命令提供时间参考。
使用show tech-support wireless !!查看配置。
您可以检查移动隧道状态show wireless mobility summary !!
包括链路状态、客户端数据和事件的移动对等体统计信息、保持连接统计信息show wireless mobility peer ip <IP>
启用移动对等IP/MAC地址和客户端MAC地址的放射性跟踪。
通过CLI: 

debug wireless {MAC | ip} {aaaa.bbbb.cccc | x.x.x.x } {monitor-time} {N seconds} !!设置时间允许我们启用最多24天的跟踪。

no debug wireless {MAC | ip} {aaaa.bbbb.cccc | x.x.x.x !!禁用调试

WLC使用Client_info生成调试跟踪文件，命令检查生成的调试跟踪文件dir bootflash: | i debug !!

警告：条件调试启用调试级别日志记录，从而增加生成的日志量。持续运行条件调试会缩短可以回溯查看的日志的时间范围。因此，建议在故障排除会话结束时始终禁用调试。
要禁用所有调试，请运行以下命令：

# clear platform condition all !!

# undebug all !!
通过GUI:  

步骤1.导航到故障排除>放射性跟踪。

步骤2.单击Add并输入要排除故障的移动对等MAC/IP地址或客户端MAC地址。
步骤3.准备好开始放射性示踪后，单击开始。启动后，调试日志记录会写入磁盘，记录与跟踪的MAC地址相关的任何控制平面处理。
步骤4.重现要排除故障的问题时，单击Stop。
步骤5.对于已调试的每个MAC地址，您可以通过点击Generate来生成log file，该文件整理与该MAC地址相关的所有日志。
第6步：选择想要经过整理的日志文件回溯多长时间，然后点击应用到设备。
步骤7.现在可以通过点击文件名旁边的小图标来下载文件。此文件存在于控制器的引导闪存驱动器中，也可以通过CLI从盒中复制。
嵌入式捕获

 通过CLI:
monitor capture MYCAP clear !!
监控器捕获MYCAP接口Po1和!!
monitor capture MYCAP buffer size 100 !!
monitor capture MYCAP match access-list name !!（如果跟踪WLC之间的移动隧道流量）
monitor capture MYCAP match any/ipv4/ipv6.MAC !!
monitor capture MYCAP start !!
!! 重现
monitor capture MYCAP stop
monitor capture MYCAP export flash:|tftp:|http:.../filename.pcap

 通过GUI:

 步骤1.导航到故障排除>数据包捕获> +添加。
步骤2.定义数据包捕获的名称。最多允许 8 个字符。
步骤3.定义过滤器（如果有）。
步骤4.如果要查看传送到系统CPU并注入回数据平面的流量，请选中Monitor Control Traffic复选框。
第 5 步：定义缓冲区大小，最多允许100 MB。
步骤6.根据需要定义限制(按允许范围1 - 1000000秒的持续时间或按允许范围1 - 100000个数据包的数据包数量)。
步骤7.从左列中的接口列表中选择interface，然后选择箭头将其移动到右列。
步骤8.单击保存并应用到设备。
步骤9.要开始捕获，请选择开始。
第 10 步：可以运行捕获，直至达到所定义的限制。要手动停止捕获，请选择停止。
步骤11.停止后，可使用Export按钮点击选项，通过HTTP或TFTP服务器、FTP服务器、本地系统硬盘或闪存将捕获文件(.pcap)下载到本地桌面。

修订历史记录

版本	发布日期	备注
1.0	22-Jun-2026	初始版本

由思科工程师提供

沙利尼·舒比
技术咨询工程师

此文档是否有帮助?

反馈

联系我们

提交支持案例
(需要思科服务合同)

本文档适用于以下产品

Catalyst 9800 Series Wireless Controllers

了解9800 WLC之间的外部锚点设置中的流量

下载选项

非歧视性语言

关于此翻译

目录

简介

先决条件

要求

使用的组件

外部锚点方案概述

拓扑

采用第2层身份验证的WLAN

配置要求

第2层基于外部锚点的SSID的流

通过日志分析外部锚点设置中的第2层SSID流

来自外部控制器的日志

来自Anchor 9800控制器的日志

外部和锚点控制器上的客户端状态

采用第3层身份验证的WLAN

本地Web身份验证

外部锚点设置中本地Webauth SSID的流

外部锚点设置中本地Webauth SSID的客户端连接流程图

通过日志分析外部锚点设置中的本地Webauth SSID流

来自外部控制器的日志

来自锚点控制器的日志

外部和锚点控制器上的客户端状态

集中Web身份验证

外部锚点设置中集中式Webauth SSID的流程

通过日志分析外部锚点设置中的中心Webauth SSID流

来自外部控制器的日志

来自锚点控制器的日志

外部和锚点控制器上的客户端状态

外部Web身份验证

外部锚点设置中的外部Webauth SSID流

通过日志分析外部锚点设置中的外部Webauth SSID流

来自外部控制器的日志

来自锚点控制器的日志

外部和锚点控制器上的客户端状态

多个锚点控制器之间的负载均衡

排除外部锚点方案中的客户端连接故障

从外部和锚点控制器收集日志

相关信息

修订历史记录

由思科工程师提供

此文档是否有帮助?

联系我们

本文档适用于以下产品