瞭解9800 WLC之間的外部錨點設定中的流量傳輸
目錄
簡介
本檔案介紹Cisco 9800 WLC之間的外部錨點設定中的流量流,範圍涵蓋L2/L3使用者端載入和疑難排解。
必要條件
外部和錨點控制器之間的移動隧道。
兩台WLC之間允許UDP連線埠16666和16667。
為中央交換配置的策略配置檔案。
外部WLC上的行動通道狀態
錨點WLC上的行動通道狀態
需求
思科建議您瞭解以下主題:
- 對無線控制器的命令列介面(CLI)或圖形使用者介面(GUI)訪問
- 思科無線LAN控制器(WLC)上的行動化
- 9800無線控制器
- 9800 WLC上的放射性痕跡和封包擷取
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- 9800型號WLC
- Cisco IOS XE 17.15.5版本
- 9100系列AP型號
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
Foreign-Anchor方案概述
- 外部控制器:此WLC管理網路的第2層或無線端。它有連線到它的存取點,並且錨點WLAN的所有使用者端流量都會封裝到行動通道中並傳送到錨點控制器。流量不會從外部控制器本地退出。
- 錨點控制器:這用作第3層出口點。它透過行動通道從外部控制器接收使用者端流量,並將使用者端流量解除封裝或終止到出口點(VLAN)。 這是網路中客戶端可見的地方。
外部WLC上的接入點廣播WLAN SSID,並分配了將WLAN配置檔案與相應策略配置檔案連結起來的策略標籤。當無線客戶端連線到此SSID時,外部控制器將SSID名稱和策略配置檔案作為客戶端資訊的一部分傳送到錨點WLC。收到資料包後,錨點WLC會檢查自己的配置,以匹配SSID名稱以及策略配置檔名稱。錨點WLC找到相符專案後,會套用對應的組態,並為無線使用者端提供退出點。因此,除了策略配置檔案下的VLAN外,外地和錨點9800 WLC上的WLAN和策略配置檔名稱和配置必須匹配。
拓撲
9800 WLC之間的外部錨點設定
採用第2層驗證的WLAN
配置要求
1.確保外地和錨點WLC上的WLAN名稱和配置相同,並且配置為第2層身份驗證(PSK或802.1x)。
2.在具有相同組態的外部WLC和錨點WLC上建立同名原則設定檔。
3.在外部WLC上,在各自的原則設定檔中設定錨點WLC對應。
4.在錨點WLC上,設定原則設定檔以將控制器指定為匯出錨點。
5.在外部WLC上,使用策略標籤將WLAN對映到相應的策略配置檔案。
基於第2層外部錨點的SSID的流程
1.客戶端發起到外部WLC廣播的SSID的連線。外部WLC執行第2層身份驗證,根據配置的安全策略在本地或通過外部AAA伺服器驗證憑證。
2.成功驗證後,使用者端作業階段會錨定到錨點WLC。為客戶端分配IP地址,並在錨點WLC上轉換為RUN狀態。
3.建立作業階段後,所有使用者端資料流量都會從外部WLC通道傳送到錨點WLC,並在錨點WLC進入網路。
基於第2層外部錨點的WLAN流程圖
通過日誌分析外部錨點設定中的第2層SSID流
本節介紹通過使用外部和錨點控制器上的放射性跟蹤(RA跟蹤)、嵌入式資料包捕獲(EPC)和客戶端狀態的第2層客戶端連線的流程。
來自外部控制器的日誌
放射性痕跡
!! Client Association started !!
[client-orch-sm] Association received. BSSID BSSID-addr, WLAN DMZ_PSK, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_PSK_PP, Switching Central, Socket delay 0ms
[dot11] [17047] (info) MAC Client-MAC dot11 send association response. Sending assoc response of length 137 with resp_status_code 0, DOT11_STATUS DOT11_STATUS_SUCCESS
[dot11] [17047] (info) MAC Client-MAC DOT11 state transition S_DOT11_INIT -> S_DOT11_ASSOCIATED
!! Layer 2 Authentication started !!
[client-orch-state] Client state transition S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
[client-auth] L2 Authentication initiated. method PSK, Policy VLAN 31, AAA override = 0, NAC = 0
[client-keymgmt] EAP key M1 Sent successfully
[client-keymgmt] M2 Status EAP key M2 validation success
[client-keymgmt]EAP key M3 Sent successfully
[client-keymgmt] M4 Status EAP key M4 validation is successful
[client-keymgmt] EAP Key management successful. AKMPSK CipherCCMP WPA Version WPA2 >> !! client succesfully authenticated !!
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state
資料包捕獲
客戶端傳送關聯請求並執行第2層身份驗證,由外部控制器處理。
客戶端關聯+第2層身份驗證流量
通過UDP埠16667觸發外部控制器和錨點控制器之間的移動切換。移動事件成功後,客戶端狀態將轉換為RUN並具有「匯出外部」角色。
外部控制器通過CAPWAP隧道接收客戶端DHCP流量,並將其轉發到錨點控制器進行進一步處理。
使用移動隧道將外部控制器上接收的客戶端DHCP流量轉發到錨點控制器
來自錨點9800控制器的日誌
錨中的放射性痕跡
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP
{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored
!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn
Complete
{wncd_x_R0-0}{1} [avc-afc] [24229] (info) ReAnchor [client MAC Client-MAC] Client has Anchor role {wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> Client went to RUN state
錨點上的資料包捕獲
在移動性切換之後,錨點控制器通過移動隧道接收來自外部控制器的DHCP流量。
完成DORA進程後,客戶端將進入RUN狀態並具有Export Anchor角色。從此以後,錨點控制器將作為客戶端資料流量的出口點。
從外部控制器接收的錨點控制器上的客戶端DHCP流量
外部和錨點控制器上的客戶端狀態
外部客戶端狀態 
錨點上的客戶端狀態
外部客戶端屬性 
錨點上的客戶端屬性
採用第3層驗證的WLAN
本地Web驗證
外部錨點設定中本地Webauth SSID的流程
1.客戶端發起到外部WLC通告的SSID的連線。
2.由於未執行第2層驗證,因此使用者端會立即錨定到錨點WLC。使用者端在外部WLC上進入RUN狀態,其行動角色指定為Export Foreign。
3.客戶端獲取IP地址並將其重定向到網頁。此流量由錨點控制器處理。
4.成功在入口進行身份驗證後,客戶端將在具有匯出錨點角色的錨點WLC上轉換為RUN狀態。
外部錨點設定中本地Webauth SSID的客戶端連線流程圖
通過日誌分析外部錨點設定中的本地Webauth SSID流
本節介紹通過在外部和錨點控制器上使用放射性追蹤(RA追蹤)、嵌入式封包擷取(EPC)和使用者端狀態來建立本地Web驗證SSID的使用者端連線流程。
來自外部控制器的日誌
放射性痕跡
!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_LWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_LWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS
!! L2 Auth : None !!
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
!! Mobility Handoff Phase !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN
!! Client AAA Traffic handling !!
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (10452) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (10452) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (10452) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_Foreign -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Guest1 username_len=6
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (10452) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-pmtu] [18401]: (debug): Peer IP: Anchor-WLC-IP PMTU size is 1006 and calculated additional header length is 76
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (10452) to (ipv4: Anchor-WLC-IP )
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [17047]: (info): [Client_MAC:capwap_90000003] SM Notified attribute Add/Update username Guest1
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa handoff ack successfully forwarded.
封包捕獲
客戶端傳送外部控制器處理的關聯請求。
與外部控制器的客戶端關聯階段
通過埠UDP 16667觸發外部控制器和錨點控制器之間的移動切換。移動事件成功後,客戶端狀態將轉換為RUN並具有「匯出外部」角色。
外部控制器通過CAPWAP隧道接收客戶端DHCP流量,並將其轉發到錨點控制器進行進一步處理。
使用移動隧道將外部控制器上接收的客戶端DHCP流量轉發到錨點控制器
同樣地,使用者端會透過CAPWAP通道將網路連線狀態和網頁存取檢查流量傳送到外部WLC;外部WLC使用行動通道將此轉送到錨點WLC,錨點控制器會在此攔截或處理流量。
外部控制器上的網路連線狀態檢查
重定向傳送到客戶端的URL
使用者端存取本地Webauth頁面以提供驗證詳細資訊
來自錨點控制器的日誌
放射性痕跡
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP
{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: IP-Adm-V4-Int-ACL-global, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored
!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPOFFER, giaddr
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.226, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.226, CMAC Client-MAC
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.226 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.226
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP
!! Local Web Athentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication initiated. LWA
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52911/235 Remove IO ctx and close socket, id [1F000051]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [Resolved IP] url [http://www.connectivity check url/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 8
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52910/195 Remove IO ctx and close socket, id [86000054]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52919/195 Remove IO ctx and close socket, id [4200004C]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52923/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]52924/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in GET_REDIRECT state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/login.html?redirect=http://www.connectivity check url/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 10
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State GET_REDIRECT -> LOGIN
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth login form, len 8137
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53007/195 Remove IO ctx and close socket, id [1D000064]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53008/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse GET, src [10.105.60.226] dst [192.0.2.1] url [https://192.0.2.1:443/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 6
{wncd_x_R0-0}{1}: [webauth-error] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Parse logo GET, File /favicon.ico not found
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 IO state READING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53009/195 Remove IO ctx and close socket, id [D1000066]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53011/195 Remove IO ctx and close socket, id [77000069]
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53020/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53022/235 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]POST rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]get url: /login.html
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Read complete: parse_request return 4
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -1526718499,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:4000544] NULL ATTR LIST
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list 1761615853,sm_ctx = 0x80806a1f10, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-author] [24229]: (info): [CAAA:AUTHOR:4000544] NULL ATTR LIST
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv4 intecept ACL via SVM, name IP-Adm-V4-Int-ACL-global, pri 50, IIF 0
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Deactivated (11) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Authc success from WebAuth, Auth event success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event APPLY_USER_PROFILE (14)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event RX_METHOD_AUTHC_SUCCESS (3)
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Guest1
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-type 0 1 (0x1)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : aaa-author-service 0 16 (0x10)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : addr 0 0xa693ce2
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 Client_MAC
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Guest1
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Guest1 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Applying IPv4 logout ACL via SVM, name: IP-Adm-V4-LOGOUT-ACL, priority: 51, IIF-ID: 0
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Applying Svc Templ IP-Adm-V4-LOGOUT-ACL (ML:NONE)
{wncd_x_R0-0}{1}: [epm] [24229]: (info): [Client_MAC:mobility_a0000001] Feature (EPM URL PLUG-IN) has been started (status Success)
{wncd_x_R0-0}{1}: [svm] [24229]: (info): SVM_INFO: Response of epm is SYNC with return code Success
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raising ext evt Template Activated (9) on this session, client (unknown) (0)
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [24229]: (ERR): authc policy update from SANet vlan 31
{wncd_x_R0-0}{1}: [llbridge-main] [24229]: (debug): MAC: Client_MAC Link-local bridging not enabled for this client, not checking VLAN validity
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.226]53023/195 Remove IO ctx and close socket, id [EC00006C]
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] SM will not send event Template Activated to PRE for 0x4000544
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [rog-proxy-capwap] [24229]: (debug): Managed client RUN state notification: Client_MAC
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Client has Anchor role
{wncd_x_R0-0}{1}: [avc-afc] [24229]: (info): ReAnchor [client MAC: Client_MAC] Guest client detected. Skip it
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN State !!
封包捕獲
在移動性切換之後,錨點控制器通過移動隧道接收來自外部控制器的DHCP流量。
從外部控制器接收的錨點控制器上的客戶端DHCP流量
錨點控制器接收連通性檢查、網頁訪問請求和驗證詳細資訊以進行進一步處理。
錨點控制器上的網路連線狀態檢查
重定向傳送到客戶端的URL
使用者端存取本地Webauth頁面以提供驗證詳細資訊
成功進行本地Web身份驗證後,客戶端將進入RUN狀態並具有Export Anchor角色。從此以後,錨點控制器將作為客戶端資料流量的出口點。
外部和錨點控制器上的客戶端狀態
外部客戶端狀態
錨點上的客戶端狀態
外部客戶端屬性 
錨點上的客戶端屬性
中央 Web 驗證
外錨設定中中央Webauth SSID的流量
1.客戶端傳送由外部無線LAN控制器(WLC)廣播的SSID關聯請求。
2.外部WLC透過向RADIUS伺服器傳送存取要求來執行MAC過濾。RADIUS伺服器使用Access-Accept進行回應,包括必需的重新導向URL和存取控制清單(ACL)。
3.外部WLC將關聯響應傳送到使用者端。
4.使用者端錨定到錨點WLC。使用者端在外部WLC上進入RUN狀態,行動角色設定為Export Foreign。
5.客戶端獲取IP地址。在這個階段,錨點WLC會處理重新導向流量,將使用者端導向驗證入口網站。
6.重定向後,客戶端將直接與RADIUS伺服器通訊。此流量通過錨點WLC通道連線到RADIUS伺服器。
7.客戶端向RADIUS伺服器輸入身份驗證憑證。成功驗證後,RADIUS伺服器會將授權變更(CoA)要求傳送到外部WLC。
8.外部WLC將CoA回應傳送到RADIUS伺服器。客戶端在錨點WLC上轉換為RUN狀態,角色設定為Export Anchor。
9.所有後續的客戶端流量都從外部WLC通過隧道傳輸到錨點WLC,在此它退出網路。
外部錨點設定中中央Webauth SSID的客戶端連線流程圖
通過日誌分析外部錨點設定中的中央Webauth SSID流
本節介紹通過使用外部和錨點控制器上的放射性追蹤(RA追蹤)、嵌入式封包擷取(EPC)和使用者端狀態,中央Web驗證SSID的使用者端連線流程。
來自外部控制器的日誌
放射性痕跡
!! Client Association Phase !!
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_CWA, Slot 1 AP AP_MAC, AP_NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_CWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING
!! MAC Authentication !!
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_MAB_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_MACAUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (note): MAC: Client_MAC MAB Authentication initiated. Policy VLAN 31, AAA override = 1, NAC = 1
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authc_list: DMZ_CWA_Authorization
{wncd_x_R0-0}{1}: [auth-mgr-feat_wireless] [17047]: (info): [Client_MAC:capwap_90000003] - authz_list: Not present under wlan configuration
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_MAB_AUTH_START_RESP
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_MAB_AUTH_START_RESP -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_PENDING
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_CONTINUE' on (Client_MAC)
{wncd_x_R0-0}{1}: [caaa-author] [17047]: (info): [CAAA:AUTHOR:a30003a6] NULL ATTR LIST
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/245, len 370
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 14 user-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Password [2] 18 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Service-Type [6] 6 Call Check [10]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 service-type=Call Check
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Framed-MTU [12] 6 1485
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: EAP-Key-Name [102] 2 *
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=1E4F6B0A000003D247203276
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 18
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 12 method=mab
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 32
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 26 client-iif-id=3556776730
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-IP-Address [4] 6 10.107.79.30
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: NAS-Port [5] 6 141522
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_CWA
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Called-Station-Id [30] 27 called-station-id
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Calling-Station-Id [31] 19 client-MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Airespace-WLAN-ID [1] 6 12
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Nas-Identifier [32] 16 ForeignSiteWLC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Received from id 1812/245 10.106.32.130:0, Access-Accept, len 383
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: authenticator
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: User-Name [1] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 37
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 31 url-redirect-acl=REDIRECT_ACL
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 191
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 185 url-redirect=https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [17047]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB received an Access-Accept for (Client_MAC)
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_PENDING -> S_AUTHIF_MAB_AUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC Processing MAB authentication result status: 0, CO_AUTH_STATUS_SUCCESS
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_MACAUTH_IN_PROGRESS -> S_CO_ASSOCIATING
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS >> Association Successful
{wncd_x_R0-0}{1}: [dot11] [17047]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_MAB_PENDING -> S_DOT11_ASSOCIATED
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_MAB_AUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-0}{1}: [client-orch-sm] [17047]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN >> !! Client went to RUN state !!
!! Post Succesful Web authentication, Change of Authorization !!
{wncd_x_R0-0}{1}: [client-auth] [17047]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_DONE -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Processing CoA request under Command Handler ctx.
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Reauthenticate request (0x5d71d3ad10e8) for Client_MAC
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list -50323943,sm_ctx = 0x80806aad00, num_ipv6 = 1
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] MAB re-authentication started for (Client_MAC)
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Context changing state from 'Authz Success' to 'Running'
{wncd_x_R0-0}{1}: [auth-mgr] [17047]: (info): [Client_MAC:capwap_90000003] Method mab changing state from 'Authc Success' to 'Running'
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): radius coa proxy relay coa resp(wncd)
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): CoA Response Details
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << ssg-command-code 0 32 >>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << formatted-clid 0 Client_MAC>>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [17047]: (info): << error-cause 0 1 [Success]>>
{wncd_x_R0-0}{1}: [aaa-coa] [17047]: (info): server:10.107.79.30 cfg_saddr:10.107.79.30 udpport:51304 sport:0, tableid:0iden:2 rad_code:43 msg_auth_rcvd:TRUE coa_resp:ACK
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER] CoA response sent
{wncd_x_R0-0}{1}: [caaa-ch] [17047]: (info): [CAAA:COMMAND HANDLER:a30003a6] Identity preserved: MAC (Client_MAC), ip (0), audit_sid (1E4F6B0A000003D247203276), aaa_session_id (0)
{wncd_x_R0-0}{1}: [mab] [17047]: (info): [Client_MAC:capwap_90000003] Received event 'MAB_REAUTHENTICATE' on (Client_MAC)
{smd_R0-0}{1}: [aaa-coa] [18867]: (info): ++++++ Received CoA response Attribute List ++++++
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS(00000000): Send CoA Ack Response to 10.106.32.130:51304 id 2, len 69
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: authenticator
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Vendor, Cisco [26] 9
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: ssg-command-code [252] 3 ...
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Calling-Station-Id [31] 16 Client_MAC
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Dynamic-Author-Error-Cause[101] 6 Success [200]
{smd_R0-0}{1}: [radius] [18867]: (info): RADIUS: Message-Authenticator[80] 18 ...
{smd_R0-0}{1}: [aaa-pod] [18867]: (info): CoA response source port = 0, udpport = 51304,
{wncd_x_R0-0}{1}: [sadb-attr] [17047]: (info): Removing ipv6 addresses from the attr list 1627397682,sm_ctx = 0x80806aad00, num_ipv6 = 1
資料包捕獲
客戶端傳送關聯請求並執行MAC身份驗證,此流量由外部控制器處理。
基於無線MAB的外部控制器上的客戶端關聯階段
通過埠UDP 16667觸發外部控制器和錨點控制器之間的移動切換。移動事件成功後,客戶端狀態將轉換為RUN並具有「匯出外部」角色。
外部控制器通過CAPWAP隧道接收客戶端DHCP流量,並將其轉發到錨點控制器進行進一步處理。
使用移動隧道將外部控制器上接收的客戶端DHCP流量轉發到錨點控制器
同樣地,使用者端會透過CAPWAP通道將網路連線狀態和網頁存取檢查流量傳送到外部WLC;外部WLC使用行動通道將此轉送到錨點WLC,錨點控制器會在此攔截或處理流量。
外部控制器上的網路連線狀態檢查
重定向傳送到客戶端的URL
使用者端存取中央Webauth頁面以提供驗證詳細資訊
中央Web驗證成功後,外部控制器會處理CoA請求。
使用外部控制器的授權更改(COA)
來自錨點控制器的日誌
放射性痕跡
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP
{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_PUSH_START_RESP -> S_AUTHIF_SESSION_PUSH_PENDING
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_SESSION_PUSH_PENDING -> S_AUTHIF_L2_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 1
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MACMMIF FSM transition: S_MA_INIT -> S_MA_ANCHORING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_ANCHOR_REQ_ASSOC_RCVD
{wncd_x_R0-0}{1}: [mm-client] [24229]: (info): MAC: Client_MACRoam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored
!! Central Web Authentication Applied !!
{wncd_x_R0-0}{1}: [webauth-dev] [24229]: (info): Central Webauth URL Redirect, Received a request to create a CWA session for a MAC [d0:37:45:88:25:52]
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]State Invalid State -> INIT
{wncd_x_R0-0}{1}: [epm-redirect] [24229]: (info): [0000.0000.0000:unknown] URL-Redirect = https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: method 0 2 [mab]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: clid-MAC-addr 0 Client_MAC
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: intf-id 0 2415919107 (0x90000003)
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: username 0 D0-37-45-88-25-52
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: class 0 43 41 43 53 3a 31 45 34 46 36 42 30 41 30 30 30 30 30 33 44 32 34 37 32 30 33 32 37 36 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 31 38
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect-acl 0 REDIRECT_ACL
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applied User Profile: url-redirect 0 https://10.106.32.130:8443/portal/gateway?sessionId=1E4F6B0A000003D247203276&portal=d06bc251-f644-4fc3-b09f-dae9bd8a86d5&action=cwa&token=5e47010db56b160c902513244337064a
!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPOFFER, giaddr
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.249, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.249, CMAC Client-MAC
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.249 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.249
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP
!! Central Web Authentication !!
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59495/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): Captive bypass: No parameter map associated. Falling on global parameter map
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 10.105.60.249]State GET_REDIRECT -> GET_REDIRECT
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): [Client_MAC][ 10.105.60.249]59494/233 Remove IO ctx and close socket, id [1200007E]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending export_anchor_rsp of XID (182425) to (ipv4: Foreign-WLC-IP )
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN
資料包捕獲
在移動性切換之後,錨點控制器通過移動隧道接收來自外部控制器的DHCP流量。
從外部控制器接收的錨點控制器上的客戶端DHCP流量
錨點控制器接收連通性檢查、網頁訪問請求和驗證詳細資訊以進行進一步處理。
錨點控制器上的網路連線狀態檢查
重定向傳送到客戶端的URL
客戶端訪問本地Webauth頁面以提供身份驗證詳細資訊
當中央Web驗證成功時,會觸發授權變更(CoA)。成功執行CoA後,客戶端將轉換為具有匯出錨點角色的RUN狀態。
外部和錨點控制器上的客戶端狀態
外部客戶端狀態 
錨點上的客戶端狀態
外部客戶端屬性 
錨點上的客戶端屬性
外部Web驗證
外部錨點設定中外部Webauth SSID的流程
1.客戶端發起到外部WLC廣播的SSID的連線。
2.由於不需要第2層驗證,因此使用者端錨定到錨點WLC。使用者端在外部WLC上轉換為RUN狀態,行動角色指定為Export Foreign。
3.客戶端獲取IP地址。錨點WLC會攔截流量,並將使用者端重新導向到外部Web伺服器入口網站(如Web驗證引數中所定義)。
4.客戶端通過門戶提交身份驗證憑證。這些憑證在WLC本機上或透過外部驗證伺服器進行驗證,這取決於已設定的安全原則。
5.身份驗證成功後,客戶端將在錨點WLC上轉換到RUN狀態(假設具有「匯出錨點」角色)。
6.成功驗證後,所有後續使用者端流量都會從外部WLC通道傳送到錨點WLC,後者會在錨點中流出網路。
外部錨點設定中外部Webauth SSID的客戶端連線流程圖
通過日誌分析外部錨點設定中的外部Webauth SSID流
本節介紹通過在外部和錨點控制器上使用放射性追蹤(RA追蹤)、嵌入式封包擷取(EPC)和使用者端狀態來建立外部Web驗證SSID的使用者端連線流程。
來自外部控制器的日誌
放射性痕跡
!! Client Association Phase !!
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Association received. BSSID BSSID_MAC, WLAN DMZ_EWA, Slot 1 AP AP-MAC, AP-NAME, Site tag default-site-tag, Policy tag default-policy-tag, Policy profile DMZ_EWA_PP, Switching Central, Socket delay 0ms
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_INIT -> S_CO_ASSOCIATING
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC dot11 send association response. Sending assoc response of length: 137 with resp_status_code: 0, DOT11_STATUS: DOT11_STATUS_SUCCESS
{wncd_x_R0-1}{1}: [dot11] [17162]: (note): MAC: Client_MAC Association success. AID 1, Roaming = False, WGB = False, 11r = False, 11w = False Fast roam = False
{wncd_x_R0-1}{1}: [dot11] [17162]: (info): MAC: Client_MAC DOT11 state transition: S_DOT11_INIT -> S_DOT11_ASSOCIATED
!! Layer 2 Authentication None !!
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_L2_AUTH_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-auth] [17162]: (note): MAC: Client_MAC L2 Authentication initiated. method WEBAUTH, Policy VLAN 31, AAA override = 0
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-1}{1}: [client-auth] [17162]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_L2_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (debug): MAC: Client_MAC L2 Authentication of station is successful., L3 Authentication : 0
{wncd_x_R0-1}{1}: [client-orch-sm] [17162]: (note): MAC: Client_MAC Mobility discovery triggered. Client mode: Local
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-1}{1}: [client-orch-state] [17162]: (note): MAC: Client_MAC Client state transition: S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRES
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-dgram-io] [18401] (debug) MAC Client-MAC Sending message mobile_announce to group DMZ
{mobilityd_R0-0}{1} [mm-pmtu] [18401] (debug) Peer IP Anchor-WLC-IP {mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending mobile_announce of XID (176280) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] MMFSM transition S_MC_WAIT_ANNOUNCE_RSP -> S_MC_ANNOUNCE_TIMEDOUT_PROCESSED_TR on E_MC_REQUEST_TIMEDOUT from WNCD[0]
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Received mobile_announce_nak, sub type 2 of XID (XID) from (MobilityD[0])
{wncd_x_R0-0}{1} [mm-transition] [17047] (info) MAC Client-MAC MMIF FSM transition S_MA_INIT_WAIT_ANNOUNCE_RSP -> S_MA_NAK_PROCESSED_TR on E_MA_NAK_RCVD
{wncd_x_R0-0}{1} [mm-client] [17047] (debug) MAC Client-MAC Sending export_Anchor_req of XID (XID) to (MobilityD[0])
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (WNCD[0])
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_REQ -> S_MC_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from WNCD[0]
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Request successfully processed.
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Sending export_Anchor_req of XID (176282) to (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Received export_Anchor_rsp, sub type 0 of XID (XID) from (ipv4 Anchor-WLC-IP )
{mobilityd_R0-0}{1} [mm-transition] [18401] (info) MAC Client-MAC MMFSM transition S_MC_WAIT_EXP_ANC_RSP -> S_MC_EXP_ANC_RSP_RCVD_TR on E_MC_EXP_ANC_RSP_RCVD from ipv4 Anchor-WLC-IP
{mobilityd_R0-0}{1} [mm-client] [18401] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{wncd_x_R0-0}{1} [epm-misc] [17047] (info) Anchor Vlan-id 31 processed [mm-client] [17047] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Foreign
[mm-client] Mobility Successful. Roam Type L3 Requested, Sub Roam Type MM_SUB_ROAM_TYPE_NONE, Client IFID 0xa0000004, Client Role Export Foreign >> Client Successfully Anchored
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-orch-sm] [17047] (debug) MAC Client-MAC Received ip learn response. method IPLEARN_METHOD_ROAMING
{wncd_x_R0-0}{1}: [client-orch-state] [17047]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_RUN
!! Client AAAA Traffic !!
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP )
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff base check is VALID
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from ipv4: Anchor-WLC-IP
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (ipv4: Anchor-WLC-IP ) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (38840) from (MobilityD[0])
{wncd_x_R0-0}{1}: [mm-transition] [17047]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_FOREIGN -> S_MA_AAA_HANDOFF_PROCESSED_TR on E_MA_AAA_HANDOFF
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Mobile AAA Handoff update received.
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC Received username=Test321 username_len=7
{wncd_x_R0-0}{1}: [sanet-shim-miscellaneous] [17047]: (info): MAC: Client_MAC IPv6 Client payload is received in aaa handoff
{wncd_x_R0-0}{1}: [mm-client] [17047]: (debug): MAC: Client_MAC Sending aaa_handoff_ack of XID (38840) to (MobilityD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID
{mobilityd_R0-0}{1}: [mm-client] [18401]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID
{mobilityd_R0-0}{1}: [mm-transition] [18401]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [18401]: (info): MAC: Client_MAC Forwarding aaa_handoff_ack, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Anchor-WLC-IP )
資料包捕獲
客戶端傳送外部控制器處理的關聯請求。
與外部控制器的客戶端關聯階段
通過埠UDP 16667觸發外部控制器和錨點控制器之間的移動切換。移動事件成功後,客戶端狀態將轉換為RUN並具有「匯出外部」角色。
外部控制器通過CAPWAP隧道接收客戶端DHCP流量,並將其轉發到錨點控制器進行進一步處理。
使用移動隧道將外部控制器上接收的客戶端DHCP流量轉發到錨點控制器
同樣地,使用者端會透過CAPWAP通道將網路連線狀態和網頁存取檢查流量傳送到外部WLC;外部WLC使用行動通道將此轉送到錨點WLC,錨點控制器會在此攔截或處理流量。
外部控制器上的網路連線狀態檢查
重定向傳送到客戶端的URL
使用者端存取外部Webauth頁面,以提供驗證詳細資訊
來自錨點控制器的日誌
放射性痕跡
!! Mobility Handoff !!
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received mobile_announce, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Received export_Anchor_req, sub type 0 of XID (XID) from (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Number of client is BELOW wlan limit
{mobilityd_R0-0}{1} [mm-transition] [26021] (info) MAC Client-MAC MMFSM transition S_MC_INIT -> S_MC_Anchor_EXP_ANC_REQ_RCVD_TR on E_MC_EXP_ANC_REQ_RCVD from ipv4 Foreign-WLC-IP
!! Session Created for Client !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_ASSOCIATING -> S_CO_CREATE_SM_SESSION_IN_PROGRESS
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_INIT -> S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): [Client_MAC][ 0.0.0.0]Param-map used: global
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 0.0.0.0]Applying IPv4 intercept ACL via SVM, name: WA-v4-int-10.106.32.130-7, priority: 50, IIF-ID: 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_AWAIT_L2_WEBAUTH_START_RESP -> S_AUTHIF_L2_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_CREATE_SM_SESSION_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_INIT -> S_MA_AnchorING_ASSOC_RESP_PROCESSED_TR on E_MA_CO_EXP_Anchor_REQ_ASSOC_RCVD
{wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Roam type changed - None -> L3 Requested
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Export Anchor Response successfully processed.
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Forwarding Anchor Response to Foreign.
{mobilityd_R0-0}{1} [mm-client] [26021] (info) MAC Client-MAC Forwarding export_Anchor_rsp, sub type 0 of XID (XID) from (WNCD[0]) to (ipv4 Foreign-WLC-IP )
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.
{ wncd_x_R0-0}{1} [mm-client] [24229] (info) MAC Client-MAC Mobility role changed - Unassoc -> Export Anchor
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Client is AnchorED.>> Client is successfully Anchored
!! Client DHCP Traffic !!
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
{wncd_x_R0-0}{1} [client-orch-state] [24229] (note) MAC Client-MAC Client state transition S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS {wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_INIT -> S_IPLEARN_IN_PROGRESS
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC {wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPOFFER, giaddr
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST, giaddr 0.0.0.0, yiaddr 0.0.0.0, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface mobility_a0000001 on vlan 31 Src MAC Client-MAC Dst MAC ffff.ffff.ffff src_ip 0.0.0.0, dst_ip 255.255.255.255, BOOTPREQUEST, SISF_DHCPREQUEST,
{wncd_x_R0-0}{1} [sisf-packet] RX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC
{wncd_x_R0-0}{1} [sisf-packet] TX DHCPv4 from interface Tw0/0/1 on vlan 31 Src MAC DHCP-Reply-Source-MAC Dst MAC Client-MAC src_ip 10.105.60.69, dst_ip 10.105.60.254, BOOTPREPLY, SISF_DHCPACK, giaddr 0.0.0.0, yiaddr 10.105.60.254, CMAC Client-MAC
{wncd_x_R0-0}{1} [client-iplearn] [24229] (note) MAC Client-MAC Client IP learn successful. Method DHCP IP 10.105.60.254 {wncd_x_R0-0}{1} [auth-mgr-feat_acct] [24229] (info) [Client-MACmobility_a0000001] SM Notified attribute Add/Update addr 10.105.60.254
{mobilityd_R0-0}{1} [mm-client] [26021] (debug) MAC Client-MAC Sending ipv4_address_update of XID (XID) to (ipv4 Foreign-WLC-IP )
{wncd_x_R0-0}{1} [client-iplearn] [24229] (info) MAC Client-MAC IP-learn state transition S_IPLEARN_IN_PROGRESS -> S_IPLEARN_COMPLETE {wncd_x_R0-0}{1}Received ip learn response. method IPLEARN_METHOD_DHCP >> IP Learn
Complete
{wncd_x_R0-0}{1}: [client-orch-sm] [24229]: (debug): MAC: Client_MAC Received ip learn response. method: IPLEARN_METHOD_DHCP
!! External Web Authentication !!
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L3_AUTH_IN_PROGRESS
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62441/235 IO state NEW -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/redirect]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [Resolved-IP] url [http://Connectivity Check URL/favicon.ico]
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Read complete: parse_request return 9
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> LOGIN
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state READING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62440/233 IO state WRITING -> READING
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): RX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179
{wncd_x_R0-0}{1}: [sisf-packet] [24229]: (info): TX: IPv6 DHCP from intf mobility_a0000001 on vlan 31 Src MAC: Client_MAC Dst MAC: 3333.0001.0002 Ipv6 SRC: fe80::877c:b748:ddc:4fc0, Ipv6 DST: ff02::1:2, type: msg type: DHCPV6_MSG_SOLICIT xid: 12241179
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62480/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62481/239 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state NEW -> SSL_HANDSHAKING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Read event, Message ready
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]GET rcvd when in LOGIN state
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]HTTP GET request
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Parse GET, src [10.105.60.254] dst [192.0.2.1] url Login URL
{wncd_x_R0-0}{1}: [sadb-attr] [24229]: (info): Removing ipv6 addresses from the attr list -654303708,sm_ctx = 0x80806adfc8, num_ipv6 = 1
{wncd_x_R0-0}{1}: [caaa-authen] [24229]: (info): [CAAA:AUTHEN:910007e3] NULL ATTR LIST
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State LOGIN -> AUTHENTICATING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state READING -> AUTHENTICATING
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Send Access-Request to 10.106.32.130:1812 id 0/3, len 418
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Calling-Station-Id [31] 19 Client_MAC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 49
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 43 audit-session-id=723C690A000007ED659D99E5
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Framed-IP-Address [8] 6 10.105.60.254
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 12 vlan-id=31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-IP-Address [4] 6 10.105.60.114
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port-Type [61] 6 Virtual [5]
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: NAS-Port [5] 6 0
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 31
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 25 cisco-wlan-ssid=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 33
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 27 wlan-profile-name=DMZ_EWA
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Called-Station-Id [30] 27 Called-Station-ID
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Airespace [26] 12
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Airespace-WLAN-ID [1] 6 7
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Nas-Identifier [32] 12 DMZSiteWLC
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Started 5 sec timeout
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Received from id 1812/3 10.106.32.130:0, Access-Accept, len 145
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: authenticator
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: User-Name [1] 9 Test321
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Class [25] 56 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Message-Authenticator[80] 18 ...
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Vendor, Cisco [26] 42
{wncd_x_R0-0}{1}: [radius] [24229]: (info): RADIUS: Cisco AVpair [1] 36 profile-name=Windows10-Workstation
{wncd_x_R0-0}{1}: [radius] [24229]: (info): Valid Response Packet, Free the identifier
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHENTICATING -> AUTHC_SUCCESS
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv4 intecept ACL via SVM, name WA-v4-int-10.106.32.130-7, pri 50, IIF 0
{wncd_x_R0-0}{1}: [webauth-acl] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Unapply IPv6 intecept ACL via SVM, name IP-Adm-V6-Int-ACL-global, pri 52, IIF 0
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_PENDING
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : username 0 Test321
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : class 0 43 41 43 53 3a 37 32 33 43 36 39 30 41 30 30 30 30 30 37 45 44 36 35 39 44 39 39 45 35 3a 73 68 63 68 6f 75 62 65 49 53 45 2f 35 32 35 35 35 34 35 32 35 2f 34 34
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : Message-Authenticator 0 <hidden>
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : method 0 1 [webauth]
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : clid-MAC-addr 0 d0 37 45 88 25 52
{wncd_x_R0-0}{1}: [aaa-attr-inf] [24229]: (info): Applying Attribute : intf-id 0 2684354561 (0xa0000001)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr username(450)
{wncd_x_R0-0}{1}: [auth-mgr-feat_acct] [24229]: (info): [Client_MAC:mobility_a0000001] SM Notified attribute Add/Update username Test321
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Received User-Name Test321 for client Client_MAC
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr auth-domain(954)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Method webauth changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Running' to 'Authc Success'
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] auth mgr attr add/change notification is received for attr method(757)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Raised event AUTHZ_SUCCESS (11)
{wncd_x_R0-0}{1}: [auth-mgr] [24229]: (info): [Client_MAC:mobility_a0000001] Context changing state from 'Authc Success' to 'Authz Success'
{wncd_x_R0-0}{1}: [webauth-sess] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Param-map used: External_Webauth
{wncd_x_R0-0}{1}: [webauth-state] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]State AUTHC_SUCCESS -> AUTHZ
{wncd_x_R0-0}{1}: [webauth-page] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]Sending Webauth success page
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state AUTHENTICATING -> WRITING
{wncd_x_R0-0}{1}: [webauth-io] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 IO state WRITING -> END
{wncd_x_R0-0}{1}: [webauth-httpd] [24229]: (info): mobility_a0000001[Client_MAC][ 10.105.60.254]62482/238 Remove IO ctx and close socket, id [4400004C]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (note): MAC: Client_MAC L3 Authentication Successful. ACL:[]
{wncd_x_R0-0}{1}: [client-auth] [24229]: (info): MAC: Client_MAC Client auth-interface state transition: S_AUTHIF_WEBAUTH_PENDING -> S_AUTHIF_WEBAUTH_DONE
{wncd_x_R0-0}{1}: [client-orch-state] [24229]: (note): MAC: Client_MAC Client state transition: S_CO_L3_AUTH_IN_PROGRESS -> S_CO_RUN
{wncd_x_R0-0}{1}: [mm-transition] [24229]: (info): MAC: Client_MAC MMIF FSM transition: S_MA_ANCHOR -> S_MA_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MA_CO_AAA_HANDOFF_RCVD
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff, sub type: 0 of XID (0) from (WNCD[0])
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff base check is VALID
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_RUN -> S_MC_ANCHOR_AAA_HANDOFF_PROCESSED_TR on E_MC_AAA_HANDOFF_RCVD from WNCD[0]
{mobilityd_R0-0}{1}: [mm-client] [26021]: (info): MAC: Client_MAC Forwarding aaa_handoff, sub type: 0 of XID (38840) from (WNCD[0]) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Sending aaa_handoff of XID (38840) to (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff successfully forwarded.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC Received aaa_handoff_ack, sub type: 0 of XID (38840) from (ipv4: Foreign-WLC-IP)
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC AAA Handoff Ack successfully handled.
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack base check is VALID
{mobilityd_R0-0}{1}: [mm-client] [26021]: (debug): MAC: Client_MAC aaa_handoff_ack is VALID
{mobilityd_R0-0}{1}: [mm-transition] [26021]: (info): MAC: Client_MAC MMFSM transition: S_MC_ANCHOR_WAIT_AAA_HANDOFF_ACK -> S_MC_ANCHOR_AAA_HANDOFF_ACK_PROCESSED_TR on E_MC_AAA_HANDOFF_ACK_RCVD from ipv4: Foreign-WLC-IP
資料包捕獲
在移動性切換之後,錨點控制器通過移動隧道接收來自外部控制器的DHCP流量。
從外部控制器接收的錨點控制器上的客戶端DHCP流量
錨點控制器接收連通性檢查、網頁訪問請求和驗證詳細資訊以進行進一步處理。
錨點控制器上的網路連線狀態檢查
重定向傳送到客戶端的URL
客戶端通過門戶提交身份驗證憑證。這些憑證在WLC本機上或透過外部驗證伺服器進行驗證,這取決於已設定的安全原則。
使用者端存取外部Webauth頁面,以提供驗證詳細資訊
外部和錨點控制器上的客戶端狀態
外部客戶端狀態
錨點上的客戶端狀態
外部客戶端屬性
錨點上的客戶端屬性
多個錨點控制器之間的負載平衡
當多個錨點控制器對映到單個WLAN時,流量分配取決於優先順序。可以配置三個優先順序級別:主要、次要和第三級。訪客錨點優先順序功能提供錨點控制器之間主用/備用負載分配的機制。這是通過向每個錨點控制器分配固定優先順序來實現的:負載會分散到最高優先順序的控制器,並在共用相同優先順序值的控制器之間以循環方式分配。
對映錨點優先順序
附註:預設情況下,優先順序三級是在外部控制器上的錨點控制器對映期間配置的。
Foreign-Anchor方案中的客戶端連線故障排除
- 客戶端加入問題
- 通道狀態:驗證外部控制器和錨點控制器之間的移動隧道是否保持活動狀態。
- 配置不匹配:確保兩個控制器之間的配置奇偶校驗。WLAN名稱、策略配置檔名稱或高級設定(例如AAA覆蓋、IPv4 DHCP要求和NAC)中的差異會導致配置檔案不匹配或錨點拒絕錯誤。
- 其他:如果通道處於開啟狀態且沒有任何組態問題,疑難排解方法與正常使用者端連線問題類似,可確保檢查處理受影響流量的對應控制器。
- 間歇性連線
- 通道擺動:如果兩個控制器之間的keepalive資料包未能到達,則通道會抖動,使客戶端無法保持與SSID的連線。
- 低頻寬:如果行動對等點之間的路徑MTU(PMTU)下降到較小的值(576),使用者端會遇到效能下降的情況。當兩個行動對等點之間的路徑mtu keepalive訊息都遺失時,通常會發生這種情況
附註:行動性MAC位址較低的控制器會啟動標準keepalive和路徑MTU keepalive訊息。
- 特定網站訪問問題
- 移動流量報頭包括通過UDP埠16666和16667交換的移動組識別符號、MAC地址、IP地址和加密的CAPWAP DTLS資料包。此開銷會新增到現有的CAPWAP報頭。對於TCP流量,如果由於此額外開銷導致資料包大小超過移動PMTU(最大1385位元組),則調整後為AP配置的TCP MSS,則會進行分段。雖然分段通常由網路處理,但如果資料包到達順序混亂或延遲,則會出現問題。這些情況會影響資料包的重組,並導致特定網站的資料可訪問性失敗。
從外部和錨點控制器收集日誌
- 啟用term exec prompt timestamp,以便對所有命令進行時間引用。
- 使用show tech-support wireless !!檢視配置。
- 您可以檢查行動通道狀態show wireless mobility summary !!
- 包括鏈路狀態、客戶端資料和事件的移動對等體統計資訊、保持活動統計資訊show wireless mobility peer ip <IP>
- 為移動對等IP/MAC地址和客戶端MAC地址啟用放射性跟蹤。
通過CLI:
debug wireless {MAC | ip} {aaaa.bbb.cccc | x.x.x.x } {monitor-time} {N seconds} !!設定時間允許我們啟用最多24天的跟蹤。
no debug wireless {MAC | ip} {aaaa.bbb.cccc | x.x.x.x !!禁用調試
WLC使用Client_info生成調試跟蹤檔案,並命令檢查生成的調試跟蹤檔案dir bootflash: | i debug !!
警告:條件調試啟用調試級別日誌記錄,從而增加生成的日誌量。保持此運行可減少檢視日誌的時間間隔。因此,建議在故障排除會話結束時始終禁用調試。
-
要禁用所有調試,請運行以下命令:
# clear platform condition all !!
# undebug all !!
通過GUI:步驟1.導覽至Troubleshooting > Radiative Trace。
步驟2.按一下Add,然後輸入您要疑難排解的行動化對等MAC/IP位址或使用者端MAC位址。
步驟3.準備好開始放射性示蹤後,按一下開始。啟動後,調試日誌記錄會寫入磁碟,記錄與跟蹤的MAC地址相關的任何控制平面處理。
步驟4.重現要診斷的問題時,按一下Stop。
步驟5.對於已調試的每個MAC地址,您可以通過按一下Generate生成一個日誌檔案,該檔案整理與該MAC地址相關的所有日誌。
步驟6.選擇想要整理日誌檔案的回溯時間,然後按一下Apply to Device。
步驟7.現在,您可以按一下檔案名稱旁邊的小圖示來下載檔案。此檔案存在於控制器的啟動快閃記憶體驅動器中,也可以通過CLI從盒中複製出來。 - 嵌入式捕獲
通過CLI:
monitor capture MYCAP clear !!
監控擷取MYCAP介面Po1 both !!
monitor capture MYCAP buffer size 100 !!
monitor capture MYCAP match access-list name !! (如果跟蹤WLC之間的行動通道流量)
monitor capture MYCAP match any/ipv4/ipv6.MAC !!
monitor capture MYCAP start !!
!!複製
監視器捕獲MYCAP停止
monitor capture MYCAP export flash:|tftp:|http:.../filename.pcap
通過GUI:
步驟1.導覽至Troubleshooting > Packet Capture > +Add。
步驟2.定義資料包捕獲的名稱。最多允許8個字元。
步驟3.定義過濾器(如果有)。
步驟4.如果要檢視發往系統CPU並注入回資料平面的流量,請選中以監視控制流量框。
步驟5.定義緩衝區大小。最多允許100 MB。
步驟6.根據需要定義限制(按允許範圍1 - 1000000秒的持續時間或按允許範圍1 - 100000個資料包的資料包數量)。
步驟7.從左欄中的介面清單中選擇interface,然後選擇箭頭將其移至右欄。
步驟8.按一下「Save and Apply to Device」。
步驟9.要開始捕獲,請選擇開始。
步驟10.您可以讓捕獲運行到定義的限制。要手動停止捕獲,請選擇停止。
步驟11.停止後,可以使用Export按鈕按一下此選項以通過HTTP或TFTP伺服器、FTP伺服器、本地系統硬碟或快閃記憶體將捕獲檔案(.pcap)下載到本地案頭。
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
22-Jun-2026
|
初始版本 |
意見