In diesem Dokument werden die Vorteile der Verwendung von Wi-Fi Protected Access 2 (WPA2) in einem WLAN erläutert. Das Dokument enthält zwei Konfigurationsbeispiele für die Implementierung von WPA2 in einem WLAN:
Cisco empfiehlt, über Kenntnisse in folgenden Bereichen zu verfügen:
Die Informationen in diesem Dokument basieren auf den folgenden Software- und Hardwareversionen:
Die Informationen in diesem Dokument wurden von den Geräten in einer bestimmten Laborumgebung erstellt. Alle in diesem Dokument verwendeten Geräte haben mit einer leeren (Standard-)Konfiguration begonnen. Wenn Ihr Netzwerk in Betrieb ist, stellen Sie sicher, dass Sie die potenziellen Auswirkungen eines Befehls verstehen.
In dieser Abbildung wird das Netzwerkdiagramm angezeigt:
Abbildung 1: Netzwerkdiagramm
In diesem Beispiel wird das Verfahren beschrieben, mit dem die Befehlszeilenschnittstelle (CLI) zum Konfigurieren von DHCP-Snooping für die für Clients verwendeten VLANs verwendet wird.
VLAN20 wird für Clients verwendet, und der Pool wird auf demselben WLC konfiguriert. Das TenGigabitEthernet1/0/1 des Cisco 5700 WLC ist mit dem Uplink-Switch verbunden. Wenn der DHCP-Server auf dem Server außerhalb des WLC oder auf einem externen DHCP-Server konfiguriert ist, müssen Sie DHCP-Snooping- und Relay-Informationen vertrauen.
ip device tracking
ip dhcp snooping vlan 12,20,30,40
ip dhcp snooping
!
ip dhcp pool vlan20
network 20.20.20.0 255.255.255.0
default-router 20.20.20.1
interface Vlan20
ip address 20.20.20.1 255.255.255.0
interface TenGigabitEthernet1/0/1
switchport trunk native vlan 12
switchport mode trunk
ip dhcp relay information trusted
ip dhcp snooping trust
wlan wpa2psk 1 wpa2psk
client vlan 20
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 Cisco123
no shutdown
Beispiel
security wpa akm psk set-key ascii 0 "Cisco 123"
Gehen Sie wie folgt vor, um ein WPA2-PSK in der WLC-GUI zu konfigurieren:
Dies ist ein Beispiel für die Verwendung der CLI, um DHCP-Snooping für die VLANs zu konfigurieren, die für Clients verwendet werden. In diesem Beispiel wird VLAN20 für Clients verwendet. Der Pool wird auf demselben WLC konfiguriert.
TenGigabitEthernet1/0/1 des 5760 WLC ist mit dem Uplink-Switch verbunden. Wenn der DHCP-Server auf dem Server außerhalb des WLC oder auf einem externen DHCP-Server konfiguriert ist, müssen Sie den DHCP-Snooping- und Relay-Informationen vertrauen.
ip device tracking
ip dhcp snooping vlan 12,20,30,40
ip dhcp snooping
!
ip dhcp pool vlan20
network 20.20.20.0 255.255.255.0
default-router 20.20.20.1
interface Vlan20
ip address 20.20.20.1 255.255.255.0
interface TenGigabitEthernet1/0/1
switchport trunk native vlan 12
switchport mode trunk
ip dhcp relay information trusted
ip dhcp snooping trust
wlan open 5 open
client vlan VLAN0020
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
session-timeout 1800
no shutdown
In diesem Verfahren wird beschrieben, wie die offene Authentifizierung in der WLC-GUI konfiguriert wird:
In diesem Abschnitt überprüfen Sie, ob Ihre Konfiguration ordnungsgemäß funktioniert.
Bestätigen Sie, dass der WPA2-PSK-Client verbunden ist:
Bestätigen Sie, dass der Client mit einer offenen Authentifizierung verbunden ist:
Dieser Abschnitt enthält Informationen zur Fehlerbehebung in Ihrer Konfiguration.
Dies ist ein Beispiel für die Ausgabe von nützlichen Debug- und Ablaufverfolgungsbefehlen:
debug client mac XXXX.XXXX.XXXX
Controller#sh debugging
Nova Platform:
dot11/state debugging is on
pem/events debugging is on
client/mac-addr debugging is on
dot11/detail debugging is on
mac/ filters[string 0021.5c8c.c761] debugging is on
dot11/error debugging is on
dot11/mobile debugging is on
pem/state debugging is on
set trace group-wireless-client filter mac XXXX.XXXX.XXXX
set trace wcm-dot1x event filter mac XXXX.XXXX.XXXX
set trace wcm-dot1x aaa filter mac XXXX.XXXX.XXXX
set trace aaa wireless events filter mac XXXX.XXXX.XXXX
set trace access-session core sm filter mac XXXX.XXXX.XXXX
set trace access-session method dot1x filter XXXX.XXXX.XXXX
*Sep 1 05:55:01.321: 0021.5C8C.C761 Association received from mobile on AP
C8F9.F983.4260 1 wcm: i.D^Iw for client
*Sep 1 05:55:01.321: 0021.5C8C.C761 qos upstream policy is unknown and
downstream policy is unknown 1 wcm: r client
*Sep 1 05:55:01.321: 0021.5C8C.C761 apChanged 0 wlanChanged 1 mscb ipAddr
20.20.20.3, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: nJ^Iwy_status 0
attr len^G$8\227v^K
*Sep 1 05:55:01.321: 0021.5C8C.C761 Applying WLAN policy on MSCB. 1 wcm:
ipAddr 20.20.20.3, apf RadiusOverride 0x0, numIPv6Addr=0
*Sep 1 05:55:01.321: 0021.5C8C.C761 Scheduling deletion of Mobile Station: 1
wcm: (callerId: 50) in 1 seconds
*Sep 1 05:55:01.321: 0021.5C8C.C761 Disconnecting client due to switch of
WLANs from 6(wep) to 5(open) 1 wcm:
*Sep 1 05:55:02.193: 0021.5C8C.C761 apfMsExpireCallback (apf_ms.c: 1 wcm: 664)
Expiring Mobile!
*Sep 1 05:55:02.193: 0021.5C8C.C761 apfMsExpireMobileStation (apf_ms.c: 1 wcm:
6953) Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260 from
Associated to Disassociated
*Sep 1 05:55:02.193: 0021.5C8C.C761 Sent Deauthenticate to mobile on BSSID
C8F9.F983.4260 slot 1(caller apf_ms.c: 1 wcm: 7036)
*Sep 1 05:55:02.193: 0021.5C8C.C761 apfMsExpireMobileStation (apf_ms.c: 1 wcm:
7092) Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260 from
Disassociated to Idle
*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) Deleted mobile LWAPP
rule on AP [ C8F9.F983.4260 ] 1 wcm: 5C8C.C761 on AP C8F9.F983.4260 from
Disassociated to Idle
*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) FastSSID for the
client [ C8F9.F983.4260 ] NOTENABLED 1 wcm: C.C761 on AP C8F9.F983.4260
from Disassociated to Idle
*Sep 1 05:55:02.193: 0021.5C8C.C761 Incrementing the Reassociation Count 1 for
client (of interface VLAN0020) 1 wcm: D
*Sep 1 05:55:02.193: 0021.5C8C.C761 Clearing Address 20.20.20.3 on mobile 1
wcm: for client (of interface VLAN0020)
*Sep 1 05:55:02.193: PEM recv processing msg Del SCB(4) 1 wcm: 0.20.3 on
mobile
*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) Skipping TMP rule
add 1 wcm: lient (of interface VLAN0020)
*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) Change state to
DHCP_REQD (7) last state RUN (20) 1 wcm:
*Sep 1 05:55:02.193: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0x8959800000004a, bssid
C8F9.F983.4260
*Sep 1 05:55:02.193: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.193: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Suppressing SPI
(client pending deletion) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep 1 05:55:02.193: 0021.5C8C.C761 Sending SPI spi_epm_epm_terminate_session
successfull 1 wcm: pemstate 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep 1 05:55:02.194: 0021.5C8C.C761 Sending SPI spi_epm_epm_terminate_session
successfull 1 wcm: pemstate 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep 1 05:55:02.194: 0021.5C8C.C761 Deleting wireless client; Reason code 0,
Preset 1, AAA cause 1 1 wcm: 7 state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep 1 05:55:02.194: 0021.5C8C.C761 WCDB_DEL: 1 wcm: Successfully sent
*Sep 1 05:55:02.194: 0021.5C8C.C761 Expiring mobile state delete 1 wcm: on
code 0, Preset 1, AAA cause 1
*Sep 1 05:55:02.194: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) Handling pemDelScb
Event skipping delete 1 wcm: state LEARN_IP(2) vlan 20 client_id
0xac70800000004b mob=Local(1) ackflag 2 dropd 0, delete 1
*Sep 1 05:55:02.197: 0021.5C8C.C761 WCDB SPI response msg handler client code
1 mob state 1 1 wcm: g delete
*Sep 1 05:55:02.197: 0021.5C8C.C761 apfProcessWcdbClientDelete: 1 wcm: Delete
ACK from WCDB.
*Sep 1 05:55:02.197: 0021.5C8C.C761 WCDB_DELACK: 1 wcm: wcdbAckRecvdFlag
updated
*Sep 1 05:55:02.197: 0021.5C8C.C761 WCDB_DELACK: 1 wcm: Client IIF Id dealloc
SUCCESS w/ 0xac70800000004b.
*Sep 1 05:55:02.197: 0021.5C8C.C761 Invoked platform delete and cleared handle
1 wcm: w/ 0xac70800000004b.
*Sep 1 05:55:02.197: 0021.5C8C.C761 Deleting mobile on AP C8F9.F983.4260 (1)
1 wcm: w/ 0xac70800000004b.
*Sep 1 05:55:02.197: 0021.5C8C.C761 Unlinked and freed mscb 1 wcm:
8F9.F983.4260 (1)
*Sep 1 05:55:02.197: WCDB_IIF: 1 wcm: Ack Message ID: 0xac70800000004b code
1003
*Sep 1 05:55:02.379: 0021.5C8C.C761 Adding mobile on LWAPP AP C8F9.F983.4260
(1) 1 wcm: xac7080000.D^Iwb.
*Sep 1 05:55:02.379: 0021.5C8C.C761 Creating WL station entry for client -
rc 0 1 wcm:
*Sep 1 05:55:02.379: 0021.5C8C.C761 Association received from mobile on AP
C8F9.F983.4260 1 wcm: 0.D^Iwb.
*Sep 1 05:55:02.379: 0021.5C8C.C761 qos upstream policy is unknown and
downstream policy is unknown 1 wcm:
*Sep 1 05:55:02.379: 0021.5C8C.C761 apChanged 0 wlanChanged 0 mscb ipAddr
0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: \2105HnJ^Iwlient_id
0xac708000^G$8\227v^K
*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying WLAN policy on MSCB. 1 wcm:
ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying WLAN ACL policies to client 1
wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0
*Sep 1 05:55:02.379: 0021.5C8C.C761 No Interface ACL used for Wireless client
in WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0
*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying site-specific IPv6 override for
station 0021.5C8C.C761 - vapId 5, site 'default-group', interface
'VLAN0020' 1 wcm:
*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying local bridging Interface Policy
for station 0021.5C8C.C761 - vlan 20, interface 'VLAN0020' 1 wcm: erface
'VLAN0020'
*Sep 1 05:55:02.379: 0021.5C8C.C761 STA - rates (8): 1 wcm:
140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0
*Sep 1 05:55:02.379: 0021.5C8C.C761 new capwap_wtp_iif_id b6818000000038,
sm capwap_wtp_iif_id 0 1 wcm: 8C.C761 - vlan 20, interface 'VLAN0020'
*Sep 1 05:55:02.379: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Radio IIFID
0xbfcdc00000003a, BSSID IIF Id 0xbb30c000000046, COS 4
*Sep 1 05:55:02.379: Load Balancer: 1 wcm: Success, Resource allocated are:
Active Switch number: 1, Active Asic number : 0, Reserve Switch number 0
Reserve Asic number 0. AP Asic num 0
*Sep 1 05:55:02.379: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Anchor Sw 1, Doppler 0
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ALLOCATE: 1 wcm: Client IIF Id alloc
SUCCESS w/ client 8e7bc00000004d (state 0).
*Sep 1 05:55:02.380: 0021.5C8C.C761 iifid Clearing Ack flag 1 wcm: F Id alloc
SUCCESS w/ client 8e7bc00000004d (state 0).
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Cleaering Ack flag
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: ssid open bssid
C8F9.F983.4260 vlan 20 auth=ASSOCIATION(0) wlan(ap-group/global) 5/5
client 0 assoc 1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src
0xb6818000000038 dst 0x0 cid 0x8e7bc00000004d glob rsc id 14dhcpsrv
0.0.0.0 ty
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: mscb iifid
0x8e7bc00000004d msinfo iifid 0x0
*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 START (0) Initializing policy 1
wcm: info iifid 0x0
*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 START (0) Change state to
AUTHCHECK (2) last state AUTHCHECK (2) 1 wcm: -group/global) 5/5 client 0
assoc 1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src 0xb6818000000038
dst 0x0 cid 0x8e7bc00000004d glob rsc id 14dhcpsrv 0.0.0.0 ty
*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 AUTHCHECK (2) Change state to
L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4) 1 wcm: 5/5 client 0 assoc
1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src 0xb6818000000038 dst 0x0
cid 0x8e7bc00000004d glob rsc id 14dhcpsrv 0.0.0.0 ty
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_LLM: 1 wcm: NoRun Prev Mob 0, Curr
Mob 0 llmReq 1, return False
*Sep 1 05:55:02.380: 0021.5C8C.C761 auth state 1 mob state 0 setWme 0 wme 1
roam_sent 0 1 wcm: rn False
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: auth=L2_AUTH(1) vlan
20 radio 1 client_id 0x8e7bc00000004d mobility=Unassoc(0) src_int
0xb6818000000038 dst_int 0x0 ackflag 0 reassoc_client 0 llm_notif 0 ip
0.0.0.0 ip_learn_type UNKNOWN
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: In L2 auth but l2ack
waiting lfag not set,so set
*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Not
required on AP C8F9.F983.4260 vapId 5 apVapId 5for this client 1 wcm:
6818000000038 dst_int 0x0 ackflag 0 reassoc_client 0 llm_notif 0 i$=6v.0.0.0
it^_Dv^\7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^ r^D6H>&5v^D6Ht^M^Lw^\7H8^ r
*Sep 1 05:55:02.380: WCDB_IIF: 1 wcm: Ack Message ID: 0x8e7bc00000004d code
1001
*Sep 1 05:55:02.380: 0021.5C8C.C761 Not Using WMM Compliance code qosCap 00 1
wcm: quired on AP C8F9.F983.4260 vapId 5 apVapId 5for this client
*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed
mobile LWAPP rule on AP C8F9.F983.4260 vapId 5 apVapId 5 1 wcm: client
*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 L2AUTHCOMPLETE (4) Change state
to DHCP_REQD (7) last state DHCP_REQD (7) 1 wcm: apVapId 5
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Suppressing SPI
(Mobility state not known) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Unassoc(0) ackflag 1 dropd 0
*Sep 1 05:55:02.380: 0021.5C8C.C761 Incrementing the Reassociation Count 1 for
client (of interface VLAN0020) 1 wcm: EARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Unassoc(0) ackflag 1 dropd 0
*Sep 1 05:55:02.380: 0021.5C8C.C761 apfPemAddUser2 (apf_policy.c: 1 wcm: 161)
Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260 from Idle
to Associated
*Sep 1 05:55:02.380: 0021.5C8C.C761 Scheduling deletion of Mobile Station: 1
wcm: (callerId: 49) in 1800 seconds
*Sep 1 05:55:02.380: 0021.5C8C.C761 Ms Timeout = 1800, Session Timeout = 1800
1 wcm: llerId: 49) in 1800 seconds
*Sep 1 05:55:02.381: 0021.5C8C.C761 Sending Assoc Response to station on BSSID
C8F9.F983.4260 (status 0) ApVapId 5 Slot 1 1 wcm: .F983.4260 from Idle to
Associated
*Sep 1 05:55:02.381: 0021.5C8C.C761 apfProcessAssocReq (apf_80211.c: 1 wcm:
5260) Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260
from Associated to Associated
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2:
1 wcm: MOBILITY-INCOMPLETE with state 7.
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2:
1 wcm: MOBILITY-INCOMPLETE with state 7.
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2:
1 wcm: MOBILITY-COMPLETE with state 7.
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) State Update from
Mobility-Incomplete to Mobility-Complete, mobility role=Local, client
state=APF_MS_STATE_ASSOCIATED 1 wcm: 1 dropd 0
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2
3611, Adding TMP rule 1 wcm: o Mobility-Complete, mobility role=Local,
client state=APF_MS_STATE_ASSOCIATED
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) Adding Fast Path
rule on AP C8F9.F983.4260 , slot 1 802.1P = 0 1 wcm: role=Local, client
state=APF_MS_STATE_ASSOCIATED
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) Successfully
plumbed mobile rule 1 wcm: F9.F983.4260 , slot 1 802.1P = 0^M
*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_LLM: 1 wcm: NoRun Prev Mob 0, Curr
Mob 1 llmReq 1, return False
*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Suppressing SPI (ACK
message not recvd) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep 1 05:55:02.381: 0021.5C8C.C761 Error updating wcdb on mobility complete
1 wcm: not recvd) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep 1 05:55:02.381: PEM recv processing msg Epm spi response(12) 1 wcm:
complete
*Sep 1 05:55:02.381: 0021.5C8C.C761 aaa attribute list length is 79 1 wcm:
complete
*Sep 1 05:55:02.381: 0021.5C8C.C761 Sending SPI spi_epm_epm_session_create
successfull 1 wcm: ) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep 1 05:55:02.381: PEM recv processing msg Add SCB(3) 1 wcm:
pm_session_create successfull
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0, auth_state 7 mmRole Local !!! 1
wcm: successfull
*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0, auth_state 7 mmRole Local,
updating wcdb not needed 1 wcm: 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep 1 05:55:02.381: 0021.5C8C.C761 Tclas Plumb needed: 1 wcm: 0
*Sep 1 05:55:02.384: EPM: 1 wcm: Session create resp - client handle
8e7bc00000004d session b8000020
*Sep 1 05:55:02.384: EPM: 1 wcm: Netflow session create resp - client handle
8e7bc00000004d sess b8000020
*Sep 1 05:55:02.384: PEM recv processing msg Epm spi response(12) 1 wcm:
le 8e7bc00000004d sess b8000020
*Sep 1 05:55:02.384: 0021.5C8C.C761 Received session_create_response for
client handle 40105511256850509 1 wcm: LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep 1 05:55:02.384: 0021.5C8C.C761 Received session_create_response with EPM
session handle 3087007776 1 wcm:
*Sep 1 05:55:02.384: 0021.5C8C.C761 Send request to EPM 1 wcm: ate_response
with EPM session handle 3087007776
*Sep 1 05:55:02.384: 0021.5C8C.C761 aaa attribute list length is 5 1 wcm: e
with EPM session handle 3087007776
*Sep 1 05:55:02.384: 0021.5C8C.C761 Sending Activate request for session
handle 3087007776 successful 1 wcm: 6
*Sep 1 05:55:02.384: 0021.5C8C.C761 Post-auth policy request sent! Now wait
for post-auth policy ACK from EPM 1 wcm: N_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1
*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB SPI response msg handler client code
0 mob state 0 1 wcm: licy ACK from EPM
*Sep 1 05:55:02.384: 0021.5C8C.C761 WcdbClientUpdate: 1 wcm: L2 Auth ACK from
WCDB
*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_L2ACK: 1 wcm: wcdbAckRecvdFlag
updated
*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_LLM: 1 wcm: NoRun Prev Mob 0, Curr
Mob 1 llmReq 1, return False
*Sep 1 05:55:02.385: 0021.5C8C.C761 auth state 2 mob state 1 setWme 0 wme 1
roam_sent 0 1 wcm: rn False
*Sep 1 05:55:02.385: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: auth=LEARN_IP(2) vlan
20 radio 1 client_id 0x8e7bc00000004d mobility=Local(1) src_int
0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip
0.0.0.0 ip_learn_type UNKNOWN
*Sep 1 05:55:02.385: EPM: 1 wcm: Init feature, client handle 8e7bc00000004d
session b8000020 authz ec00000e
*Sep 1 05:55:02.385: EPM: 1 wcm: Activate feature client handle
8e7bc00000004d sess b8000020 authz ec00000e
*Sep 1 05:55:02.385: PEM recv processing msg Epm spi response(12) 1 wcm: 004d
sess b8000020 authz ec00000e
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received activate_features_resp for client
handle 40105511256850509 1 wcm: 004d mobility=Local(1) src_int
0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0
ip$=6v0.0.0 ipt^_Dv^\7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^
r^D6H>&5v^D6Ht^M^Lw^\7H8^ r
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received activate_features_resp for EPM
session handle 3087007776 1 wcm: 9
*Sep 1 05:55:02.385: EPM: 1 wcm: Policy enforcement - client handle
8e7bc00000004d session 2800000e authz ec00000e
*Sep 1 05:55:02.385: EPM: 1 wcm: Netflow policy enforcement - client handle
8e7bc00000004d sess 2800000e authz ec00000e msg_type 0 policy_status 0 attr
len 0
*Sep 1 05:55:02.385: PEM recv processing msg Epm spi response(12) 1 wcm: e
8e7bc00000004d sess 2800000e authz ec00000e msg_type 0 policy_status 0 attr
len 0
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received policy_enforcement_response for
client handle 40105511256850509 1 wcm: 00e msg_type 0 policy_status 0 attr
len 0
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received policy_enforcement_response for
EPM session handle 671088654 1 wcm: 09
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received response for
_EPM_SPI_ACTIVATE_FEATURES request sent for client 1 wcm: 00e msg_type 0
policy_status 0 attr len 0
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received _EPM_SPI_STATUS_SUCCESS for
request sent for client 1 wcm: for client
*Sep 1 05:55:02.385: 0021.5C8C.C761 Post-auth policy ACK recvd from EPM, unset
flag on MSCB 1 wcm: ient
*Sep 1 05:55:02.400: 0021.5C8C.C761 WCDB_IP_BIND: 1 wcm: w/ IPv4 20.20.20.3
ip_learn_type DHCP add_delete 1,options_length 0
*Sep 1 05:55:02.400: 0021.5C8C.C761 WcdbClientUpdate: 1 wcm: IP Binding from
WCDB ip_learn_type 1, add_or_delete 1
*Sep 1 05:55:02.400: 0021.5C8C.C761 IPv4 Addr: 1 wcm: 20:20:20:3
*Sep 1 05:55:02.400: 0021.5C8C.C761 MS got the IP, resetting the Reassociation
Count 0 for client 1 wcm: _delete 1
*Sep 1 05:55:02.400: 0021.5C8C.C761 20.20.20.3 DHCP_REQD (7) Change state to
RUN (20) last state RUN (20) 1 wcm: length 0
*Sep 1 05:55:02.400: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20
Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssid
C8F9.F983.4260
*Sep 1 05:55:02.400: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0
*Sep 1 05:55:02.401: 0021.5C8C.C761 WCDB_LLM: 1 wcm: prev Mob state 1 curr
Mob State 1 llReq flag 0
*Sep 1 05:55:02.401: 0021.5C8C.C761 auth state 4 mob state 1 setWme 0 wme 1
roam_sent 0 1 wcm: g 0
*Sep 1 05:55:02.401: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: auth=RUN(4) vlan 20
radio 1 client_id 0x8e7bc00000004d mobility=Local(1) src_int
0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip
20.20.20.3 ip_learn_type DHCP
*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3 RUN (20) Reached
PLUMBFASTPATH: 1 wcm: from line 4430
*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3 RUN (20) Replacing Fast Path
rule on AP C8F9.F983.4260 , slot 1 802.1P = 0
1 wcm: 0xb6818000000038 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip
20.$=6v0.3 ip_lt^_Dv^\7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^
r^D6H>&5v^D6Ht^M^Lw^\7H8^ r
*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3 RUN (20) Successfully plumbed
mobile rule 1 wcm: C8F9.F983.4260 , slot 1 802.1P = 0^M
*Sep 1 05:55:02.401: 0021.5C8C.C761
Sending IPv4 update to Controller 10.105.135.176 1 wcm: e
*Sep 1 05:55:02.401: 0021.5C8C.C761 Assigning Address 20.20.20.3 to mobile 1
wcm: 05.135.176
*Sep 1 05:55:02.401: PEM recv processing msg Add SCB(3) 1 wcm: 20.20.3 to
mobile
*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3, auth_state 20 mmRole Local !!!
1 wcm: 135.176
*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3, auth_state 20 mmRole Local,
updating wcdb not needed 1 wcm: 3.4260 , slot 1 802.1P = 0^M
*Sep 1 05:55:02.401: 0021.5C8C.C761 Tclas Plumb needed: 1 wcm: 0
*Sep 1 05:55:20.083: 0021.5C8C.C761
Client stats update: 1 wcm: Time now in sec 1378014920, Last Acct Msg Sent at
1378014902 sec
Überarbeitung | Veröffentlichungsdatum | Kommentare |
---|---|---|
1.0 |
05-Nov-2015 |
Erstveröffentlichung |