2024年2月18日发(作者:)
WPA2-PSK 和开放式身份验证(以思科 5760WLC 配置为例)
目录简介先决条件要求使用的组件配置网络图使用 CLI 进行 WPA2-PSK 配置使用 GUI 进行 WPA2-PSK 配置使用 CLI 进行开放式身份验证配置使用 GUI 进行开放式身份验证配置验证故障排除简介本文档介绍在无线局域网 (WLAN) 中使用 Wi-FiProtected Access 2 (WPA2) 的优势。 本文档提供两个在 WLAN 上实施 WPA2 的配置示例:q配置 WPA2 预共享密钥 (PSK)q开放式身份验证配置先决条件要求Cisco 建议您了解以下主题:q无线保护访问 (WPA)qWLAN 安全解决方案使用的组件本文档中的信息基于以下软件和硬件版本:q思科 5700 系列无线局域网控制器 (WLC) 与思科 IOS® XE 软件版本 3.3
Cisco Aironet 3600 系列轻型接入点Microsoft Windows 7 本地无线请求方本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。qq配置注意:使用命令查找工具(仅限注册用户)可获取有关本部分所使用命令的详细信息。网络图此图显示了网络图:图 1. 网络图
使用 CLI 进行 WPA2-PSK 配置本示例描述了使用命令行界面 (CLI) 为用于客户端的 VLAN 配置 DHCP 探听的过程。VLAN20用于客户端,池配置在同一WLC上。Cisco 5700 WLC的TenGigabitEthernet1/0/1连接到上行链路交换机。如果在 WLC 之外的服务器上或外部 DHCP 服务器上配置了 DHCP 服务器,则必须信任 DHCP 探听和中继信息。ip device trackingip dhcp snooping vlan 12,20,30,40ip dhcp snooping!ip dhcp pool vlan20 network 20.20.20.0 255.255.255.0 default-router 20.20.20.1interface Vlan20 ip address 20.20.20.1 255.255.255.0interface TenGigabitEthernet1/0/1 switchport trunk native vlan 12 switchport mode trunk ip dhcp relay information trusted ip dhcp snooping trustwlan wpa2psk 1 wpa2psk client vlan 20 no security wpa akm dot1x security wpa akm psk set-key ascii 0 Cisco123 no shutdown注意:如果您的配置在 PSK 密码中包含空格,请使用“密码 PSK”格式。 如果还使用 GUI 进行配置,则应使用相同的格式。示例security wpa akm psk set-key ascii 0 "Cisco 123"使用 GUI 进行 WPA2-PSK 配置完成以下步骤以在 WLC GUI 中配置 WPA2 PSK:1.导航到配置 > 无线> WLAN> WLANs,并创建新的 WLAN:
2.启用 WPA2,并将其映射到所需接口:3.点击安全选项卡,选中 WPA2 策略复选框,然后选择 AES 作为 WPA2 加密。在身份验证密钥管理下拉列表中,选择 PSK。输入客户端将使用的 PSK 以进行连接:
使用 CLI 进行开放式身份验证配置这是如何使用 CLI 为用于客户端的 VLAN 配置 DHCP 探听的示例;在本示例中,VLAN20 用于客户端。池在同一 WLC 上配置。5760 WLC 的 TenGigabitEthernet1/0/1 连接到上行链路交换机。如果在 WLC 之外的服务器上或外部 DHCP 服务器上配置了 DHCP 服务器,则必须信任 DHCP 探听和中继信息。ip device trackingip dhcp snooping vlan 12,20,30,40ip dhcp snooping!ip dhcp pool vlan20 network 20.20.20.0 255.255.255.0 default-router 20.20.20.1interface Vlan20 ip address 20.20.20.1 255.255.255.0interface TenGigabitEthernet1/0/1 switchport trunk native vlan 12 switchport mode trunk
ip dhcp relay information trusted ip dhcp snooping trustwlan open 5 open client vlan VLAN0020 no security wpa no security wpa akm dot1x no security wpa wpa2 no security wpa wpa2 ciphers aes session-timeout 1800 no shutdown使用 GUI 进行开放式身份验证配置本程序介绍如何在 WLC GUI 中配置开放式身份验证:1.导航到配置 > 无线> WLAN> WLANs,并创建新的 WLAN:2.单击“Security”选项卡。在第 2 层选项卡和第 3 层选项卡上,将所有内容都设置为 none。这是配置结果的示例:验证使用本部分可确认配置能否正常运行。确认 WPA2-PSK 客户端已连接:
确认客户端已连接到开放式身份验证:
故障排除本部分提供的信息可用于对配置进行故障排除。注意:命令输出解释程序工具(仅限注册用户)支持某些 show 命令。使用输出解释器工具来查看show 命令输出的分析。
使用 debug 命令之前,请参阅有关 Debug 命令的重要信息。这是有用的调试和跟踪命令的输出示例:debug client mac ntroller#sh debuggingNova Platform: dot11/state debugging is on pem/events debugging is on client/mac-addr debugging is on dot11/detail debugging is on mac/ filters[string 0021.5c8c.c761] debugging is on dot11/error debugging is on dot11/mobile debugging is on pem/state debugging is onset trace group-wireless-client filter mac t trace wcm-dot1x event filter mac t trace wcm-dot1x aaa filter mac t trace aaa wireless events filter mac t trace access-session core sm filter mac t trace access-session method dot1x filter *Sep 1 05:55:01.321: 0021.5C8C.C761 Association received from mobile on AP
C8F9.F983.4260 1 wcm: i.D^Iw for client*Sep 1 05:55:01.321: 0021.5C8C.C761 qos upstream policy is unknown anddownstream policy is unknown 1 wcm: r client*Sep 1 05:55:01.321: 0021.5C8C.C761 apChanged 0 wlanChanged 1 mscb ipAddr20.20.20.3, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: •nJ^Iwy_status 0attr len^G$8227v^K*Sep 1 05:55:01.321: 0021.5C8C.C761 Applying WLAN policy on MSCB. 1 wcm:
ipAddr 20.20.20.3, apf RadiusOverride 0x0, numIPv6Addr=0*Sep 1 05:55:01.321: 0021.5C8C.C761 Scheduling deletion of Mobile Station: 1wcm: (callerId: 50) in 1 seconds*Sep 1 05:55:01.321: 0021.5C8C.C761 Disconnecting client due to switch ofWLANs from 6(wep) to 5(open) 1 wcm:*Sep 1 05:55:02.193: 0021.5C8C.C761 apfMsExpireCallback (apf_ms.c: 1 wcm: 664)Expiring Mobile!*Sep 1 05:55:02.193: 0021.5C8C.C761 apfMsExpireMobileStation (apf_ms.c: 1 wcm:6953) Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260 fromAssociated to Disassociated*Sep 1 05:55:02.193: 0021.5C8C.C761 Sent Deauthenticate to mobile on BSSID
C8F9.F983.4260 slot 1(caller apf_ms.c: 1 wcm: 7036)*Sep 1 05:55:02.193: 0021.5C8C.C761 apfMsExpireMobileStation (apf_ms.c: 1 wcm:7092) Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260 fromDisassociated to Idle*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) Deleted mobile LWAPPrule on AP [ C8F9.F983.4260 ] 1 wcm: 5C8C.C761 on AP C8F9.F983.4260 fromDisassociated to Idle*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) FastSSID for theclient [ C8F9.F983.4260 ] NOTENABLED 1 wcm: C.C761 on AP C8F9.F983.4260
from Disassociated to Idle*Sep 1 05:55:02.193: 0021.5C8C.C761 Incrementing the Reassociation Count 1 forclient (of interface VLAN0020) 1 wcm: D*Sep 1 05:55:02.193: 0021.5C8C.C761 Clearing Address 20.20.20.3 on mobile 1wcm: for client (of interface VLAN0020)*Sep 1 05:55:02.193: PEM recv processing msg Del SCB(4) 1 wcm: 0.20.3 onmobile*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) Skipping TMP ruleadd 1 wcm: lient (of interface VLAN0020)
*Sep 1 05:55:02.193: 0021.5C8C.C761 20.20.20.3 RUN (20) Change state toDHCP_REQD (7) last state RUN (20) 1 wcm:*Sep 1 05:55:02.193: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20Radio iif id 0xbfcdc00000003a bssid iif id 0x8959800000004a, bssidC8F9.F983.4260*Sep 1 05:55:02.193: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.193: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Suppressing SPI(client pending deletion) pemstate 7 state LEARN_IP(2) vlan 20 client_id0xac7b mob=Local(1) ackflag 2 dropd 0, delete 1*Sep 1 05:55:02.193: 0021.5C8C.C761 Sending SPI spi_epm_epm_terminate_sessionsuccessfull 1 wcm: pemstate 7 state LEARN_IP(2) vlan 20 client_id0xac7b mob=Local(1) ackflag 2 dropd 0, delete 1*Sep 1 05:55:02.194: 0021.5C8C.C761 Sending SPI spi_epm_epm_terminate_sessionsuccessfull 1 wcm: pemstate 7 state LEARN_IP(2) vlan 20 client_id0xac7b mob=Local(1) ackflag 2 dropd 0, delete 1*Sep 1 05:55:02.194: 0021.5C8C.C761 Deleting wireless client; Reason code 0,Preset 1, AAA cause 1 1 wcm: 7 state LEARN_IP(2) vlan 20 client_id0xac7b mob=Local(1) ackflag 2 dropd 0, delete 1*Sep 1 05:55:02.194: 0021.5C8C.C761 WCDB_DEL: 1 wcm: Successfully sent*Sep 1 05:55:02.194: 0021.5C8C.C761 Expiring mobile state delete 1 wcm: oncode 0, Preset 1, AAA cause 1*Sep 1 05:55:02.194: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) Handling pemDelScbEvent skipping delete 1 wcm: state LEARN_IP(2) vlan 20 client_id0xac7b mob=Local(1) ackflag 2 dropd 0, delete 1*Sep 1 05:55:02.197: 0021.5C8C.C761 WCDB SPI response msg handler client code1 mob state 1 1 wcm: g delete*Sep 1 05:55:02.197: 0021.5C8C.C761 apfProcessWcdbClientDelete: 1 wcm: DeleteACK from WCDB.*Sep 1 05:55:02.197: 0021.5C8C.C761 WCDB_DELACK: 1 wcm: wcdbAckRecvdFlagupdated*Sep 1 05:55:02.197: 0021.5C8C.C761 WCDB_DELACK: 1 wcm: Client IIF Id deallocSUCCESS w/ 0xac7b.*Sep 1 05:55:02.197: 0021.5C8C.C761 Invoked platform delete and cleared handle1 wcm: w/ 0xac7b.*Sep 1 05:55:02.197: 0021.5C8C.C761 Deleting mobile on AP C8F9.F983.4260 (1)1 wcm: w/ 0xac7b.*Sep 1 05:55:02.197: 0021.5C8C.C761 Unlinked and freed mscb 1 wcm:8F9.F983.4260 (1)*Sep 1 05:55:02.197: WCDB_IIF: 1 wcm: Ack Message ID: 0xac7b code1003*Sep 1 05:55:02.379: 0021.5C8C.C761 Adding mobile on LWAPP AP C8F9.F983.4260(1) 1 wcm: xac7080000.D^Iwb.*Sep 1 05:55:02.379: 0021.5C8C.C761 Creating WL station entry for client -
rc 0 1 wcm:*Sep 1 05:55:02.379: 0021.5C8C.C761 Association received from mobile on AP
C8F9.F983.4260 1 wcm: 0.D^Iwb.*Sep 1 05:55:02.379: 0021.5C8C.C761 qos upstream policy is unknown anddownstream policy is unknown 1 wcm:*Sep 1 05:55:02.379: 0021.5C8C.C761 apChanged 0 wlanChanged 0 mscb ipAddr0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0 1 wcm: 2105H•nJ^Iwlient_id0xac708000^G$8227v^K*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying WLAN policy on MSCB. 1 wcm:
ipAddr 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying WLAN ACL policies to client 1wcm: 0.0.0.0, apf RadiusOverride 0x0, numIPv6Addr=0*Sep 1 05:55:02.379: 0021.5C8C.C761 No Interface ACL used for Wireless clientin WCM(NGWC) 1 wcm: usOverride 0x0, numIPv6Addr=0*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying site-specific IPv6 override forstation 0021.5C8C.C761 - vapId 5, site 'default-group', interface'VLAN0020' 1 wcm:*Sep 1 05:55:02.379: 0021.5C8C.C761 Applying local bridging Interface Policyfor station 0021.5C8C.C761 - vlan 20, interface 'VLAN0020' 1 wcm: erface'VLAN0020'*Sep 1 05:55:02.379: 0021.5C8C.C761 STA - rates (8): 1 wcm:
140 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0*Sep 1 05:55:02.379: 0021.5C8C.C761 new capwap_wtp_iif_id b68,sm capwap_wtp_iif_id 0 1 wcm: 8C.C761 - vlan 20, interface 'VLAN0020'*Sep 1 05:55:02.379: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Radio IIFID0xbfcdc00000003a, BSSID IIF Id 0xbb30c000000046, COS 4*Sep 1 05:55:02.379: Load Balancer: 1 wcm: Success, Resource allocated are:Active Switch number: 1, Active Asic number : 0, Reserve Switch number 0Reserve Asic number 0. AP Asic num 0*Sep 1 05:55:02.379: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Anchor Sw 1, Doppler 0*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ALLOCATE: 1 wcm: Client IIF Id allocSUCCESS w/ client 8e7bc00000004d (state 0).*Sep 1 05:55:02.380: 0021.5C8C.C761 iifid Clearing Ack flag 1 wcm: F Id allocSUCCESS w/ client 8e7bc00000004d (state 0).*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: Cleaering Ack flag*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: ssid open bssidC8F9.F983.4260 vlan 20 auth=ASSOCIATION(0) wlan(ap-group/global) 5/5client 0 assoc 1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src0xb68 dst 0x0 cid 0x8e7bc00000004d glob rsc id 14dhcpsrv
0.0.0.0 ty*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_ADD: 1 wcm: mscb iifid0x8e7bc00000004d msinfo iifid 0x0*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 START (0) Initializing policy 1wcm: info iifid 0x0*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 START (0) Change state toAUTHCHECK (2) last state AUTHCHECK (2) 1 wcm: -group/global) 5/5 client 0assoc 1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src 0xb68dst 0x0 cid 0x8e7bc00000004d glob rsc id 14dhcpsrv 0.0.0.0 ty*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 AUTHCHECK (2) Change state toL2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4) 1 wcm: 5/5 client 0 assoc1 mob=Unassoc(0) radio 1 m_vlan 20 ip 0.0.0.0 src 0xb68 dst 0x0cid 0x8e7bc00000004d glob rsc id 14dhcpsrv 0.0.0.0 ty*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssidC8F9.F983.4260*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_LLM: 1 wcm: NoRun Prev Mob 0, CurrMob 0 llmReq 1, return False*Sep 1 05:55:02.380: 0021.5C8C.C761 auth state 1 mob state 0 setWme 0 wme 1roam_sent 0 1 wcm: rn False*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: auth=L2_AUTH(1) vlan20 radio 1 client_id 0x8e7bc00000004d mobility=Unassoc(0) src_int0xb68 dst_int 0x0 ackflag 0 reassoc_client 0 llm_notif 0 ip
0.0.0.0 ip_learn_type UNKNOWN*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: In L2 auth but l2ackwaiting lfag not set,so set*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 L2AUTHCOMPLETE (4) DHCP Notrequired on AP C8F9.F983.4260 vapId 5 apVapId 5for this client 1 wcm:68 dst_int 0x0 ackflag 0 reassoc_client 0 llm_notif 0 i$=6v.0.0.0it^_Dv^7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^ r^D6H>&5v^D6Ht^M^Lw^7H8^ r*Sep 1 05:55:02.380: WCDB_IIF: 1 wcm: Ack Message ID: 0x8e7bc00000004d code1001*Sep 1 05:55:02.380: 0021.5C8C.C761 Not Using WMM Compliance code qosCap 00 1wcm: quired on AP C8F9.F983.4260 vapId 5 apVapId 5for this client*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 L2AUTHCOMPLETE (4) Plumbedmobile LWAPP rule on AP C8F9.F983.4260 vapId 5 apVapId 5 1 wcm: client*Sep 1 05:55:02.380: 0021.5C8C.C761 0.0.0.0 L2AUTHCOMPLETE (4) Change stateto DHCP_REQD (7) last state DHCP_REQD (7) 1 wcm: apVapId 5*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssidC8F9.F983.4260*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.380: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Suppressing SPI(Mobility state not known) pemstate 7 state LEARN_IP(2) vlan 20 client_id
0x8e7bc00000004d mob=Unassoc(0) ackflag 1 dropd 0*Sep 1 05:55:02.380: 0021.5C8C.C761 Incrementing the Reassociation Count 1 forclient (of interface VLAN0020) 1 wcm: EARN_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Unassoc(0) ackflag 1 dropd 0*Sep 1 05:55:02.380: 0021.5C8C.C761 apfPemAddUser2 (apf_policy.c: 1 wcm: 161)Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260 from Idleto Associated*Sep 1 05:55:02.380: 0021.5C8C.C761 Scheduling deletion of Mobile Station: 1wcm: (callerId: 49) in 1800 seconds*Sep 1 05:55:02.380: 0021.5C8C.C761 Ms Timeout = 1800, Session Timeout = 18001 wcm: llerId: 49) in 1800 seconds*Sep 1 05:55:02.381: 0021.5C8C.C761 Sending Assoc Response to station on BSSIDC8F9.F983.4260 (status 0) ApVapId 5 Slot 1 1 wcm: .F983.4260 from Idle toAssociated*Sep 1 05:55:02.381: 0021.5C8C.C761 apfProcessAssocReq (apf_80211.c: 1 wcm:5260) Changing state for mobile 0021.5C8C.C761 on AP C8F9.F983.4260
from Associated to Associated*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2:1 wcm: MOBILITY-INCOMPLETE with state 7.*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2:1 wcm: MOBILITY-INCOMPLETE with state 7.*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState2:1 wcm: MOBILITY-COMPLETE with state 7.*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) State Update fromMobility-Incomplete to Mobility-Complete, mobility role=Local, clientstate=APF_MS_STATE_ASSOCIATED 1 wcm: 1 dropd 0*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) pemAdvanceState23611, Adding TMP rule 1 wcm: o Mobility-Complete, mobility role=Local,client state=APF_MS_STATE_ASSOCIATED*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) Adding Fast Pathrule on AP C8F9.F983.4260 , slot 1 802.1P = 0 1 wcm: role=Local, clientstate=APF_MS_STATE_ASSOCIATED*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0 DHCP_REQD (7) Successfullyplumbed mobile rule 1 wcm: F9.F983.4260 , slot 1 802.1P = 0^M*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssidC8F9.F983.4260*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_LLM: 1 wcm: NoRun Prev Mob 0, CurrMob 1 llmReq 1, return False*Sep 1 05:55:02.381: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Suppressing SPI (ACKmessage not recvd) pemstate 7 state LEARN_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1*Sep 1 05:55:02.381: 0021.5C8C.C761 Error updating wcdb on mobility complete
1 wcm: not recvd) pemstate 7 state LEARN_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1*Sep 1 05:55:02.381: PEM recv processing msg Epm spi response(12) 1 wcm:
complete*Sep 1 05:55:02.381: 0021.5C8C.C761 aaa attribute list length is 79 1 wcm:complete*Sep 1 05:55:02.381: 0021.5C8C.C761 Sending SPI spi_epm_epm_session_createsuccessfull 1 wcm: ) pemstate 7 state LEARN_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1*Sep 1 05:55:02.381: PEM recv processing msg Add SCB(3) 1 wcm:pm_session_create successfull*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0, auth_state 7 mmRole Local 1wcm: successfull*Sep 1 05:55:02.381: 0021.5C8C.C761 0.0.0.0, auth_state 7 mmRole Local,updating wcdb not needed 1 wcm: 7 state LEARN_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1*Sep 1 05:55:02.381: 0021.5C8C.C761 Tclas Plumb needed: 1 wcm: 0*Sep 1 05:55:02.384: EPM: 1 wcm: Session create resp - client handle8e7bc00000004d session b8000020*Sep 1 05:55:02.384: EPM: 1 wcm: Netflow session create resp - client handle
8e7bc00000004d sess b8000020*Sep 1 05:55:02.384: PEM recv processing msg Epm spi response(12) 1 wcm:le 8e7bc00000004d sess b8000020*Sep 1 05:55:02.384: 0021.5C8C.C761 Received session_create_response forclient handle 40509 1 wcm: LEARN_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1*Sep 1 05:55:02.384: 0021.5C8C.C761 Received session_create_response with EPMsession handle 3087007776 1 wcm:*Sep 1 05:55:02.384: 0021.5C8C.C761 Send request to EPM 1 wcm: ate_responsewith EPM session handle 3087007776*Sep 1 05:55:02.384: 0021.5C8C.C761 aaa attribute list length is 5 1 wcm: ewith EPM session handle 3087007776*Sep 1 05:55:02.384: 0021.5C8C.C761 Sending Activate request for sessionhandle 3087007776 successful 1 wcm: 6*Sep 1 05:55:02.384: 0021.5C8C.C761 Post-auth policy request sent! Now waitfor post-auth policy ACK from EPM 1 wcm: N_IP(2) vlan 20 client_id0x8e7bc00000004d mob=Local(1) ackflag 1 dropd 1*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB SPI response msg handler client code0 mob state 0 1 wcm: licy ACK from EPM*Sep 1 05:55:02.384: 0021.5C8C.C761 WcdbClientUpdate: 1 wcm: L2 Auth ACK fromWCDB*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_L2ACK: 1 wcm: wcdbAckRecvdFlagupdated*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssidC8F9.F983.4260*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.384: 0021.5C8C.C761 WCDB_LLM: 1 wcm: NoRun Prev Mob 0, CurrMob 1 llmReq 1, return False*Sep 1 05:55:02.385: 0021.5C8C.C761 auth state 2 mob state 1 setWme 0 wme 1roam_sent 0 1 wcm: rn False*Sep 1 05:55:02.385: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: auth=LEARN_IP(2) vlan20 radio 1 client_id 0x8e7bc00000004d mobility=Local(1) src_int0xb68 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip
0.0.0.0 ip_learn_type UNKNOWN*Sep 1 05:55:02.385: EPM: 1 wcm: Init feature, client handle 8e7bc00000004dsession b8000020 authz ec00000e*Sep 1 05:55:02.385: EPM: 1 wcm: Activate feature client handle8e7bc00000004d sess b8000020 authz ec00000e*Sep 1 05:55:02.385: PEM recv processing msg Epm spi response(12) 1 wcm: 004dsess b8000020 authz ec00000e*Sep 1 05:55:02.385: 0021.5C8C.C761 Received activate_features_resp for clienthandle 40509 1 wcm: 004d mobility=Local(1) src_int0xb68 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0ip$=6v0.0.0 ipt^_Dv^7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^r^D6H>&5v^D6Ht^M^Lw^7H8^ r*Sep 1 05:55:02.385: 0021.5C8C.C761 Received activate_features_resp for EPMsession handle 3087007776 1 wcm: 9*Sep 1 05:55:02.385: EPM: 1 wcm: Policy enforcement - client handle8e7bc00000004d session 2800000e authz ec00000e*Sep 1 05:55:02.385: EPM: 1 wcm: Netflow policy enforcement - client handle8e7bc00000004d sess 2800000e authz ec00000e msg_type 0 policy_status 0 attrlen 0*Sep 1 05:55:02.385: PEM recv processing msg Epm spi response(12) 1 wcm: e8e7bc00000004d sess 2800000e authz ec00000e msg_type 0 policy_status 0 attrlen 0*Sep 1 05:55:02.385: 0021.5C8C.C761 Received policy_enforcement_response forclient handle 40509 1 wcm: 00e msg_type 0 policy_status 0 attrlen 0*Sep 1 05:55:02.385: 0021.5C8C.C761 Received policy_enforcement_response forEPM session handle 671088654 1 wcm: 09*Sep 1 05:55:02.385: 0021.5C8C.C761 Received response for_EPM_SPI_ACTIVATE_FEATURES request sent for client 1 wcm: 00e msg_type 0policy_status 0 attr len 0
*Sep 1 05:55:02.385: 0021.5C8C.C761 Received _EPM_SPI_STATUS_SUCCESS forrequest sent for client 1 wcm: for client*Sep 1 05:55:02.385: 0021.5C8C.C761 Post-auth policy ACK recvd from EPM, unsetflag on MSCB 1 wcm: ient*Sep 1 05:55:02.400: 0021.5C8C.C761 WCDB_IP_BIND: 1 wcm: w/ IPv4 20.20.20.3ip_learn_type DHCP add_delete 1,options_length 0*Sep 1 05:55:02.400: 0021.5C8C.C761 WcdbClientUpdate: 1 wcm: IP Binding fromWCDB ip_learn_type 1, add_or_delete 1*Sep 1 05:55:02.400: 0021.5C8C.C761 IPv4 Addr: 1 wcm: 20:20:20:3*Sep 1 05:55:02.400: 0021.5C8C.C761 MS got the IP, resetting the ReassociationCount 0 for client 1 wcm: _delete 1*Sep 1 05:55:02.400: 0021.5C8C.C761 20.20.20.3 DHCP_REQD (7) Change state toRUN (20) last state RUN (20) 1 wcm: length 0*Sep 1 05:55:02.400: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: Client 1 m_vlan 20Radio iif id 0xbfcdc00000003a bssid iif id 0xbb30c000000046, bssidC8F9.F983.4260*Sep 1 05:55:02.400: 0021.5C8C.C761 WCDB_AUTH: 1 wcm: Adding opt82 len 0*Sep 1 05:55:02.401: 0021.5C8C.C761 WCDB_LLM: 1 wcm: prev Mob state 1 currMob State 1 llReq flag 0*Sep 1 05:55:02.401: 0021.5C8C.C761 auth state 4 mob state 1 setWme 0 wme 1roam_sent 0 1 wcm: g 0*Sep 1 05:55:02.401: 0021.5C8C.C761 WCDB_CHANGE: 1 wcm: auth=RUN(4) vlan 20radio 1 client_id 0x8e7bc00000004d mobility=Local(1) src_int0xb68 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip
20.20.20.3 ip_learn_type DHCP*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3 RUN (20) ReachedPLUMBFASTPATH: 1 wcm: from line 4430*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3 RUN (20) Replacing Fast Pathrule on AP C8F9.F983.4260 , slot 1 802.1P = 0 1 wcm: 0xb68 dst_int 0x0 ackflag 2 reassoc_client 0 llm_notif 0 ip20.$=6v0.3 ip_lt^_Dv^7HnP6v^D6Hl5Ht^_Dv$6H8^ r^D6H>&5v8^r^D6H>&5v^D6Ht^M^Lw^7H8^ r*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3 RUN (20) Successfully plumbedmobile rule 1 wcm: C8F9.F983.4260 , slot 1 802.1P = 0^M*Sep 1 05:55:02.401: 0021.5C8C.C761 Sending IPv4 update to Controller 10.105.135.176 1 wcm: e*Sep 1 05:55:02.401: 0021.5C8C.C761 Assigning Address 20.20.20.3 to mobile 1wcm: 05.135.176
*Sep 1 05:55:02.401: PEM recv processing msg Add SCB(3) 1 wcm: 20.20.3 tomobile*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3, auth_state 20 mmRole Local
1 wcm: 135.176
*Sep 1 05:55:02.401: 0021.5C8C.C761 20.20.20.3, auth_state 20 mmRole Local,updating wcdb not needed 1 wcm: 3.4260 , slot 1 802.1P = 0^M*Sep 1 05:55:02.401: 0021.5C8C.C761 Tclas Plumb needed: 1 wcm: 0*Sep 1 05:55:20.083: 0021.5C8C.C761Client stats update: 1 wcm: Time now in sec 1378014920, Last Acct Msg Sent at1378014902 sec
发布评论