=========================================================STEP1: PC cold start, boots up, waits for user login ============================================================================================== (WLC) #show clock Fri Jan 20 10:58:02 CET 2017 Auth Trace Buffer ----------------- Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 3 1096 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 3 6 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 3 235 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 3 928 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 4 838 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 4 151 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 4 380 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 4 153 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 5 69 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 5 6 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 5 235 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 5 127 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 6 43 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 6 59 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 6 288 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 6 143 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 7 59 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 7 59 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 7 288 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 7 143 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 8 59 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 8 107 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 8 336 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 8 175 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 9 91 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 9 43 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 9 272 Jan 20 10:57:48 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 9 191 Jan 20 10:57:48 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 11 107 Jan 20 10:57:48 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 11 107 Jan 20 10:57:48 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 10 336 Jan 20 10:57:48 rad-accept <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 10 282 Jan 20 10:57:48 eap-success <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 11 4 Jan 20 10:57:48 m-auth cache * ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - Jan 20 10:57:48 wpa2-key1 <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 117 Jan 20 10:57:48 wpa2-key2 -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 119 Jan 20 10:57:48 wpa2-key3 <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 151 Jan 20 10:57:48 wpa2-key4 -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 95 (WLC) # show log security 38 | include ac:f1:df:0c:c8:ce Jan 20 10:57:47 :124091: <4371> |authmgr| station_check_license_limits: mac ac:f1:df:0c:c8:ce encr-algo:64. Jan 20 10:57:47 :124093: <4371> |authmgr| Called mac_station_new() for mac ac:f1:df:0c:c8:ce. Jan 20 10:57:47 :124103: <4371> |authmgr| Setting user ac:f1:df:0c:c8:ce aaa profile to corp-AAA, reason: ncfg_set_aaa_profile_defaults. Jan 20 10:57:47 :124209: <4371> |authmgr| handle_sta_up_dn:2767 Updating vlan usage for MAC=ac:f1:df:0c:c8:ce with vlan 10 apname 9c:1c:12:ce:58:fe Jan 20 10:57:47 :124105: <4371> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=4, name=, role=x-init, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=1. Jan 20 10:57:48 :124003: <3698> |authmgr| Authentication result=Authentication Successful(0), method=802.1x, server=DC1, user=ac:f1:df:0c:c8:ce Jan 20 10:57:48 :124004: <3698> |authmgr| match_rule Value Pair to match macaddr : ac:f1:df:0c:c8:ce Jan 20 10:57:48 :124004: <3698> |authmgr| match_rule Value Pair to match macaddr : ac:f1:df:0c:c8:ce Jan 20 10:57:48 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=host/VLAP1.jugo.lab, role=x-comp, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=1. Jan 20 10:57:48 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=host/VLAP1.jugo.lab, role=x-comp, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=0. Jan 20 10:57:50 :124148: <3698> |authmgr| Create ipuser 10.10.10.9 for user ac:f1:df:0c:c8:ce. Jan 20 10:57:50 :124004: <3698> |authmgr| sta_add_l3: mac ac:f1:df:0c:c8:ce ip 10.10.10.9 Jan 20 10:57:50 :124162: <3698> |authmgr| Enforcing L2 check for mac ac:f1:df:0c:c8:ce. Jan 20 10:57:50 :124163: <3698> |authmgr| download-L3: ip=10.10.10.9 acl=74/0 role=x-comp, Ubwm=0, Dbwm=0 tunl=0x0x1000e, PA=0, HA=1, RO=0, VPN=0, MAC=ac:f1:df:0c:c8:ce. Jan 20 10:57:50 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=1, name=host/VLAP1.jugo.lab, role=x-comp, dev_type=, ipv4=10.10.10.9, ipv6=0.0.0.0, new_rec=1. Jan 20 10:57:50 :124863: <3698> |authmgr| Auth GSM : IP_USER notify for mac ac:f1:df:0c:c8:ce ip:10.10.10.9 pan-integ:Disabled - Authenticated (WLC) #show log user-debug 38 | include ac:f1:df:0c:c8:ce Jan 20 10:57:48 :522044: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate(start): method=8021x-Machine, role=x-init///x-init, VLAN=10/10, Derivation=1/0, Value Pair=1, flags=0x1 Jan 20 10:57:48 :522158: <3698> |authmgr| Role Derivation for user N/A-ac:f1:df:0c:c8:ce-host/VLAP1.jugo.lab N/A station Authenticated with auth type: Unknown auth type. Jan 20 10:57:48 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 10:57:48 :522266: <3698> |authmgr| Calling derive_role2 for user ac:f1:df:0c:c8:ce Jan 20 10:57:48 :522136: <3698> |authmgr| {L2} x-comp from profile "corp-AAA" for user ac:f1:df:0c:c8:ce. Jan 20 10:57:48 :522127: <3698> |authmgr| {L2} Update role from x-init to x-comp for IP=N/A, MAC=ac:f1:df:0c:c8:ce. Jan 20 10:57:48 :522049: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=N/A User role updated, existing Role=x-init/none, new Role=x-comp/none, reason=station Authenticated with auth type: 802.1x Machine Authentication Jan 20 10:57:48 :522050: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=N/A User data downloaded to datapath, new Role=x-comp/74, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300 Jan 20 10:57:48 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name host/VLAP1.jugo.lab role x-comp devtype wired 0 authtype 10 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 10:57:48 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Dot1x VLANs index 4. Jan 20 10:57:48 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Dot1x VLANs index 5. Jan 20 10:57:48 :522255: <3698> |authmgr| "VDR - set vlan in user for ac:f1:df:0c:c8:ce vlan 10 fwdmode 0 derivation_type Current VLAN updated. Jan 20 10:57:48 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 10 derivation_type Current VLAN updated index 6. Jan 20 10:57:48 :522260: <3698> |authmgr| "VDR - Cur VLAN updated ac:f1:df:0c:c8:ce mob 0 inform 1 remote 0 wired 0 defvlan 10 exportedvlan 0 curvlan 10. Jan 20 10:57:48 :522029: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate: method=8021x-Machine, role=x-comp///x-init, VLAN=10/10, Derivation=7/1, Value Pair=1 Jan 20 10:57:48 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name host/VLAP1.jugo.lab role x-comp devtype wired 0 authtype 10 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 10:57:48 :522142: <3698> |authmgr| Setting cached role to x-comp for user ac:f1:df:0c:c8:ce". Jan 20 10:57:48 :522053: <3698> |authmgr| PMK Cache getting updated for ac:f1:df:0c:c8:ce, (def, cur, vhow) = (10, 10, 1) with vlan=0 vlanhow=0 essid=corp role=x-comp rhow=7 Jan 20 10:57:48 :524129: <3698> |authmgr| dot1x_gsm_set_keycache(): MAC:ac:f1:df:0c:c8:ce GSM: Successfully published Key-cache object. Jan 20 10:57:48 :524134: <3698> |authmgr| dot1x_gsm_set_pmkcache(): MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 GSM: Successfully published PMK-cache object. Jan 20 10:57:48 :524139: <3698> |authmgr| add_pmkcache():876: MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 Update: Jan 20 10:57:48 :524129: <3698> |authmgr| dot1x_gsm_set_keycache(): MAC:ac:f1:df:0c:c8:ce GSM: Successfully published Key-cache object. Jan 20 10:57:48 :522119: <3698> |authmgr| Reauthentication timer restarted for user ac:f1:df:0c:c8:ce (86400 seconds, type Dot1x-Non-Term). Jan 20 10:57:48 :522026: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce IP=10.10.10.9 User miss: ingress=0x1000e, VLAN=10 flags=0x40 Jan 20 10:57:48 :522141: <3698> |authmgr| ac:f1:df:0c:c8:ce IP 10.10.10.9: drop pkt as ip not assigned through dhcp. Jan 20 10:57:50 :522026: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce IP=10.10.10.9 User miss: ingress=0x1000e, VLAN=10 flags=0x40000040 Jan 20 10:57:50 :522006: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce IP=10.10.10.9 User entry added: reason=Sibtye Jan 20 10:57:50 :522270: <3698> |authmgr| During User miss marking the user ac:f1:df:0c:c8:ce with ingress 0x1000e, connection-type 2 as wireless, muxtunnel = no Jan 20 10:57:50 :522318: <3698> |authmgr| Client ac:f1:df:0c:c8:ce idle timeout 300 profile global Jan 20 10:57:50 :522050: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=10.10.10.9 User data downloaded to datapath, new Role=x-comp/74, bw Contract=0/0, reason=New user IP processing, idle-timeout=300 Jan 20 10:57:50 :527004: <3935> |mdns| mdns_parse_auth_useradd_message 226 Auth User ADD: MAC:ac:f1:df:0c:c8:ce, IP:10.10.10.9, VLAN:10, Role:x-comp Name:host/VLAP1.jugo.lab APName:9c:1c:12:ce:58:fe Type:1. Groups: Jan 20 10:57:50 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name host/VLAP1.jugo.lab role x-comp devtype wired 0 authtype 10 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 10:57:50 :527000: <3935> |mdns| mdns_client_create 228 MDNS Client created - ip:10.10.10.9 mac:ac:f1:df:0c:c8:ce. AP-name: 9c:1c:12:ce:58:fe Jan 20 10:57:50 :527000: <3935> |mdns| mdns_auth_userinfo_req_message 345 mac(ac:f1:df:0c:c8:ce), ip(10.10.10.9) Jan 20 10:57:50 :527000: <3935> |mdns| mdns_parse_userinfo 376 UserInfo resp=1 ip=10.10.10.9, mac=ac:f1:df:0c:c8:ce, apname=9c:1c:12:ce:58:fe, role=x-comp, username=host/VLAP1.jugo.lab, vlan=10 Jan 20 10:57:50 :527000: <3935> |mdns| ag_mdns_get_token_list_for_mac 663 AirGroup user exists but token_list does not: mac=ac:f1:df:0c:c8:ce Jan 20 10:57:50 :527000: <3935> |mdns| ag_ssdp_get_token_list_for_mac 364 AirGroup user exists but ssdp_token_list does not: mac=ac:f1:df:0c:c8:ce Jan 20 10:57:50 :527000: <3935> |mdns| mdns_parse_auth_userinfo_resp_message 401 UserInfo response completed for ip=10.10.10.9 mac=ac:f1:df:0c:c8:ce (WLC) # show dot1x supplicant-info ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 Detailed 802.1x Supplicant Information Name host/VLAP1.jugo.lab MAC Address ac:f1:df:0c:c8:ce AP MAC Address 9c:1c:12:65:8f:e0 Status Authentication Success Unicast Cipher WPA2-AES Multicast Cipher WPA2-AES EAP-Type EAP-PEAP Packet Statistics: EAPOL Starts 1 EAP ID Requests 2 EAP ID Responses 1 EAPOL Logoffs from station 0 Ignored EAPOL Starts 1 EAP pkts to the station 14 EAP pkts from station 13 Unknown EAP pkts from station 0 EAP Successes sent 1 EAP Failures sent 0 Station failed to respond 0 Station NAKs 0 Radius pkts to the server 10 Radius pkts from the server 10 Server failed to respond 0 Server rejects 0 WPA/WPA2-Key Message1 1 WPA/WPA2-Key Message2 1 WPA/WPA2-Key Message3 1 WPA/WPA2-Key Message4 1 WPA-GKey Message1 0 WPA-GKey Message2 0 ID of the last EAP request 11 Length of the last EAP request 151 ID of the last EAP response 11 Length of the last EAP response 107 ID of the last radius request 10 Length of the last radius request 336 ID of the last radius response 10 Length of the last radius response 282 (WLC) #show user Users ----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name ---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- 10.10.10.9 ac:f1:df:0c:c8:ce host/VLAP1.jugo.lab x-comp 00:00:02 8021x-Machine 9c:1c:12:ce:58:fe Wireless corp/9c:1c:12:65:8f:e0/g-HT corp-AAA tunnel ===================================================================STEP2: PC booted up, now user login ============================================================================= (WLC) #show clock Fri Jan 20 11:01:17 CET 2017 Jan 20 11:01:05 eap-start -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - Jan 20 11:01:05 eap-id-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 13 5 Jan 20 11:01:05 eap-id-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 13 15 JUGO\user1 Jan 20 11:01:05 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 11 197 Jan 20 11:01:05 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 11 90 Jan 20 11:01:05 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 14 6 Jan 20 11:01:05 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 14 118 Jan 20 11:01:05 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 12 338 Jan 20 11:01:05 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 12 1188 Jan 20 11:01:05 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 15 1096 Jan 20 11:01:05 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 15 6 Jan 20 11:01:05 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 13 226 Jan 20 11:01:05 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 13 928 Jan 20 11:01:05 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 16 838 Jan 20 11:01:10 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 16 838 Jan 20 11:01:15 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 16 838 Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 16 151 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 14 371 Jan 20 11:01:17 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 14 153 Jan 20 11:01:17 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 17 69 Jan 20 11:01:17 eap-id-mismatch * ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - Jan 20 11:01:17 eap-id-mismatch * ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 17 6 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 15 226 Jan 20 11:01:17 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 15 127 Jan 20 11:01:17 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 18 43 Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 18 43 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 16 263 Jan 20 11:01:17 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 16 143 Jan 20 11:01:17 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 19 59 Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 19 59 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 17 279 Jan 20 11:01:17 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 17 143 Jan 20 11:01:17 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 20 59 Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 20 107 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 18 327 Jan 20 11:01:17 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 18 175 Jan 20 11:01:17 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 21 91 Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 21 43 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 19 263 Jan 20 11:01:17 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 19 191 Jan 20 11:01:17 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 23 107 Jan 20 11:01:17 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 23 107 Jan 20 11:01:17 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 20 327 Jan 20 11:01:17 rad-accept <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 20 302 Jan 20 11:01:17 eap-success <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 23 4 Jan 20 11:01:17 m-auth resp * ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - authenticated Jan 20 11:01:17 wpa2-key1 <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 117 Jan 20 11:01:17 wpa2-key2 -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 119 Jan 20 11:01:17 wpa2-key3 <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 151 Jan 20 11:01:17 wpa2-key4 -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 95 Jan 20 11:01:06 :124004: <3698> |authmgr| AUTH GSM: PMK cache DELETE for station (ac:f1:df:0c:c8:ce, 9c:1c:12:65:8f:e0) Jan 20 11:01:18 :132223: <3698> |authmgr| EAP-ID mismatched 17:16 for station ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 Jan 20 11:01:18 :132030: <3698> |authmgr| Dropping EAPOL packet sent by Station ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 Jan 20 11:01:18 :132223: <3698> |authmgr| EAP-ID mismatched 17:16 for station ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 Jan 20 11:01:18 :132030: <3698> |authmgr| Dropping EAPOL packet sent by Station ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 Jan 20 11:01:18 :124003: <3698> |authmgr| Authentication result=Authentication Successful(0), method=802.1x, server=DC1, user=ac:f1:df:0c:c8:ce Jan 20 11:01:18 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=JUGO\user1, role=x-user, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=1. Jan 20 11:01:18 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=JUGO\user1, role=x-user, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=0. Jan 20 11:01:18 :132019: <3698> |authmgr| Station JUGO\user1 ac:f1:df:0c:c8:ce was Machine authenticated Jan 20 11:01:18 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=JUGO\user1, role=x-sdr, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=0. Jan 20 11:01:18 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=JUGO\user1, role=x-sdr, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=0. Jan 20 11:01:06 :524136: <3698> |authmgr| dot1x_gsm_delete_pmkcache(): MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 GSM: Successfully deleted PMK-cache object. Jan 20 11:01:18 :522038: <3698> |authmgr| username=JUGO\user1 MAC=ac:f1:df:0c:c8:ce IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=DC1 Jan 20 11:01:18 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522044: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate(start): method=8021x-User, role=x-comp///x-init, VLAN=10/10, Derivation=7/1, Value Pair=1, flags=0x2 Jan 20 11:01:18 :522158: <3698> |authmgr| Role Derivation for user N/A-ac:f1:df:0c:c8:ce-JUGO\user1 N/A station Authenticated with auth type: Unknown auth type. Jan 20 11:01:18 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522266: <3698> |authmgr| Calling derive_role2 for user ac:f1:df:0c:c8:ce Jan 20 11:01:18 :522016: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce IP=?? Derived role 'x-sdr' from Aruba VSA Jan 20 11:01:18 :522142: <3698> |authmgr| Setting dot1x role to x-sdr for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522127: <3698> |authmgr| {L2} Update role from x-comp to x-user for IP=N/A, MAC=ac:f1:df:0c:c8:ce. Jan 20 11:01:18 :522049: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=N/A User role updated, existing Role=x-comp/none, new Role=x-user/none, reason=station Authenticated with auth type: 802.1x User Authentication Jan 20 11:01:18 :522050: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=N/A User data downloaded to datapath, new Role=x-user/78, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300 Jan 20 11:01:18 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name JUGO\user1 role x-user devtype wired 0 authtype 11 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 11:01:18 :527000: <3935> |mdns| mdns_parse_auth_userrole_message 269 Auth User ROLE: MAC:ac:f1:df:0c:c8:ce, ROLE_NAME:x-user Jan 20 11:01:18 :527000: <3935> |mdns| mdns_auth_userinfo_req_message 345 mac(ac:f1:df:0c:c8:ce), ip(10.10.10.9) Jan 20 11:01:18 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Dot1x VLANs index 7. Jan 20 11:01:18 :522254: <3698> |authmgr| VDR - mac ac:f1:df:0c:c8:ce rolename NULL fwdmode 0 derivation_type Dot1x Aruba VSA vp present. Jan 20 11:01:18 :522254: <3698> |authmgr| VDR - mac ac:f1:df:0c:c8:ce rolename NULL fwdmode 0 derivation_type Dot1x MSFT Attributes vp present. Jan 20 11:01:18 :522254: <3698> |authmgr| VDR - mac ac:f1:df:0c:c8:ce rolename NULL fwdmode 0 derivation_type Dot1x Server Rule vp present. Jan 20 11:01:18 :522259: <3698> |authmgr| "VDR - Do Role Based VLAN Derivation user ac:f1:df:0c:c8:ce role x-user rolehow ROLE_DERIVATION_DOT1X. Jan 20 11:01:18 :522254: <3698> |authmgr| VDR - mac ac:f1:df:0c:c8:ce rolename x-user fwdmode 0 derivation_type User Dot1x Role Contained vp not present. Jan 20 11:01:18 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Role Based VLANs index 8. Jan 20 11:01:18 :522029: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate: method=8021x-User, role=x-user//x-sdr/x-init, VLAN=10/10, Derivation=7/1, Value Pair=1 Jan 20 11:01:18 :522158: <3698> |authmgr| Role Derivation for user 10.10.10.9-ac:f1:df:0c:c8:ce-JUGO\user1 N/A User authenticated with auth type:Unknown auth type role derivation:0. Jan 20 11:01:18 :522318: <3698> |authmgr| Client ac:f1:df:0c:c8:ce idle timeout 300 profile global Jan 20 11:01:18 :522008: <3698> |authmgr| User Authentication Successful: username=JUGO\user1 MAC=ac:f1:df:0c:c8:ce IP=10.10.10.9 role=x-user VLAN=10 AP=9c:1c:12:ce:58:fe SSID=corp AAA profile=corp-AAA auth method=8021x-User auth server=DC1 Jan 20 11:01:18 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name JUGO\user1 role x-user devtype wired 0 authtype 11 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 11:01:18 :522044: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate(start): method=802.1x, role=x-user//x-sdr/x-init, VLAN=10/10, Derivation=7/1, Value Pair=0, flags=0x8 Jan 20 11:01:18 :522158: <3698> |authmgr| Role Derivation for user N/A-ac:f1:df:0c:c8:ce-JUGO\user1 N/A station Authenticated with auth type: Unknown auth type. Jan 20 11:01:18 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522266: <3698> |authmgr| Calling derive_role2 for user ac:f1:df:0c:c8:ce Jan 20 11:01:18 :522136: <3698> |authmgr| {L2} x-auth from profile "corp-AAA" for user ac:f1:df:0c:c8:ce. Jan 20 11:01:18 :522142: <3698> |authmgr| Setting dot1x role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522127: <3698> |authmgr| {L2} Update role from x-user to x-sdr for IP=N/A, MAC=ac:f1:df:0c:c8:ce. Jan 20 11:01:18 :522049: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=N/A User role updated, existing Role=x-user/none, new Role=x-sdr/none, reason=station Authenticated with auth type: 802.1x Jan 20 11:01:18 :522050: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce,IP=N/A User data downloaded to datapath, new Role=x-sdr/71, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300 Jan 20 11:01:18 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name JUGO\user1 role x-sdr devtype wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 11:01:18 :522259: <3698> |authmgr| "VDR - Do Role Based VLAN Derivation user ac:f1:df:0c:c8:ce role x-sdr rolehow ROLE_DERIVATION_DOT1X_VSA. Jan 20 11:01:18 :522254: <3698> |authmgr| VDR - mac ac:f1:df:0c:c8:ce rolename x-sdr fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present. Jan 20 11:01:18 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Role Based VLANs index 9. Jan 20 11:01:18 :522255: <3698> |authmgr| "VDR - set vlan in user for ac:f1:df:0c:c8:ce vlan 10 fwdmode 0 derivation_type Current VLAN updated. Jan 20 11:01:18 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 10 derivation_type Current VLAN updated index 10. Jan 20 11:01:18 :527000: <3935> |mdns| mdns_parse_auth_userrole_message 269 Auth User ROLE: MAC:ac:f1:df:0c:c8:ce, ROLE_NAME:x-sdr Jan 20 11:01:18 :522260: <3698> |authmgr| "VDR - Cur VLAN updated ac:f1:df:0c:c8:ce mob 0 inform 1 remote 0 wired 0 defvlan 10 exportedvlan 0 curvlan 10. Jan 20 11:01:18 :522029: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate: method=802.1x, role=x-sdr///x-init, VLAN=10/10, Derivation=9/1, Value Pair=0 Jan 20 11:01:18 :522158: <3698> |authmgr| Role Derivation for user 10.10.10.9-ac:f1:df:0c:c8:ce-JUGO\user1 N/A User authenticated with auth type:Unknown auth type role derivation:0. Jan 20 11:01:18 :522318: <3698> |authmgr| Client ac:f1:df:0c:c8:ce idle timeout 300 profile global Jan 20 11:01:18 :522008: <3698> |authmgr| User Authentication Successful: username=JUGO\user1 MAC=ac:f1:df:0c:c8:ce IP=10.10.10.9 role=x-sdr VLAN=10 AP=9c:1c:12:ce:58:fe SSID=corp AAA profile=corp-AAA auth method=802.1x auth server=DC1 Jan 20 11:01:18 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name JUGO\user1 role x-sdr devtype wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 11:01:18 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522142: <3698> |authmgr| Setting cached role to x-sdr for user ac:f1:df:0c:c8:ce". Jan 20 11:01:18 :522053: <3698> |authmgr| PMK Cache getting updated for ac:f1:df:0c:c8:ce, (def, cur, vhow) = (10, 10, 1) with vlan=0 vlanhow=0 essid=corp role=x-sdr rhow=9 Jan 20 11:01:18 :524129: <3698> |authmgr| dot1x_gsm_set_keycache(): MAC:ac:f1:df:0c:c8:ce GSM: Successfully published Key-cache object. Jan 20 11:01:18 :524134: <3698> |authmgr| dot1x_gsm_set_pmkcache(): MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 GSM: Successfully published PMK-cache object. Jan 20 11:01:18 :524139: <3698> |authmgr| add_pmkcache():876: MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 Update: Jan 20 11:01:18 :527000: <3935> |mdns| mdns_parse_userinfo 376 UserInfo resp=1 ip=10.10.10.9, mac=ac:f1:df:0c:c8:ce, apname=9c:1c:12:ce:58:fe, role=x-sdr, username=JUGO\user1, vlan=10 Jan 20 11:01:18 :527000: <3935> |mdns| ag_mdns_get_token_list_for_mac 663 AirGroup user exists but token_list does not: mac=ac:f1:df:0c:c8:ce Jan 20 11:01:18 :527000: <3935> |mdns| ag_ssdp_get_token_list_for_mac 364 AirGroup user exists but ssdp_token_list does not: mac=ac:f1:df:0c:c8:ce Jan 20 11:01:18 :527000: <3935> |mdns| mdns_parse_auth_userinfo_resp_message 401 UserInfo response completed for ip=10.10.10.9 mac=ac:f1:df:0c:c8:ce Jan 20 11:01:18 :524129: <3698> |authmgr| dot1x_gsm_set_keycache(): MAC:ac:f1:df:0c:c8:ce GSM: Successfully published Key-cache object. Jan 20 11:01:18 :522307: <3698> |authmgr| Reauthentication timer exists for user ac:f1:df:0c:c8:ce for 86400 seconds type Full Auth). Jan 20 11:01:18 :522119: <3698> |authmgr| Reauthentication timer restarted for user ac:f1:df:0c:c8:ce (86400 seconds, type Dot1x-Non-Term). Detailed 802.1x Supplicant Information Name JUGO\user1 MAC Address ac:f1:df:0c:c8:ce AP MAC Address 9c:1c:12:65:8f:e0 Status Authentication Success Unicast Cipher WPA2-AES Multicast Cipher WPA2-AES EAP-Type EAP-PEAP Packet Statistics: EAPOL Starts 2 EAP ID Requests 3 EAP ID Responses 2 EAPOL Logoffs from station 0 Ignored EAPOL Starts 2 EAP pkts to the station 29 EAP pkts from station 26 Unknown EAP pkts from station 0 EAP Successes sent 2 EAP Failures sent 0 Station failed to respond 0 Station NAKs 0 Radius pkts to the server 20 Radius pkts from the server 20 Server failed to respond 0 Server rejects 0 WPA/WPA2-Key Message1 2 WPA/WPA2-Key Message2 2 WPA/WPA2-Key Message3 2 WPA/WPA2-Key Message4 2 WPA-GKey Message1 0 WPA-GKey Message2 0 ID of the last EAP request 23 Length of the last EAP request 151 ID of the last EAP response 23 Length of the last EAP response 107 ID of the last radius request 20 Length of the last radius request 327 ID of the last radius response 20 Length of the last radius response 302 (WLC) #show user Users ----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name ---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- 10.10.10.9 ac:f1:df:0c:c8:ce JUGO\user1 x-sdr 00:00:06 802.1x 9c:1c:12:ce:58:fe Wireless corp/9c:1c:12:65:8f:e0/g-HT corp-AAA tunnel ============================================================STEP3: User logoff, computer stays running ======================================================================= (WLC) #show clock Fri Jan 20 11:04:45 CET 2017 Jan 20 11:05:05 eap-start -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - Jan 20 11:05:05 eap-id-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 25 5 Jan 20 11:05:05 eap-id-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 25 24 host/VLAP1.jugo.lab Jan 20 11:05:05 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 21 215 Jan 20 11:05:05 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 21 90 Jan 20 11:05:05 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 26 6 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 26 150 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 22 379 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 22 239 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 27 155 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 27 69 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 23 298 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 23 191 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 30 107 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 30 43 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 24 272 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 24 127 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 31 43 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 31 59 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 25 288 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 25 143 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 32 59 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 32 59 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 26 288 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 26 143 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 33 59 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 33 107 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 27 336 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 27 175 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 34 91 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 34 43 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 28 272 Jan 20 11:05:07 rad-resp <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 28 191 Jan 20 11:05:07 eap-req <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 36 107 Jan 20 11:05:07 eap-resp -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 36 107 Jan 20 11:05:07 rad-req -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 29 336 Jan 20 11:05:07 rad-accept <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0/DC1 29 282 Jan 20 11:05:07 eap-success <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 36 4 Jan 20 11:05:07 m-auth cache * ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - - Jan 20 11:05:07 wpa2-key1 <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 117 Jan 20 11:05:07 wpa2-key2 -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 119 Jan 20 11:05:07 wpa2-key3 <- ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 151 Jan 20 11:05:07 wpa2-key4 -> ac:f1:df:0c:c8:ce 9c:1c:12:65:8f:e0 - 95 Jan 20 11:05:06 :124004: <3698> |authmgr| AUTH GSM: PMK cache DELETE for station (ac:f1:df:0c:c8:ce, 9c:1c:12:65:8f:e0) Jan 20 11:05:08 :124003: <3698> |authmgr| Authentication result=Authentication Successful(0), method=802.1x, server=DC1, user=ac:f1:df:0c:c8:ce Jan 20 11:05:08 :124004: <3698> |authmgr| match_rule Value Pair to match macaddr : ac:f1:df:0c:c8:ce Jan 20 11:05:08 :124004: <3698> |authmgr| match_rule Value Pair to match macaddr : ac:f1:df:0c:c8:ce Jan 20 11:05:08 :124105: <3698> |authmgr| MM: mac=ac:f1:df:0c:c8:ce, state=3, name=host/VLAP1.jugo.lab, role=x-sdr, dev_type=, ipv4=0.0.0.0, ipv6=0.0.0.0, new_rec=1. Jan 20 11:05:06 :524136: <3698> |authmgr| dot1x_gsm_delete_pmkcache(): MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 GSM: Successfully deleted PMK-cache object. Jan 20 11:05:08 :522038: <3698> |authmgr| username=host/VLAP1.jugo.lab MAC=ac:f1:df:0c:c8:ce IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=DC1 Jan 20 11:05:08 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:05:08 :522044: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate(start): method=8021x-Machine, role=x-sdr///x-init, VLAN=10/10, Derivation=9/1, Value Pair=1, flags=0x1 Jan 20 11:05:08 :522158: <3698> |authmgr| Role Derivation for user N/A-ac:f1:df:0c:c8:ce-host/VLAP1.jugo.lab N/A station Authenticated with auth type: Unknown auth type. Jan 20 11:05:08 :522142: <3698> |authmgr| Setting cached role to NULL for user ac:f1:df:0c:c8:ce". Jan 20 11:05:08 :522266: <3698> |authmgr| Calling derive_role2 for user ac:f1:df:0c:c8:ce Jan 20 11:05:08 :522136: <3698> |authmgr| {L2} x-comp from profile "corp-AAA" for user ac:f1:df:0c:c8:ce. Jan 20 11:05:08 :522160: <3698> |authmgr| Error setting l2 role for user N/A ac:f1:df:0c:c8:ce host/VLAP1.jugo.lab x-sdr ROLE_DERIVATION_DOT1X_VSA (9) x-comp ROLE_DERIVATION_DOT1X(7). Jan 20 11:05:08 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Dot1x VLANs index 11. Jan 20 11:05:08 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 0 derivation_type Reset Dot1x VLANs index 12. Jan 20 11:05:08 :522255: <3698> |authmgr| "VDR - set vlan in user for ac:f1:df:0c:c8:ce vlan 10 fwdmode 0 derivation_type Current VLAN updated. Jan 20 11:05:08 :522258: <3698> |authmgr| "VDR - Add to history of user user ac:f1:df:0c:c8:ce vlan 10 derivation_type Current VLAN updated index 13. Jan 20 11:05:08 :522260: <3698> |authmgr| "VDR - Cur VLAN updated ac:f1:df:0c:c8:ce mob 0 inform 1 remote 0 wired 0 defvlan 10 exportedvlan 0 curvlan 10. Jan 20 11:05:08 :522029: <3698> |authmgr| MAC=ac:f1:df:0c:c8:ce Station authenticate: method=8021x-Machine, role=x-sdr///x-init, VLAN=10/10, Derivation=9/1, Value Pair=1 Jan 20 11:05:08 :522158: <3698> |authmgr| Role Derivation for user 10.10.10.9-ac:f1:df:0c:c8:ce-host/VLAP1.jugo.lab N/A User authenticated with auth type:Unknown auth type role derivation:0. Jan 20 11:05:08 :522318: <3698> |authmgr| Client ac:f1:df:0c:c8:ce idle timeout 300 profile global Jan 20 11:05:08 :522008: <3698> |authmgr| User Authentication Successful: username=host/VLAP1.jugo.lab MAC=ac:f1:df:0c:c8:ce IP=10.10.10.9 role=x-sdr VLAN=10 AP=9c:1c:12:ce:58:fe SSID=corp AAA profile=corp-AAA auth method=8021x-Machine auth server=DC1 Jan 20 11:05:08 :522301: <3698> |authmgr| Auth GSM : USER publish for uuid 0x2077c6b8adc00001 mac ac:f1:df:0c:c8:ce name host/VLAP1.jugo.lab role x-sdr devtype wired 0 authtype 10 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0 Jan 20 11:05:08 :522142: <3698> |authmgr| Setting cached role to x-sdr for user ac:f1:df:0c:c8:ce". Jan 20 11:05:08 :522053: <3698> |authmgr| PMK Cache getting updated for ac:f1:df:0c:c8:ce, (def, cur, vhow) = (10, 10, 1) with vlan=0 vlanhow=0 essid=corp role=x-sdr rhow=9 Jan 20 11:05:08 :524129: <3698> |authmgr| dot1x_gsm_set_keycache(): MAC:ac:f1:df:0c:c8:ce GSM: Successfully published Key-cache object. Jan 20 11:05:08 :524134: <3698> |authmgr| dot1x_gsm_set_pmkcache(): MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 GSM: Successfully published PMK-cache object. Jan 20 11:05:08 :524139: <3698> |authmgr| add_pmkcache():876: MAC:ac:f1:df:0c:c8:ce BSS:9c:1c:12:65:8f:e0 Update: Jan 20 11:05:08 :524129: <3698> |authmgr| dot1x_gsm_set_keycache(): MAC:ac:f1:df:0c:c8:ce GSM: Successfully published Key-cache object. Jan 20 11:05:08 :522307: <3698> |authmgr| Reauthentication timer exists for user ac:f1:df:0c:c8:ce for 86400 seconds type Full Auth). Jan 20 11:05:08 :522119: <3698> |authmgr| Reauthentication timer restarted for user ac:f1:df:0c:c8:ce (86400 seconds, type Dot1x-Non-Term). Detailed 802.1x Supplicant Information Name host/VLAP1.jugo.lab MAC Address ac:f1:df:0c:c8:ce AP MAC Address 9c:1c:12:65:8f:e0 Status Authentication Success Unicast Cipher WPA2-AES Multicast Cipher WPA2-AES EAP-Type EAP-PEAP Packet Statistics: EAPOL Starts 3 EAP ID Requests 4 EAP ID Responses 3 EAPOL Logoffs from station 0 Ignored EAPOL Starts 3 EAP pkts to the station 41 EAP pkts from station 38 Unknown EAP pkts from station 0 EAP Successes sent 3 EAP Failures sent 0 Station failed to respond 0 Station NAKs 0 Radius pkts to the server 29 Radius pkts from the server 29 Server failed to respond 0 Server rejects 0 WPA/WPA2-Key Message1 3 WPA/WPA2-Key Message2 3 WPA/WPA2-Key Message3 3 WPA/WPA2-Key Message4 3 WPA-GKey Message1 0 WPA-GKey Message2 0 ID of the last EAP request 36 Length of the last EAP request 151 ID of the last EAP response 36 Length of the last EAP response 107 ID of the last radius request 29 Length of the last radius request 336 ID of the last radius response 29 Length of the last radius response 282 (WLC) #show user Users ----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name ---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- 10.10.10.9 ac:f1:df:0c:c8:ce host/VLAP1.jugo.lab x-sdr 00:00:09 8021x-Machine 9c:1c:12:ce:58:fe Wireless corp/9c:1c:12:65:8f:e0/g-HT corp-AAA tunnel