ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 13
Registered: ‎04-13-2009

wrong replay counter

Hello,


I can connect my wifi phone (Alcatel IPT3610) when i'm on the same campus of my controleur (MMC3200 OS 3.4.2.4). But when I'm on remote site my phone can't connect to my AP (AP61)
If i try with laptop there is no problem (on the main site and remote site)
There are an existing VPN between our sites (not RAP)

I try with WPA-TKIP and WPA-AES..


I have this error message :

show auth-tracebuf

Auth Trace Buffer
-----------------
Jun 28 16:00:43 wpa2-key2 -> 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 119 wrong replay counter
Jun 28 16:00:44 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:44 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:44 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:44 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:44 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:44 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:44 wpa2-key2 -> 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 119 wrong replay counter
Jun 28 16:00:45 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:45 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:45 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:45 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:45 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:45 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:45 wpa2-key2 -> 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 119 wrong replay counter
Jun 28 16:00:46 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:46 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:46 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:46 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:46 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:46 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:46 wpa2-key2 -> 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 119 wrong replay counter
Jun 28 16:00:47 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:47 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:47 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:47 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes
Jun 28 16:00:47 station-data-ready * 00:90:7a:0b:05:c4 00:00:00:00:00:00 101 -
Jun 28 16:00:47 wpa2-key1 <- 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 117
Jun 28 16:00:47 wpa2-key2 -> 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - 119 wrong replay counter
Jun 28 16:00:48 station-up * 00:90:7a:0b:05:c4 00:1a:1e:ca:84:26 - - wpa2 psk aes


Have you any idees ???

THanks for your help.

Aurélien.
Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Try with Open

Try with an open SSID and see if the problem continues. If it does not, try to find out the latency between the two sites, which might be an issue over 90 to 100 milliseconds.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎04-13-2009

Re: wrong replay counter

HI,

I try with a open SSID, It seems to work better...but not all times
I try again with a WPA2 SSID, sometimes i can connect the phone but généraly i have the same error : "ERROR ASSOC 00-BSSID"



logging level debugging user-debug 00:90:7A:0A:FC:3C
show log user-debug 100

Jul 6 11:52:38 :500511: |mobileip| Station 00:90:7a:0a:fc:3c, 0.0.0.0: Received association on ESSID: EPSM_VOIX Mobility service ON, HA Discovery on Association Off, Fastroaming Enable, AP: Name TOP-IP_WIFI Group 802.11g BSSID 00:1a:1e:ca:84:26, phy b, VLAN 101
Jul 6 11:52:38 :522035: |authmgr| MAC=00:90:7a:0a:fc:3c Station UP: BSSID=00:1a:1e:ca:84:26 ESSID=EPSM_VOIX VLAN=101 AP-name=TOP-IP_WIFI
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c ingress 0x1129 (tunnel 169), u_encr 32, m_encr 32, slotport 0x1040
Jul 6 11:52:38 :522004: |authmgr| Deriving AAA profile from user attributes
Jul 6 11:52:38 :522004: |authmgr| missing AAA profile in wired profile
Jul 6 11:52:38 :522004: |authmgr| Error deriving default AAA profile
Jul 6 11:52:38 :522004: |authmgr| Deriving role from user attributes
Jul 6 11:52:38 :522019: |authmgr| MAC=00:90:7a:0a:fc:3c IP=0.0.0.0 Derived role 'voix' from user rules: utype=L2
Jul 6 11:52:38 :522004: |authmgr| {L2} Update role from authenticated to voix for IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| Update L3 entry role to voix: IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| {L3} Update role from voix to voix for IP=10.101.3.253
Jul 6 11:52:38 :522004: |authmgr| Reset BWM contract: IP=10.101.3.253 role=voix, contract= (0), type=Per role
Jul 6 11:52:38 :522004: |authmgr| download: ip=10.101.3.253 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c def_vlan 101 derive vlan: 0 auth_type 0 auth_subtype 0
Jul 6 11:52:38 :522004: |authmgr| download: ip=0.0.0.0 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0
Jul 6 11:52:38 :501095: |stm| Assoc request @ 11:52:38.235970: 00:90:7a:0a:fc:3c (SN 492): AP 172.26.21.16-00:1a:1e:ca:84:26-TOP-IP_WIFI
Jul 6 11:52:38 :501100: |stm| Assoc success @ 11:52:38.236556: 00:90:7a:0a:fc:3c: AP 172.26.21.16-00:1a:1e:ca:84:26-TOP-IP_WIFI
Jul 6 11:52:38 :501065: |stm| Sending STA 00:90:7a:0a:fc:3c message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x65
Jul 6 11:52:38 :500511: |mobileip| Station 00:90:7a:0a:fc:3c, 0.0.0.0: Received association on ESSID: EPSM_VOIX Mobility service ON, HA Discovery on Association Off, Fastroaming Enable, AP: Name TOP-IP_WIFI Group 802.11g BSSID 00:1a:1e:ca:84:26, phy b, VLAN 101
Jul 6 11:52:38 :522035: |authmgr| MAC=00:90:7a:0a:fc:3c Station UP: BSSID=00:1a:1e:ca:84:26 ESSID=EPSM_VOIX VLAN=101 AP-name=TOP-IP_WIFI
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c ingress 0x1129 (tunnel 169), u_encr 32, m_encr 32, slotport 0x1040
Jul 6 11:52:38 :522004: |authmgr| Deriving AAA profile from user attributes
Jul 6 11:52:38 :522004: |authmgr| missing AAA profile in wired profile
Jul 6 11:52:38 :522004: |authmgr| Error deriving default AAA profile
Jul 6 11:52:38 :522004: |authmgr| Deriving role from user attributes
Jul 6 11:52:38 :522019: |authmgr| MAC=00:90:7a:0a:fc:3c IP=0.0.0.0 Derived role 'voix' from user rules: utype=L2
Jul 6 11:52:38 :522004: |authmgr| {L2} Update role from authenticated to voix for IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| Update L3 entry role to voix: IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| {L3} Update role from voix to voix for IP=10.101.3.253
Jul 6 11:52:38 :522004: |authmgr| Reset BWM contract: IP=10.101.3.253 role=voix, contract= (0), type=Per role
Jul 6 11:52:38 :522004: |authmgr| download: ip=10.101.3.253 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c def_vlan 101 derive vlan: 0 auth_type 0 auth_subtype 0
Jul 6 11:52:38 :522004: |authmgr| download: ip=0.0.0.0 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0

and i have always errors : wrong replay counter

the latency between the two sites is about 60-70ms.

Thanks for your help.
Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Configuration Document


HI,

I try with a open SSID, It seems to work better...but not all times
I try again with a WPA2 SSID, sometimes i can connect the phone but généraly i have the same error : "ERROR ASSOC 00-BSSID"



logging level debugging user-debug 00:90:7A:0A:FC:3C
show log user-debug 100

Jul 6 11:52:38 :500511: |mobileip| Station 00:90:7a:0a:fc:3c, 0.0.0.0: Received association on ESSID: EPSM_VOIX Mobility service ON, HA Discovery on Association Off, Fastroaming Enable, AP: Name TOP-IP_WIFI Group 802.11g BSSID 00:1a:1e:ca:84:26, phy b, VLAN 101
Jul 6 11:52:38 :522035: |authmgr| MAC=00:90:7a:0a:fc:3c Station UP: BSSID=00:1a:1e:ca:84:26 ESSID=EPSM_VOIX VLAN=101 AP-name=TOP-IP_WIFI
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c ingress 0x1129 (tunnel 169), u_encr 32, m_encr 32, slotport 0x1040
Jul 6 11:52:38 :522004: |authmgr| Deriving AAA profile from user attributes
Jul 6 11:52:38 :522004: |authmgr| missing AAA profile in wired profile
Jul 6 11:52:38 :522004: |authmgr| Error deriving default AAA profile
Jul 6 11:52:38 :522004: |authmgr| Deriving role from user attributes
Jul 6 11:52:38 :522019: |authmgr| MAC=00:90:7a:0a:fc:3c IP=0.0.0.0 Derived role 'voix' from user rules: utype=L2
Jul 6 11:52:38 :522004: |authmgr| {L2} Update role from authenticated to voix for IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| Update L3 entry role to voix: IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| {L3} Update role from voix to voix for IP=10.101.3.253
Jul 6 11:52:38 :522004: |authmgr| Reset BWM contract: IP=10.101.3.253 role=voix, contract= (0), type=Per role
Jul 6 11:52:38 :522004: |authmgr| download: ip=10.101.3.253 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c def_vlan 101 derive vlan: 0 auth_type 0 auth_subtype 0
Jul 6 11:52:38 :522004: |authmgr| download: ip=0.0.0.0 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0
Jul 6 11:52:38 :501095: |stm| Assoc request @ 11:52:38.235970: 00:90:7a:0a:fc:3c (SN 492): AP 172.26.21.16-00:1a:1e:ca:84:26-TOP-IP_WIFI
Jul 6 11:52:38 :501100: |stm| Assoc success @ 11:52:38.236556: 00:90:7a:0a:fc:3c: AP 172.26.21.16-00:1a:1e:ca:84:26-TOP-IP_WIFI
Jul 6 11:52:38 :501065: |stm| Sending STA 00:90:7a:0a:fc:3c message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x65
Jul 6 11:52:38 :500511: |mobileip| Station 00:90:7a:0a:fc:3c, 0.0.0.0: Received association on ESSID: EPSM_VOIX Mobility service ON, HA Discovery on Association Off, Fastroaming Enable, AP: Name TOP-IP_WIFI Group 802.11g BSSID 00:1a:1e:ca:84:26, phy b, VLAN 101
Jul 6 11:52:38 :522035: |authmgr| MAC=00:90:7a:0a:fc:3c Station UP: BSSID=00:1a:1e:ca:84:26 ESSID=EPSM_VOIX VLAN=101 AP-name=TOP-IP_WIFI
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c ingress 0x1129 (tunnel 169), u_encr 32, m_encr 32, slotport 0x1040
Jul 6 11:52:38 :522004: |authmgr| Deriving AAA profile from user attributes
Jul 6 11:52:38 :522004: |authmgr| missing AAA profile in wired profile
Jul 6 11:52:38 :522004: |authmgr| Error deriving default AAA profile
Jul 6 11:52:38 :522004: |authmgr| Deriving role from user attributes
Jul 6 11:52:38 :522019: |authmgr| MAC=00:90:7a:0a:fc:3c IP=0.0.0.0 Derived role 'voix' from user rules: utype=L2
Jul 6 11:52:38 :522004: |authmgr| {L2} Update role from authenticated to voix for IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| Update L3 entry role to voix: IP=0.0.0.0
Jul 6 11:52:38 :522004: |authmgr| {L3} Update role from voix to voix for IP=10.101.3.253
Jul 6 11:52:38 :522004: |authmgr| Reset BWM contract: IP=10.101.3.253 role=voix, contract= (0), type=Per role
Jul 6 11:52:38 :522004: |authmgr| download: ip=10.101.3.253 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0
Jul 6 11:52:38 :522004: |authmgr| MAC=00:90:7a:0a:fc:3c def_vlan 101 derive vlan: 0 auth_type 0 auth_subtype 0
Jul 6 11:52:38 :522004: |authmgr| download: ip=0.0.0.0 acl=55/0 role=voix, Ubwm=0, Dbwm=0 tunl=0x1129, PA=0, HA=1, RO=0, VPN=0

and i have always errors : wrong replay counter

the latency between the two sites is about 60-70ms.

Thanks for your help.




Does Alcatel have wireless configuration Guidelines for that phone? Do they also have any knowledge about what that error means?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎04-13-2009

Re: wrong replay counter

It'is another company which is responsible for telephony
This is what he gave us :

Occasional Contributor II
Posts: 13
Registered: ‎04-13-2009

Re: wrong replay counter

I have some news, the telphone is an OEM spectralink phone :


http://www.polycom.com/support/voice/wi-fi/spectralink_8020_wireless.html


Thanks for your help

Aurelien.