Command of the Day

Reply
Aruba Employee
Posts: 9
Registered: ‎03-28-2007

COTD: View the 802.1x Authentication Process

If a wireless client ever gets in a state where it completes the 802.11 negotiation phase (probe req., probe resp., auth, auth, assoc. req., and assoc. resp.) but it can't complete 802.1x authentication then use the CLI command "show auth-tracebuf mac " to see where it stopped in the 802.1x authentication process. This command will give the time stamp of each event, the protocol state, the source mac address of the 802.11 frame, the destination mac address of the 802.11 frame, the Server name that will be used for 802.1x authentication, the 802.1x authentication profile name (if using ArubaOS 3.x or above), and encryption type.
Example:
(Aruba_Hangzhou_5K) #show auth-tracebuf mac 00:15:00:da:be:ef
Auth Trace Buffer
-----------------
May 12 00:56:20 station-up * 00:15:00:da:be:ef 00:0b:86:da:ca:fe - - wpa2 aes
May 12 00:56:20 station-term-start * 00:15:00:da:be:ef 00:0b:86:da:ca:fe 201 -
May 12 00:56:21 client-finish -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - -
May 12 00:56:21 server-finish <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 61
May 12 00:56:21 server-finish-ack -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - -
May 12 00:56:21 inner-eap-id-req <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 35
May 12 00:56:21 inner-eap-id-resp -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - - kobi
May 12 00:56:21 eap-mschap-chlg <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 67
May 12 00:56:21 eap-mschap-response -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe 6 49
May 12 00:56:21 mschap-request -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe 6 - kobi
May 12 00:56:21 mschap-response <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/Win2003 - - kobi
May 12 00:56:21 eap-mschap-success <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 83
May 12 00:56:21 station-data-ready * 00:15:00:da:be:ef 00:00:00:00:00:00 201 -
May 12 00:56:21 eap-mschap-success-ack-> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - -
May 12 00:56:21 eap-tlv-rslt-success <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 43
May 12 00:56:21 eap-tlv-rslt-success -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 2
May 12 00:56:21 eap-success <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 4
May 12 00:56:21 wpa2-key1 <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 117
May 12 00:56:22 client-finish -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - -
May 12 00:56:22 server-finish <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 61
May 12 00:56:22 server-finish-ack -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - -
May 12 00:56:22 inner-eap-id-req <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 35
May 12 00:56:22 inner-eap-id-resp -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - - kobi
May 12 00:56:22 eap-mschap-chlg <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 67
May 12 00:56:22 eap-mschap-response -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe 6 49
May 12 00:56:22 mschap-request -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe 6 - kobi
May 12 00:56:22 mschap-response <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/Win2003 - - kobi
May 12 00:56:22 eap-mschap-success <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 83
May 12 00:56:22 station-data-ready * 00:15:00:da:be:ef 00:00:00:00:00:00 201 -
May 12 00:56:22 eap-mschap-success-ack-> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - -
May 12 00:56:22 eap-tlv-rslt-success <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 43
May 12 00:56:22 eap-tlv-rslt-success -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 2
May 12 00:56:22 eap-success <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe/HZ_dot1x_auth_prof - 4
May 12 00:56:22 wpa2-key1 <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 117
May 12 00:56:22 wpa2-key2 -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 135
May 12 00:56:22 wpa2-key3 <- 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 151
May 12 00:56:22 wpa2-key4 -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - 95
May 12 00:56:22 rad-acct-start -> 00:15:00:da:be:ef 00:0b:86:da:ca:fe - -
(Aruba_Hangzhou_5K) #
Search Airheads
Showing results for 
Search instead for 
Did you mean: