well, I think the title says it all. I am using ClearPass as the radius server. Here is a auth-tracebuf and user-debug. I'm at a loss as to what to look at next.
Thanks,
Russell
(QA01AARUBA01) #show log user-debug all
Mar 30 13:28:15 :501093: <NOTI> |AP LAB-AP-2-ac:a3:1e:c3:3f:70@10.75.93.250 stm| Auth success: 10:a5:d0:0e:13:91: AP 10.75.93.250-ac:a3:1e:b3:f7:10-LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:15 :501095: <NOTI> |AP LAB-AP-2-ac:a3:1e:c3:3f:70@10.75.93.250 stm| Assoc request @ 13:28:15.405200: 10:a5:d0:0e:13:91 (SN 1751): AP 10.75.93.250-ac:a3:1e:b3:f7:10-LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:15 :501100: <NOTI> |stm| Assoc success @ 13:28:15.442704: 10:a5:d0:0e:13:91: AP 10.75.93.250-ac:a3:1e:b3:f7:10-LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:15 :501100: <NOTI> |AP LAB-AP-2-ac:a3:1e:c3:3f:70@10.75.93.250 stm| Assoc success @ 13:28:15.407246: 10:a5:d0:0e:13:91: AP 10.75.93.250-ac:a3:1e:b3:f7:10-LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:15 :522295: <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user 10:a5:d0:0e:13:91
Mar 30 13:28:15 :522035: <INFO> |authmgr| MAC=10:a5:d0:0e:13:91 Station UP: BSSID=ac:a3:1e:b3:f7:10 ESSID=LAB-INTERNAL VLAN=427 AP-name=LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:15 :522077: <DBUG> |authmgr| MAC=10:a5:d0:0e:13:91 ingress 0x0x1000c (tunnel 12), u_encr 64, m_encr 64, slotport 0x0x2100 , type: remote, FW mode: 1, AP IP: 10.75.93.250 mdie 0 ft_complete 0
Mar 30 13:28:15 :522264: <DBUG> |authmgr| "MAC:10:a5:d0:0e:13:91: Allocating UUID: 2.
Mar 30 13:28:15 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 10:a5:d0:0e:13:91 vlan 0 derivation_type Reset VLANs for Station up index 0.
Mar 30 13:28:15 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 10:a5:d0:0e:13:91 vlan 427 fwdmode 0 derivation_type Default VLAN.
Mar 30 13:28:15 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 10:a5:d0:0e:13:91 vlan 427 derivation_type Default VLAN index 1.
Mar 30 13:28:15 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 10:a5:d0:0e:13:91 vlan 427 fwdmode 0 derivation_type Current VLAN updated.
Mar 30 13:28:15 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 10:a5:d0:0e:13:91 vlan 427 derivation_type Current VLAN updated index 2.
Mar 30 13:28:15 :524141: <DBUG> |authmgr| clr_pmkcache_ft():988: MAC:10:a5:d0:0e:13:91 BSS:ac:a3:1e:b3:f7:10
Mar 30 13:28:15 :522287: <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac 10:a5:d0:0e:13:91 bssid ac:a3:1e:b3:f7:10 vlan 427 type 1 data-ready 0
Mar 30 13:28:15 :522254: <DBUG> |authmgr| VDR - mac 10:a5:d0:0e:13:91 rolename logon fwdmode 1 derivation_type Initial Role Contained vp not present.
Mar 30 13:28:15 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 10:a5:d0:0e:13:91 vlan 0 derivation_type Reset Role Based VLANs index 3.
Mar 30 13:28:15 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:logon,pDefRole:0x0xfea874
Mar 30 13:28:15 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:10:a5:d0:0e:13:91, pmkid_present:False, pmkid:N/A
Mar 30 13:28:15 :522096: <DBUG> |authmgr| 10:a5:d0:0e:13:91: Sending STM new Role ACL : 2, and Vlan info: 427, action : 10, AP IP: 10.75.93.250, flags : 0 idle-timeout: 300
Mar 30 13:28:15 :522242: <DBUG> |authmgr| MAC=10:a5:d0:0e:13:91 Station Created Update MMS: BSSID=ac:a3:1e:b3:f7:10 ESSID=LAB-INTERNAL VLAN=427 AP-name=LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:15 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 2 mac 10:a5:d0:0e:13:91 name role logon devtype wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 1
Mar 30 13:28:20 :522175: <DBUG> |authmgr| skipping mac : 10:a5:d0:0e:13:91, from AP : 10.75.93.250, with authtype : 802.1x.
Mar 30 13:28:22 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 10:a5:d0:0e:13:91 vlan 0 derivation_type Reset all Auth VLANs index 4.
Mar 30 13:28:22 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 10:a5:d0:0e:13:91 vlan 427 fwdmode 1 derivation_type Current VLAN updated.
Mar 30 13:28:22 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 10:a5:d0:0e:13:91 vlan 427 derivation_type Current VLAN updated index 5.
Mar 30 13:28:22 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated 10:a5:d0:0e:13:91 mob 0 inform 1 remote 1 wired 0 defvlan 427 exportedvlan 0 curvlan 427.
Mar 30 13:28:22 :522030: <INFO> |authmgr| MAC=10:a5:d0:0e:13:91 Station deauthenticated: BSSID=ac:a3:1e:b3:f7:10, ESSID=LAB-INTERNAL
Mar 30 13:28:22 :522127: <DBUG> |authmgr| {L2} Update role from logon to logon for IP=0.0.0.0.
Mar 30 13:28:22 :522049: <INFO> |authmgr| MAC=10:a5:d0:0e:13:91,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Mar 30 13:28:24 :501102: <NOTI> |AP LAB-AP-2-ac:a3:1e:c3:3f:70@10.75.93.250 stm| Disassoc from sta: 10:a5:d0:0e:13:91: AP 10.75.93.250-ac:a3:1e:b3:f7:10-LAB-AP-2-ac:a3:1e:c3:3f:70 Reason STA has left and is disassociated
Mar 30 13:28:24 :522296: <DBUG> |authmgr| Auth GSM : USER_STA delete event for user 10:a5:d0:0e:13:91 age 0 deauth_reason 8
Mar 30 13:28:24 :522036: <INFO> |authmgr| MAC=10:a5:d0:0e:13:91 Station DN: BSSID=ac:a3:1e:b3:f7:10 ESSID=LAB-INTERNAL VLAN=427 AP-name=LAB-AP-2-ac:a3:1e:c3:3f:70
Mar 30 13:28:24 :522152: <DBUG> |authmgr| station free: bssid=ac:a3:1e:b3:f7:10, @=0x0xcf5034.
Mar 30 13:28:24 :501000: <DBUG> |AP LAB-AP-2-ac:a3:1e:c3:3f:70@10.75.93.250 stm| Station 10:a5:d0:0e:13:91: Clearing state
Mar 30 13:28:24 :522244: <DBUG> |authmgr| MAC=10:a5:d0:0e:13:91 Station Deleted Update MMS
Mar 30 13:28:24 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 2 mac 10:a5:d0:0e:13:91 name role logon devtype wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 1
Mar 30 13:28:24 :522290: <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac 10:a5:d0:0e:13:91
Mar 30 13:28:24 :522303: <DBUG> |authmgr| Auth GSM : USER delete for mac 10:a5:d0:0e:13:91 uuid 2
Mar 30 13:28:24 :522265: <DBUG> |authmgr| "MAC:10:a5:d0:0e:13:91: Deallocating UUID: 2.
Mar 30 13:28:24 :501000: <DBUG> |stm| Station 10:a5:d0:0e:13:91: Clearing state
Mar 30 13:28:24 :501102: <NOTI> |stm| Disassoc from sta: 10:a5:d0:0e:13:91: AP 10.75.93.250-ac:a3:1e:b3:f7:10-LAB-AP-2-ac:a3:1e:c3:3f:70 Reason STA has left and is disassociated
Mar 30 13:28:24 :501037: <NOTI> |stm| Station 10:a5:d0:0e:13:91: no association found trying to disassociate to BSSID ac:a3:1e:b3:f7:10 on AP LAB-AP-2-ac:a3:1e:c3:3f:70
(QA01AARUBA01) # show auth-tracebuf
Warning: user-debug is enabled on one or more specific MAC addresses;
only those MAC addresses appear in the trace buffer.
Auth Trace Buffer
-----------------
Mar 30 13:28:15 station-up * 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 - - wpa2 aes
Mar 30 13:28:15 eap-id-req <- 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 1 5
Mar 30 13:28:15 eap-id-resp -> 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 1 12 davise1
Mar 30 13:28:15 rad-req -> 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 9 214
Mar 30 13:28:20 dot1x-timeout * 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 1 3 server timeout
Mar 30 13:28:20 dot1x-timeout * 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 2 2 station timeout
Mar 30 13:28:20 eap-id-req <- 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 2 5
Mar 30 13:28:20 eap-id-resp -> 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 2 12 davise1
Mar 30 13:28:20 rad-req -> 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 10 214
Mar 30 13:28:22 rad-reject <- 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10/CPPM-radius 10 20
Mar 30 13:28:22 eap-failure <- 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 2 4 server rejected
Mar 30 13:28:24 station-down * 10:a5:d0:0e:13:91 ac:a3:1e:b3:f7:10 - -
(QA01AARUBA01) # aaa test-server mschapv2 CPPM-radius davise1 ***********
Authentication Successful