So one of the clients is getting random disconnection for some reason. Log says Code 3 reason or the way I understand it is the phone itself is initiating the deauth. He has a Motorola Android 7.x phone. What is really surprising is I have an LG phone with Android 7.x too but I don't have this problem. Any ideas? Here's the log.
(aruba-wc2) # show auth-tracebuf mac d4:63:c6:xx:xx:2x
Warning: user-debug is enabled on one or more specific MAC addresses;
only those MAC addresses appear in the trace buffer.
Auth Trace Buffer
-----------------
Dec 1 13:53:51 station-down * d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - -
Dec 1 13:54:07 station-up * d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - - wpa2 aes
Dec 1 13:54:07 wpa2-key1 <- d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 117
Dec 1 13:54:07 wpa2-key2 -> d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 135
Dec 1 13:54:07 wpa2-key3 <- d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 167
Dec 1 13:54:07 wpa2-key4 -> d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 95
Dec 1 14:01:05 station-down * d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - -
Dec 1 14:01:16 station-up * d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - - wpa2 aes
Dec 1 14:01:16 wpa2-key1 <- d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 117
Dec 1 14:01:16 wpa2-key2 -> d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 135
Dec 1 14:01:16 wpa2-key3 <- d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 167
Dec 1 14:01:16 wpa2-key4 -> d4:63:c6:xx:xx:2x 18:64:72:38:71:d2 - 95
Dec 1 14:03:16 rad-acct-int-update -> d4:63:c6:xx:xx:2x 18:64:72:38:71:d2/radius-01-eduroam - -
Dec 1 14:03:16 rad-acct-int-update -> d4:63:c6:xx:xx:2x 18:64:72:38:71:d2/radius-02-eduroam - -
(aruba-wc2) #
(aruba-wc2) #show log user-debug all | include d4:63:c6:xx:xx:2x
.
.
.
.
.
Dec 1 13:54:07 :522259: <DBUG> |authmgr| "VDR - Do Role Based VLAN Derivation user d4:63:c6:xx:xx:2x role cpp-role-authenticated rolehow ROLE_DERIVATION_DOT1X_VSA.
Dec 1 13:54:07 :522254: <DBUG> |authmgr| VDR - mac d4:63:c6:xx:xx:2x rolename cpp-role-authenticated fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present.
Dec 1 13:54:07 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 0 derivation_type Reset Role Based VLANs index 7.
Dec 1 13:54:07 :522255: <DBUG> |authmgr| "VDR - set vlan in user for d4:63:c6:xx:xx:2x vlan 1521 fwdmode 0 derivation_type Current VLAN updated.
Dec 1 13:54:07 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 1521 derivation_type Current VLAN updated index 8.
Dec 1 13:54:07 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated d4:63:c6:xx:xx:2x mob 0 inform 1 remote 0 wired 0 defvlan 1521 exportedvlan 0 curvlan 1521.
Dec 1 13:54:07 :522029: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x Station authenticate: method=802.1x, role=cpp-role-authenticated/cpp-role-authenticated//guest-logon, VLAN=1521/1521, Derivation=9/1, Value Pair=0
Dec 1 13:54:07 :522158: <DBUG> |authmgr| Role Derivation for user 10.110.166.196-d4:63:c6:xx:xx:2x-amulyadi@cpp.edu N/A User authenticated with auth type:Unknown auth type role derivation:0.
Dec 1 13:54:07 :522318: <DBUG> |authmgr| Client d4:63:c6:xx:xx:2x idle timeout 300 profile global
Dec 1 13:54:07 :522008: <NOTI> |authmgr| User Authentication Successful: username=amulyadi@cpp.edu MAC=d4:63:c6:xx:xx:2x IP=10.110.166.196 role=cpp-role-authenticated VLAN=1521 AP=015-2000-ap07-w1 SSID=eduroam AAA profile=cpp-aaa-dot1x-eduroam auth method=802.1x auth server=radius-01-eduroam
Dec 1 13:54:07 :522158: <DBUG> |authmgr| Role Derivation for user fe80::d663:c6ff:fe43:4b25-d4:63:c6:xx:xx:2x-amulyadi@cpp.edu N/A User authenticated with auth type:Unknown auth type role derivation:0.
Dec 1 13:54:07 :522318: <DBUG> |authmgr| Client d4:63:c6:xx:xx:2x idle timeout 300 profile global
Dec 1 13:54:07 :522008: <NOTI> |authmgr| User Authentication Successful: username=amulyadi@cpp.edu MAC=d4:63:c6:xx:xx:2x IP=fe80::d663:c6ff:fe43:4b25 role=cpp-role-authenticated VLAN=1521 AP=015-2000-ap07-w1 SSID=eduroam AAA profile=cpp-aaa-dot1x-eduroam auth method=802.1x auth server=radius-01-eduroam
Dec 1 13:54:07 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 0x88724b02e09839a7 mac d4:63:c6:xx:xx:2x name amulyadi@cpp.edu role cpp-role-authenticated devtype Android wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
Dec 1 13:54:07 :522243: <DBUG> |authmgr| MAC=d4:63:c6:xx:xx:2x Station Updated Update MMS: BSSID=18:64:72:38:71:d2 ESSID=eduroam VLAN=1521 AP-name=015-2000-ap07-w1
Dec 1 13:54:07 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 0x88724b02e09839a7 mac d4:63:c6:xx:xx:2x name amulyadi@cpp.edu role cpp-role-authenticated devtype Android wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
Dec 1 13:54:10 :527000: <DBUG> |mdns| mdns_parse_auth_userapname_message 452 Auth->MDNS User APNAME: MAC:d4:63:c6:xx:xx:2x, NEW AP NAME:015-2000-ap07-w1
Dec 1 13:54:10 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 269 Auth User ROLE: MAC:d4:63:c6:xx:xx:2x, ROLE_NAME:cpp-role-authenticated
Dec 1 13:54:10 :527000: <DBUG> |mdns| mdns_auth_userinfo_req_message 345 mac(d4:63:c6:xx:xx:2x), ip(10.110.166.196)
Dec 1 13:54:15 :527000: <DBUG> |mdns| mdns_parse_userinfo 376 UserInfo resp=1 ip=10.110.166.196, mac=d4:63:c6:xx:xx:2x, apname=015-2000-ap07-w1, role=cpp-role-authenticated, username=amulyadi@cpp.edu, vlan=1521
Dec 1 13:54:15 :527000: <DBUG> |mdns| ag_mdns_get_token_list_for_mac 654 AirGroup user exists but token_list does not: mac=d4:63:c6:xx:xx:2x
Dec 1 13:54:15 :527000: <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 360 AirGroup user exists but ssdp_token_list does not: mac=d4:63:c6:xx:xx:2x
Dec 1 13:54:15 :527000: <DBUG> |mdns| mdns_parse_auth_userinfo_resp_message 401 UserInfo response completed for ip=10.110.166.196 mac=d4:63:c6:xx:xx:2x
Dec 1 14:01:06 :501105: <NOTI> |AP 015-2000-ap07-w1@10.111.19.254 stm| Deauth from sta: d4:63:c6:xx:xx:2x: AP 10.111.19.254-18:64:72:38:71:d2-015-2000-ap07-w1 Reason STA has left and is deauthenticated
Dec 1 14:01:06 :522296: <DBUG> |authmgr| Auth GSM : USER_STA delete event for user d4:63:c6:xx:xx:2x age 0 deauth_reason 3
Dec 1 14:01:06 :522036: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x Station DN: BSSID=18:64:72:38:71:d2 ESSID=eduroam VLAN=1521 AP-name=015-2000-ap07-w1
Dec 1 14:01:06 :501000: <DBUG> |AP 015-2000-ap07-w1@10.111.19.254 stm| Station d4:63:c6:xx:xx:2x: Clearing state
Dec 1 14:01:06 :522234: <DBUG> |authmgr| Setting idle timer for user d4:63:c6:xx:xx:2x to 300 seconds (idle timeout: 300 ageout: 0).
Dec 1 14:01:06 :501000: <DBUG> |stm| Station d4:63:c6:xx:xx:2x: Clearing state
Dec 1 14:01:16 :501093: <NOTI> |AP 015-2000-ap07-w1@10.111.19.254 stm| Auth success: d4:63:c6:xx:xx:2x: AP 10.111.19.254-18:64:72:38:71:d2-015-2000-ap07-w1
Dec 1 14:01:16 :501095: <NOTI> |AP 015-2000-ap07-w1@10.111.19.254 stm| Assoc request @ 14:01:16.430349: d4:63:c6:xx:xx:2x (SN 3262): AP 10.111.19.254-18:64:72:38:71:d2-015-2000-ap07-w1
Dec 1 14:01:16 :501100: <NOTI> |stm| Assoc success @ 14:01:16.437800: d4:63:c6:xx:xx:2x: AP 10.111.19.254-18:64:72:38:71:d2-015-2000-ap07-w1
Dec 1 14:01:16 :501100: <NOTI> |AP 015-2000-ap07-w1@10.111.19.254 stm| Assoc success @ 14:01:16.431301: d4:63:c6:xx:xx:2x: AP 10.111.19.254-18:64:72:38:71:d2-015-2000-ap07-w1
Dec 1 14:01:16 :522295: <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user d4:63:c6:xx:xx:2x
Dec 1 14:01:16 :522035: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x Station UP: BSSID=18:64:72:38:71:d2 ESSID=eduroam VLAN=1521 AP-name=015-2000-ap07-w1
Dec 1 14:01:16 :522077: <DBUG> |authmgr| MAC=d4:63:c6:xx:xx:2x ingress 0x0x1042d (tunnel 1069), u_encr 64, m_encr 4112, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Dec 1 14:01:16 :522078: <DBUG> |authmgr| MAC=d4:63:c6:xx:xx:2x, wired: 0, vlan:1521 ingress:0x0x1042d (tunnel 1069), ingress:0x0x1042d new_aaa_prof: cpp-aaa-dot1x-eduroam, stored profile: cpp-aaa-dot1x-eduroam stored wired: 0 stored essid: eduroam, stored-ingress: 0x0x1042d
Dec 1 14:01:16 :522247: <DBUG> |authmgr| User idle timer removed for user with MAC d4:63:c6:xx:xx:2x.
Dec 1 14:01:16 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 0 derivation_type Reset VLANs for Station up index 9.
Dec 1 14:01:16 :522255: <DBUG> |authmgr| "VDR - set vlan in user for d4:63:c6:xx:xx:2x vlan 1521 fwdmode 0 derivation_type Default VLAN.
Dec 1 14:01:16 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 1521 derivation_type Default VLAN index 10.
Dec 1 14:01:16 :522255: <DBUG> |authmgr| "VDR - set vlan in user for d4:63:c6:xx:xx:2x vlan 1521 fwdmode 0 derivation_type Current VLAN updated.
Dec 1 14:01:16 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 1521 derivation_type Current VLAN updated index 11.
Dec 1 14:01:16 :522158: <DBUG> |authmgr| Role Derivation for user N/A-d4:63:c6:xx:xx:2x-amulyadi@cpp.edu N/A Set AAA profile defaults.
Dec 1 14:01:16 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC d4:63:c6:xx:xx:2x.
Dec 1 14:01:16 :524141: <DBUG> |authmgr| clr_pmkcache_ft():987: MAC:d4:63:c6:xx:xx:2x BSS:18:64:72:38:71:d2
Dec 1 14:01:16 :522287: <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac d4:63:c6:xx:xx:2x bssid 18:64:72:38:71:d2 vlan 1521 type 1 data-ready 0
Dec 1 14:01:16 :522254: <DBUG> |authmgr| VDR - mac d4:63:c6:xx:xx:2x rolename guest-logon fwdmode 0 derivation_type Initial Role Contained vp not present.
Dec 1 14:01:16 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 0 derivation_type Reset Role Based VLANs index 12.
Dec 1 14:01:16 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:d4:63:c6:xx:xx:2x, pmkid_present:True, pmkid:62 83 69 da 8a d1 d2 ec 7d 53 53 c2 30 75 c1 99
Dec 1 14:01:16 :522142: <DBUG> |authmgr| Setting cached role to cpp-role-authenticated for user d4:63:c6:xx:xx:2x".
Dec 1 14:01:16 :522254: <DBUG> |authmgr| VDR - mac d4:63:c6:xx:xx:2x rolename NULL fwdmode 0 derivation_type VLAN from pmk-cache vp not present.
Dec 1 14:01:16 :522044: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x Station authenticate(start): method=802.1x, role=cpp-role-authenticated/cpp-role-authenticated//guest-logon, VLAN=1521/1521, Derivation=9/1, Value Pair=0, flags=0x8
Dec 1 14:01:16 :522158: <DBUG> |authmgr| Role Derivation for user N/A-d4:63:c6:xx:xx:2x-amulyadi@cpp.edu N/A station Authenticated with auth type: Unknown auth type.
Dec 1 14:01:16 :522127: <DBUG> |authmgr| {L2} Update role from cpp-role-authenticated to cpp-role-authenticated for IP=N/A, MAC=d4:63:c6:xx:xx:2x.
Dec 1 14:01:16 :522049: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x,IP=N/A User role updated, existing Role=cpp-role-authenticated/none, new Role=cpp-role-authenticated/none, reason=station Authenticated with auth type: 802.1x
Dec 1 14:01:16 :522050: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x,IP=N/A User data downloaded to datapath, new Role=cpp-role-authenticated/95, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
Dec 1 14:01:16 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 0x88724b02e09839a7 mac d4:63:c6:xx:xx:2x name amulyadi@cpp.edu role cpp-role-authenticated devtype Android wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
Dec 1 14:01:16 :522259: <DBUG> |authmgr| "VDR - Do Role Based VLAN Derivation user d4:63:c6:xx:xx:2x role cpp-role-authenticated rolehow ROLE_DERIVATION_DOT1X_VSA.
Dec 1 14:01:16 :522254: <DBUG> |authmgr| VDR - mac d4:63:c6:xx:xx:2x rolename cpp-role-authenticated fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present.
Dec 1 14:01:16 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 0 derivation_type Reset Role Based VLANs index 13.
Dec 1 14:01:16 :522255: <DBUG> |authmgr| "VDR - set vlan in user for d4:63:c6:xx:xx:2x vlan 1521 fwdmode 0 derivation_type Current VLAN updated.
Dec 1 14:01:16 :522258: <DBUG> |authmgr| "VDR - Add to history of user user d4:63:c6:xx:xx:2x vlan 1521 derivation_type Current VLAN updated index 14.
Dec 1 14:01:16 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated d4:63:c6:xx:xx:2x mob 0 inform 1 remote 0 wired 0 defvlan 1521 exportedvlan 0 curvlan 1521.
Dec 1 14:01:16 :522029: <INFO> |authmgr| MAC=d4:63:c6:xx:xx:2x Station authenticate: method=802.1x, role=cpp-role-authenticated/cpp-role-authenticated//guest-logon, VLAN=1521/1521, Derivation=9/1, Value Pair=0
Dec 1 14:01:16 :522158: <DBUG> |authmgr| Role Derivation for user 10.110.166.196-d4:63:c6:xx:xx:2x-amulyadi@cpp.edu N/A User authenticated with auth type:Unknown auth type role derivation:0.
Dec 1 14:01:16 :522318: <DBUG> |authmgr| Client d4:63:c6:xx:xx:2x idle timeout 300 profile global
Dec 1 14:01:16 :522008: <NOTI> |authmgr| User Authentication Successful: username=amulyadi@cpp.edu MAC=d4:63:c6:xx:xx:2x IP=10.110.166.196 role=cpp-role-authenticated VLAN=1521 AP=015-2000-ap07-w1 SSID=eduroam AAA profile=cpp-aaa-dot1x-eduroam auth method=802.1x auth server=radius-01-eduroam
Dec 1 14:01:16 :522158: <DBUG> |authmgr| Role Derivation for user fe80::d663:c6ff:fe43:4b25-d4:63:c6:xx:xx:2x-amulyadi@cpp.edu N/A User authenticated with auth type:Unknown auth type role derivation:0.
Dec 1 14:01:16 :522318: <DBUG> |authmgr| Client d4:63:c6:xx:xx:2x idle timeout 300 profile global
Dec 1 14:01:16 :522008: <NOTI> |authmgr| User Authentication Successful: username=amulyadi@cpp.edu MAC=d4:63:c6:xx:xx:2x IP=fe80::d663:c6ff:fe43:4b25 role=cpp-role-authenticated VLAN=1521 AP=015-2000-ap07-w1 SSID=eduroam AAA profile=cpp-aaa-dot1x-eduroam auth method=802.1x auth server=radius-01-eduroam
Dec 1 14:01:16 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 0x88724b02e09839a7 mac d4:63:c6:xx:xx:2x name amulyadi@cpp.edu role cpp-role-authenticated devtype Android wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
Dec 1 14:01:16 :522243: <DBUG> |authmgr| MAC=d4:63:c6:xx:xx:2x Station Updated Update MMS: BSSID=18:64:72:38:71:d2 ESSID=eduroam VLAN=1521 AP-name=015-2000-ap07-w1
Dec 1 14:01:16 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 0x88724b02e09839a7 mac d4:63:c6:xx:xx:2x name amulyadi@cpp.edu role cpp-role-authenticated devtype Android wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
Dec 1 14:01:19 :527000: <DBUG> |mdns| mdns_parse_auth_userapname_message 452 Auth->MDNS User APNAME: MAC:d4:63:c6:xx:xx:2x, NEW AP NAME:015-2000-ap07-w1
Dec 1 14:01:19 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 269 Auth User ROLE: MAC:d4:63:c6:xx:xx:2x, ROLE_NAME:cpp-role-authenticated
Dec 1 14:01:19 :527000: <DBUG> |mdns| mdns_auth_userinfo_req_message 345 mac(d4:63:c6:xx:xx:2x), ip(10.110.166.196)
(aruba-wc2) #