Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎07-17-2013

Disconnection (User entry deleted: reason=logon role lifetime reached)

Hi :smileyhappy:

I have two SSIDs on my controller, the first one is for voice traffic, this one is working very nice. The second is for data traffic ; laptops, smartphone and one wireless printer. We only have problem with the printer. The printer always lost connection when we let it in wireless, this is the log :

I have this logs when the printer is disconnected from the WIFI : Apr 30 07:57:05 authmgr[1602]: <522005> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
Apr 30 07:57:05 authmgr[1602]: <522050> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role

 


Here you can see the debug on this printer (debug with MAC adress) when it lost connection :

 

May 13 14:48:47 :501095:  <NOTI> |stm|  Assoc request @ 14:48:47.443371: 00:19:70:a8:9c:ed (SN 12): AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
May 13 14:48:47 :501100:  <NOTI> |stm|  Assoc success @ 14:48:47.450327: 00:19:70:a8:9c:ed: AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
May 13 14:48:47 :501065:  <DBUG> |stm|  Sending STA 00:19:70:a8:9c:ed message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:28
May 13 14:48:47 :522035:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed Station UP: BSSID=00:0b:86:75:5e:a0 ESSID=Tarifold-Interne VLAN=1 AP-name=AP03
May 13 14:48:47 :524124:  <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:00:19:70:a8:9c:ed, pmkid_present:True, pmkid:30 48 60 6c 00 0b 86 75 5e 08 00 0b 86 75 5e 08
May 13 14:48:47 :500511:  <DBUG> |mobileip|  Station 00:19:70:a8:9c:ed, 0.0.0.0: Received association on ESSID: Tarifold-Interne Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP03 Group default BSSID 00:0b:86:75:5e:a0, phy g, VLAN 1
May 13 14:48:47 :500010:  <NOTI> |mobileip|  Station 00:19:70:a8:9c:ed, 0.0.0.0: Mobility trail, on switch 192.168.200.10, VLAN 1, AP AP03, Tarifold-Interne/00:0b:86:75:5e:a0/g
May 13 14:48:47 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
May 13 14:48:47 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/none, new Role=logon/logon, reason=First IP user created
May 13 14:48:47 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
May 13 14:48:47 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
May 13 14:48:47 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
May 13 14:54:42 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
May 13 14:54:42 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
May 13 14:54:49 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
May 13 14:54:49 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
May 13 14:54:49 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
May 13 14:54:49 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
May 13 14:54:49 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
May 13 14:57:23 :501095:  <NOTI> |stm|  Assoc request @ 14:57:23.096703: 00:19:70:a8:9c:ed (SN 12): AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
May 13 14:57:23 :501100:  <NOTI> |stm|  Assoc success @ 14:57:23.099033: 00:19:70:a8:9c:ed: AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
May 13 14:57:23 :501065:  <DBUG> |stm|  Sending STA 00:19:70:a8:9c:ed message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:28
May 13 14:57:23 :522035:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed Station UP: BSSID=00:0b:86:75:5e:a0 ESSID=Tarifold-Interne VLAN=1 AP-name=AP03
May 13 14:57:23 :500511:  <DBUG> |mobileip|  Station 00:19:70:a8:9c:ed, 0.0.0.0: Received association on ESSID: Tarifold-Interne Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP03 Group default BSSID 00:0b:86:75:5e:a0, phy g, VLAN 1
May 13 14:57:23 :524124:  <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:00:19:70:a8:9c:ed, pmkid_present:True, pmkid:30 48 60 6c 00 0b 86 75 5f e8 00 0b 86 75 5f e8
May 13 14:59:43 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
May 13 14:59:43 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
May 13 14:59:44 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
May 13 14:59:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
May 13 14:59:44 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
May 13 14:59:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
May 13 14:59:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
May 13 15:04:44 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
May 13 15:04:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
May 13 15:04:44 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
May 13 15:04:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
May 13 15:04:44 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
May 13 15:04:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
May 13 15:04:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
May 13 15:09:44 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
May 13 15:09:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
May 13 15:09:55 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
May 13 15:09:55 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
May 13 15:09:55 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
May 13 15:09:55 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
May 13 15:09:55 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
May 13 15:14:45 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
May 13 15:14:45 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role


Can I change the role ? Why this one make problom on this print and never on laptop or smartphone ?

 

Thanks for your update. :smileywink:

 

Alex.

MVP
Posts: 4,234
Registered: ‎07-20-2011

Re: Disconnection (User entry deleted: reason=logon role lifetime reached)

 

Change the initial role to something else 

 

Authentication Profiles_2013-07-17_12-28-18.png

 

AAA_Servers_2013-07-17_12-25-36.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: Disconnection (User entry deleted: reason=logon role lifetime reached)

If  you donot have a PEF-NG licence change the role to guest.

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
New Contributor
Posts: 3
Registered: ‎07-17-2013

Re: Disconnection (User entry deleted: reason=logon role lifetime reached)

Hi,

 

Thanks for your answer :smileyhappy: .

 

I will go to the customer tomorrow to make some tests. The clients who use this SSID is authentificate with a WPA Key. It's strange because I don't have disconnection with laptop but only with this printer, I don't understand why it doesn't work with this device ...

 

Can I find a description of these differents role (for exemple difference between the authenticate and guest role) ? Which one do you use when there is only authentification with WPA Key ?

 

Thanks a lot !:smileywink:

New Contributor
Posts: 3
Registered: ‎07-17-2013

Re: Disconnection (User entry deleted: reason=logon role lifetime reached)

It works! :smileytongue:

 

Can you explain me the difference between these roles ? I dont understand why it doesnt work with this device, and why the logon role can disturb it..

 

Jul 19 07:17:42webui[1465]: USER:admin@192.168.200.83 COMMAND:<logging level debugging user-debug 00:19:70:a8:9c:ed > -- command executed successfully
Jul 19 07:23:59stm[1603]: <501095> <NOTI> |stm| Assoc request @ 07:23:59.824815: 00:19:70:a8:9c:ed (SN 12): AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
Jul 19 07:23:59stm[1603]: <501100> <NOTI> |stm| Assoc success @ 07:23:59.826890: 00:19:70:a8:9c:ed: AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
Jul 19 07:23:59stm[1603]: <501065> <DBUG> |stm| Sending STA 00:19:70:a8:9c:ed message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:28
Jul 19 07:23:59authmgr[1602]: <522035> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed Station UP: BSSID=00:0b:86:75:5e:a0 ESSID=Tarifold-Interne VLAN=1 AP-name=AP03
Jul 19 07:23:59authmgr[1602]: <524124> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:00:19:70:a8:9c:ed, pmkid_present:True, pmkid:30 48 60 6c 00 0b 86 75 5f b8 00 0b 86 75 5f b8
Jul 19 07:23:59mobileip[1611]: <500511> <DBUG> |mobileip| Station 00:19:70:a8:9c:ed, 0.0.0.0: Received association on ESSID: Tarifold-Interne Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP03 Group default BSSID 00:0b:86:75:5e:a0, phy g, VLAN 1
Jul 19 07:23:59mobileip[1611]: <500010> <NOTI> |mobileip| Station 00:19:70:a8:9c:ed, 0.0.0.0: Mobility trail, on switch 192.168.200.10, VLAN 1, AP AP03, Tarifold-Interne/00:0b:86:75:5e:a0/g
Jul 19 07:24:00authmgr[1602]: <522026> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
Jul 19 07:24:00authmgr[1602]: <522049> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=guest/logon, new Role=guest/guest, reason=First IP user created
Jul 19 07:24:00authmgr[1602]: <522006> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
Jul 19 07:24:00authmgr[1602]: <522049> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=guest/guest, new Role=guest/guest, reason=User not authenticated for inheriting attributes
Jul 19 07:24:00authmgr[1602]: <522050> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=guest/3, bw Contract=0/0,reason=New user IP processing
MVP
Posts: 4,234
Registered: ‎07-20-2011

Re: Disconnection (User entry deleted: reason=logon role lifetime reached)

Look at the screenshot a shared
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: Disconnection (User entry deleted: reason=logon role lifetime reached)

Logon role is designed for the users who are in preauthenticated. so we donot allow users without authenticated to say in our DB for long time. so we hav logon life time which will kick off teh user afte the logon life time. so if you are using open or pre shared key auth, please change the initial role to other roles like guest  or authenticated. 

 

guest role will provide access to dns, http and https ( by default) 

authenticated role is allow all.  ( by default)/. 

 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: