Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎12-07-2012

Dropping the radius packet for Station

Hello all, I am a newbie in Aruba and seeking for help in this forum 

 

First of all, I''ve got a pair of controller (master/local) with Symantec NAC Lan Forcer connection

 

However, when I try to connect to the wireless network, a radius packet drop log message can see in controller's log.

 

*Dropping the radius packet for Station 74:e5:0b:xx:xx:xx xx:xx:xx:xx:xx:xx doing 802.1x*

 

Can anyone help me a bit on it?

 

Thanks,

Simon

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Dropping the radius packet for Station

You need to enable debugging for that client:

 

config t
logging level debug user-debug <mac address of client>

 

 

Then you need to type:

 

show log user-debug all

 

 

 

..to see the detail.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎12-07-2012

Re: Dropping the radius packet for Station

Thank you for your kind reply

 

I found the log message as below:

 

(CSTWCMS01) (config) #show log user-debug all
Jan 31 14:58:28 :501095:  <NOTI> |stm|  Assoc request @ 14:58:28.228745: 20:68:9d:3b:f5:3a (SN 3927): AP 10.242.182.102-24:de:c6:81:ec:b0-CSTAPOS02
Jan 31 14:58:28 :501100:  <NOTI> |stm|  Assoc success @ 14:58:28.235012: 20:68:9d:3b:f5:3a: AP 10.242.182.102-24:de:c6:81:ec:b0-CSTAPOS02
Jan 31 14:58:28 :501065:  <DBUG> |stm|  Sending STA 20:68:9d:3b:f5:3a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1e, wmm:1, rsn_cap:28
Jan 31 14:58:28 :522035:  <INFO> |authmgr|  MAC=20:68:9d:3b:f5:3a Station UP: BSSID=24:de:c6:81:ec:b0 ESSID=CSTY5X VLAN=30 AP-name=CSTAPOS02
Jan 30 22:50:28 :500511:  <DBUG> |mobileip|  Station 20:68:9d:3b:f5:3a, 0.0.0.0: Received association on ESSID: CSTY5X Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name CSTAPOS02 Group VAP_1 BSSID 24:de:c6:81:ec:b0, phy g, VLAN 30
Jan 31 14:58:28 :500010:  <NOTI> |mobileip|  Station 20:68:9d:3b:f5:3a, 0.0.0.0: Mobility trail, on switch 10.242.182.3, VLAN 30, AP CSTAPOS02, CSTY5X/24:de:c6:81:ec:b0/g

Would you please kindly have a look on it ?

Many thanks
Simon
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Dropping the radius packet for Station

There is nothing in those logs out of the ordinary.  Did that specific client have a problem at that time?  

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎12-07-2012

Re: Dropping the radius packet for Station

[ Edited ]

Yes, user cannot gain access to wireless network.

 

Let me describe the connection flow:

 

1. Client attempt to gain access through Aruba

2. Aruba contact Symantec lan enforcer (SNAC), PEAP

3. Client device with agent (assign VLAN A)

4. Agentless (assign VLAN B)

 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Dropping the radius packet for Station

There are quite a few other things in play here.  I do not know specifically about the interaction with Symantec NAC enforcer.  I am sure there is much more to this.

 

Maybe someone else on the list can help or you should open a support case.  Your first log looks like your client did not get an ip address.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎12-07-2012

Re: Dropping the radius packet for Station

Thank you for your advise. By the way, base on result of " show aaa authentication-server radius statistics", is that mean the 1st and 2nd radius server are unreachable?

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Dropping the radius packet for Station

It could mean that the servers were never used or never responded.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: