Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Help debug log entries

This thread has been viewed 9 times

  • 1.  Help debug log entries

    Posted Feb 04, 2016 08:48 AM

    Can somebody help me debug these 2 entries. I keep getting a "respond to challenge failed message"

     

    Feb 4 08:35:29 authmgr[3909]: <522036> <INFO> |authmgr| MAC=a4:ee:57:32:c9:c0 Station DN: BSSID=6c:f3:7f:85:cb:c0 ESSID=lehigh VLAN=680 AP-name=Bldg86-rm210


    Feb 4 08:35:29 stm[836]: <501105> <NOTI> |AP Bldg86-rm210@128.180.251.204 stm| Deauth from sta: a4:ee:57:32:c9:c0: AP 128.180.251.204-6c:f3:7f:85:cb:c0-Bldg86-rm210 Reason Response to challenge failed



  • 2.  RE: Help debug log entries

    EMPLOYEE
    Posted Feb 04, 2016 09:30 AM

    Hi magnumpi, 

     

    When do you see this message? What is the authentication type? 

     

    Check the output of, 

    1. #show auth-tracebuf mac a4:ee:57:32:c9:c0 

    2. #show ap client trail-info a4:ee:57:32:c9:c0 

     

    You may find additional information. 

     

    Thanks, 

    Rajaguru Vincent 



  • 3.  RE: Help debug log entries

    Posted Feb 04, 2016 11:06 AM

    I see these messages constantly on our controller's log.  We authenic with 802.1X

     

    (aruba3) #show auth-tracebuf mac a4:ee:57:32:c9:c0
    (aruba3) #show ap client trail-info a4:ee:57:32:c9:c0

    Client Trail Info
    -----------------
    MAC BSSID ESSID AP-name VLAN Deauth Reason Alert
    --- ----- ----- ------- ---- ------------- -----
    a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 680 Response to challenge failed Response to challenge failed

    Deauth Reason
    -------------
    Reason Timestamp
    ------ ---------
    Response to challenge failed Feb 4 11:00:51
    Response to challenge failed Feb 4 11:00:20
    Response to challenge failed Feb 4 10:59:49
    Response to challenge failed Feb 4 10:59:17
    Response to challenge failed Feb 4 10:58:46
    Response to challenge failed Feb 4 10:58:14
    Response to challenge failed Feb 4 10:57:43
    Response to challenge failed Feb 4 10:57:12
    Response to challenge failed Feb 4 10:56:40
    Response to challenge failed Feb 4 10:56:08
    Num Deauths:10

    Alerts
    ------
    Reason Timestamp
    ------ ---------
    Response to challenge failed Feb 4 11:00:51
    Response to challenge failed Feb 4 11:00:20
    Response to challenge failed Feb 4 10:59:49
    Response to challenge failed Feb 4 10:59:17
    Response to challenge failed Feb 4 10:58:46
    Response to challenge failed Feb 4 10:58:14
    Response to challenge failed Feb 4 10:57:43
    Response to challenge failed Feb 4 10:57:12
    Response to challenge failed Feb 4 10:56:40
    Response to challenge failed Feb 4 10:56:08
    Num Alerts:10

    Mobility Trail
    --------------
    BSSID ESSID AP-name Timestamp
    ----- ----- ------- ---------
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:51
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:41
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:20
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:09
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:49
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:39
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:17
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:07
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:58:46
    6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:58:36
    Num Mobility Trails:10

     

     



  • 4.  RE: Help debug log entries

    Posted Feb 04, 2016 11:10 AM

    Looks like the MAC address is associated with an Epson printer



  • 5.  RE: Help debug log entries

    EMPLOYEE
    Posted Feb 04, 2016 11:54 AM

    Hi, 

     

    It seems like the device is trying to connect with incorrect 802.1x credential / settings. 

    Enable user-debugging for this mac address and then see the auth-tracebuf. 

     

    (config) #logging level debugging user-debug a4:ee:57:32:c9:c0 

    (config) #exit

    #show auth-tracebuf mac a4:ee:57:32:c9:c0 

     

    Thanks, 

    Rajaguru Vincent 



  • 6.  RE: Help debug log entries

    Posted Feb 04, 2016 01:30 PM

    Here's what I found so far:

     

    (aruba3) #show auth-tracebuf mac a4:ee:57:32:c9:c0

    Warning: user-debug is enabled on one or more specific MAC addresses;
    only those MAC addresses appear in the trace buffer.

    Auth Trace Buffer
    -----------------


    Feb 4 13:21:03 station-up * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - - wpa2 aes
    Feb 4 13:21:03 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
    Feb 4 13:21:08 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
    Feb 4 13:21:12 station-down * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - -
    Feb 4 13:21:34 station-up * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - - wpa2 aes
    Feb 4 13:21:34 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
    Feb 4 13:21:40 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
    Feb 4 13:21:45 station-down * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - -

     

     



  • 7.  RE: Help debug log entries
    Best Answer

    EMPLOYEE
    Posted Feb 04, 2016 01:45 PM

    Ok. The client device is not responding for the eap-id-request from the AP. The possible cause is that the client is not configured with proper WLAN / 802.1x settings. You need to check the client device. Compare the auth-tracebuf of a working client, you'll see the difference. 

     

    Thanks, 

    Rajaguru Vincent 



  • 8.  RE: Help debug log entries

    EMPLOYEE
    Posted Feb 04, 2016 01:48 PM

    Here is an example auth-tracebuf output of a successful authentication. 

     

     

    Feb 4 03:34:50 station-up * cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - - wpa2 aes
    Feb 4 03:34:50 eap-id-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 1 5
    Feb 4 03:34:50 eap-id-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 1 13 rajaguru
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 95 211
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 95 88
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 2 6
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 2 192
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 96 432
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 96 1124
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 3 1034
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 3 6
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 97 246
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 97 1120
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 4 1030
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 4 6
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 98 246
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 98 1120
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 5 1030
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 5 6
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 99 246
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 99 819
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 6 733
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 6 140
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 100 380
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 100 151
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 7 69
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 7 6
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 101 246
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 101 125
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 8 43
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 8 59
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 102 299
    Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 102 157
    Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 9 75
    Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 9 107
    Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 103 347
    Feb 4 03:34:51 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 103 173
    Feb 4 03:34:51 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 10 91
    Feb 4 03:34:51 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 10 43
    Feb 4 03:34:51 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 104 283
    Feb 4 03:34:51 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 104 125
    Feb 4 03:34:51 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 11 43
    Feb 4 03:34:51 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 11 43
    Feb 4 03:34:51 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 105 283
    Feb 4 03:34:51 rad-accept <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 105 228
    Feb 4 03:34:51 eap-success <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 11 4
    Feb 4 03:34:51 wpa2-key1 <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 117
    Feb 4 03:34:51 wpa2-key2 -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 117
    Feb 4 03:34:51 wpa2-key3 <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 151
    Feb 4 03:34:51 wpa2-key4 -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 95

     

     

    Thanks, 

    Rajaguru Vincent 



  • 9.  RE: Help debug log entries

    Posted Feb 04, 2016 01:48 PM

    Will do... Thanks for all your help..