Wireless Access

Reply
Occasional Contributor II

Help debug log entries

Can somebody help me debug these 2 entries. I keep getting a "respond to challenge failed message"

 

Feb 4 08:35:29 authmgr[3909]: <522036> <INFO> |authmgr| MAC=a4:ee:57:32:c9:c0 Station DN: BSSID=6c:f3:7f:85:cb:c0 ESSID=lehigh VLAN=680 AP-name=Bldg86-rm210


Feb 4 08:35:29 stm[836]: <501105> <NOTI> |AP Bldg86-rm210@128.180.251.204 stm| Deauth from sta: a4:ee:57:32:c9:c0: AP 128.180.251.204-6c:f3:7f:85:cb:c0-Bldg86-rm210 Reason Response to challenge failed

Aruba Employee

Re: Help debug log entries

Hi magnumpi, 

 

When do you see this message? What is the authentication type? 

 

Check the output of, 

1. #show auth-tracebuf mac a4:ee:57:32:c9:c0 

2. #show ap client trail-info a4:ee:57:32:c9:c0 

 

You may find additional information. 

 

Thanks, 

Rajaguru Vincent 

Thanks,
Rajaguru Vincent
CWNA | CWSP | CWAP | CWDP | ACMP
Occasional Contributor II

Re: Help debug log entries

I see these messages constantly on our controller's log.  We authenic with 802.1X

 

(aruba3) #show auth-tracebuf mac a4:ee:57:32:c9:c0
(aruba3) #show ap client trail-info a4:ee:57:32:c9:c0

Client Trail Info
-----------------
MAC BSSID ESSID AP-name VLAN Deauth Reason Alert
--- ----- ----- ------- ---- ------------- -----
a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 680 Response to challenge failed Response to challenge failed

Deauth Reason
-------------
Reason Timestamp
------ ---------
Response to challenge failed Feb 4 11:00:51
Response to challenge failed Feb 4 11:00:20
Response to challenge failed Feb 4 10:59:49
Response to challenge failed Feb 4 10:59:17
Response to challenge failed Feb 4 10:58:46
Response to challenge failed Feb 4 10:58:14
Response to challenge failed Feb 4 10:57:43
Response to challenge failed Feb 4 10:57:12
Response to challenge failed Feb 4 10:56:40
Response to challenge failed Feb 4 10:56:08
Num Deauths:10

Alerts
------
Reason Timestamp
------ ---------
Response to challenge failed Feb 4 11:00:51
Response to challenge failed Feb 4 11:00:20
Response to challenge failed Feb 4 10:59:49
Response to challenge failed Feb 4 10:59:17
Response to challenge failed Feb 4 10:58:46
Response to challenge failed Feb 4 10:58:14
Response to challenge failed Feb 4 10:57:43
Response to challenge failed Feb 4 10:57:12
Response to challenge failed Feb 4 10:56:40
Response to challenge failed Feb 4 10:56:08
Num Alerts:10

Mobility Trail
--------------
BSSID ESSID AP-name Timestamp
----- ----- ------- ---------
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:51
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:41
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:20
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 11:00:09
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:49
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:39
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:17
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:59:07
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:58:46
6c:f3:7f:85:cb:c0 lehigh Bldg86-rm210 Feb 4 10:58:36
Num Mobility Trails:10

 

 

Occasional Contributor II

Re: Help debug log entries

Looks like the MAC address is associated with an Epson printer

Aruba Employee

Re: Help debug log entries

Hi, 

 

It seems like the device is trying to connect with incorrect 802.1x credential / settings. 

Enable user-debugging for this mac address and then see the auth-tracebuf. 

 

(config) #logging level debugging user-debug a4:ee:57:32:c9:c0 

(config) #exit

#show auth-tracebuf mac a4:ee:57:32:c9:c0 

 

Thanks, 

Rajaguru Vincent 

Thanks,
Rajaguru Vincent
CWNA | CWSP | CWAP | CWDP | ACMP
Occasional Contributor II

Re: Help debug log entries

Here's what I found so far:

 

(aruba3) #show auth-tracebuf mac a4:ee:57:32:c9:c0

Warning: user-debug is enabled on one or more specific MAC addresses;
only those MAC addresses appear in the trace buffer.

Auth Trace Buffer
-----------------


Feb 4 13:21:03 station-up * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - - wpa2 aes
Feb 4 13:21:03 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
Feb 4 13:21:08 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
Feb 4 13:21:12 station-down * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - -
Feb 4 13:21:34 station-up * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - - wpa2 aes
Feb 4 13:21:34 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
Feb 4 13:21:40 eap-id-req <- a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 1 5
Feb 4 13:21:45 station-down * a4:ee:57:32:c9:c0 6c:f3:7f:85:cb:c0 - -

 

 

Aruba Employee

Re: Help debug log entries

Ok. The client device is not responding for the eap-id-request from the AP. The possible cause is that the client is not configured with proper WLAN / 802.1x settings. You need to check the client device. Compare the auth-tracebuf of a working client, you'll see the difference. 

 

Thanks, 

Rajaguru Vincent 

Thanks,
Rajaguru Vincent
CWNA | CWSP | CWAP | CWDP | ACMP
Occasional Contributor II

Re: Help debug log entries

Will do... Thanks for all your help..

Aruba Employee

Re: Help debug log entries

Here is an example auth-tracebuf output of a successful authentication. 

 

 

Feb 4 03:34:50 station-up * cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - - wpa2 aes
Feb 4 03:34:50 eap-id-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 1 5
Feb 4 03:34:50 eap-id-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 1 13 rajaguru
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 95 211
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 95 88
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 2 6
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 2 192
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 96 432
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 96 1124
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 3 1034
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 3 6
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 97 246
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 97 1120
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 4 1030
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 4 6
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 98 246
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 98 1120
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 5 1030
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 5 6
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 99 246
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 99 819
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 6 733
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 6 140
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 100 380
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 100 151
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 7 69
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 7 6
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 101 246
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 101 125
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 8 43
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 8 59
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 102 299
Feb 4 03:34:50 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 102 157
Feb 4 03:34:50 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 9 75
Feb 4 03:34:50 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 9 107
Feb 4 03:34:50 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 103 347
Feb 4 03:34:51 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 103 173
Feb 4 03:34:51 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 10 91
Feb 4 03:34:51 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 10 43
Feb 4 03:34:51 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 104 283
Feb 4 03:34:51 rad-resp <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 104 125
Feb 4 03:34:51 eap-req <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 11 43
Feb 4 03:34:51 eap-resp -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 11 43
Feb 4 03:34:51 rad-req -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 105 283
Feb 4 03:34:51 rad-accept <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81/ClearPass3-Rajaguru 105 228
Feb 4 03:34:51 eap-success <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 11 4
Feb 4 03:34:51 wpa2-key1 <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 117
Feb 4 03:34:51 wpa2-key2 -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 117
Feb 4 03:34:51 wpa2-key3 <- cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 151
Feb 4 03:34:51 wpa2-key4 -> cc:c3:ea:xx:xx:xx ac:a3:1e:e3:63:81 - 95

 

 

Thanks, 

Rajaguru Vincent 

Thanks,
Rajaguru Vincent
CWNA | CWSP | CWAP | CWDP | ACMP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: