I've been working on this all day and it shouldn't be this hard.
everything was working fine, then i ran up on the ap hardware limit for my 6.1.3.1 650 controller so i decided to upgrade to a 3200.
I added a 6.1.3.1 3200 in as a redundant master sync'd configs / dbs and the powered off the 650
all the aps swung over to the new master, happy days.
then i tried to use my windows 7 laptop. wifi local connection only, 169.254. pulled out my iphone. worked fine. pulled out my ipad. 169.254 address on wifi, pulled out macbook pro, local area only, 169.254
looking at the show user table, only a few iphones and appletv shows up.
looking at the station table, all my clients are there and authenticated in the correct role
this is a pretty simple setup. APs are on vlan 10, 10.1/16 subnet. Clients get assigned to same vlan 10 by way of the ssid, dhcp served by the controller.
troubleshooting today i have upgraded from 6.1.3.1 to 6.1.3.3, done a write erase all > reload > add lics > reload, read a bunch of airheads posts, gone on a walk, used different clients, lots of show users/stations, moved users from psk networks to 1x network, built an open network, shouted, and tried more other machines. I can not get this simple psk network to work across all my clients. Like it was when it was working on the 650. Had no issues.
it's either something simple or something i haven't seen before and i'm going with the latter.
why would a client show up as a valid station (even the controller gui and airwave shows them as valid clients) but they dont get added to the user table?
keep your eye on 15:60, it's my work laptop running win7 and i move it back and forth between psk and 1x.
any help or ideas is appreciated. see below for
show ver
show rights
show run | aaa profile
show user
show station
show auth-trace
show log all | inc mac
Jim-3200) (config) #show ver
Aruba Operating System Software.
ArubaOS (MODEL: Aruba3200-US), Version 6.1.3.3
Website: http://www.arubanetworks.com
Copyright (c) 2002-2012, Aruba Networks, Inc.
Compiled on 2012-06-20 at 09:28:49 PDT (build 34156) by p4build
ROM: System Bootstrap, Version CPBoot 1.1.4.0 (build 16250)
Built: 2007-09-20 16:14:24
Built by: p4build@re_client_16250
Switch uptime is 22 minutes 27 seconds
Reboot Cause: User reboot.
Supervisor Card
Processor XLR 508 (revision B2) with 857M bytes of memory.
32K bytes of non-volatile configuration memory.
512M bytes of Supervisor Card System flash (model=CF 512MB).
Jim-3200) (config) #show rights authenticated
Derived Role = 'authenticated'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 63/0
Max Sessions = 65535
access-list List
----------------
Position Name Location
-------- ---- --------
1 allowall
2 v6-allowall
allowall
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any any permit Low 4
2 any any any permit Low 6
v6-allowall
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any any permit Low 6
Expired Policies (due to time constraints) = 0
Jim-3200) (config) #show run | begin 1x>auth
aaa profile "dot1x>authenticated"
initial-role "denied"
mac-default-role "denied"
authentication-dot1x "default"
dot1x-default-role "authenticated"
dot1x-server-group "nil"
!
aaa profile "psk>authenticated"
initial-role "authenticated"
mac-default-role "denied"
authentication-dot1x "default-psk"
dot1x-default-role "denied"
!
(Jim-3200) (config) #show us
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ----
10.1.50.233 00:26:b0:82:09:54 authenticated 00:00:00 Jim-2F-MBR Wireless nil2/00:24:6c:80:31:30/g psk>authenticated tunnel iPhone
10.1.50.232 a4:67:06:6d:a5:58 authenticated 00:00:04 Jim-1F-Office Wireless nil2/00:1a:1e:16:df:f0/a-HT psk>authenticated tunnel iPad
10.1.50.242 d0:23:db:af:40:a2 authenticated 00:00:07 Jim-2F-MBR Wireless nil2/00:24:6c:80:31:30/g-HT psk>authenticated tunnel iPhone
10.1.50.247 58:55:ca:5f:8a:b6 authenticated 00:00:05 Jim-2F-MBR Wireless nil2/00:24:6c:80:31:3a/a-HT psk>authenticated tunnel AppleTV
Jim-3200) (config) #show station-table
Station Entry
-------------
MAC Name Role Age(d:h:m) Auth AP name Essid Phy Remote Profile
------------ ------ ---- ---------- ---- ------- ----- --- ------ -------
58:55:ca:5f:8a:b6 authenticated 00:00:31 No Jim-2F-MBR nil2 a-HT No psk>authenticated
90:27:e4:4d:cc:9e authenticated 00:00:31 No Jim-1F-Office nil2 g-HT No psk>authenticated
00:1e:8c:91:15:60 jim authenticated 00:00:09 Yes Jim-1F-Office nil g No dot1x>authenticated
00:26:b0:82:09:54 authenticated 00:00:15 No Jim-2F-MBR nil2 g No psk>authenticated
d0:23:db:af:40:a2 authenticated 00:00:22 No Jim-2F-MBR nil2 g-HT No psk>authenticated
a4:67:06:6d:a5:58 authenticated 00:00:31 No Jim-1F-Office nil2 a-HT No psk>authenticated
Jim-3200) (config) #show auth-tracebuf | include 15:60
Jul 20 00:29:46 station-up * 00:1e:8c:91:15:60 00:24:6c:80:31:31 - - wpa2 aes
Jul 20 00:29:46 eap-id-req <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 1 5
Jul 20 00:29:46 eap-start -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 - -
Jul 20 00:29:46 eap-id-req <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 1 5
Jul 20 00:29:46 eap-id-resp -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 1 19 jim
Jul 20 00:29:46 rad-req -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 2 186
Jul 20 00:29:46 eap-id-resp -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 1 19 jim
Jul 20 00:29:46 rad-resp <- 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 2 90
Jul 20 00:29:46 eap-req <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 2 6
Jul 20 00:29:46 eap-resp -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 2 155
Jul 20 00:29:46 rad-req -> 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 3 360
Jul 20 00:29:46 rad-resp <- 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 3 232
Jul 20 00:29:46 eap-req <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 3 148
Jul 20 00:29:46 eap-resp -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 3 69
Jul 20 00:29:46 rad-req -> 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 4 274
Jul 20 00:29:46 rad-resp <- 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 4 191
Jul 20 00:29:46 eap-req <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 6 107
Jul 20 00:29:46 eap-resp -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 6 107
Jul 20 00:29:46 rad-req -> 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 5 312
Jul 20 00:29:46 rad-accept <- 00:1e:8c:91:15:60 00:24:6c:80:31:31/dc1 5 230
Jul 20 00:29:46 eap-success <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 6 4
Jul 20 00:29:46 station-data-ready * 00:1e:8c:91:15:60 00:00:00:00:00:00 10 -
Jul 20 00:29:46 wpa2-key1 <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 - 117
Jul 20 00:29:46 wpa2-key2 -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 - 117
Jul 20 00:29:46 wpa2-key3 <- 00:1e:8c:91:15:60 00:24:6c:80:31:31 - 151
Jul 20 00:29:46 wpa2-key4 -> 00:1e:8c:91:15:60 00:24:6c:80:31:31 - 95
Jul 20 00:30:35 station-down * 00:1e:8c:91:15:60 00:24:6c:80:31:31 - -
Jul 20 00:30:35 station-up * 00:1e:8c:91:15:60 00:1a:1e:16:df:e0 - - wpa2 psk aes
Jul 20 00:30:35 station-data-ready * 00:1e:8c:91:15:60 00:00:00:00:00:00 10 -
Jul 20 00:30:35 wpa2-key1 <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e0 - 117
Jul 20 00:30:35 wpa2-key2 -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e0 - 117
Jul 20 00:30:35 wpa2-key3 <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e0 - 151
Jul 20 00:30:35 wpa2-key4 -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e0 - 95
Jul 20 00:47:08 station-down * 00:1e:8c:91:15:60 00:1a:1e:16:df:e0 - -
Jul 20 00:52:07 station-up * 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 - - wpa2 aes
Jul 20 00:52:07 eap-id-req <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 1 5
Jul 20 00:52:07 eap-start -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 - -
Jul 20 00:52:07 eap-id-req <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 1 5
Jul 20 00:52:07 eap-id-resp -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 1 19 jim
Jul 20 00:52:07 rad-req -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 19 189
Jul 20 00:52:07 eap-id-resp -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 1 19 jim
Jul 20 00:52:07 rad-resp <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 19 90
Jul 20 00:52:07 eap-req <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 2 6
Jul 20 00:52:07 eap-resp -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 2 155
Jul 20 00:52:07 rad-req -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 20 363
Jul 20 00:52:07 rad-resp <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 20 232
Jul 20 00:52:07 eap-req <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 3 148
Jul 20 00:52:07 eap-resp -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 3 69
Jul 20 00:52:07 rad-req -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 21 277
Jul 20 00:52:07 rad-resp <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 21 191
Jul 20 00:52:07 eap-req <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 6 107
Jul 20 00:52:07 eap-resp -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 6 107
Jul 20 00:52:07 rad-req -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 22 315
Jul 20 00:52:07 rad-accept <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1/dc1 22 230
Jul 20 00:52:07 eap-success <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 6 4
Jul 20 00:52:07 station-data-ready * 00:1e:8c:91:15:60 00:00:00:00:00:00 10 -
Jul 20 00:52:07 wpa2-key1 <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 - 117
Jul 20 00:52:07 wpa2-key2 -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 - 117
Jul 20 00:52:07 wpa2-key3 <- 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 - 151
Jul 20 00:52:07 wpa2-key4 -> 00:1e:8c:91:15:60 00:1a:1e:16:df:e1 - 95
(Jim-3200) (config) #
(Jim-3200) (config) #show log all | include 15:60
Jul 20 00:29:46 authmgr[1575]: <522035> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station UP: BSSID=00:24:6c:80:31:31 ESSID=nil VLAN=10 AP-name=Jim-2F-MBR
Jul 20 00:29:46 mobileip[1583]: <500010> <NOTI> |mobileip| Station 00:1e:8c:91:15:60, 0.0.0.0: Mobility trail, on switch 172.16.0.6, VLAN 10, AP Jim-2F-MBR, nil/00:24:6c:80:31:31/g
Jul 20 00:29:46 stm[1576]: <501095> <NOTI> |stm| Assoc request @ 00:29:46.976396: 00:1e:8c:91:15:60 (SN 25): AP 10.1.50.238-00:24:6c:80:31:31-Jim-2F-MBR
Jul 20 00:29:46 stm[1576]: <501100> <NOTI> |stm| Assoc success @ 00:29:46.982102: 00:1e:8c:91:15:60: AP 10.1.50.238-00:24:6c:80:31:31-Jim-2F-MBR
Jul 20 00:29:47 authmgr[1575]: <522029> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station authenticate: method=802.1x, role=authenticated//, VLAN=10/10/0/0/0, Derivation=1/0, Value Pair=1
Jul 20 00:29:47 authmgr[1575]: <522038> <INFO> |authmgr| username=jim MAC=00:1e:8c:91:15:60 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=dc1
Jul 20 00:29:47 authmgr[1575]: <522044> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station authenticate(start): method=802.1x, role=denied//, VLAN=10/10/0/0/0, Derivation=10/0, Value Pair=1
Jul 20 00:29:47 authmgr[1575]: <522049> <INFO> |authmgr| MAC=00:1e:8c:91:15:60,IP=N/A User role updated, existing Role=denied/none, new Role=authenticated/none, reason=Station Authenticated with auth type: 4
Jul 20 00:29:47 authmgr[1575]: <522050> <INFO> |authmgr| MAC=00:1e:8c:91:15:60,IP=N/A User data downloaded to datapath, new Role=authenticated/63, bw Contract=0/0,reason=Download driven by user role setting
Jul 20 00:30:35 authmgr[1575]: <522035> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station UP: BSSID=00:1a:1e:16:df:e0 ESSID=nil2 VLAN=10 AP-name=Jim-1F-Office
Jul 20 00:30:35 authmgr[1575]: <522036> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station DN: BSSID=00:24:6c:80:31:31 ESSID=nil VLAN=10 AP-name=Jim-2F-MBR
Jul 20 00:30:35 mobileip[1583]: <500010> <NOTI> |mobileip| Station 00:1e:8c:91:15:60, 0.0.0.0: Mobility trail, on switch 172.16.0.6, VLAN 10, AP Jim-1F-Office, nil2/00:1a:1e:16:df:e0/g
Jul 20 00:30:35 mobileip[1583]: <500010> <NOTI> |mobileip| Station 00:1e:8c:91:15:60, 255.255.255.255: Mobility trail, on switch 172.16.0.6, VLAN 10, AP Jim-2F-MBR, nil/00:24:6c:80:31:31/g
Jul 20 00:30:35 stm[1576]: <501080> <NOTI> |stm| Deauth to sta: 00:1e:8c:91:15:60: Ageout AP 10.1.50.238-00:24:6c:80:31:31-Jim-2F-MBR STA has left and is deauthenticated
Jul 20 00:30:35 stm[1576]: <501095> <NOTI> |stm| Assoc request @ 00:30:35.213668: 00:1e:8c:91:15:60 (SN 62): AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office
Jul 20 00:30:35 stm[1576]: <501100> <NOTI> |stm| Assoc success @ 00:30:35.223804: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office
Jul 20 00:30:35 stm[608]: <501093> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Auth success: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office
Jul 20 00:30:35 stm[608]: <501095> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Assoc request @ 00:30:35.527281: 00:1e:8c:91:15:60 (SN 62): AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office
Jul 20 00:30:35 stm[608]: <501100> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Assoc success @ 00:30:35.528332: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office
Jul 20 00:47:09 authmgr[1575]: <522036> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station DN: BSSID=00:1a:1e:16:df:e0 ESSID=nil2 VLAN=10 AP-name=Jim-1F-Office
Jul 20 00:47:09 mobileip[1583]: <500010> <NOTI> |mobileip| Station 00:1e:8c:91:15:60, 255.255.255.255: Mobility trail, on switch 172.16.0.6, VLAN 10, AP Jim-1F-Office, nil2/00:1a:1e:16:df:e0/g
Jul 20 00:47:09 stm[1576]: <501114> <NOTI> |stm| Deauth from sta: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office Reason 255
Jul 20 00:47:09 stm[608]: <501080> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Deauth to sta: 00:1e:8c:91:15:60: Ageout AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office Denied: AP Ageout
Jul 20 00:47:09 stm[608]: <501106> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Deauth to sta: 00:1e:8c:91:15:60: Ageout AP 10.1.50.246-00:1a:1e:16:df:e0-Jim-1F-Office handle_sapcp
Jul 20 00:52:07 authmgr[1575]: <522035> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station UP: BSSID=00:1a:1e:16:df:e1 ESSID=nil VLAN=10 AP-name=Jim-1F-Office
Jul 20 00:52:07 mobileip[1583]: <500010> <NOTI> |mobileip| Station 00:1e:8c:91:15:60, 0.0.0.0: Mobility trail, on switch 172.16.0.6, VLAN 10, AP Jim-1F-Office, nil/00:1a:1e:16:df:e1/g
Jul 20 00:52:07 stm[1576]: <501095> <NOTI> |stm| Assoc request @ 00:52:07.756715: 00:1e:8c:91:15:60 (SN 88): AP 10.1.50.246-00:1a:1e:16:df:e1-Jim-1F-Office
Jul 20 00:52:07 stm[1576]: <501100> <NOTI> |stm| Assoc success @ 00:52:07.761820: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e1-Jim-1F-Office
Jul 20 00:52:07 stm[608]: <501093> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Auth success: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e1-Jim-1F-Office
Jul 20 00:52:07 stm[608]: <501095> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Assoc request @ 00:52:10.167476: 00:1e:8c:91:15:60 (SN 88): AP 10.1.50.246-00:1a:1e:16:df:e1-Jim-1F-Office
Jul 20 00:52:07 stm[608]: <501100> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Assoc success @ 00:52:10.168633: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e1-Jim-1F-Office
Jul 20 00:52:07 stm[608]: <501109> <NOTI> |AP Jim-1F-Office@10.1.50.246 stm| Auth request: 00:1e:8c:91:15:60: AP 10.1.50.246-00:1a:1e:16:df:e1-Jim-1F-Office auth_alg 0
Jul 20 00:52:08 authmgr[1575]: <522029> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station authenticate: method=802.1x, role=authenticated//, VLAN=10/10/0/0/0, Derivation=1/0, Value Pair=1
Jul 20 00:52:08 authmgr[1575]: <522038> <INFO> |authmgr| username=jim MAC=00:1e:8c:91:15:60 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=dc1
Jul 20 00:52:08 authmgr[1575]: <522044> <INFO> |authmgr| MAC=00:1e:8c:91:15:60 Station authenticate(start): method=802.1x, role=denied//, VLAN=10/10/0/0/0, Derivation=10/0, Value Pair=1
Jul 20 00:52:08 authmgr[1575]: <522049> <INFO> |authmgr| MAC=00:1e:8c:91:15:60,IP=N/A User role updated, existing Role=denied/none, new Role=authenticated/none, reason=Station Authenticated with auth type: 4
Jul 20 00:52:08 authmgr[1575]: <522050> <INFO> |authmgr| MAC=00:1e:8c:91:15:60,IP=N/A User data downloaded to datapath, new Role=authenticated/63, bw Contract=0/0,reason=Download driven by user role setting
(Jim-3200) (config) #
#3200