Wireless Access

Reply
Frequent Contributor II
Posts: 142
Registered: ‎08-08-2007

Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

Hi all, I have upgraded our two A3400 to the latest OS6. We broadcast both a local bridged SSID (which works) and a tunneled SSID back to our office. This uses WPA2 Enterprise and the internal AAA database.

 

I can see the SSID but I just cannot connect to it. Any ideas?

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

Turn on user debugging and see why...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 142
Registered: ‎08-08-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

Is it from the CLI as I can only find AP debugging option?

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

cli:

 

config t

logging level debugging user

 

 

After your user tries to connect, execute:

 

show log user 50

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database


When you say internal , so it is hosted on the controller ?
Have you tried using the aaa test ?
What code are you running ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II
Posts: 142
Registered: ‎08-08-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

Yes its the internal AAA database, running 6.1.3.1. Not heard of the AAA test before. Thanks.

Frequent Contributor II
Posts: 142
Registered: ‎08-08-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

How can I clear the logs and try again as it appears to be full of activity from another AP in another site. Can't see anything from my own laptop. THanks.

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database


m0bov wrote:

How can I clear the logs and try again as it appears to be full of activity from another AP in another site. Can't see anything from my own laptop. THanks.


Okay. turn it off:

 

config t

logging level warning user

 

Then turn it on for JUST your mac address:

 

config t

logging level debug user-debug <your mac address>

 

Then, look at the debug for your mac:

 

show log user-debug 50

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 142
Registered: ‎08-08-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501095:  <NOTI> |stm|  Assoc request @ 11:45:47.440174: 18:87:96:63:99:4a (SN 3419): AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501095:  <NOTI> |AP nonsuch923@12.12.12.159 stm|  Assoc request @ 11:45:47.387981: 18:87:96:63:99:4a (SN 3419): AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501100:  <NOTI> |AP nonsuch923@12.12.12.159 stm|  Assoc success @ 11:45:47.389091: 18:87:96:63:99:4a: AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501065:  <DBUG> |stm|  Client 18:87:96:63:99:4a moved from AP nonsuch912 to AP nonsuch923
Apr 12 11:45:47 :501065:  <DBUG> |stm|  Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 11:45:47 :500511:  <DBUG> |mobileip|  Station 18:87:96:63:99:4a, 0.0.0.0: Received disassociation on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name nonsuch912 Group Nonsuch_APG BSSID 6c:f3:7f:49:75:91, phy g, VLAN 11
Apr 12 11:45:47 :500010:  <NOTI> |mobileip|  Station 18:87:96:63:99:4a, 255.255.255.255: Mobility trail, on switch 10.254.12.3, VLAN 11, AP nonsuch912, MIST/6c:f3:7f:49:75:91/g
Apr 12 11:45:47 :522036:  <INFO> |authmgr|  MAC=18:87:96:63:99:4a Station DN: BSSID=6c:f3:7f:49:75:91 ESSID=MIST VLAN=11 AP-name=nonsuch912
Apr 12 11:45:47 :522004:  <DBUG> |authmgr|  MAC=18:87:96:63:99:4a ingress 0x13c3 (tunnel 835), u_encr 64, m_encr 64, slotport 0x1041 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 11:45:47 :522004:  <DBUG> |authmgr|  station free: bssid=6c:f3:7f:49:75:91, @=0x10ad994c
Apr 12 11:45:47 :522004:  <DBUG> |authmgr|  MAC=18:87:96:63:99:4a Send Station delete message to mobility
Apr 12 11:45:47 :501080:  <NOTI> |stm|  Deauth to sta: 18:87:96:63:99:4a: Ageout AP 12.12.12.147-6c:f3:7f:49:75:91-nonsuch912 STA has left and is deauthenticated
Apr 12 11:45:47 :501100:  <NOTI> |stm|  Assoc success @ 11:45:47.449869: 18:87:96:63:99:4a: AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501065:  <DBUG> |stm|  Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 11:45:47 :500511:  <DBUG> |mobileip|  Station 18:87:96:63:99:4a, 0.0.0.0: Received association on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name nonsuch923 Group Nonsuch_APG BSSID 6c:f3:7f:49:75:61, phy g, VLAN 11
Apr 12 11:45:47 :500010:  <NOTI> |mobileip|  Station 18:87:96:63:99:4a, 0.0.0.0: Mobility trail, on switch 10.254.12.3, VLAN 11, AP nonsuch923, MIST/6c:f3:7f:49:75:61/g
Apr 12 11:45:47 :522035:  <INFO> |authmgr|  MAC=18:87:96:63:99:4a Station UP: BSSID=6c:f3:7f:49:75:61 ESSID=MIST VLAN=11 AP-name=nonsuch923
Apr 12 11:45:47 :522004:  <DBUG> |authmgr|  MAC=18:87:96:63:99:4a ingress 0x12cd (tunnel 589), u_encr 64, m_encr 64, slotport 0x1041 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 11:45:47 :501105:  <NOTI> |AP nonsuch912@12.12.12.147 stm|  Deauth from sta: 18:87:96:63:99:4a: AP 12.12.12.147-6c:f3:7f:49:75:91-nonsuch912 Reason STA has left and is deauthenticated
Apr 12 11:45:47 :501000:  <DBUG> |AP nonsuch912@12.12.12.147 stm|  Station 18:87:96:63:99:4a: Clearing state
Apr 12 11:45:51 :501109:  <NOTI> |AP grange4011@12.12.12.220 stm|  Auth request: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011 auth_alg 0
Apr 12 11:45:51 :501095:  <NOTI> |stm|  Assoc request @ 11:45:51.281474: 7c:11:be:7f:2d:25 (SN 2146): AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501100:  <NOTI> |stm|  Assoc success @ 11:45:51.284691: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501065:  <DBUG> |stm|  Sending STA 7c:11:be:7f:2d:25 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:c
Apr 12 11:45:51 :500511:  <DBUG> |mobileip|  Station 7c:11:be:7f:2d:25, 0.0.0.0: Received association on ESSID: grangec Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name grange4011 Group Grange_APG BSSID 00:24:6c:17:2a:a0, phy g, VLAN 1
Apr 12 11:45:51 :522035:  <INFO> |authmgr|  MAC=7c:11:be:7f:2d:25 Station UP: BSSID=00:24:6c:17:2a:a0 ESSID=grangec VLAN=1 AP-name=grange4011
Apr 12 11:45:51 :500010:  <NOTI> |mobileip|  Station 7c:11:be:7f:2d:25, 0.0.0.0: Mobility trail, on switch 10.254.12.3, VLAN 1, AP grange4011, grangec/00:24:6c:17:2a:a0/g
Apr 12 11:45:51 :522004:  <DBUG> |authmgr|  MAC=7c:11:be:7f:2d:25 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1041 , type: remote, FW mode: 1, AP IP: 12.12.12.220
Apr 12 11:45:51 :522004:  <DBUG> |authmgr|  no users to cleanup
Apr 12 11:45:51 :501093:  <NOTI> |AP grange4011@12.12.12.220 stm|  Auth success: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501095:  <NOTI> |AP grange4011@12.12.12.220 stm|  Assoc request @ 11:45:50.939554: 7c:11:be:7f:2d:25 (SN 2146): AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501100:  <NOTI> |AP grange4011@12.12.12.220 stm|  Assoc success @ 11:45:50.944566: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:53 :522004:  <DBUG> |authmgr|  wireless:0 dotx:0, keytype:9(static-wpa2-aes)
Apr 12 11:45:53 :522004:  <DBUG> |authmgr|  DeviceType Classification is set in aaa-profile
Apr 12 11:45:53 :522004:  <DBUG> |authmgr|  DeviceType from cache: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari
Apr 12 11:52:19  KERNEL(nonsuch913@10.64.153.6): RESTARTING ALL TX

(Aruba3400_HAMASTER) (config) #

 

 

 

My laptop is 08:11:96:d9:1a:64 but the AP should be 1.1.1. The Nonsuch APs are in a school which should be locked up. MIST is my global SSID.

Frequent Contributor II
Posts: 142
Registered: ‎08-08-2007

Re: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

The command i used is below

 

(Aruba3400_HAMASTER) (config) #logging level debugging user-debug 08:11:96:D9:1A:64

Search Airheads
Showing results for 
Search instead for 
Did you mean: