Wireless Access

Reply
Occasional Contributor II
Posts: 77
Registered: ‎11-17-2011

Users being put on VLAN that is not used on controller

Hello, 

 

For some reason I have users being placed into the VLAN I have setup for BYOD even though I don't currently have that VLAN assigned to any active virtual ap.    Anyone ever seen this before? 

 

Here is the debug log for the user -- this particular user should be put in VLAN 1004 not 1010.   Can't find where it's getting 1010 at.

 

Debug UsersSearch

Time Event Description

May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: No Mobility timeout, Mobility (only) station state will be deleted
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_MIP_TIMEOUT: current: MIP_PROXY_NO_MOBILITY_SERVICE, next: MIP_PROXY_DELETE_SIBYTE_BRIDGE
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Removed bridge entry for local station on vlan 1010; ingress interface: tunnel 76
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_BRIDGE, next: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE, next: MIP_PROXY_DELETE_VERIFY
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_REPLY_SUCCESS: current: MIP_PROXY_DELETE_VERIFY, next: MIP_PROXY_INIT
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: proxy mobile node deleted code 0x8 reason
May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Sending notification MIP_IGMP_CLIENT_LEAVE flags 0, roaming state No Mobility service, current vlan 1010 ingress tunnel 76 to pim
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Created mobility state for new station
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_NEW_STATION: current: MIP_PROXY_INIT, next: MIP_PROXY_INIT_L2
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_STATION_L2_MISS: current: MIP_PROXY_INIT_L2, next: MIP_PROXY_FIND_LOCATION
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Cannot find Home Agent; Mobility domain is misconfigured or station has an unexpected IP address
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: local VLAN not matching HAT
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_FIND_HA_FAILURE: current: MIP_PROXY_FIND_LOCATION, next: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Added bridge entry for local station on vlan 1010 to tunnel 76 data path flags PERMANENT, MOBILITY
May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE, next: MIP_PROXY_NO_MOBILITY_SERVICE
May 1 13:53:42mobileipStation: e4:ce:8f:1d:59:4c, 10.0.13.37: HomeVlan: 1010 Current Vlan: 1010 roaming status: No Mobility service Proxy state: MIP_PROXY_NO_MOBILITY_SERVICE at line 2836
May 1 13:55:09stmDisassoc from sta: e4:ce:8f:1d:59:4c: AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Reason STA has left and is disassociated
May 1 13:55:09stmSending STA e4:ce:8f:1d:59:4c message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x3f2, wmm:1, rsn_cap:0
May 1 13:55:09authmgrMAC=e4:ce:8f:1d:59:4c Station DN: BSSID=d8:c7:c8:17:29:38 ESSID=Frontenac Wireless Network VLAN=1010 AP-name=W-01 District Office
May 1 13:55:09mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Received disassociation on ESSID: Frontenac Wireless Network Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name W-01 District Office Group Junior High BSSID d8:c7:c8:17:29:38, phy a, VLAN 1010
May 1 13:55:09stmStation e4:ce:8f:1d:59:4c: Clearing state
May 1 13:55:15stmAssoc request @ 13:55:15.384898: e4:ce:8f:1d:59:4c (SN 615): AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
May 1 13:55:15stmsibyte_find_sta_vlan:5493 MAC - e4:ce:8f:1d:59:4c, VLAN - 3f2
May 1 13:55:15stmAssoc success @ 13:55:15.389258: e4:ce:8f:1d:59:4c: AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
May 1 13:55:15stmSending STA e4:ce:8f:1d:59:4c message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x3f2, wmm:1, rsn_cap:0
May 1 13:55:15authmgrMAC=e4:ce:8f:1d:59:4c Station UP: BSSID=d8:c7:c8:17:29:38 ESSID=Frontenac Wireless Network VLAN=1010 AP-name=W-01 District Office
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Received association on ESSID: Frontenac Wireless Network Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name W-01 District Office Group Junior High BSSID d8:c7:c8:17:29:38, phy a, VLAN 1010
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Data ready message from auth default vlan 1010 assigned vlan 0, mobile assigned vlan 0
May 1 13:55:15authmgrMAC=e4:ce:8f:1d:59:4c IP=0.0.0.0 User miss: ingress=0x10cc, VLAN=1010
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: DHCP FSM received event: RECEIVE_BOOTP_REQUEST current: PROXY_DHCP_INIT, next: PROXY_DHCP_FIND_TYPE
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP uses Requested IP Address from BOOTP REQUEST to identify client IP address
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Station has a stale IP address, will not proxy; trying to acquire a local address
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_NO_PROXY current: PROXY_DHCP_FIND_TYPE, next: PROXY_DHCP_NO_PROXY
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP REQUEST IPHdr Sip 0.0.0.0 Dip 255.255.255.255 Bootp Request ciaddr 0.0.0.0 yiaddr 0.0.0.0 siaddr 0.0.0.0 giaddr 0.0.0.0, DHCP options requested IP 10.0.13.37 serverID 0.0.0.0, transaction 0xb4420c32, action ==>> Forwarded on vlan 1010
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_BOOTP_REPLY current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_NO_PROXY
May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP ACK IPHdr Sip 10.0.0.101 Dip 10.0.13.37 Bootp Reply ciaddr 0.0.0.0 yiaddr 10.0.13.37 siaddr 10.0.0.101 giaddr 10.0.12.1, DHCP options requested IP 10.0.13.37 serverID 10.0.0.101, transaction 0xb4420c32, action ==>> Forwarded on vlan 1010
May 1 13:55:20mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP completed.
May 1 13:55:20mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_MIP_TIMEOUT current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_INIT
May 1 13:55:20mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Deleting Proxy DHCP state with transaction 0xb4420c32
May 1 13:55:37authmgrMAC=e4:ce:8f:1d:59:4c IP=0.0.0.0 User miss: ingress=0x10cc, VLAN=1010
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: DHCP FSM received event: RECEIVE_BOOTP_REQUEST current: PROXY_DHCP_INIT, next: PROXY_DHCP_FIND_TYPE
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP uses Requested IP Address from BOOTP REQUEST to identify client IP address
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Station has a stale IP address, will not proxy; trying to acquire a local address
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_NO_PROXY current: PROXY_DHCP_FIND_TYPE, next: PROXY_DHCP_NO_PROXY
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP REQUEST IPHdr Sip 0.0.0.0 Dip 255.255.255.255 Bootp Request ciaddr 0.0.0.0 yiaddr 0.0.0.0 siaddr 0.0.0.0 giaddr 0.0.0.0, DHCP options requested IP 10.0.13.37 serverID 0.0.0.0, transaction 0xb4420c33, action ==>> Forwarded on vlan 1010
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_BOOTP_REPLY current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_NO_PROXY
May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP ACK IPHdr Sip 10.0.0.101 Dip 10.0.13.37 Bootp Reply ciaddr 0.0.0.0 yiaddr 10.0.13.37 siaddr 10.0.0.101 giaddr 10.0.12.1, DHCP options requested IP 10.0.13.37 serverID 10.0.0.101, transaction 0xb4420c33, action ==>> Forwarded on vlan 1010
May 1 13:55:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP completed.
May 1 13:55:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_MIP_TIMEOUT current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_INIT
May 1 13:55:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Deleting Proxy DHCP state with transaction 0xb4420c33
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: No Mobility timeout, Mobility (only) station state will be deleted
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_MIP_TIMEOUT: current: MIP_PROXY_NO_MOBILITY_SERVICE, next: MIP_PROXY_DELETE_SIBYTE_BRIDGE
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Removed bridge entry for local station on vlan 1010; ingress interface: tunnel 76
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_BRIDGE, next: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE, next: MIP_PROXY_DELETE_VERIFY
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_REPLY_SUCCESS: current: MIP_PROXY_DELETE_VERIFY, next: MIP_PROXY_INIT
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: proxy mobile node deleted code 0x8 reason
May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Sending notification MIP_IGMP_CLIENT_LEAVE flags 0, roaming state No Mobility service, current vlan 1010 ingress tunnel 76 to pim
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Created mobility state for new station
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_NEW_STATION: current: MIP_PROXY_INIT, next: MIP_PROXY_INIT_L2
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_STATION_L2_MISS: current: MIP_PROXY_INIT_L2, next: MIP_PROXY_FIND_LOCATION
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Cannot find Home Agent; Mobility domain is misconfigured or station has an unexpected IP address
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: local VLAN not matching HAT
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_FIND_HA_FAILURE: current: MIP_PROXY_FIND_LOCATION, next: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Added bridge entry for local station on vlan 1010 to tunnel 76 data path flags PERMANENT, MOBILITY
May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE, next: MIP_PROXY_NO_MOBILITY_SERVICE
May 1 13:56:44mobileipStation: e4:ce:8f:1d:59:4c, 10.0.13.37: HomeVlan: 1010 Current Vlan: 1010 roaming status: No Mobility service Proxy state: MIP_PROXY_NO_MOBILITY_SERVICE at line 2836
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: No Mobility timeout, Mobility (only) station state will be deleted
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_MIP_TIMEOUT: current: MIP_PROXY_NO_MOBILITY_SERVICE, next: MIP_PROXY_DELETE_SIBYTE_BRIDGE
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Removed bridge entry for local station on vlan 1010; ingress interface: tunnel 76
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_BRIDGE, next: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE, next: MIP_PROXY_DELETE_VERIFY
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_REPLY_SUCCESS: current: MIP_PROXY_DELETE_VERIFY, next: MIP_PROXY_INIT
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: proxy mobile node deleted code 0x8 reason
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Sending notification MIP_IGMP_CLIENT_LEAVE flags 0, roaming state No Mobility service, current vlan 1010 ingress tunnel 76 to pim
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Created mobility state for new station
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_NEW_STATION: current: MIP_PROXY_INIT, next: MIP_PROXY_INIT_L2
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_STATION_L2_MISS: current: MIP_PROXY_INIT_L2, next: MIP_PROXY_FIND_LOCATION
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Cannot find Home Agent; Mobility domain is misconfigured or station has an unexpected IP address
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: local VLAN not matching HAT
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_FIND_HA_FAILURE: current: MIP_PROXY_FIND_LOCATION, next: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Added bridge entry for local station on vlan 1010 to tunnel 76 data path flags PERMANENT, MOBILITY
May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE, next: MIP_PROXY_NO_MOBILITY_SERVICE
May 1 13:59:45mobileipStation: e4:ce:8f:1d:59:4c, 10.0.13.37: HomeVlan: 1010 Current Vlan: 1010 roaming status: No Mobility service Proxy state: MIP_PROXY_NO_MOBILITY_SERVICE at line 2836

 

 

 
MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Users being put on VLAN that is not used on controller

Can you share the show ip mobile domain <domain name>, show vlan ?

 

Do you have any derivation rules by any chance or assigning VLANs under the user-role ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 77
Registered: ‎11-17-2011

Re: Users being put on VLAN that is not used on controller

(Aruba3400-US) (config) #show ip mobile domain

Mobility Domains:, 1 domain(s)
------------------------------

Domain name default
Home Agent Table, 3 subnet(s)
subnet mask VlanId Home Agent Description
--------------- --------------- ------ --------------- --------------------------------
10.0.2.0 255.255.254.0 1002 10.0.0.2 Elementary
10.0.4.0 255.255.254.0 1004 10.0.0.2 Junior High
10.0.6.0 255.255.254.0 1006 10.0.0.2 High School

 

I think when I setup the mobility stuff I thought it was for moving vlan to vlan.  Not controller to controller.    We only have one controller.

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Users being put on VLAN that is not used on controller

 

If you have one controller you shouldn't have to setup IP Mobility.

 

Please read this:

 

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/Mobility.php

 

Are you doing any user derivation ? or Applying VLANs under the user-role

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 77
Registered: ‎11-17-2011

Re: Users being put on VLAN that is not used on controller

These are the only user derivations rules I have setup -- 

 

Rules-set: byod-rules

Priority Attribute Operation Operand Action Value Total Hit New Hit Description Actions

1dhcp-optionequals3d015c0a5bf6e779set roleAndroid-Device-Role5640Android Gala ... 
2dhcp-optionequals3d013c438e21c253set roleAndroid-Device-Role00Android Device 
3dhcp-optionequals3d018096b1529223set roleAndroid-Device-Role15420Android 
4dhcp-optionstarts-with37017921030set roleAndroid-Device-Role40410Android 2.x 

 

I disabled IP Mobility and ran a new debug -- 

 

May 1 14:29:36stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied: AP Ageout
May 1 14:29:36stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied; Internal Error
May 1 14:29:45stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied: AP Ageout
May 1 14:29:45stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied; Internal Error
May 1 14:29:48stmAssoc request @ 14:29:48.826000: e4:ce:8f:1d:59:4c (SN 703): AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
May 1 14:29:48stmAssoc success @ 14:29:48.829586: e4:ce:8f:1d:59:4c: AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
May 1 14:29:48stmSending STA e4:ce:8f:1d:59:4c message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x3f2, wmm:1, rsn_cap:0
May 1 14:29:48authmgrMAC=e4:ce:8f:1d:59:4c Station UP: BSSID=d8:c7:c8:17:29:38 ESSID=Frontenac Wireless Network VLAN=1010 AP-name=W-01 District Office
May 1 14:29:48authmgrMAC=e4:ce:8f:1d:59:4c,IP=N/A User data downloaded to datapath, new Role=authenticated/54, bw Contract=0/0,reason=UDR driven download
May 1 14:29:48mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Received association on ESSID: Frontenac Wireless Network Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name W-01 District Office Group Junior High BSSID d8:c7:c8:17:29:38, phy a, VLAN 1010
May 1 14:29:48mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Mobility trail, on switch 10.0.0.2, VLAN 1010, AP W-01 District Office, Frontenac Wireless Network/d8:c7:c8:17:29:38/a
May 1 14:29:49authmgrMAC=e4:ce:8f:1d:59:4c IP=0.0.0.0 User miss: ingress=0x10cc, VLAN=1010
May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c IP=10.0.13.37 User miss: ingress=0x10cc, VLAN=1010
May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c,IP=0.0.0.0 User role updated, existing Role=authenticated/none, new Role=authenticated/authenticated, reason=First IP user created
May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c IP=10.0.13.37 User entry added: reason=Sibtye
May 1 14:29:52mdnsmdns_parse_auth_useradd_message 247 Auth User ADD: MAC:e4:ce:8f:1d:59:4c, IP:10.0.13.37, VLAN:1010, Role:authenticated Name: APName:W-01 District Office Type:1
May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c,IP=10.0.13.37 User role updated, existing Role=authenticated/authenticated, new Role=authenticated/authenticated, reason=user role from UDR
May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c,IP=10.0.13.37 User data downloaded to datapath, new Role=authenticated/54, bw Contract=0/0,reason=New user IP processing
MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Users being put on VLAN that is not used on controller

 

can you show the config under the authenticated user-role ?

 

Also show the VAP associated with this SSID: Frontenac Wireless ?

 

I noticed that is applying this role based on a UDR :

 

MAC=e4:ce:8f:1d:59:4c,IP=10.0.13.37 User role updated, existing Role=authenticated/authenticated, new Role=authenticated/authenticated, reason=user role from UDR

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 77
Registered: ‎11-17-2011

Re: Users being put on VLAN that is not used on controller

Looking at the dump from the config it seems like some iPads/iPods are being redirected to VLAN 1010 based on a user derivation role.  So i'll double check the DHCP options I have entered.   I had originally played with one for apple devices but it took ipads, ipods and macbooks into account.  I just wanted ipods and ipads.    


Here are the virtual ap's --

wlan virtual-ap "Elementary" aaa-profile "Frontenac Wireless Network-aaa_prof" ssid-profile "Frontenac Wireless Elementary" vlan 1002 blacklist-time 0 dynamic-mcast-optimization vlan-mobility preserve-vlan band-steering wmm-traffic-management-profile "Default 249"

wlan virtual-ap "High School"
   aaa-profile "Frontenac Wireless Network-aaa_prof"
   ssid-profile "Frontenac Wireless High School"
   vlan 1006
   dynamic-mcast-optimization
   vlan-mobility
   preserve-vlan
   band-steering
   wmm-traffic-management-profile "Default 249"
!
wlan virtual-ap "Junior High"
   aaa-profile "Frontenac Wireless Network-aaa_prof"
   ssid-profile "Frontenac Wireless Junior High"
   vlan 1004
   blacklist-time 0
   dynamic-mcast-optimization
   vlan-mobility
   preserve-vlan
   band-steering
   wmm-traffic-management-profile "Default 249"
!


Search Airheads
Showing results for 
Search instead for 
Did you mean: