Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VLAN pool not evenly assigning users

This thread has been viewed 4 times

  • 1.  VLAN pool not evenly assigning users

    Posted Nov 20, 2014 12:25 PM

    As a follow up to this post here:

    http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/VLAN-Pooling-Best-Practice/td-p/217615

     

    I had 1 vlan for my students, I ran out of room so i created a second vlan, and created a vlan pool.  I have the vlan pool assigned to the user role for students which is assigned via clearpass.  It is only assigning users to the old vlan and not to the new one.  If i assign either one by itself it works, but when i use the pool it does not.  Am i doing something wrong here?

     



  • 2.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 20, 2014 12:31 PM

    mwallen,

     

    Are you using the "Aruba-Named-User-Vlan" attribute?  Does it match (case sensitive) a named VLAN on your local controller?  Is that named VLAN defined to the correct VLANs on the local controller? 



  • 3.  RE: VLAN pool not evenly assigning users

    Posted Nov 20, 2014 01:33 PM
      |   view attached

    I am passing back the user role from clearpass to the controller.  On the controller i have the vlan pool assigned to the user role.  In the screenshot i attached you can see i have the vlan pool named "students" selected for the user role.



  • 4.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 20, 2014 01:47 PM

    Mwallen,

     

    A vlan derived from a role has the absolute least priority.  Which means if if the VLAN is being derived by a User Derivation rule or Server Derivation rule or Radius Server attribute, that will override a Role-Based VLAN.  In other words, you should probably just return the attribute via Radius with the VLAN name I mentioned above and Remove the VLAN Name from the Role.

     

    If you setup debugging on a user, it will say why the user is getting that VLAN.

     



  • 5.  RE: VLAN pool not evenly assigning users

    Posted Nov 20, 2014 01:55 PM

    I think i will need to put a call into TAC because i am not really sure how to do that.  When Aruba setup our sytem for us back when we first got it they did it with the vlans assigned at the role level, so i will need to redo alot of this to pass the vlans back from clearpass.  

     

    Thanks.  



  • 6.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 20, 2014 02:08 PM

    Well,

     

    Here is an overview:

     

    You can setup VLAN names, just like you do now, on your master controller.  On each local controller, you would define the actual VLANs that correspond to each name.  When the user authenticates, ClearPass Enforcement Profile should return the Attribute with the Role and the VLAN Name.  When the radius server responds, the controller will assign the user to the role and look on the local controller to see what VLANs are assigned to the named vlan:

     

    named-vlan-vsa.png

     

    A Radius VSA is the highest on the pecking chart, so this will override any other method of assigning Roles or VLANs on the controller side, and it is more flexible than hardcoding VLANs to user roles, because it is locally significant, based on what VLAN number(s) you have assigned to the VLAN name on the local controller.

     



  • 7.  RE: VLAN pool not evenly assigning users

    Posted Nov 20, 2014 02:15 PM

    On the plus side, i feel a bit smarter now, because i had just tried doing what you showed in your screenshot before i saw you posted it!  

     

    On the not so plus side, its still doing the same thing as before.  The users are still only getting assigned to the old vlan.  

     

    If it changes anything, i only have 1 controller(for now at least, i have a second one but i have not gotten redundancy set up yet, its on the todo list)



  • 8.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 20, 2014 02:17 PM

    You need to enable debugging for a single user and post it here, so we can figure out why it is getting that single VLAN.

     

    In addition, if you are trying to authenticate a user who is already in the user table, it might not change VLANs.  You need to do a "aaa user delete <ip address of user>" to make sure the user is out of the user table, first.

     



  • 9.  RE: VLAN pool not evenly assigning users

    Posted Nov 20, 2014 02:41 PM
      |   view attached

    Here is the Debug Info, I am attaching it as well as pasting it so you can pick your poison as far as which one is easier to sort through.

    My MAC address is: 60:45:bd:e9:7c:4c

    At the start of the log you will see me logged in with the username mwallen which is my staff username, and then i reconnect using MarkTest which is in the student group in active directory. 

     

     

    Nov 20 13:25:02 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=140.104.180.49 User data downloaded to datapath, new Role=logon/2, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Nov 20 13:25:02 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name CARROLL_NT\mwallen role logon devtype Windows wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:02 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name role logon devtype Windows wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:02 :522038: <INFO> |authmgr| username=CARROLL_NT\mwallen MAC=60:45:bd:e9:7c:4c IP=140.104.180.49 Authentication result=Authentication Successful method=radius-accounting server=cp1
    Nov 20 13:25:05 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 273 Auth User ROLE: MAC:60:45:bd:e9:7c:4c, ROLE_NAME:logon
    Nov 20 13:25:05 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.180.49, rolename=logon, username=mwallen, ap_name=ITS West - NE902, vlanid=44, username=mwallen
    Nov 20 13:25:13 :522038: <INFO> |authmgr| username=marktest MAC=60:45:bd:e9:7c:4c IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=cp1
    Nov 20 13:25:13 :522044: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Station authenticate(start): method=802.1x, role=logon///logon, VLAN=1/1, Derivation=7/1, Value Pair=1, flags=0x8
    Nov 20 13:25:13 :522016: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=?? Derived role 'student' from Aruba VSA
    Nov 20 13:25:13 :522127: <DBUG> |authmgr| {L2} Update role from logon to student for IP=0.0.0.0.
    Nov 20 13:25:13 :522049: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=N/A User role updated, existing Role=logon/logon, new Role=student/logon, reason=Station Authenticated with auth type: 4
    Nov 20 13:25:13 :522128: <DBUG> |authmgr| download-L2: acl=77/0 role=logon, tunl=0x0x109ad, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 20 13:25:13 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=N/A User data downloaded to datapath, new Role=student/77, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Nov 20 13:25:13 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role logon devtype Windows wired 0 authtype 4 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:13 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 0 derivation_type Reset Dot1x VLANs index 7.
    Nov 20 13:25:13 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename NULL fwdmode 0 derivation_type Dot1x Aruba VSA vp present.
    Nov 20 13:25:13 :522021: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Derived VLAN '58' from Aruba VSA
    Nov 20 13:25:13 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type Dot1x Aruba VSA.
    Nov 20 13:25:13 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type Dot1x Aruba VSA index 8.
    Nov 20 13:25:13 :522253: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c derivation_type Dot1x Aruba VSA derived vlan 58.
    Nov 20 13:25:13 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename NULL fwdmode 0 derivation_type Dot1x MSFT Attributes vp present.
    Nov 20 13:25:13 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename NULL fwdmode 0 derivation_type Dot1x Server Rule vp present.
    Nov 20 13:25:13 :522259: <DBUG> |authmgr| "VDR - Do Role Based VLAN Derivation user 60:45:bd:e9:7c:4c role student authtype 4 rolehow Aruba VSA.
    Nov 20 13:25:13 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename student fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present.
    Nov 20 13:25:13 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained.
    Nov 20 13:25:13 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type Dot1x Aruba VSA Role Contained index 9.
    Nov 20 13:25:13 :522253: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c derivation_type Dot1x Aruba VSA Role Contained derived vlan 58.
    Nov 20 13:25:13 :522161: <DBUG> |authmgr| Valid Dot1xct, remote:0, assigned:1, default:1, current:1,termstate:0, wired:0, dot1x enabled:1, psk:0 static:0 bssid=9c:1c:12:fe:d3:21.
    Nov 20 13:25:13 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type Current VLAN updated.
    Nov 20 13:25:13 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type Current VLAN updated index 10.
    Nov 20 13:25:13 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated 60:45:bd:e9:7c:4c mob 0 inform 1 remote 0 wired 0 defvlan 1 exportedvlan 1 curvlan 58.
    Nov 20 13:25:13 :522257: <DBUG> |authmgr| "VDR - send current vlan for user 60:45:bd:e9:7c:4c vlan 58 derivation_type Dot1x Aruba VSA trace new vlan: dot1x.
    Nov 20 13:25:13 :522287: <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac 60:45:bd:e9:7c:4c bssid 9c:1c:12:fe:d3:21 vlan 58 type 1 data-ready 0
    Nov 20 13:25:13 :522095: <DBUG> |authmgr| 60:45:bd:e9:7c:4c: Sending STM new vlan info: vlan 58, AP 9c:1c:12:fe:d3:21 caller user_send_current_vlan_update
    Nov 20 13:25:13 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type VLAN exported.
    Nov 20 13:25:13 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type VLAN exported index 11.
    Nov 20 13:25:13 :522029: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Station authenticate: method=802.1x, role=logon///logon, VLAN=1/58, Derivation=7/17, Value Pair=1
    Nov 20 13:25:13 :522127: <DBUG> |authmgr| {L3} Update role from logon to student for IP=140.104.180.49.
    Nov 20 13:25:13 :522049: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=140.104.180.49 User role updated, existing Role=student/logon, new Role=student/student, reason=User authenticated with auth type:4 role derivation:7 l3 assigned role:student
    Nov 20 13:25:13 :522122: <DBUG> |authmgr| Reset BWM contract: IP=140.104.180.49 role=student, contract= (0/0), type=Per role.
    Nov 20 13:25:13 :522125: <DBUG> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Nov 20 13:25:13 :522122: <DBUG> |authmgr| Reset BWM contract: IP=140.104.180.49 role=student, contract= (0/0), type=Per role.
    Nov 20 13:25:13 :522125: <DBUG> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Nov 20 13:25:13 :522128: <DBUG> |authmgr| download-L2: acl=77/0 role=student, tunl=0x0x109ad, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 20 13:25:13 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=140.104.180.49 User data downloaded to datapath, new Role=student/77, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Nov 20 13:25:13 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:13 :522008: <NOTI> |authmgr| User Authentication Successful: username=marktest MAC=60:45:bd:e9:7c:4c IP=140.104.180.49 role=student VLAN=58 AP=ITS West - NE902 SSID=Carroll AAA profile=Carroll-SSID-AAA-Profile auth method=802.1x auth server=cp1
    Nov 20 13:25:13 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:13 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:13 :522053: <DBUG> |authmgr| PMK Cache getting updated for 60:45:bd:e9:7c:4c, (def, cur, vhow) = (1, 58, 17) with vlan=58 vlanhow=17 essid=Carroll role=student rhow=7
    Nov 20 13:25:13 :524129: <DBUG> |authmgr| dot1x_gsm_set_keycache(): MAC:60:45:bd:e9:7c:4c GSM: Successfully published Key-cache object.
    Nov 20 13:25:13 :524134: <DBUG> |authmgr| dot1x_gsm_set_pmkcache(): MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:21 GSM: Successfully published PMK-cache object.
    Nov 20 13:25:13 :524139: <DBUG> |authmgr| add_pmkcache():859: MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:21 Update:
    Nov 20 13:25:13 :522297: <DBUG> |authmgr| Auth GSM : MAC_USER response event for user 60:45:bd:e9:7c:4c
    Nov 20 13:25:13 :522038: <INFO> |authmgr| username=marktest MAC=60:45:bd:e9:7c:4c IP=140.104.180.49 Authentication result=Authentication Successful method=radius-accounting server=cp1
    Nov 20 13:25:13 :522026: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 User miss: ingress=0x109ad, VLAN=58 flags=0x8040
    Nov 20 13:25:13 :522006: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 User entry added: reason=Sibtye
    Nov 20 13:25:13 :522270: <DBUG> |authmgr| During User miss marking the user 60:45:bd:e9:7c:4c with ingress 0x109ad, connection-type 2 as wireless, muxtunnel = no
    Nov 20 13:25:13 :522169: <DBUG> |authmgr| Station inherit: IP=140.104.212.79 start bssid:9c:1c:12:fe:d3:21 essid: Carroll port:0x0x109ad (0x0x109ad).
    Nov 20 13:25:13 :522008: <NOTI> |authmgr| User Authentication Successful: username=marktest MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 role=student VLAN=58 AP=ITS West - NE902 SSID=Carroll AAA profile=Carroll-SSID-AAA-Profile auth method=802.1x auth server=cp1
    Nov 20 13:25:13 :522171: <DBUG> |authmgr| station inherit IP=140.104.212.79 bssid:9c:1c:12:fe:d3:21 essid: Carroll auth:1 type:802.1x role:student port:0x0x109ad.
    Nov 20 13:25:13 :522128: <DBUG> |authmgr| download-L2: acl=77/0 role=student, tunl=0x0x109ad, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 20 13:25:13 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=140.104.212.79 User data downloaded to datapath, new Role=student/77, bw Contract=0/0, reason=New user IP processing, idle-timeout=300
    Nov 20 13:25:13 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 20 13:25:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:13 :527004: <INFO> |mdns| mdns_client_status 529 IP changed: MAC:60:45:bd:e9:7c:4c, old IP:140.104.180.49, new IP:140.104.212.79
    Nov 20 13:25:13 :527000: <DBUG> |mdns| mdns_auth_userinfo_req_message 349 mac(60:45:bd:e9:7c:4c), ip(140.104.212.79)
    Nov 20 13:25:13 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=, username=, ap_name=, vlanid=58, username=
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 20 13:25:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:8d88e1ef-129d-9151-3a71-f0815c96e87a dropped: service not present!
    Nov 20 13:25:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 20 13:25:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:62094904-bf6a-4519-873c-a83437486098 dropped: service not present!
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 273 Auth User ROLE: MAC:60:45:bd:e9:7c:4c, ROLE_NAME:student
    Nov 20 13:25:15 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=student, username=marktest, ap_name=, vlanid=58, username=marktest
    Nov 20 13:25:15 :527004: <INFO> |mdns| mdns_parse_auth_useradd_message 234 Auth User ADD: MAC:60:45:bd:e9:7c:4c, IP:140.104.212.79, VLAN:1, Role:student Name:marktest APName:ITS West - NE902 Type:1. Groups:
    Nov 20 13:25:15 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=student, username=marktest, ap_name=ITS West - NE902, vlanid=1, username=marktest
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_discover_service_client 4022 Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=405, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:15 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_parse_userinfo 380 UserInfo resp=1 ip=140.104.212.79, mac=60:45:bd:e9:7c:4c, apname=ITS West - NE902, role=student, username=marktest, vlan=1
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_client_update 329 MDNS Client exists - flag wifi ap_name ITS West - NE902 client role - student
    Nov 20 13:25:15 :527000: <DBUG> |mdns| mdns_parse_auth_userinfo_resp_message 405 UserInfo response completed for ip=140.104.212.79 mac=60:45:bd:e9:7c:4c
    Nov 20 13:25:16 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:16 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    --More-- (q) quit (u) pageup (/) search (n) repeat Nov 20 13:25:16 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=student, username=marktest, ap_name=ITS West - NE902, vlanid=58, username=marktest
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:16 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:16 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:16 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 20 13:25:16 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:8d88e1ef-129d-9151-3a71-f0815c96e87a dropped: service not present!
    Nov 20 13:25:16 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:16 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:16 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 20 13:25:16 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:16 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:62094904-bf6a-4519-873c-a83437486098 dropped: service not present!
    Nov 20 13:25:19 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:19 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:19 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:19 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:20 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 20 13:25:20 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:20 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:22 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:22 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:22 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:22 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:25 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 20 13:25:25 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:25 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:25 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:25 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:25 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:25 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:28 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:28 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:28 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:28 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:30 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 20 13:25:30 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:30 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 20 13:25:31 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:31 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:31 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:31 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:34 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:34 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:34 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:34 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 20 13:25:37 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 20 13:25:37 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 20 13:25:37 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 20 13:25:37 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!

    Attachment(s)

    txt
    Debug Log.txt   22 KB 1 version


  • 10.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 20, 2014 02:49 PM

    mwallen,

     

    did you do a "aaa user delete <ip address>" on your user before switching?  

     

    Turn off the radio, then remove yourself from the user table.... Then authenticate with student credentials...

     

     



  • 11.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 09:39 AM
      |   view attached

    I did not, so here is another debug log after i delete the user.

    Nov 21 08:29:55 :524136: <DBUG> |authmgr| dot1x_gsm_delete_pmkcache(): MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:21 GSM: Successfully deleted PMK-cache object.
    Nov 21 08:29:55 :524136: <DBUG> |authmgr| dot1x_gsm_delete_pmkcache(): MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:31 GSM: Successfully deleted PMK-cache object.
    Nov 21 08:29:55 :524131: <DBUG> |authmgr| dot1x_gsm_delete_keycache(): MAC:60:45:bd:e9:7c:4c GSM: Successfully deleted Key-cache object.
    Nov 21 08:29:55 :522289: <DBUG> |authmgr| Auth GSM : MAC_USER mu_delete publish for mac 60:45:bd:e9:7c:4c bssid 9c:1c:12:fe:d3:31 vlan 58 type 1 data-ready 0 deauth-reason 34
    Nov 21 08:29:55 :522111: <DBUG> |authmgr| AU1(4), HA1, TAP0, PARP0 OIP0 IIP0 INT0 WD0 FW0 DT1.
    Nov 21 08:29:55 :522130: <DBUG> |authmgr| {140.104.212.79} datapath entry deleted.
    Nov 21 08:29:55 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 21 08:29:55 :522005: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 User entry deleted: reason=user request
    Nov 21 08:29:55 :522128: <DBUG> |authmgr| download-L2: acl=77/0 role=student, tunl=0x0x109b2, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 21 08:29:55 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=N/A User data downloaded to datapath, new Role=student/77, bw Contract=0/0, reason=Station resetting role, idle-timeout=300
    Nov 21 08:29:55 :522152: <DBUG> |authmgr| station free: bssid=9c:1c:12:fe:d3:31, @=0x0x2f572e5c.
    Nov 21 08:29:55 :522244: <DBUG> |authmgr| MAC=60:45:bd:e9:7c:4c Station Deleted Update MMS
    Nov 21 08:29:55 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 10059 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 21 08:29:55 :522290: <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac 60:45:bd:e9:7c:4c
    Nov 21 08:29:55 :522303: <DBUG> |authmgr| Auth GSM : USER delete for mac 60:45:bd:e9:7c:4c uuid 10059
    Nov 21 08:29:55 :522265: <DBUG> |authmgr| "MAC:60:45:bd:e9:7c:4c: Deallocating UUID: 10059.
    Nov 21 08:29:55 :522038: <INFO> |authmgr| username=marktest MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 Authentication result=Authentication Successful method=radius-accounting server=cp1
    Nov 21 08:29:58 :527004: <INFO> |mdns| mdns_parse_auth_useridle_message 178 Auth User Idle Timeout: MAC:60:45:bd:e9:7c:4c, WIRED:0, FW:0, VLAN:1, IP:140.104.212.79, BSSID:9c:1c:12:fe:d3:31, AGE:68926,
    Nov 21 08:29:58 :527000: <DBUG> |mdns| mdns_client_purge 935 Purge mdns client, mac=60:45:bd:e9:7c:4c, del_client = 1
    Nov 21 08:29:58 :527000: <DBUG> |mdns| amon_airgroup_user_status 354 operation=2; mac:60:45:bd:e9:7c:4c
    Nov 21 08:30:09 :501093: <NOTI> |AP ITS West - NE902@140.104.132.20 stm| Auth success: 60:45:bd:e9:7c:4c: AP 140.104.132.20-9c:1c:12:fe:d3:21-ITS West - NE902
    Nov 21 08:30:09 :501095: <NOTI> |AP ITS West - NE902@140.104.132.20 stm| Assoc request @ 08:30:09.992734: 60:45:bd:e9:7c:4c (SN 1971): AP 140.104.132.20-9c:1c:12:fe:d3:21-ITS West - NE902
    Nov 21 08:30:09 :501100: <NOTI> |AP ITS West - NE902@140.104.132.20 stm| Assoc success @ 08:30:09.993365: 60:45:bd:e9:7c:4c: AP 140.104.132.20-9c:1c:12:fe:d3:21-ITS West - NE902
    Nov 21 08:30:09 :501100: <NOTI> |stm| Assoc success @ 08:30:09.953093: 60:45:bd:e9:7c:4c: AP 140.104.132.20-9c:1c:12:fe:d3:21-ITS West - NE902
    Nov 21 08:30:09 :522295: <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user 60:45:bd:e9:7c:4c
    Nov 21 08:30:09 :522035: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Station UP: BSSID=9c:1c:12:fe:d3:21 ESSID=Carroll VLAN=1 AP-name=ITS West - NE902
    Nov 21 08:30:09 :522077: <DBUG> |authmgr| MAC=60:45:bd:e9:7c:4c ingress 0x0x109ad (tunnel 2477), u_encr 64, m_encr 64, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
    Nov 21 08:30:09 :522264: <DBUG> |authmgr| "MAC:60:45:bd:e9:7c:4c: Allocating UUID: 7105.
    Nov 21 08:30:09 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 0 derivation_type Reset VLANs for Station up index 0.
    Nov 21 08:30:09 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 1 fwdmode 0 derivation_type Default VLAN.
    Nov 21 08:30:09 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 1 derivation_type Default VLAN index 1.
    Nov 21 08:30:09 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 1 fwdmode 0 derivation_type Current VLAN updated.
    Nov 21 08:30:09 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 1 derivation_type Current VLAN updated index 2.
    Nov 21 08:30:09 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 60:45:bd:e9:7c:4c.
    Nov 21 08:30:09 :524141: <DBUG> |authmgr| clr_pmkcache_ft():988: MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:21
    Nov 21 08:30:09 :522287: <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac 60:45:bd:e9:7c:4c bssid 9c:1c:12:fe:d3:21 vlan 1 type 1 data-ready 0
    Nov 21 08:30:09 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename logon fwdmode 0 derivation_type Initial Role Contained vp not present.
    Nov 21 08:30:09 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 0 derivation_type Reset Role Based VLANs index 3.
    Nov 21 08:30:09 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:logon,pDefRole:0x0x10f7874
    Nov 21 08:30:09 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:60:45:bd:e9:7c:4c, pmkid_present:False, pmkid:N/A
    Nov 21 08:30:09 :522308: <DBUG> |authmgr| Device Type index derivation for 60:45:bd:e9:7c:4c : dhcp (0,0,0) oui (0,0) ua (40,27,27) derived Windows(27)
    Nov 21 08:30:09 :522299: <DBUG> |authmgr| Auth GSM : DEV_ID_CACHE publish for mac 60:45:bd:e9:7c:4c dev-id Windows index 27
    Nov 21 08:30:09 :522128: <DBUG> |authmgr| download-L2: acl=2/0 role=logon, tunl=0x0x109ad, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 21 08:30:09 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=N/A User data downloaded to datapath, new Role=logon/2, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
    Nov 21 08:30:09 :522242: <DBUG> |authmgr| MAC=60:45:bd:e9:7c:4c Station Created Update MMS: BSSID=9c:1c:12:fe:d3:21 ESSID=Carroll VLAN=1 AP-name=ITS West - NE902
    Nov 21 08:30:09 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 7105 mac 60:45:bd:e9:7c:4c name role logon devtype Windows wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 21 08:30:10 :522038: <INFO> |authmgr| username=marktest MAC=60:45:bd:e9:7c:4c IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=cp1
    Nov 21 08:30:10 :522044: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Station authenticate(start): method=802.1x, role=logon///logon, VLAN=1/1, Derivation=0/0, Value Pair=1, flags=0x8
    Nov 21 08:30:10 :522016: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=?? Derived role 'student' from Aruba VSA
    Nov 21 08:30:10 :522127: <DBUG> |authmgr| {L2} Update role from logon to student for IP=0.0.0.0.
    Nov 21 08:30:10 :522049: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=N/A User role updated, existing Role=logon/none, new Role=student/none, reason=Station Authenticated with auth type: 4
    Nov 21 08:30:10 :522128: <DBUG> |authmgr| download-L2: acl=77/0 role=student, tunl=0x0x109ad, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 21 08:30:10 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=N/A User data downloaded to datapath, new Role=student/77, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Nov 21 08:30:10 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 7105 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 21 08:30:10 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 0 derivation_type Reset Dot1x VLANs index 4.
    Nov 21 08:30:10 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename NULL fwdmode 0 derivation_type Dot1x Aruba VSA vp present.
    Nov 21 08:30:10 :522021: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Derived VLAN '58' from Aruba VSA
    Nov 21 08:30:10 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type Dot1x Aruba VSA.
    Nov 21 08:30:10 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type Dot1x Aruba VSA index 5.
    Nov 21 08:30:10 :522253: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c derivation_type Dot1x Aruba VSA derived vlan 58.
    Nov 21 08:30:10 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename NULL fwdmode 0 derivation_type Dot1x MSFT Attributes vp present.
    Nov 21 08:30:10 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename NULL fwdmode 0 derivation_type Dot1x Server Rule vp present.
    Nov 21 08:30:10 :522259: <DBUG> |authmgr| "VDR - Do Role Based VLAN Derivation user 60:45:bd:e9:7c:4c role student authtype 4 rolehow Aruba VSA.
    Nov 21 08:30:10 :522254: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c rolename student fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present.
    Nov 21 08:30:10 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained.
    Nov 21 08:30:10 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type Dot1x Aruba VSA Role Contained index 6.
    Nov 21 08:30:10 :522253: <DBUG> |authmgr| VDR - mac 60:45:bd:e9:7c:4c derivation_type Dot1x Aruba VSA Role Contained derived vlan 58.
    Nov 21 08:30:10 :522161: <DBUG> |authmgr| Valid Dot1xct, remote:0, assigned:1, default:1, current:1,termstate:0, wired:0, dot1x enabled:1, psk:0 static:0 bssid=9c:1c:12:fe:d3:21.
    Nov 21 08:30:10 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type Current VLAN updated.
    Nov 21 08:30:10 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type Current VLAN updated index 7.
    Nov 21 08:30:10 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated 60:45:bd:e9:7c:4c mob 0 inform 1 remote 0 wired 0 defvlan 1 exportedvlan 0 curvlan 58.
    Nov 21 08:30:10 :522257: <DBUG> |authmgr| "VDR - send current vlan for user 60:45:bd:e9:7c:4c vlan 58 derivation_type Dot1x Aruba VSA trace new vlan: dot1x.
    Nov 21 08:30:10 :522287: <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac 60:45:bd:e9:7c:4c bssid 9c:1c:12:fe:d3:21 vlan 58 type 1 data-ready 0
    Nov 21 08:30:10 :522095: <DBUG> |authmgr| 60:45:bd:e9:7c:4c: Sending STM new vlan info: vlan 58, AP 9c:1c:12:fe:d3:21 caller user_send_current_vlan_update
    Nov 21 08:30:10 :522255: <DBUG> |authmgr| "VDR - set vlan in user for 60:45:bd:e9:7c:4c vlan 58 fwdmode 0 derivation_type VLAN exported.
    Nov 21 08:30:10 :522258: <DBUG> |authmgr| "VDR - Add to history of user user 60:45:bd:e9:7c:4c vlan 58 derivation_type VLAN exported index 8.
    Nov 21 08:30:10 :522029: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Station authenticate: method=802.1x, role=student///logon, VLAN=1/58, Derivation=7/17, Value Pair=1
    Nov 21 08:30:10 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 7105 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 21 08:30:10 :522053: <DBUG> |authmgr| PMK Cache getting updated for 60:45:bd:e9:7c:4c, (def, cur, vhow) = (1, 58, 17) with vlan=58 vlanhow=17 essid=Carroll role=student rhow=7
    Nov 21 08:30:10 :524129: <DBUG> |authmgr| dot1x_gsm_set_keycache(): MAC:60:45:bd:e9:7c:4c GSM: Successfully published Key-cache object.
    Nov 21 08:30:10 :524134: <DBUG> |authmgr| dot1x_gsm_set_pmkcache(): MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:21 GSM: Successfully published PMK-cache object.
    Nov 21 08:30:10 :524139: <DBUG> |authmgr| add_pmkcache():859: MAC:60:45:bd:e9:7c:4c BSS:9c:1c:12:fe:d3:21 Update:
    Nov 21 08:30:10 :522297: <DBUG> |authmgr| Auth GSM : MAC_USER response event for user 60:45:bd:e9:7c:4c
    Nov 21 08:30:10 :522026: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 User miss: ingress=0x109ad, VLAN=58 flags=0x8040
    Nov 21 08:30:10 :522127: <DBUG> |authmgr| {L3} Update role from student to logon for IP=0.0.0.0.
    Nov 21 08:30:10 :522049: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=0.0.0.0 User role updated, existing Role=student/none, new Role=student/logon, reason=First IP user created
    Nov 21 08:30:10 :522122: <DBUG> |authmgr| Reset BWM contract: IP=0.0.0.0 role=logon, contract= (0/0), type=Per role.
    Nov 21 08:30:10 :522125: <DBUG> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Nov 21 08:30:10 :522122: <DBUG> |authmgr| Reset BWM contract: IP=0.0.0.0 role=logon, contract= (0/0), type=Per role.
    Nov 21 08:30:10 :522125: <DBUG> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Nov 21 08:30:10 :522006: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 User entry added: reason=Sibtye
    Nov 21 08:30:10 :522270: <DBUG> |authmgr| During User miss marking the user 60:45:bd:e9:7c:4c with ingress 0x109ad, connection-type 2 as wireless, muxtunnel = no
    Nov 21 08:30:10 :522169: <DBUG> |authmgr| Station inherit: IP=140.104.212.79 start bssid:9c:1c:12:fe:d3:21 essid: Carroll port:0x0x109ad (0x0x109ad).
    Nov 21 08:30:10 :522127: <DBUG> |authmgr| {L3} Update role from logon to student for IP=140.104.212.79.
    Nov 21 08:30:10 :522049: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=140.104.212.79 User role updated, existing Role=student/logon, new Role=student/student, reason=User authenticated with auth type:4 role derivation:7 l3 assigned role:student
    Nov 21 08:30:10 :522122: <DBUG> |authmgr| Reset BWM contract: IP=140.104.212.79 role=student, contract= (0/0), type=Per role.
    Nov 21 08:30:10 :522125: <DBUG> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Nov 21 08:30:10 :522122: <DBUG> |authmgr| Reset BWM contract: IP=140.104.212.79 role=student, contract= (0/0), type=Per role.
    Nov 21 08:30:10 :522125: <DBUG> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
    Nov 21 08:30:10 :522008: <NOTI> |authmgr| User Authentication Successful: username=marktest MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 role=student VLAN=58 AP=ITS West - NE902 SSID=Carroll AAA profile=Carroll-SSID-AAA-Profile auth method=802.1x auth server=cp1
    Nov 21 08:30:10 :522171: <DBUG> |authmgr| station inherit IP=140.104.212.79 bssid:9c:1c:12:fe:d3:21 essid: Carroll auth:1 type:802.1x role:student port:0x0x109ad.
    Nov 21 08:30:10 :522128: <DBUG> |authmgr| download-L2: acl=77/0 role=student, tunl=0x0x109ad, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Nov 21 08:30:10 :522050: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c,IP=140.104.212.79 User data downloaded to datapath, new Role=student/77, bw Contract=0/0, reason=New user IP processing, idle-timeout=300
    Nov 21 08:30:10 :522301: <DBUG> |authmgr| Auth GSM : USER publish for uuid 7105 mac 60:45:bd:e9:7c:4c name marktest role student devtype Windows wired 0 authtype 4 subtype 9 encrypt-type 10 conn-port 8448 fwd-mode 0
    Nov 21 08:30:10 :522038: <INFO> |authmgr| username=marktest MAC=60:45:bd:e9:7c:4c IP=140.104.212.79 Authentication result=Authentication Successful method=radius-accounting server=cp1
    Nov 21 08:30:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_client_create 189 MDNS Client created - ip:140.104.212.79 mac:60:45:bd:e9:7c:4c. AP-name: NOT AVAILABLE
    Nov 21 08:30:13 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=0; hostname:, ip=140.104.212.79, rolename=, username=, ap_name=, vlanid=58, username=
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_auth_userinfo_req_message 349 mac(60:45:bd:e9:7c:4c), ip(140.104.212.79)
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:8d88e1ef-129d-9151-3a71-f0815c96e87a dropped: service not present!
    Nov 21 08:30:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:62094904-bf6a-4519-873c-a83437486098 dropped: service not present!
    Nov 21 08:30:13 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:13 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:13 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:14 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=, username=marktest, ap_name=, vlanid=58, username=marktest
    Nov 21 08:30:14 :527004: <INFO> |mdns| mdns_parse_auth_useradd_message 234 Auth User ADD: MAC:60:45:bd:e9:7c:4c, IP:140.104.212.79, VLAN:1, Role:logon Name:marktest APName:ITS West - NE902 Type:1. Groups:
    Nov 21 08:30:14 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=logon, username=marktest, ap_name=ITS West - NE902, vlanid=1, username=marktest
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_discover_service_client 4022 Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=405, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:14 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 273 Auth User ROLE: MAC:60:45:bd:e9:7c:4c, ROLE_NAME:student
    Nov 21 08:30:14 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=student, username=marktest, ap_name=ITS West - NE902, vlanid=1, username=marktest
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_parse_userinfo 380 UserInfo resp=1 ip=140.104.212.79, mac=60:45:bd:e9:7c:4c, apname=ITS West - NE902, role=student, username=marktest, vlan=1
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_client_update 329 MDNS Client exists - flag wifi ap_name ITS West - NE902 client role - student
    Nov 21 08:30:14 :527000: <DBUG> |mdns| mdns_parse_auth_userinfo_resp_message 405 UserInfo response completed for ip=140.104.212.79 mac=60:45:bd:e9:7c:4c
    Nov 21 08:30:15 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:15 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:15 :527000: <DBUG> |mdns| amon_airgroup_user_status 384 operation=1; hostname:, ip=140.104.212.79, rolename=student, username=marktest, ap_name=ITS West - NE902, vlanid=58, username=marktest
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:15 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 21 08:30:15 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:8d88e1ef-129d-9151-3a71-f0815c96e87a dropped: service not present!
    Nov 21 08:30:15 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:15 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:15 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 169
    Nov 21 08:30:15 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:15 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid uuid:62094904-bf6a-4519-873c-a83437486098 dropped: service not present!
    Nov 21 08:30:16 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:16 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:16 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:16 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:19 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:19 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:19 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:19 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:19 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 21 08:30:19 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:19 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:22 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:22 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:22 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:22 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:24 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 21 08:30:24 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:24 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:25 :527000: <DBUG> |mdns| rx_mdns_pkt_from_sos 481 Rcvd packet from SOS: vlan 58, len 179
    Nov 21 08:30:25 :527000: <DBUG> |mdns| mdns_parse_packet_from_sos 677 pkt from SOS: vlan 58, mac 60:45:bd:e9:7c:4c ip 140.104.212.79
    Nov 21 08:30:25 :527000: <DBUG> |mdns| ag_send_query_packet_to_cluster 2483 Controller is not part of AG mct cluster
    Nov 21 08:30:25 :527000: <DBUG> |mdns| ssdp_parse_query_packet 353 QUERY from client:60:45:bd:e9:7c:4c sid urn:schemas-upnp-org:device:InternetGatewayDevice:1 dropped: service not present!
    Nov 21 08:30:29 :527000: <DBUG> |mdns| ssdp_discover_service_client 628 SSDP:Discover client 60:45:bd:e9:7c:4c for a particular service
    Nov 21 08:30:29 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1
    Nov 21 08:30:29 :527000: <DBUG> |mdns| mdns_send_packet_pseudo_mcast 509 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=60:45:bd:e9:7c:4c, vlan=1

    Attachment(s)

    txt
    Debug Log.txt   26 KB 1 version


  • 12.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 21, 2014 09:58 AM
    Nov 21 08:30:10 :522021: <INFO> |authmgr| MAC=60:45:bd:e9:7c:4c Derived VLAN '58' from Aruba VSA

    Please click on the alerts tab in CPPM to see what attribute is being sent back to the controller.


  • 13.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:04 AM
      |   view attached

    I dont have an alerts tab, but see the screenshot i attached.  RADIUS Response shows the info i would expect.



  • 14.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 21, 2014 10:06 AM

    Is the student named vlan defined on that local controller?

     

    On that local controller what is the output of "show vlan mapping"?

     

     



  • 15.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:30 AM

    VLAN names are created on the masters and pushed to the locals but each local must put whichever VLANs in the name it needs. Probably it´s still only populated with the old VLAN.

     

    Log in to the local controller, navigate to VLANs, VLAN Pool and check it out.



  • 16.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:45 AM

    I only have 1 controller and it is defined on that controller containing both vlans.

     

    (Aruba7210) #show vlan mapping

    Vlan Mapping Table
    ------------------
    VLAN Name Assignment Type VLAN IDs
    --------- --------------- --------
    Students               Even                    58,60

    (Aruba7210) #



  • 17.  RE: VLAN pool not evenly assigning users

    EMPLOYEE
    Posted Nov 21, 2014 10:47 AM

    Okay.  Vlan 58 is a legitimate VLAN then.  That user can be placed into that VLAN.  Did you try another user?

     



  • 18.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:51 AM

    I have not tried another user, but i have 3000 students logging in everyday with the student role, and there are 0 IP's in use on vlan 60.  If i take the vlan pool out the equation and manually set either one of the 2 vlans on the user role, they do get assigned properly, its only when i try to use the pool that is does not work.  



  • 19.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:49 AM

    Try issuing "show user ip <IP of authenticated user>" that would show how he got his VLAN.

     

    Also a side note, I always recommend using the "hash" distribution method on VLAN pools, that way you always end up in the same VLAN and two users can´t consume IP-adresses in both VLANs if you have a long lease time.



  • 20.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:55 AM

    the show user command with the relevant(i think) part below.  Dont have a clue what 17 DP means.  

    I have it at even right now because i was jsut trying it both ways to see if i could get it working somehow.  I will probably leave it at hash when it all said and done.  

     

     

    Vlan default: 1, Assigned: 58, Current: 58 vlan-how: 17 DP assigned vlan:0
    Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
    SlotPort=0x2100, Port=0x109ad (tunnel 2477)
    Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
    Current Role name: student, role-how: 7, L2-role: student, L3-role: student



  • 21.  RE: VLAN pool not evenly assigning users

    Posted Nov 21, 2014 10:58 AM

    So i just put it back to hash and it seems like it may be working now.  I had tried it both ways, i actually created it with the hash setting but moved it to even when it did not work.  As soon as i put it back to hash i started seeing DHCP leases for that vlan.  I put it back to even and it stopped agian.  The even method might be bugged in 6.4.1.0.