- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
deauth to sta
deauth to sta
03-20-2012 02:05 PM
I have a client that cannot connect to our production wireless network but can connect to a development network on the same access point. The client is using the same machine and 802.1x authentication for each network. I have debug logs for a successful (dev) and a failed (prd) session but the main difference I see is:
//a success
Mar 20 13:24:56 :522035: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx Station UP: BSSID=d8:c7:c8:xx:2f:41 ESSID=dev VLAN=2 AP-name=ab208
Mar 20 13:24:56 :522004: <DBUG> |authmgr| MAC=68:a3:c4:c9:xx:xx ingress 0x10f1 (tunnel 145), u_encr 16, m_encr 4112, slotport 0x1000
Mar 20 13:25:25 :522038: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=ACS-B
//role, IP and other good stuff happen
//a failure
Mar 20 13:24:12 :522035: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx Station UP: BSSID=d8:c7:c8:xx:2f:40 ESSID=prd VLAN=2 AP-name=ab208
Mar 20 13:24:12 :522004: <DBUG> |authmgr| MAC=68:a3:c4:c9:xx:xx ingress 0x11b6 (tunnel 342), u_encr 16, m_encr 4112, slotport 0x1000
//repeat the previous message five more times, then
Mar 20 13:24:31 :501106: <NOTI> |stm| Deauth to sta: 68:a3:c4:c9:xx:xx: Ageout AP 10.xxx.70.210-d8:c7:xx:xx:2f:40-ab208 handle_sapcp
//followed by similar messages
Anybody have an idea?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-20-2012 03:17 PM
scottwe wrote:
I have a client that cannot connect to our production wireless network but can connect to a development network on the same access point. The client is using the same machine and 802.1x authentication for each network. I have debug logs for a successful (dev) and a failed (prd) session but the main difference I see is:
//a success
Mar 20 13:24:56 :522035: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx Station UP: BSSID=d8:c7:c8:xx:2f:41 ESSID=dev VLAN=2 AP-name=ab208
Mar 20 13:24:56 :522004: <DBUG> |authmgr| MAC=68:a3:c4:c9:xx:xx ingress 0x10f1 (tunnel 145), u_encr 16, m_encr 4112, slotport 0x1000
Mar 20 13:25:25 :522038: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=ACS-B
//role, IP and other good stuff happen
//a failure
Mar 20 13:24:12 :522035: <INFO> |authmgr| MAC=68:a3:c4:c9:xx:xx Station UP: BSSID=d8:c7:c8:xx:2f:40 ESSID=prd VLAN=2 AP-name=ab208
Mar 20 13:24:12 :522004: <DBUG> |authmgr| MAC=68:a3:c4:c9:xx:xx ingress 0x11b6 (tunnel 342), u_encr 16, m_encr 4112, slotport 0x1000
//repeat the previous message five more times, then
Mar 20 13:24:31 :501106: <NOTI> |stm| Deauth to sta: 68:a3:c4:c9:xx:xx: Ageout AP 10.xxx.70.210-d8:c7:xx:xx:2f:40-ab208 handle_sapcp
//followed by similar messages
Anybody have an idea?
While the client is failing, type "show auth-tracebuf mac <mac address of client>" to see why.
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-21-2012 02:34 PM
Thank you, neat command!
I see:
Mar 21 13:32:52 station-up * 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx - - wpa tkip
Mar 21 13:32:52 eap-id-req <- 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx 1 5
Mar 21 13:32:53 station-up * 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx - - wpa tkip
Mar 21 13:32:53 eap-id-req <- 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx 1 5
Mar 21 13:32:53 eap-start -> 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx - -
Mar 21 13:32:53 eap-id-req <- 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx 1 5
Mar 21 13:32:55 station-up * 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx - - wpa tkip
Mar 21 13:32:55 eap-id-req <- 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx 1 5
Mar 21 13:32:55 eap-start -> 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx - -
Mar 21 13:32:55 eap-id-req <- 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx 1 5
Mar 21 13:32:56 station-up * 68:a3:c4:c9:xx:xx d8:c7:c8:bf:xx:xx - - wpa tkip
over and over again, credentials are never passed and authentication servers don't get into the mix, which is different from a successful logon. I don't understand what the command reference guide is telling me about the arrows andif this is on the client or server side.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-21-2012 08:35 PM
Are you sure the client is configured with the right encryption?
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-26-2012 01:49 PM
yes. we went through and manually set it for wpa2-enterprise and aes as a test, still could not get it to go. we run in mixed mode, either tkip or aes is valid.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-26-2012 02:44 PM
Are these 802.11n access points? If so, the 802.11n standard only allows cipher types of AES and Open. TKIP is not allowed.
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-28-2012 03:06 PM
They are N. Good point. When I manually configure the client to use WPA2 and AES (which I can see using the command you gave me, thanks again) they still cannot connect. I'm beginning to think it is the clients system but it is at a remote location and the clientdoes not have other devices available to test with.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
03-28-2012 06:19 PM
You probably want to open a case so that they can see the full picture... Has this EVER worked?
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
04-06-2012 08:35 AM
With this device no it has never worked. Other devices, yes.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: deauth to sta
Re: deauth to sta
04-06-2012 09:32 AM
Have you considered upgrading the client drivers?
Colin Joseph
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator