Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Zebra wireless printers not getting an IP

  • 1.  Zebra wireless printers not getting an IP

    Posted Feb 16, 2018 09:33 AM

    We have a lot of these devices in our environment and about two months ago, specific sites started having connectibity and DHCP issues specifically with these printers. We have several models, the QL320, QLN320 and QLN420. All are experiencing the same issues. THe QL320 is an 802.11b devices, the others are capable of 802.11a. 

     

    No firmware upgrades, hardware replacements or any other configuration changes have occurred. We use IAP 225 managed by Airwave. IAP are on 6.5.1.5, Airwave is on 8.2.3.1. DHCP is provided by InfoBlox back in the DC. So the DHCP path travels over the WAN and back.

     

    We have tried all manner of tests and such and no matter what we do the problem either remains the same or gets worse. I am going to do a datapath session capture next, and try to get some fresh PCAPs as well.

     

    Has anyone seen this before?



  • 2.  RE: Zebra wireless printers not getting an IP

    Posted Feb 16, 2018 10:21 AM
    Are you guys using PSK ?




    Pardon typos sent from Mobile


  • 3.  RE: Zebra wireless printers not getting an IP

    Posted Feb 16, 2018 12:20 PM
    Hello,

    No these are using WEP because of the age of some of these printers

    Thanks,

    Chris Watson
    210-488-6605
    Sent from my iPhone


  • 4.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 10:23 AM

    Sorry, I know this is an old thread. Just curious if you ever found out what was causing this. I have this same issue. Client passes authentication (WPA2-PEAP) and gets assigned the correct VLAN and User Role but does not receive an IP. Even if I statically assigned an IP address, the client cannot be communicated with.



  • 5.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 10:29 AM

    @th_sonwrote:

    Sorry, I know this is an old thread. Just curious if you ever found out what was causing this. I have this same issue. Client passes authentication (WPA2-PEAP) and gets assigned the correct VLAN and User Role but does not receive an IP. Even if I statically assigned an IP address, the client cannot be communicated with.


    Most likely a different issue in this case, as WPA2-Enterprise acts differently than WEP preshared key. 

     

    If the user is successfully authenticated via PEAP, check the user role to ensure what firewall policy is applied to that user. The controller may be configured to enforce DHCP, which would prevent the static IP address from working.



  • 6.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 11:55 AM

    Hi,

     

    I have double checked the user role and user vlan pushed back from ClearPass and everything is correct. I even set the user role to allow all just to see, and still no dice.

     

    If it connect the device to our Guest network, it gets an IP no problem. If I connect it to a WPA2-PSK hotspot on my smartphone, it can get an IP no problem. It only has an issue when it connects to our WPA2-ENT SSID that it is unable to get an IP address.

     

    I may need to contact the manufacturer to see if they have seen this.



  • 7.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 01:44 PM

     

    You can enable User debugging for that device:

    config t

    logging level debug user-debug

     

    Try to Associate

     

    Type "show logging user-debug all" to see if you can get a clue what the device is doing.

     



  • 8.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 03:22 PM

    So after looking at the user-debug, it looks like initially everything goes fine, the user gets back the VSA from the ClearPass and the user role and vlan are switched accordingly, but still no IP.

     

    Then after a short period of time the device takes a default IP of 192.168.254.254. The messages that then show up in the user-debug would seem to indicate that the devices falls back into the default VLAN for the controller itself (the vlan we use to manage the controller and AP). Not sure why this is happening.

     

    Here is the user-debug log

    Apr 3 15:03:59 :501093:  <NOTI> |AP 18:64:xx:xx:xx:xx@192.168.xx.xx stm|  Auth success: ac:3f:xx:xx:xx:xx: AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :501095:  <NOTI> |AP 18:64:xx:xx:xx:xx@192.168.xx.xx stm|  Assoc request @ 15:03:59.346482: ac:3f:xx:xx:xx:xx (SN 43): AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :501100:  <NOTI> |AP 18:64:xx:xx:xx:xx@192.168.xx.xx stm|  Assoc success @ 15:03:59.347243: ac:3f:xx:xx:xx:xx: AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :501100:  <NOTI> |stm|  Assoc success @ 15:03:59.358091: ac:3f:xx:xx:xx:xx: AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522295:  <DBUG> |authmgr|  Auth GSM : USER_STA event 0 for user ac:3f:xx:xx:xx:xx
    Apr 3 15:03:59 :522035:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station UP: BSSID=18:64:xx:xx:xx:xx ESSID=COMPANY-SSID VLAN=46 AP-name=18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522077:  <DBUG> |authmgr|  MAC=ac:3f:xx:xx:xx:xx ingress 0x0x100b8 (tunnel 184), u_encr 64, m_encr 64, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
    Apr 3 15:03:59 :522264:  <DBUG> |authmgr|  "MAC:ac:3f:xx:xx:xx:xx: Allocating UUID: 0xb102176dc7acbef3
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset VLANs for Station up index 0.
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 46 fwdmode 0 derivation_type Default VLAN.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 46 derivation_type Default VLAN index 1.
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 46 fwdmode 0 derivation_type Current VLAN updated.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 46 derivation_type Current VLAN updated index 2.
    Apr 3 15:03:59 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-ac:3f:xx:xx:xx:xx- N/A Set AAA profile defaults.
    Apr 3 15:03:59 :522142:  <DBUG> |authmgr|  Setting default role to denyall for user ac:3f:xx:xx:xx:xx".
    Apr 3 15:03:59 :522127:  <DBUG> |authmgr|  {L2} Update role from logon to denyall for IP=N/A, MAC=ac:3f:xx:xx:xx:xx.
    Apr 3 15:03:59 :522049:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User role updated, existing Role=logon/none, new Role=denyall/none, reason=Set AAA profile defaults
    Apr 3 15:03:59 :522246:  <DBUG> |authmgr|  Idle timeout should be driven by STM for MAC ac:3f:xx:xx:xx:xx.
    Apr 3 15:03:59 :524141:  <DBUG> |authmgr|  clr_pmkcache_ft():987: MAC:ac:3f:xx:xx:xx:xx BSS:18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac ac:3f:xx:xx:xx:xx bssid 18:64:xx:xx:xx:xx vlan 46 type 1 data-ready 0
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename denyall fwdmode 0 derivation_type Initial Role Contained vp not present.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset Role Based VLANs index 3.
    Apr 3 15:03:59 :522083:  <DBUG> |authmgr|  Skip User-Derivation, mba:0 udr_exist:0,default_role:denyall,pDefRole:0x0x10a360a4
    Apr 3 15:03:59 :524124:  <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:ac:3f:xx:xx:xx:xx, pmkid_present:False, pmkid:N/A
    Apr 3 15:03:59 :522128:  <DBUG> |authmgr|  download-L2: acl=117/0 role=denyall, tunl=0x0x100b8, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Apr 3 15:03:59 :522050:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User data downloaded to datapath, new Role=denyall/117, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
    Apr 3 15:03:59 :522242:  <DBUG> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station Created Update MMS: BSSID=18:64:xx:xx:xx:xx ESSID=COMPANY-SSID VLAN=46 AP-name=18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name  role denyall devtype  wired 0 authtype 0 subtype 0  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:03:59 :522038:  <INFO> |authmgr|  username=qln420 MAC=ac:3f:xx:xx:xx:xx IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=CPPM-C
    Apr 3 15:03:59 :522044:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station authenticate(start): method=802.1x, role=denyall///denyall, VLAN=46/46, Derivation=1/0, Value Pair=1, flags=0x8
    Apr 3 15:03:59 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-ac:3f:xx:xx:xx:xx-qln420 N/A station Authenticated with auth type:  Unknown auth type.
    Apr 3 15:03:59 :522142:  <DBUG> |authmgr|  Setting cached role to NULL for user ac:3f:xx:xx:xx:xx".
    Apr 3 15:03:59 :522266:  <DBUG> |authmgr|  Calling derive_role2 for user ac:3f:xx:xx:xx:xx
    Apr 3 15:03:59 :522016:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx IP=?? Derived role 'PRINTER' from Aruba VSA
    Apr 3 15:03:59 :522127:  <DBUG> |authmgr|  {L2} Update role from denyall to PRINTER for IP=N/A, MAC=ac:3f:xx:xx:xx:xx.
    Apr 3 15:03:59 :522049:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User role updated, existing Role=denyall/none, new Role=PRINTER/none, reason=station Authenticated with auth type:  802.1x
    Apr 3 15:03:59 :522128:  <DBUG> |authmgr|  download-L2: acl=184/0 role=PRINTER, tunl=0x0x100b8, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Apr 3 15:03:59 :522050:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User data downloaded to datapath, new Role=PRINTER/184, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Apr 3 15:03:59 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name qln420 role PRINTER devtype  wired 0 authtype 4 subtype 0  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset Dot1x VLANs index 4.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename NULL fwdmode 0 derivation_type Dot1x Aruba VSA vp present.
    Apr 3 15:03:59 :522021:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Derived VLAN '47' from Aruba VSA
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 47 fwdmode 0 derivation_type Dot1x Aruba VSA.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 47 derivation_type Dot1x Aruba VSA index 5.
    Apr 3 15:03:59 :522253:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx derivation_type Dot1x Aruba VSA derived vlan 47.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename NULL fwdmode 0 derivation_type Dot1x MSFT Attributes vp present.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename NULL fwdmode 0 derivation_type Dot1x Server Rule vp present.
    Apr 3 15:03:59 :522259:  <DBUG> |authmgr|  "VDR - Do Role Based VLAN Derivation user ac:3f:xx:xx:xx:xx role PRINTER rolehow ROLE_DERIVATION_DOT1X_VSA.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename PRINTER fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset Role Based VLANs index 6.
    Apr 3 15:03:59 :522161:  <DBUG> |authmgr|  Valid Dot1xct, remote:0, assigned:46, default:46, current:46,termstate:0, wired:0, dot1x enabled:1, psk:0 static:0 bssid=18:64:xx:xx:xx:xx.
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 47 fwdmode 0 derivation_type Current VLAN updated.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 47 derivation_type Current VLAN updated index 7.
    Apr 3 15:03:59 :522260:  <DBUG> |authmgr|  "VDR - Cur VLAN updated ac:3f:xx:xx:xx:xx mob 0 inform 1 remote 0 wired 0 defvlan 46 exportedvlan 0 curvlan 47.
    Apr 3 15:03:59 :522257:  <DBUG> |authmgr|  "VDR - send current vlan for user ac:3f:xx:xx:xx:xx vlan 47 derivation_type Dot1x Aruba VSA trace new vlan: dot1x.
    Apr 3 15:03:59 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac ac:3f:xx:xx:xx:xx bssid 18:64:xx:xx:xx:xx vlan 47 type 1 data-ready 0
    Apr 3 15:03:59 :522095:  <DBUG> |authmgr|  ac:3f:xx:xx:xx:xx: Sending STM new vlan info: vlan 47, AP 18:64:xx:xx:xx:xx caller user_send_current_vlan_update
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 47 fwdmode 0 derivation_type VLAN exported.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 47 derivation_type VLAN exported index 8.
    Apr 3 15:03:59 :522029:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station authenticate: method=802.1x, role=PRINTER///denyall, VLAN=46/47, Derivation=9/17, Value Pair=1
    Apr 3 15:03:59 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name qln420 role PRINTER devtype  wired 0 authtype 4 subtype 9  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:03:59 :522142:  <DBUG> |authmgr|  Setting cached role to PRINTER for user ac:3f:xx:xx:xx:xx".
    Apr 3 15:03:59 :522053:  <DBUG> |authmgr|  PMK Cache getting updated for ac:3f:xx:xx:xx:xx, (def, cur, vhow) = (46, 47, 17) with vlan=47 vlanhow=17 essid=COMPANY-SSID role=PRINTER rhow=9
    Apr 3 15:03:59 :524129:  <DBUG> |authmgr|  dot1x_gsm_set_keycache(): MAC:ac:3f:xx:xx:xx:xx GSM: Successfully published Key-cache object.
    Apr 3 15:03:59 :524134:  <DBUG> |authmgr|  dot1x_gsm_set_pmkcache(): MAC:ac:3f:xx:xx:xx:xx BSS:18:64:xx:xx:xx:xx GSM: Successfully published PMK-cache object.
    Apr 3 15:03:59 :524139:  <DBUG> |authmgr|  add_pmkcache():862: MAC:ac:3f:xx:xx:xx:xx BSS:18:64:xx:xx:xx:xx Update:
    Apr 3 15:03:59 :522297:  <DBUG> |authmgr|  Auth GSM : MAC_USER response event for user ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :522026:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx IP=192.168.254.254 User miss: ingress=0x100b8, VLAN=47 flags=0x40
    Apr 3 15:08:05 :522122:  <DBUG> |authmgr|  Reset BWM contract: IP=0.0.0.0 role=PRINTER, contract= (0/0), type=Per role.
    Apr 3 15:08:05 :522125:  <DBUG> |authmgr|  Could not create/find bandwidth-contract for user, return code (-11).
    Apr 3 15:08:05 :522122:  <DBUG> |authmgr|  Reset BWM contract: IP=0.0.0.0 role=PRINTER, contract= (0/0), type=Per role.
    Apr 3 15:08:05 :522125:  <DBUG> |authmgr|  Could not create/find bandwidth-contract for user, return code (-11).
    Apr 3 15:08:05 :522006:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx IP=192.168.254.254 User entry added: reason=Sibtye
    Apr 3 15:08:05 :522270:  <DBUG> |authmgr|  During User miss marking the user ac:3f:xx:xx:xx:xx with ingress 0x100b8, connection-type 2 as wireless, muxtunnel = no
    Apr 3 15:08:05 :522318:  <DBUG> |authmgr|  Client ac:3f:xx:xx:xx:xx idle timeout 300 profile global
    Apr 3 15:08:05 :527004:  <INFO> |mdns|  mdns_parse_auth_useradd_message 226 Auth User ADD: MAC:ac:3f:xx:xx:xx:xx, IP:192.168.254.254, VLAN:46, Role:PRINTER Name:qln420 APName:18:64:72:c6:f8:10 Type:1. Groups:
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_client_create 226 MDNS Client created - ip:192.168.254.254 mac:ac:3f:xx:xx:xx:xx. AP-name: 18:64:72:c6:f8:10
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_auth_userinfo_req_message 345 mac(ac:3f:xx:xx:xx:xx), ip(192.168.254.254)
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_discover_service_client 5102 Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6760 record expiry: send generic refresh query for server mac: ac:3f:xx:xx:xx:xx. Num packets: 1
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 747 Pkt to SOS: pkt_len=387, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 785 MDNS Pkt len=387; src_mac=ac:3f:xx:xx:xx:xx, src_vlan=46, source_ip=192.168.xx.xxx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6777 Sending refresh request: mac ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:05 :522128:  <DBUG> |authmgr|  download-L2: acl=184/0 role=PRINTER, tunl=0x0x100b8, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Apr 3 15:08:05 :522050:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=192.168.254.254 User data downloaded to datapath, new Role=PRINTER/184, bw Contract=0/0, reason=New user IP processing, idle-timeout=300
    Apr 3 15:08:05 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name qln420 role PRINTER devtype  wired 0 authtype 4 subtype 9  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_parse_userinfo 376 UserInfo resp=1 ip=192.168.254.254, mac=ac:3f:xx:xx:xx:xx, apname=18:64:72:c6:f8:10, role=PRINTER, username=qln420, vlan=46
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_mdns_get_token_list_for_mac 654 AirGroup user exists but token_list does not: mac=ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_ssdp_get_token_list_for_mac 360 AirGroup user exists but ssdp_token_list does not: mac=ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_client_update 394 MDNS Client exists - flag wifi ap_name 18:64:72:c6:f8:10 client role - PRINTER
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_parse_auth_userinfo_resp_message 401 UserInfo response completed for ip=192.168.254.254 mac=ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :522038:  <INFO> |authmgr|  username=qln420 MAC=ac:3f:xx:xx:xx:xx IP=192.168.254.254 Authentication result=Authentication Successful method=radius-accounting server=CPPM-C
    Apr 3 15:08:10 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:10 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:10 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:15 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:15 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:15 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:20 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:20 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:20 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  mdns_discover_service_client 5102 Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6760 record expiry: send generic refresh query for server mac: ac:3f:xx:xx:xx:xx. Num packets: 1
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 747 Pkt to SOS: pkt_len=387, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 785 MDNS Pkt len=387; src_mac=ac:3f:xx:xx:xx:xx, src_vlan=46, source_ip=192.168.xx.xxx
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6777 Sending refresh request: mac ac:3f:xx:xx:xx:xx


  • 9.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 03:58 PM

    So after looking at the user-debug logs it seems like everything goes fine (at least when comparing it to a laptop). The proper role and vlan are passed back from ClearPass to the controller, but the client will still not receive an IP. After a few short minutes the client takes a default IP of 192.168.254.254. It is at this point that it looks like the client is in the wrong vlan.

     

    User-debug logs below:

    Apr 3 15:03:59 :501093:  <NOTI> |AP 18:64:xx:xx:xx:xx@192.168.xx.xx stm|  Auth success: ac:3f:xx:xx:xx:xx: AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :501095:  <NOTI> |AP 18:64:xx:xx:xx:xx@192.168.xx.xx stm|  Assoc request @ 15:03:59.346482: ac:3f:xx:xx:xx:xx (SN 43): AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :501100:  <NOTI> |AP 18:64:xx:xx:xx:xx@192.168.xx.xx stm|  Assoc success @ 15:03:59.347243: ac:3f:xx:xx:xx:xx: AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :501100:  <NOTI> |stm|  Assoc success @ 15:03:59.358091: ac:3f:xx:xx:xx:xx: AP 192.168.xx.xx-18:64:xx:xx:xx:xx-18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522295:  <DBUG> |authmgr|  Auth GSM : USER_STA event 0 for user ac:3f:xx:xx:xx:xx
    Apr 3 15:03:59 :522035:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station UP: BSSID=18:64:xx:xx:xx:xx ESSID=COMPANY-SSID VLAN=46 AP-name=18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522077:  <DBUG> |authmgr|  MAC=ac:3f:xx:xx:xx:xx ingress 0x0x100b8 (tunnel 184), u_encr 64, m_encr 64, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
    Apr 3 15:03:59 :522264:  <DBUG> |authmgr|  "MAC:ac:3f:xx:xx:xx:xx: Allocating UUID: 0xb102176dc7acbef3
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset VLANs for Station up index 0.
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 46 fwdmode 0 derivation_type Default VLAN.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 46 derivation_type Default VLAN index 1.
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 46 fwdmode 0 derivation_type Current VLAN updated.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 46 derivation_type Current VLAN updated index 2.
    Apr 3 15:03:59 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-ac:3f:xx:xx:xx:xx- N/A Set AAA profile defaults.
    Apr 3 15:03:59 :522142:  <DBUG> |authmgr|  Setting default role to denyall for user ac:3f:xx:xx:xx:xx".
    Apr 3 15:03:59 :522127:  <DBUG> |authmgr|  {L2} Update role from logon to denyall for IP=N/A, MAC=ac:3f:xx:xx:xx:xx.
    Apr 3 15:03:59 :522049:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User role updated, existing Role=logon/none, new Role=denyall/none, reason=Set AAA profile defaults
    Apr 3 15:03:59 :522246:  <DBUG> |authmgr|  Idle timeout should be driven by STM for MAC ac:3f:xx:xx:xx:xx.
    Apr 3 15:03:59 :524141:  <DBUG> |authmgr|  clr_pmkcache_ft():987: MAC:ac:3f:xx:xx:xx:xx BSS:18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac ac:3f:xx:xx:xx:xx bssid 18:64:xx:xx:xx:xx vlan 46 type 1 data-ready 0
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename denyall fwdmode 0 derivation_type Initial Role Contained vp not present.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset Role Based VLANs index 3.
    Apr 3 15:03:59 :522083:  <DBUG> |authmgr|  Skip User-Derivation, mba:0 udr_exist:0,default_role:denyall,pDefRole:0x0x10a360a4
    Apr 3 15:03:59 :524124:  <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:ac:3f:xx:xx:xx:xx, pmkid_present:False, pmkid:N/A
    Apr 3 15:03:59 :522128:  <DBUG> |authmgr|  download-L2: acl=117/0 role=denyall, tunl=0x0x100b8, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Apr 3 15:03:59 :522050:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User data downloaded to datapath, new Role=denyall/117, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
    Apr 3 15:03:59 :522242:  <DBUG> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station Created Update MMS: BSSID=18:64:xx:xx:xx:xx ESSID=COMPANY-SSID VLAN=46 AP-name=18:64:xx:xx:xx:xx
    Apr 3 15:03:59 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name  role denyall devtype  wired 0 authtype 0 subtype 0  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:03:59 :522038:  <INFO> |authmgr|  username=qln420 MAC=ac:3f:xx:xx:xx:xx IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=CPPM-C
    Apr 3 15:03:59 :522044:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station authenticate(start): method=802.1x, role=denyall///denyall, VLAN=46/46, Derivation=1/0, Value Pair=1, flags=0x8
    Apr 3 15:03:59 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-ac:3f:xx:xx:xx:xx-qln420 N/A station Authenticated with auth type:  Unknown auth type.
    Apr 3 15:03:59 :522142:  <DBUG> |authmgr|  Setting cached role to NULL for user ac:3f:xx:xx:xx:xx".
    Apr 3 15:03:59 :522266:  <DBUG> |authmgr|  Calling derive_role2 for user ac:3f:xx:xx:xx:xx
    Apr 3 15:03:59 :522016:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx IP=?? Derived role 'PRINTER' from Aruba VSA
    Apr 3 15:03:59 :522127:  <DBUG> |authmgr|  {L2} Update role from denyall to PRINTER for IP=N/A, MAC=ac:3f:xx:xx:xx:xx.
    Apr 3 15:03:59 :522049:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User role updated, existing Role=denyall/none, new Role=PRINTER/none, reason=station Authenticated with auth type:  802.1x
    Apr 3 15:03:59 :522128:  <DBUG> |authmgr|  download-L2: acl=184/0 role=PRINTER, tunl=0x0x100b8, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Apr 3 15:03:59 :522050:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=N/A User data downloaded to datapath, new Role=PRINTER/184, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Apr 3 15:03:59 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name qln420 role PRINTER devtype  wired 0 authtype 4 subtype 0  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset Dot1x VLANs index 4.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename NULL fwdmode 0 derivation_type Dot1x Aruba VSA vp present.
    Apr 3 15:03:59 :522021:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Derived VLAN '47' from Aruba VSA
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 47 fwdmode 0 derivation_type Dot1x Aruba VSA.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 47 derivation_type Dot1x Aruba VSA index 5.
    Apr 3 15:03:59 :522253:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx derivation_type Dot1x Aruba VSA derived vlan 47.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename NULL fwdmode 0 derivation_type Dot1x MSFT Attributes vp present.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename NULL fwdmode 0 derivation_type Dot1x Server Rule vp present.
    Apr 3 15:03:59 :522259:  <DBUG> |authmgr|  "VDR - Do Role Based VLAN Derivation user ac:3f:xx:xx:xx:xx role PRINTER rolehow ROLE_DERIVATION_DOT1X_VSA.
    Apr 3 15:03:59 :522254:  <DBUG> |authmgr|  VDR - mac ac:3f:xx:xx:xx:xx rolename PRINTER fwdmode 0 derivation_type Dot1x Aruba VSA Role Contained vp not present.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 0 derivation_type Reset Role Based VLANs index 6.
    Apr 3 15:03:59 :522161:  <DBUG> |authmgr|  Valid Dot1xct, remote:0, assigned:46, default:46, current:46,termstate:0, wired:0, dot1x enabled:1, psk:0 static:0 bssid=18:64:xx:xx:xx:xx.
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 47 fwdmode 0 derivation_type Current VLAN updated.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 47 derivation_type Current VLAN updated index 7.
    Apr 3 15:03:59 :522260:  <DBUG> |authmgr|  "VDR - Cur VLAN updated ac:3f:xx:xx:xx:xx mob 0 inform 1 remote 0 wired 0 defvlan 46 exportedvlan 0 curvlan 47.
    Apr 3 15:03:59 :522257:  <DBUG> |authmgr|  "VDR - send current vlan for user ac:3f:xx:xx:xx:xx vlan 47 derivation_type Dot1x Aruba VSA trace new vlan: dot1x.
    Apr 3 15:03:59 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac ac:3f:xx:xx:xx:xx bssid 18:64:xx:xx:xx:xx vlan 47 type 1 data-ready 0
    Apr 3 15:03:59 :522095:  <DBUG> |authmgr|  ac:3f:xx:xx:xx:xx: Sending STM new vlan info: vlan 47, AP 18:64:xx:xx:xx:xx caller user_send_current_vlan_update
    Apr 3 15:03:59 :522255:  <DBUG> |authmgr|  "VDR - set vlan in user for ac:3f:xx:xx:xx:xx vlan 47 fwdmode 0 derivation_type VLAN exported.
    Apr 3 15:03:59 :522258:  <DBUG> |authmgr|  "VDR - Add to history of user user ac:3f:xx:xx:xx:xx vlan 47 derivation_type VLAN exported index 8.
    Apr 3 15:03:59 :522029:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station authenticate: method=802.1x, role=PRINTER///denyall, VLAN=46/47, Derivation=9/17, Value Pair=1
    Apr 3 15:03:59 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name qln420 role PRINTER devtype  wired 0 authtype 4 subtype 9  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:03:59 :522142:  <DBUG> |authmgr|  Setting cached role to PRINTER for user ac:3f:xx:xx:xx:xx".
    Apr 3 15:03:59 :522053:  <DBUG> |authmgr|  PMK Cache getting updated for ac:3f:xx:xx:xx:xx, (def, cur, vhow) = (46, 47, 17) with vlan=47 vlanhow=17 essid=COMPANY-SSID role=PRINTER rhow=9
    Apr 3 15:03:59 :524129:  <DBUG> |authmgr|  dot1x_gsm_set_keycache(): MAC:ac:3f:xx:xx:xx:xx GSM: Successfully published Key-cache object.
    Apr 3 15:03:59 :524134:  <DBUG> |authmgr|  dot1x_gsm_set_pmkcache(): MAC:ac:3f:xx:xx:xx:xx BSS:18:64:xx:xx:xx:xx GSM: Successfully published PMK-cache object.
    Apr 3 15:03:59 :524139:  <DBUG> |authmgr|  add_pmkcache():862: MAC:ac:3f:xx:xx:xx:xx BSS:18:64:xx:xx:xx:xx Update:
    Apr 3 15:03:59 :522297:  <DBUG> |authmgr|  Auth GSM : MAC_USER response event for user ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :522026:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx IP=192.168.254.254 User miss: ingress=0x100b8, VLAN=47 flags=0x40
    Apr 3 15:08:05 :522122:  <DBUG> |authmgr|  Reset BWM contract: IP=0.0.0.0 role=PRINTER, contract= (0/0), type=Per role.
    Apr 3 15:08:05 :522125:  <DBUG> |authmgr|  Could not create/find bandwidth-contract for user, return code (-11).
    Apr 3 15:08:05 :522122:  <DBUG> |authmgr|  Reset BWM contract: IP=0.0.0.0 role=PRINTER, contract= (0/0), type=Per role.
    Apr 3 15:08:05 :522125:  <DBUG> |authmgr|  Could not create/find bandwidth-contract for user, return code (-11).
    Apr 3 15:08:05 :522006:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx IP=192.168.254.254 User entry added: reason=Sibtye
    Apr 3 15:08:05 :522270:  <DBUG> |authmgr|  During User miss marking the user ac:3f:xx:xx:xx:xx with ingress 0x100b8, connection-type 2 as wireless, muxtunnel = no
    Apr 3 15:08:05 :522318:  <DBUG> |authmgr|  Client ac:3f:xx:xx:xx:xx idle timeout 300 profile global
    Apr 3 15:08:05 :527004:  <INFO> |mdns|  mdns_parse_auth_useradd_message 226 Auth User ADD: MAC:ac:3f:xx:xx:xx:xx, IP:192.168.254.254, VLAN:46, Role:PRINTER Name:qln420 APName:18:64:72:c6:f8:10 Type:1. Groups:
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_client_create 226 MDNS Client created - ip:192.168.254.254 mac:ac:3f:xx:xx:xx:xx. AP-name: 18:64:72:c6:f8:10
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_auth_userinfo_req_message 345 mac(ac:3f:xx:xx:xx:xx), ip(192.168.254.254)
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_discover_service_client 5102 Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6760 record expiry: send generic refresh query for server mac: ac:3f:xx:xx:xx:xx. Num packets: 1
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 747 Pkt to SOS: pkt_len=387, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 785 MDNS Pkt len=387; src_mac=ac:3f:xx:xx:xx:xx, src_vlan=46, source_ip=192.168.xx.xxx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6777 Sending refresh request: mac ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:05 :522128:  <DBUG> |authmgr|  download-L2: acl=184/0 role=PRINTER, tunl=0x0x100b8, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
    Apr 3 15:08:05 :522050:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx,IP=192.168.254.254 User data downloaded to datapath, new Role=PRINTER/184, bw Contract=0/0, reason=New user IP processing, idle-timeout=300
    Apr 3 15:08:05 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xb102176dc7acbef3 mac ac:3f:xx:xx:xx:xx name qln420 role PRINTER devtype  wired 0 authtype 4 subtype 9  encrypt-type 10 conn-port 8448 fwd-mode 0
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_parse_userinfo 376 UserInfo resp=1 ip=192.168.254.254, mac=ac:3f:xx:xx:xx:xx, apname=18:64:72:c6:f8:10, role=PRINTER, username=qln420, vlan=46
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_mdns_get_token_list_for_mac 654 AirGroup user exists but token_list does not: mac=ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  ag_ssdp_get_token_list_for_mac 360 AirGroup user exists but ssdp_token_list does not: mac=ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_client_update 394 MDNS Client exists - flag wifi ap_name 18:64:72:c6:f8:10 client role - PRINTER
    Apr 3 15:08:05 :527000:  <DBUG> |mdns|  mdns_parse_auth_userinfo_resp_message 401 UserInfo response completed for ip=192.168.254.254 mac=ac:3f:xx:xx:xx:xx
    Apr 3 15:08:05 :522038:  <INFO> |authmgr|  username=qln420 MAC=ac:3f:xx:xx:xx:xx IP=192.168.254.254 Authentication result=Authentication Successful method=radius-accounting server=CPPM-C
    Apr 3 15:08:10 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:10 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:10 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:15 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:15 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:15 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:20 :527000:  <DBUG> |mdns|  ssdp_discover_service_client 666 SSDP:Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:20 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=121, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:20 :527000:  <DBUG> |mdns|  mdns_send_packet_pseudo_mcast 511 MDNS Pkt to SOS: pkt_len=120, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  mdns_discover_service_client 5102 Discover client ac:3f:xx:xx:xx:xx for a particular service
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6760 record expiry: send generic refresh query for server mac: ac:3f:xx:xx:xx:xx. Num packets: 1
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 747 Pkt to SOS: pkt_len=387, buf_len=14336. To=ac:3f:xx:xx:xx:xx, vlan=46
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  ag_send_packet_unicast 785 MDNS Pkt len=387; src_mac=ac:3f:xx:xx:xx:xx, src_vlan=46, source_ip=192.168.xx.xxx
    Apr 3 15:08:42 :527000:  <DBUG> |mdns|  mdns_send_generic_refresh_query_packet 6777 Sending refresh request: mac ac:3f:xx:xx:xx:xx


  • 10.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 04:04 PM
      |   view attached

    This is my second attempt at posting, I think my post is getting deleted.

     

    So after looking at the logs everything appears to be going okay. I see the user role and vlan get passed back to the controller from ClearPass and they are correctly assigned. The client though still does not get an IP address. Then after a short period of the time the client takes a default IP of 192.168.254.254 and it is at this point that the controller appears to change the clients VLAN again.

     

    I also did a packet capture of the client and I noticed that the client is attempting to do a DHCP, but the DHCP process cannot complete so the client retries over and over. It would seem that either the role is not applying correctly, or the maybe it is the VLAN itself.

     

    Any other ideas on what I might try?

     

    Btw, I will attach the user-debug log.

    Attachment(s)

    txt
    user-debug-log.txt   15 K 1 version


  • 11.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 04:13 PM

    Why do you have the denyall role in here?  

    pr 3 15:03:59 :522044:  <INFO> |authmgr|  MAC=ac:3f:xx:xx:xx:xx Station authenticate(start): method=802.1x, role=denyall///denyall, VLAN=46/46, Derivation=1/0, Value Pair=1, flags=0x8


  • 12.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 04:25 PM

    The denyall role is the "initial role" that the clients fall into when they hit our WPA2-ENT SSID. I actually just tried changing it to a less restrictive role and unfortunately it didn't have any impact.

     

    Should the "initial role" on this type of SSID be set to something less restrictive?



  • 13.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 05:06 PM

    I don't know if that has an effect on it.  What are the ACLS connected to the printer role?  Does the printer role have a VLAN hardcoded in it?

     



  • 14.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 05:10 PM

    Initially had the role fairly tight, but for the testing I have since opened it up with an "any any" as I wanted to make sure that the role wasn't causing issues. I had also tried passing back a different role that I know is working for other clients and it is still unable to get an IP address.

     

    The printer role does not have a hardcoded VLAN no. I was thinking of setting it. It appears that from the user-debug, the controller will first apply the user role followed by the VLAN. I wasn't sure if this would impact the clients ability to get an IP though.



  • 15.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 05:15 PM

    You should have the initial role as authenticated or something with allowall, just to cover all bases.

     

    You haven't connected it via 802.1x to any other infrastructure, have you?  You can try enabling FDB Update on Association in the Virtual AP, just in case this is a silent client.  Can you get any assistance from the Zebra people?



  • 16.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 05:35 PM

    I can certainly set the initial role to authenticated with an allowall! I will make that change asap.

     

    I have not no. This is a mobile wireless printer, specially the Zebra QLn420. It fully supports 802.1x as well, which is why I am scratching my a head a little. I will look up the FDB Update on Association setting, I have never heard of this before.

     

    I am hoping I can get some help from them as I doubt whoever we dealt with to buy the printers will be of any help. I will call tomorrow and see if they can lend a hand.



  • 17.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 06:00 PM

    So I tried changing the intial role to authenticated and I also put a check beside FDB Update on Assoc in the VAP for the dot1x SSID. Unfortunately neither of these changes had any impact.

     

    I will have to wait and see what Zebra has to say.



  • 18.  RE: Zebra wireless printers not getting an IP

    Posted Apr 09, 2018 09:42 AM

    Update on this case. Support from Zebra managed to help out.

    Click here for Zebra KB

    Zebra Mobile Model: QLn420

     

    Our SSID is setup as a WPA2-Enterprise with ClearPass sending back user role and VLAN to controller.

     

    Zebra printer is setup as WPA-PEAP/WPA-PEAP2 (as it shows in the printer config) and it is set not to validate certificate. Client was able to successfully authenticate and established a connection to the wireless, but would not get an IP address from DHCP, nor could you communicate with the device if it had a static IP.

     

    We disable Protect Management Frames setting on the printer and rebooted. After rebooting it was able get an IP address.

     

    I checked on the controller and there is an option to turn on MFP - "Enable Management Frame Protection".

     

    Are there any side effects that could come from enabling this setting? I also noticed that there is an option to have MFP as a requirement, I would assume this could have a significant impact in the event that you have a device that does not support MFP?



  • 19.  RE: Zebra wireless printers not getting an IP

    Posted Apr 09, 2018 09:53 AM
    Thank you for chasing that down. Many users will find it valuable.
    I
    You are correct. MFP not supported by many clients and should be left off in a mixed client environment.


  • 20.  RE: Zebra wireless printers not getting an IP

    Posted Apr 09, 2018 10:39 AM

    Thank you for clarifying that @cjoseph.

    I will leave it off on the SSID and opt to disable MFP on the device itself.



  • 21.  RE: Zebra wireless printers not getting an IP

    Posted Apr 10, 2018 07:34 AM

    My original post was removed for some reason. Just wanted to repost.

     

    This managed to be resolved by support from Zebra.

    Zebra article here.

    Zebra printer: QLn420

     

    Our setup:

    • Using 802.1x on our wireless and the Zebra is setup to do WPA-PEAP-WPA2-PEAP (as shown in the Zebra config). 
    • User authentication, role, and VLAN all come from ClearPass

    Initial behavior:

    • The Zebra printer was able to authenticate without issue. It passed authentication in the ClearPass and it was confirmed that it was receiving the correct user role and VLAN.
    • Once authenticated, the device was not able to get an IP address via DHCP.
    • If a static IP was assigned, it was still unable to communicate.

    Solution:

    • Disabling MFP/PMF in the Zebra printer and rebooting it immediately resolved the issues with the printer getting an IP.


  • 22.  RE: Zebra wireless printers not getting an IP

    Posted Apr 03, 2018 10:29 AM

    Hello, we have not really found the actual issue. The printer appears to be ignoring the DHCP offer packet. We had Zebra come out do some extensive packet captures. They are stating that our DHCP server is not following the IEEE standard, but I am dubious to say the least since everything else is able to pull an IP with no issue. 

     

    If you are able to assign a static IP but it still won't communicate that sounds like there may be a firewall policy or routing issue possibly. Just for the basic checks and balances, is the VLAN tagged all the way to the AP? Are you able to connect to a wired port that has that VLAN assigned and get an IP/route properly?



  • 23.  RE: Zebra wireless printers not getting an IP

    Posted Apr 10, 2018 08:45 AM

    Here are the steps I took in case the link goes down.

     

    Just in case the link go does here are steps:

    1. Install the Zebra Setp Utilities You will need to register an account to download.
    2. Connect your printer to your computer. I did it via USB
    3. Open the Zebra Setup Utilities application and select your printer from the list and click on Open Communication with Printer
      2018-04-09_10h38_49.png
    4. Type the following into the resulting configuration window. Once done, click Send to Printer. NOTE: ensure the config ends with a carriage return. I.E. cursor should be blinking on a blank line.
      2018-04-09_10h39_36.png
    5. Printer will then restart and MFP/PMF should be diabled.

    Here are the commands:

    ! U1 setvar "wlan.pmf" "disabled"
    ! U1 do "device.reset" ""

     



  • 24.  RE: Zebra wireless printers not getting an IP

    Posted Oct 24, 2018 08:33 AM

    hello, i'm adding the ZQ520 as well for the issue.



  • 25.  RE: Zebra wireless printers not getting an IP

    Posted Oct 24, 2018 08:52 AM

    @hferi wrote:

    hello, i'm adding the ZQ520 as well for the issue.


    What does that mean?



  • 26.  RE: Zebra wireless printers not getting an IP

    Posted Oct 24, 2018 09:05 PM

    its mean, zebra wireless model ZQ520 also need to do that config, not only zebra QL series



  • 27.  RE: Zebra wireless printers not getting an IP

    Posted Oct 24, 2018 09:07 PM

    Thank you for the update.



  • 28.  RE: Zebra wireless printers not getting an IP

    Posted Oct 25, 2018 02:32 AM

    Thank you.



  • 29.  RE: Zebra wireless printers not getting an IP

    Posted Sep 11, 2019 11:20 PM

    EXCELENT!! I like happy enddings with full help! :)