My AAA profile has the following roles on this WLAN:
Initial: authenticated
Mac Auth Default: guest
802.1X Auth Default: guest
Each of those roles are defined as:
user-role authenticated
access-list session ra-guard
access-list session allowall
user-role guest
access-list session ra-guard
access-list session cplogout
and these policies have these rules:
ip access-list session ra-guard
ipv6 user any icmpv6 rtr-adv deny
ip access-list session v6-allowall
ipv6 any any any permit
ip access-list session cplogout
user alias mswitch svc-https dst-nat 8081
The output of show datapath session is:
(EC-3200) #show datapath session table 192.168.99.144
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
192.168.99.144 8.8.8.8 17 36109 53 0/0 0 0 0 tunnel 22 0 1 61 FSCI
192.168.99.144 74.125.142.125 6 34503 5222 0/0 0 0 0 tunnel 22 0 1 64 SYC
192.168.99.144 8.8.8.8 17 53464 53 0/0 0 0 0 tunnel 22 0 1 61 FSCI
(EC-3200) #show datapath session table 192.168.99.144
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
192.168.99.144 216.239.38.120 6 63000 443 0/0 0 0 0 tunnel 22 2 0 0 FSC
192.168.99.144 8.8.8.8 17 36109 53 0/0 0 0 0 tunnel 22 3 0 0 FSCI
192.168.99.144 216.239.38.120 6 51120 443 0/0 0 0 0 tunnel 22 2 0 0 SC
192.168.99.144 74.125.142.125 6 34503 5222 0/0 0 0 0 tunnel 22 3 0 0 SC
192.168.99.144 8.8.8.8 17 48518 53 0/0 0 0 0 tunnel 22 2 0 0 FSCI
192.168.99.144 8.8.8.8 17 53464 53 0/0 0 0 0 tunnel 22 3 0 0 FSCI
192.168.99.144 8.8.8.8 17 55542 53 0/0 0 0 0 tunnel 22 2 0 0 FSCI
(EC-3200) #show datapath session table 192.168.99.144
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
192.168.99.144 216.239.38.120 6 51120 443 0/0 0 0 1 tunnel 22 15 0 0 SC
192.168.99.144 74.125.142.125 6 34503 5222 0/0 0 0 0 tunnel 22 16 1 52 SC
192.168.99.144 8.8.8.8 17 53464 53 0/0 0 0 1 tunnel 22 16 0 0 FSCI
192.168.99.144 8.8.8.8 17 55542 53 0/0 0 0 1 tunnel 22 15 0 0 FSCI
(EC-3200) #
That was three executions of the command while the printer tried to print the claim form. The whole process errors out on the printer within 2 seconds, so the timimg of my command spam might have been lacking.
Thanks for your time,
Mark