Hi all
I have a really frustrating problem with the Guest network I have set up on our lab controller. We have a 3200 running OS 6.2.0.3. This is in our lab but has a public IP. I have an AP95 here at home that is connected correctly and working.
I have created two SSID's, one for dot1x testing and one for guest. Both SSIDs are set up to take IP addressing from DHCP on the controller, with a separate VLAN for both.
The dot1x network works fine however the guest does not. Using my Android phone, I try and connect and the phone attempts connection, then stops. It will keep doing that until I give up. Occasionally, it will say its obtaining an IP address, but that times out. I set up debugging for the device and here is the latest output from an attempted connection:
Apr 30 21:15:20 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 98:0c:82:85:e6:35.
Apr 30 21:15:20 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:guest-logon,pDefRole:0x0x109908e4
Apr 30 21:15:20 :522243: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 Station Updated Update MMS: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
Apr 30 21:15:24 :501095: <NOTI> |stm| Assoc request @ 21:15:24.959200: 98:0c:82:85:e6:35 (SN 746): AP 192.168.1.14-00:24:6c:41:f0:01-Demo_AP
Apr 30 21:15:24 :501100: <NOTI> |stm| Assoc success @ 21:15:24.960806: 98:0c:82:85:e6:35: AP 192.168.1.14-00:24:6c:41:f0:01-Demo_AP
Apr 30 21:15:24 :522035: <INFO> |authmgr| MAC=98:0c:82:85:e6:35 Station UP: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
Apr 30 21:15:24 :522077: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 ingress 0x0x10009 (tunnel 9), u_encr 1, m_encr 1, slotport 0x0x2040 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Apr 30 21:15:24 :522078: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35, wired: 0, vlan:18 ingress:0x0x10009 (tunnel 9), ingress:0x0x10009 new_aaa_prof: demo-guest-AAA-profile, stored profile: demo-guest-AAA-profile stored wired: 0 stored essid: demo-guest, stored-ingress: 0x0x10009
Apr 30 21:15:24 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 98:0c:82:85:e6:35.
Apr 30 21:15:24 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:guest-logon,pDefRole:0x0x109908e4
Apr 30 21:15:24 :522243: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 Station Updated Update MMS: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
Apr 30 21:15:28 :501095: <NOTI> |stm| Assoc request @ 21:15:28.696280: 98:0c:82:85:e6:35 (SN 787): AP 192.168.1.14-00:24:6c:41:f0:01-Demo_AP
Apr 30 21:15:28 :501100: <NOTI> |stm| Assoc success @ 21:15:28.697868: 98:0c:82:85:e6:35: AP 192.168.1.14-00:24:6c:41:f0:01-Demo_AP
Apr 30 21:15:28 :522035: <INFO> |authmgr| MAC=98:0c:82:85:e6:35 Station UP: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
Apr 30 21:15:28 :522077: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 ingress 0x0x10009 (tunnel 9), u_encr 1, m_encr 1, slotport 0x0x2040 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Apr 30 21:15:28 :522078: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35, wired: 0, vlan:18 ingress:0x0x10009 (tunnel 9), ingress:0x0x10009 new_aaa_prof: demo-guest-AAA-profile, stored profile: demo-guest-AAA-profile stored wired: 0 stored essid: demo-guest, stored-ingress: 0x0x10009
Apr 30 21:15:28 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 98:0c:82:85:e6:35.
Apr 30 21:15:28 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:guest-logon,pDefRole:0x0x109908e4
Apr 30 21:15:28 :522243: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 Station Updated Update MMS: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
Apr 30 21:15:32 :501095: <NOTI> |stm| Assoc request @ 21:15:32.742959: 98:0c:82:85:e6:35 (SN 828): AP 192.168.1.14-00:24:6c:41:f0:01-Demo_AP
Apr 30 21:15:32 :501100: <NOTI> |stm| Assoc success @ 21:15:32.744456: 98:0c:82:85:e6:35: AP 192.168.1.14-00:24:6c:41:f0:01-Demo_AP
Apr 30 21:15:32 :522035: <INFO> |authmgr| MAC=98:0c:82:85:e6:35 Station UP: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
Apr 30 21:15:32 :522077: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 ingress 0x0x10009 (tunnel 9), u_encr 1, m_encr 1, slotport 0x0x2040 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Apr 30 21:15:32 :522078: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35, wired: 0, vlan:18 ingress:0x0x10009 (tunnel 9), ingress:0x0x10009 new_aaa_prof: demo-guest-AAA-profile, stored profile: demo-guest-AAA-profile stored wired: 0 stored essid: demo-guest, stored-ingress: 0x0x10009
Apr 30 21:15:32 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 98:0c:82:85:e6:35.
Apr 30 21:15:32 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:guest-logon,pDefRole:0x0x109908e4
Apr 30 21:15:32 :522243: <DBUG> |authmgr| MAC=98:0c:82:85:e6:35 Station Updated Update MMS: BSSID=00:24:6c:41:f0:01 ESSID=demo-guest VLAN=18 AP-name=Demo_AP
It seems to be joining the network fine but then going nowhere. Initially I had created my own pre-auth guest role but as that wasnt working, I reverted to using the default guest-logon role but still no change.
I have tried connecting using a Windows machine and an iPhone and they fail too. It's not a tricky config and its one I've used for hundreds of customers, but I just cannot get it to work.
Any ideas?
#3200