Him now trying to configure a RAP with Cert (No PSK) and the Whitelist.
Here is some info :
AP name : RAP100-01-WAP105
IP address : 192.168.100.131
VPN IP Pool : 192.168.10.10 to 192.168.10.100
What's happening : The AP reboot after a provisionning. I see the entry in the RAP Whitelist adding automaticly by the controller. When the AP is once again available, I got these flag: Rc2ID. It seems that he's able to have an IP address in the pool to. Then, after 1min30sec UP, the AP reboot and enter in the CAP Whitelist and become a normal CAP with only flag : 2
My AP work perfectly with the PSK method. (Flag : R) . But it seems that i got some problem with the cert method.
Any idea ?
Thanks.
PS : Here is the "log all" for that period :
Oct 18 11:32:20 webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap no fqln > -- command executed successfully
Oct 18 11:32:20 webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap no ikepsk ****** > -- command executed successfully
Oct 18 11:32:20 webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap no syslocation > -- command executed successfully
Oct 18 11:32:20 webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap remote-ap > -- command executed successfully
Oct 18 11:32:20 webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap reprovision ap-name "RAP100-01-WAP105" > -- command executed successfully
Oct 18 11:32:20 webui[1440]: USER:admin@192.168.100.157 COMMAND:<provision-ap server-ip 192.168.103.72 > -- command executed successfully
Oct 18 11:32:32 authmgr[1576]: <522004> <DBUG> |authmgr| MAC=00:23:15:44:71:08 Send Station delete message to mobility
Oct 18 11:32:32 authmgr[1576]: <522004> <DBUG> |authmgr| MAC=00:23:15:44:71:08 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.10.14
Oct 18 11:32:32 authmgr[1576]: <522004> <DBUG> |authmgr| MAC=00:23:15:44:71:08 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.10.14
Oct 18 11:32:32 authmgr[1576]: <522004> <DBUG> |authmgr| no users to cleanup
Oct 18 11:32:32 authmgr[1576]: <522004> <DBUG> |authmgr| station free: bssid=6c:f3:7f:e4:2b:b8, @=0x108f720c
Oct 18 11:32:32 authmgr[1576]: <522035> <INFO> |authmgr| MAC=00:23:15:44:71:08 Station UP: BSSID=6c:f3:7f:e4:2b:b0 ESSID=CimaPublic VLAN=32 AP-name=RAP100-01-WAP105
Oct 18 11:32:32 authmgr[1576]: <522036> <INFO> |authmgr| MAC=00:23:15:44:71:08 Station DN: BSSID=6c:f3:7f:e4:2b:b8 ESSID=CimaPublic VLAN=32 AP-name=RAP100-01-WAP105
Oct 18 11:32:32 mobileip[1585]: <500010> <NOTI> |mobileip| Station 00:23:15:44:71:08, 0.0.0.0: Mobility trail, on switch 192.168.103.72, VLAN 32, AP RAP100-01-WAP105, CimaPublic/6c:f3:7f:e4:2b:b0/g
Oct 18 11:32:32 mobileip[1585]: <500010> <NOTI> |mobileip| Station 00:23:15:44:71:08, 255.255.255.255: Mobility trail, on switch 192.168.103.72, VLAN 32, AP RAP100-01-WAP105, CimaPublic/6c:f3:7f:e4:2b:b8/a
Oct 18 11:32:32 mobileip[1585]: <500511> <DBUG> |mobileip| Station 00:23:15:44:71:08, 0.0.0.0: Received association on ESSID: CimaPublic Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name RAP100-01-WAP105 Group M100-RAP-Bridge BSSID 6c:f3:7f:e4:2b:b0, phy g, VLAN 32
Oct 18 11:32:32 mobileip[1585]: <500511> <DBUG> |mobileip| Station 00:23:15:44:71:08, 0.0.0.0: Received disassociation on ESSID: CimaPublic Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name RAP100-01-WAP105 Group M100-RAP-Bridge BSSID 6c:f3:7f:e4:2b:b8, phy a, VLAN 32
Oct 18 11:32:32 stm[1577]: <501000> <DBUG> |stm| Station 00:23:15:44:71:08: Clearing state
Oct 18 11:32:32 stm[1577]: <501065> <DBUG> |stm| Sending STA 00:23:15:44:71:08 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x20, wmm:1, rsn_cap:3c
Oct 18 11:32:32 stm[1577]: <501065> <DBUG> |stm| Sending STA 00:23:15:44:71:08 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x20, wmm:1, rsn_cap:3c
Oct 18 11:32:32 stm[1577]: <501095> <NOTI> |stm| Assoc request @ 11:32:32.987528: 00:23:15:44:71:08 (SN 715): AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105
Oct 18 11:32:32 stm[1577]: <501100> <NOTI> |stm| Assoc success @ 11:32:32.990463: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105
Oct 18 11:32:32 stm[1577]: <501114> <NOTI> |stm| Deauth from sta: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b8-RAP100-01-WAP105 Reason 255
Oct 18 11:32:32 stm[627]: <501000> <DBUG> |AP RAP100-01-WAP105@192.168.10.14 stm| Station 00:23:15:44:71:08: Clearing state
Oct 18 11:32:32 stm[627]: <501080> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm| Deauth to sta: 00:23:15:44:71:08: Ageout AP 192.168.10.14-6c:f3:7f:e4:2b:b8-RAP100-01-WAP105 Denied: AP Ageout
Oct 18 11:32:32 stm[627]: <501093> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm| Auth success: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105
Oct 18 11:32:32 stm[627]: <501095> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm| Assoc request @ 11:32:32.651051: 00:23:15:44:71:08 (SN 715): AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105
Oct 18 11:32:32 stm[627]: <501100> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm| Assoc success @ 11:32:32.652227: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105
Oct 18 11:32:32 stm[627]: <501106> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm| Deauth to sta: 00:23:15:44:71:08: Ageout AP 192.168.10.14-6c:f3:7f:e4:2b:b8-RAP100-01-WAP105 handle_sapcp
Oct 18 11:32:32 stm[627]: <501109> <NOTI> |AP RAP100-01-WAP105@192.168.10.14 stm| Auth request: 00:23:15:44:71:08: AP 192.168.10.14-6c:f3:7f:e4:2b:b0-RAP100-01-WAP105 auth_alg 0
Oct 18 11:32:33 stm[627]: <501000> <DBUG> |AP RAP100-01-WAP105@192.168.10.14 stm| Station 00:23:15:44:71:08: Clearing state
Oct 18 11:32:34 nanny[567]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.14 nanny| Process Manager (nanny) shutting down - AP will reboot!
Oct 18 11:32:34 nanny[567]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.14 nanny| Process Manager (nanny) shutting down - AP will reboot!
Oct 18 11:32:34 stm[627]: <501050> <DBUG> |AP RAP100-01-WAP105@192.168.10.14 stm| Station 6c:f3:7f:e4:2b:b0: No bssid found for management frame type 0, subtype 15 to BSSID 6c:f3:7f:e4:2b:b0
Oct 18 11:32:37 authmgr[1576]: <522004> <DBUG> |authmgr| AU1(3), HA1, TAP0, PARP0 OIP0 IIP0 INT1 WD0 FW0 DT0
Oct 18 11:32:37 authmgr[1576]: <522004> <DBUG> |authmgr| MAC=00:23:15:44:71:08 Send Station delete message to mobility
Oct 18 11:32:37 authmgr[1576]: <522004> <DBUG> |authmgr| Mark rap users for ageout, Reason - AP down
Oct 18 11:32:37 authmgr[1576]: <522004> <DBUG> |authmgr| download: ip=192.168.100.131 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0
Oct 18 11:32:37 authmgr[1576]: <522004> <DBUG> |authmgr| station free: bssid=6c:f3:7f:e4:2b:b0, @=0x1097f3c4
Oct 18 11:32:37 authmgr[1576]: <522004> <DBUG> |authmgr| {192.168.10.14} datapath entry deleted
Oct 18 11:32:37 authmgr[1576]: <522005> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.14 User entry deleted: reason=user request
Oct 18 11:32:37 authmgr[1576]: <522013> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.14 IP DN: outerIP=192.168.100.131 tunnels=1
Oct 18 11:32:37 authmgr[1576]: <522050> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=192.168.100.131 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=IP Down for external IP
Oct 18 11:33:23 authmgr[1576]: <522004> <DBUG> |authmgr| DHCP ACK mac 6c:f3:7f:c6:42:bb, client ip 192.168.100.131, server ip 0.0.0.0
Oct 18 11:33:23 stm[1577]: <501000> <DBUG> |stm| Station 00:23:15:44:71:08: Clearing state
Oct 18 11:33:23 stm[1577]: <501065> <DBUG> |stm| Sending STA 00:23:15:44:71:08 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x20, wmm:1, rsn_cap:3c
Oct 18 11:33:24 authmgr[1576]: <522004> <DBUG> |authmgr| MAC=00:23:15:44:71:08 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.10.14
Oct 18 11:33:24 authmgr[1576]: <522036> <INFO> |authmgr| MAC=00:23:15:44:71:08 Station DN: BSSID=6c:f3:7f:e4:2b:b0 ESSID=CimaPublic VLAN=32 AP-name=RAP100-01-WAP105
Oct 18 11:33:24 mobileip[1585]: <500010> <NOTI> |mobileip| Station 00:23:15:44:71:08, 255.255.255.255: Mobility trail, on switch 192.168.103.72, VLAN 32, AP RAP100-01-WAP105, CimaPublic/6c:f3:7f:e4:2b:b0/g
Oct 18 11:33:24 mobileip[1585]: <500511> <DBUG> |mobileip| Station 00:23:15:44:71:08, 0.0.0.0: Received disassociation on ESSID: CimaPublic Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name RAP100-01-WAP105 Group M100-RAP-Bridge BSSID 6c:f3:7f:e4:2b:b0, phy g, VLAN 32
Oct 18 11:33:32 authmgr[1576]: <522004> <DBUG> |authmgr| DHCP ACK mac 00:24:e8:f0:37:31, client ip 192.168.100.181, server ip 0.0.0.0
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| Reset BWM contract: IP=0.0.0.0 role=logon, contract= (0/0), type=Per role
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| Reset BWM contract: IP=0.0.0.0 role=logon, contract= (0/0), type=Per role
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| Reset BWM contract: IP=192.168.10.15 role=sys-ap-role, contract= (0/0), type=Per role
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| Reset BWM contract: IP=192.168.10.15 role=sys-ap-role, contract= (0/0), type=Per role
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| Sending pool l2tp default-l2tp-pool, pptp default-pptp-pool in auth PAP response
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| authorize user 6c:f3:7f:c6:42:bb
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| download: ip=192.168.10.15 acl=7/0 role=sys-ap-role, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| download: ip=192.168.10.15 acl=7/0 role=sys-ap-role, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| download: ip=192.168.100.131 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=1
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| err: could not create contract for user, err code (-11)
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| err: could not create contract for user, err code (-11)
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| err: could not create contract for user, err code (-11)
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| err: could not create contract for user, err code (-11)
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| {L3} Update role from logon to logon for IP=0.0.0.0
Oct 18 11:33:51 authmgr[1576]: <522004> <DBUG> |authmgr| {L3} Update role from logon to sys-ap-role for IP=192.168.10.15
Oct 18 11:33:51 authmgr[1576]: <522006> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.15 User entry added: reason=RAP
Oct 18 11:33:51 authmgr[1576]: <522008> <NOTI> |authmgr| User Authentication Successful: username=6c:f3:7f:c6:42:bb MAC=00:00:00:00:00:00 IP=192.168.10.15 role=sys-ap-role VLAN=1 AP=N/A SSID=N/A AAA profile= auth method=VPN auth server=N/A
Oct 18 11:33:51 authmgr[1576]: <522012> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.15 IP UP: outerIP=192.168.100.131 tunnels=1
Oct 18 11:33:51 authmgr[1576]: <522038> <INFO> |authmgr| username=6c:f3:7f:c6:42:bb MAC=00:00:00:00:00:00 IP=192.168.100.131 Authentication result=Authentication Successful method=VPN server=Internal
Oct 18 11:33:51 authmgr[1576]: <522049> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=0.0.0.0 User role updated, existing Role=none/none, new Role=none/logon, reason=First IP user created
Oct 18 11:33:51 authmgr[1576]: <522049> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=192.168.10.15 User role updated, existing Role=none/logon, new Role=none/sys-ap-role, reason=User authenticated with auth type:3role derivation:6 l3 assigned role:None
Oct 18 11:33:51 authmgr[1576]: <522050> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=192.168.10.15 User data downloaded to datapath, new Role=sys-ap-role/7, bw Contract=0/0,reason= IP up for non VPN transport
Oct 18 11:33:51 authmgr[1576]: <522050> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=192.168.10.15 User data downloaded to datapath, new Role=sys-ap-role/7, bw Contract=0/0,reason=Download driven by user role setting
Oct 18 11:33:51 authmgr[1576]: <522050> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=192.168.100.131 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=IP up for non VPN transport for external user
Oct 18 11:34:08 nanny[571]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.15 nanny| Process Manager (nanny) shutting down - AP will reboot!
Oct 18 11:34:08 nanny[571]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.10.15 nanny| Process Manager (nanny) shutting down - AP will reboot!
Oct 18 11:34:21 authmgr[1576]: <109013> <WARN> |authmgr| LDAP Server Sh.cima.plus: Connectivity lost. Server is down
Oct 18 11:34:31 authmgr[1576]: <522004> <DBUG> |authmgr| DHCP ACK mac 5c:26:0a:37:b3:41, client ip 0.0.0.0, server ip 0.0.0.0
Oct 18 11:34:31 wms[1568]: <126005> <WARN> |wms| |ids| Interfering AP: The system classified an access point (BSSID 74:91:1a:0e:a1:48 and SSID CITE MULTIMEDIA on CHANNEL 1) as interfering. Additional Info: Detector-AP-Name:AP210-01-WAP105; Detector-AP-MAC:6c:f3:7f:e4:31:00; Detector-AP-Radio:2.
Oct 18 11:34:57 authmgr[1576]: <522004> <DBUG> |authmgr| DHCP ACK mac 6c:f3:7f:c6:42:bb, client ip 192.168.100.131, server ip 0.0.0.0
Oct 18 11:34:58 authmgr[1576]: <522014> <DBUG> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.15 Notify IKE (IP DN): outerIP=192.168.100.131 Reason=4
Oct 18 11:35:04 nanny[513]: <303022> <WARN> |AP RAP100-01-WAP105@192.168.100.131 nanny| Reboot Reason: AP rebooted Thu Oct 18 11:34:08 EDT 2012; SAPD: Rebooting after provisioning
Oct 18 11:35:19 authmgr[1576]: <522004> <DBUG> |authmgr| AU1(3), HA1, TAP0, PARP0 OIP0 IIP0 INT0 WD0 FW0 DT0
Oct 18 11:35:19 authmgr[1576]: <522004> <DBUG> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.15 Send mobility delete message, flags=0x0
Oct 18 11:35:19 authmgr[1576]: <522004> <DBUG> |authmgr| download: ip=192.168.100.131 acl=1/0 role=logon, Ubwm=0, Dbwm=0 tunl=0x0, PA=0, HA=1, RO=0, VPN=0
Oct 18 11:35:19 authmgr[1576]: <522004> <DBUG> |authmgr| {192.168.10.15} datapath entry deleted
Oct 18 11:35:19 authmgr[1576]: <522005> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.15 User entry deleted: reason=AP going down
Oct 18 11:35:19 authmgr[1576]: <522013> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.10.15 IP DN: outerIP=192.168.100.131 tunnels=1
Oct 18 11:35:19 authmgr[1576]: <522050> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=192.168.100.131 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=IP Down for external IP
Oct 18 11:35:36 authmgr[1576]: <522004> <DBUG> |authmgr| DHCP ACK mac 00:24:e8:2f:f1:54, client ip 0.0.0.0, server ip 0.0.0.0
Oct 18 11:35:45 stm[1577]: <305048> <WARN> |stm| Dropping unsecure AP message code 16121 from AP at 192.168.100.131 (MAC address 6c:f3:7f:c6:42:bb)
Oct 18 11:35:47 authmgr[1576]: <522004> <DBUG> |authmgr| AU0(3), HA1, TAP0, PARP0 OIP0 IIP0 INT1 WD0 FW0 DT0
Oct 18 11:35:47 authmgr[1576]: <522004> <DBUG> |authmgr| {192.168.100.131} datapath entry deleted
Oct 18 11:35:47 authmgr[1576]: <522005> <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.100.131 User entry deleted: reason=user request
Oct 18 11:35:47 authmgr[1576]: <522014> <DBUG> |authmgr| MAC=00:00:00:00:00:00 IP=192.168.100.131 Notify IKE (IP DN): outerIP=192.168.100.131 Reason=4
Oct 18 11:35:48 nanny[513]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.100.131 nanny| Process Manager (nanny) shutting down - AP will reboot!
Oct 18 11:35:48 nanny[513]: <303086> <ERRS> |AP RAP100-01-WAP105@192.168.100.131 nanny| Process Manager (nanny) shutting down - AP will reboot!
Oct 18 11:35:56 authmgr[1576]: <109013> <WARN> |authmgr| LDAP Server Lav.cima.plus: Connectivity lost. Server is down