Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Disconnection (User entry deleted: reason=logon role lifetime reached)

This thread has been viewed 2 times

  • 1.  Disconnection (User entry deleted: reason=logon role lifetime reached)

    Posted Jul 17, 2013 11:24 AM

    Hi :smileyhappy:

    I have two SSIDs on my controller, the first one is for voice traffic, this one is working very nice. The second is for data traffic ; laptops, smartphone and one wireless printer. We only have problem with the printer. The printer always lost connection when we let it in wireless, this is the log :

    I have this logs when the printer is disconnected from the WIFI : Apr 30 07:57:05 authmgr[1602]: <522005> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
    Apr 30 07:57:05 authmgr[1602]: <522050> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role

     


    Here you can see the debug on this printer (debug with MAC adress) when it lost connection :

     

    May 13 14:48:47 :501095:  <NOTI> |stm|  Assoc request @ 14:48:47.443371: 00:19:70:a8:9c:ed (SN 12): AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
    May 13 14:48:47 :501100:  <NOTI> |stm|  Assoc success @ 14:48:47.450327: 00:19:70:a8:9c:ed: AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
    May 13 14:48:47 :501065:  <DBUG> |stm|  Sending STA 00:19:70:a8:9c:ed message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:28
    May 13 14:48:47 :522035:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed Station UP: BSSID=00:0b:86:75:5e:a0 ESSID=Tarifold-Interne VLAN=1 AP-name=AP03
    May 13 14:48:47 :524124:  <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:00:19:70:a8:9c:ed, pmkid_present:True, pmkid:30 48 60 6c 00 0b 86 75 5e 08 00 0b 86 75 5e 08
    May 13 14:48:47 :500511:  <DBUG> |mobileip|  Station 00:19:70:a8:9c:ed, 0.0.0.0: Received association on ESSID: Tarifold-Interne Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP03 Group default BSSID 00:0b:86:75:5e:a0, phy g, VLAN 1
    May 13 14:48:47 :500010:  <NOTI> |mobileip|  Station 00:19:70:a8:9c:ed, 0.0.0.0: Mobility trail, on switch 192.168.200.10, VLAN 1, AP AP03, Tarifold-Interne/00:0b:86:75:5e:a0/g
    May 13 14:48:47 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
    May 13 14:48:47 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/none, new Role=logon/logon, reason=First IP user created
    May 13 14:48:47 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
    May 13 14:48:47 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
    May 13 14:48:47 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
    May 13 14:54:42 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
    May 13 14:54:42 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
    May 13 14:54:49 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
    May 13 14:54:49 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
    May 13 14:54:49 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
    May 13 14:54:49 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
    May 13 14:54:49 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
    May 13 14:57:23 :501095:  <NOTI> |stm|  Assoc request @ 14:57:23.096703: 00:19:70:a8:9c:ed (SN 12): AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
    May 13 14:57:23 :501100:  <NOTI> |stm|  Assoc success @ 14:57:23.099033: 00:19:70:a8:9c:ed: AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
    May 13 14:57:23 :501065:  <DBUG> |stm|  Sending STA 00:19:70:a8:9c:ed message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:28
    May 13 14:57:23 :522035:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed Station UP: BSSID=00:0b:86:75:5e:a0 ESSID=Tarifold-Interne VLAN=1 AP-name=AP03
    May 13 14:57:23 :500511:  <DBUG> |mobileip|  Station 00:19:70:a8:9c:ed, 0.0.0.0: Received association on ESSID: Tarifold-Interne Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP03 Group default BSSID 00:0b:86:75:5e:a0, phy g, VLAN 1
    May 13 14:57:23 :524124:  <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:00:19:70:a8:9c:ed, pmkid_present:True, pmkid:30 48 60 6c 00 0b 86 75 5f e8 00 0b 86 75 5f e8
    May 13 14:59:43 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
    May 13 14:59:43 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
    May 13 14:59:44 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
    May 13 14:59:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
    May 13 14:59:44 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
    May 13 14:59:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
    May 13 14:59:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
    May 13 15:04:44 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
    May 13 15:04:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
    May 13 15:04:44 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
    May 13 15:04:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
    May 13 15:04:44 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
    May 13 15:04:44 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
    May 13 15:04:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
    May 13 15:09:44 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
    May 13 15:09:44 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
    May 13 15:09:55 :522026:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
    May 13 15:09:55 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=First IP user created
    May 13 15:09:55 :522006:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
    May 13 15:09:55 :522049:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=logon/logon, new Role=logon/logon, reason=User not authenticated for inheriting attributes
    May 13 15:09:55 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=New user IP processing
    May 13 15:14:45 :522005:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry deleted: reason=logon role lifetime reached
    May 13 15:14:45 :522050:  <INFO> |authmgr|  MAC=00:19:70:a8:9c:ed,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role


    Can I change the role ? Why this one make problom on this print and never on laptop or smartphone ?

     

    Thanks for your update. :smileywink:

     

    Alex.



  • 2.  RE: Disconnection (User entry deleted: reason=logon role lifetime reached)

    Posted Jul 17, 2013 12:29 PM

     

    Change the initial role to something else 

     

    Authentication Profiles_2013-07-17_12-28-18.png

     

    AAA_Servers_2013-07-17_12-25-36.png



  • 3.  RE: Disconnection (User entry deleted: reason=logon role lifetime reached)
    Best Answer

    Posted Jul 17, 2013 12:43 PM

    If  you donot have a PEF-NG licence change the role to guest.



  • 4.  RE: Disconnection (User entry deleted: reason=logon role lifetime reached)

    Posted Jul 19, 2013 03:40 AM

    It works! :smileytongue:

     

    Can you explain me the difference between these roles ? I dont understand why it doesnt work with this device, and why the logon role can disturb it..

     

    Jul 19 07:17:42webui[1465]: USER:admin@192.168.200.83 COMMAND:<logging level debugging user-debug 00:19:70:a8:9c:ed > -- command executed successfully
    Jul 19 07:23:59stm[1603]: <501095> <NOTI> |stm| Assoc request @ 07:23:59.824815: 00:19:70:a8:9c:ed (SN 12): AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
    Jul 19 07:23:59stm[1603]: <501100> <NOTI> |stm| Assoc success @ 07:23:59.826890: 00:19:70:a8:9c:ed: AP 10.10.20.249-00:0b:86:75:5e:a0-AP03
    Jul 19 07:23:59stm[1603]: <501065> <DBUG> |stm| Sending STA 00:19:70:a8:9c:ed message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:28
    Jul 19 07:23:59authmgr[1602]: <522035> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed Station UP: BSSID=00:0b:86:75:5e:a0 ESSID=Tarifold-Interne VLAN=1 AP-name=AP03
    Jul 19 07:23:59authmgr[1602]: <524124> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:00:19:70:a8:9c:ed, pmkid_present:True, pmkid:30 48 60 6c 00 0b 86 75 5f b8 00 0b 86 75 5f b8
    Jul 19 07:23:59mobileip[1611]: <500511> <DBUG> |mobileip| Station 00:19:70:a8:9c:ed, 0.0.0.0: Received association on ESSID: Tarifold-Interne Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP03 Group default BSSID 00:0b:86:75:5e:a0, phy g, VLAN 1
    Jul 19 07:23:59mobileip[1611]: <500010> <NOTI> |mobileip| Station 00:19:70:a8:9c:ed, 0.0.0.0: Mobility trail, on switch 192.168.200.10, VLAN 1, AP AP03, Tarifold-Interne/00:0b:86:75:5e:a0/g
    Jul 19 07:24:00authmgr[1602]: <522026> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User miss: ingress=0x10f7, VLAN=1
    Jul 19 07:24:00authmgr[1602]: <522049> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=0.0.0.0 User role updated, existing Role=guest/logon, new Role=guest/guest, reason=First IP user created
    Jul 19 07:24:00authmgr[1602]: <522006> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed IP=192.168.200.190 User entry added: reason=Sibtye
    Jul 19 07:24:00authmgr[1602]: <522049> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User role updated, existing Role=guest/guest, new Role=guest/guest, reason=User not authenticated for inheriting attributes
    Jul 19 07:24:00authmgr[1602]: <522050> <INFO> |authmgr| MAC=00:19:70:a8:9c:ed,IP=192.168.200.190 User data downloaded to datapath, new Role=guest/3, bw Contract=0/0,reason=New user IP processing


  • 5.  RE: Disconnection (User entry deleted: reason=logon role lifetime reached)

    Posted Jul 18, 2013 02:33 AM

    Hi,

     

    Thanks for your answer :smileyhappy: .

     

    I will go to the customer tomorrow to make some tests. The clients who use this SSID is authentificate with a WPA Key. It's strange because I don't have disconnection with laptop but only with this printer, I don't understand why it doesn't work with this device ...

     

    Can I find a description of these differents role (for exemple difference between the authenticate and guest role) ? Which one do you use when there is only authentification with WPA Key ?

     

    Thanks a lot !:smileywink:



  • 6.  RE: Disconnection (User entry deleted: reason=logon role lifetime reached)

    Posted Jul 19, 2013 06:28 AM
    Look at the screenshot a shared


  • 7.  RE: Disconnection (User entry deleted: reason=logon role lifetime reached)

    Posted Jul 19, 2013 08:17 AM

    Logon role is designed for the users who are in preauthenticated. so we donot allow users without authenticated to say in our DB for long time. so we hav logon life time which will kick off teh user afte the logon life time. so if you are using open or pre shared key auth, please change the initial role to other roles like guest  or authenticated. 

     

    guest role will provide access to dns, http and https ( by default) 

    authenticated role is allow all.  ( by default)/.