Hi,
@clembo wrote:
The D (dirty) flag could be for a variety of reasons. On the controller that is having a problem; run the following to see if there are any profile errors that may be affecting its functionality on the 650 vs. the M3.
show profile-errors
show profile-errors
Invalid Profiles
----------------
Profile Error
------- -----
there are no errors and does not work
I checked the logs, and what I found
controller 650
show log user all | include VPN
May 22 08:45:14 :522018: <WARN> |authmgr| MAC=00:00:00:00:00:00 IP=?? Derived unknown role 'N/A' from server rules: server-group=default, authentication=VPN
but on 6000
May 22 08:47:40 :522038: <INFO> |authmgr| username=9c:1c:12:c9:65:61 MAC=9c:1c:12:c9:65:61 IP=79.187.221.239 Authentication result=Authentication Successful method=VPN server=Internal
May 22 08:47:40 :522017: <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=?? Derived role 'N/A' from server rules: server-group=default, authentication=VPN
May 22 08:47:40 :522018: <WARN> |authmgr| MAC=00:00:00:00:00:00 IP=?? Derived unknown role 'N/A' from server rules: server-group=default, authentication=VPN
May 22 08:47:40 :522008: <NOTI> |authmgr| User Authentication Successful: username=9c:1c:12:c9:65:61 MAC=00:00:00:00:00:00 IP=10.1.1.40 role=ap-role VLAN=0 AP=N/A SSID=N/A AAA profile=default-rap auth method=VPN auth server=Internal
May 22 08:47:40 :522050: <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=10.1.1.40 User data downloaded to datapath, new Role=ap-role/4, bw Contract=0/0, reason= IP up for non VPN transport, idle-timeout=300
May 22 08:47:40 :522050: <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=79.187.221.239 User data downloaded to datapath, new Role=logon/1, bw Contract=0/0, reason=IP up for non VPN transport for external user, idle-timeout=300