Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

PSK user is not appearing in user_table

This thread has been viewed 1 times

  • 1.  PSK user is not appearing in user_table

    Posted Apr 20, 2018 06:44 AM

    Hi,

     

    I have configured WPA2-AES PSK

    wlan ssid-profile Private

       essid Home

       opmode wpa2-psk-aes

       wmm

       wmm-vo-dscp "8"

       wmm-vi-dscp "8"

       wmm-be-dscp "8"

       wmm-bk-dscp "8"

       wpa-passphrase "Student"

       ssid-enable

    ip access-list session Private

    user any udp 68  deny

      any any svc-dhcp  permit

      user   alias Private_IPs any  deny

      user   alias Internet_DNS_Servers svc-dns  permit

      user any svc-ike  permit

      user any svc-natt  permit

      user any svc-esp  permit

      user any svc-http  permit

      user any svc-https  permit

      any any svc-ftp  permit

     

    user-role Private

     

     vlan 39

     access-list session global-sacl

     access-list session apprf-Private-sacl

     access-list session Private

     access-list session denyall_log

     

    aaa profile "Private"

       initial-role "Private"

       authentication-dot1x "Private"

     

    wlan virtual-ap "Private"

       aaa-profile "Private"

       ssid-profile "Private"

       vlan 39

       allowed-band g

       broadcast-filter all

       broadcast-filter arp

       deny-inter-user-traffic

       

    Laptop authenticate fine and gets and IP address but on the controller shows client only in station-table and authentication NO.

     

    Client does not move to user-table or it doese not show IP addresess on the GUI. 

     

    However, Controller log shows client get and IP address and it authenticated. 

     

    Any idea what could be the reason. 

     

    Client can't pass any traffic but I think beacuse it is not showing in user table so controller don't know where to send the traffic. 



  • 2.  RE: PSK user is not appearing in user_table

    EMPLOYEE
    Posted Apr 20, 2018 07:23 AM

     user   alias Private_IPs any  deny

      user   alias Internet_DNS_Servers svc-dns  permit

     

    If your DNS server is in your private range, you are denying access to it.  Change the order of the rules above.



  • 3.  RE: PSK user is not appearing in user_table

    Posted Apr 20, 2018 09:22 PM

    My DNS server is google DNS. 

     

    issue is controller is not seeting user get an IP address or authenticated so it is not adding the user in user table. 



  • 4.  RE: PSK user is not appearing in user_table

    Posted Apr 20, 2018 09:54 PM

    some debug logs

     

    Apr 21 13:35:52 authmgr[3954]: <522035> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac Station UP: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
    Apr 21 13:35:52 authmgr[3954]: <522036> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac Station DN: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
    Apr 21 13:35:52 authmgr[3954]: <522049> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac,IP=N/A User role updated, existing Role=logon/none, new Role=Red_Private/none, reason=Set AAA profile defaults
    Apr 21 13:35:52 authmgr[3954]: <522050> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac,IP=N/A User data downloaded to datapath, new Role=Red_Private/85, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
    Apr 21 13:35:52 authmgr[3954]: <522077> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac ingress 0x0x1015f (tunnel 351), u_encr 32, m_encr 32, slotport 0x0x20c3 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
    Apr 21 13:35:52 authmgr[3954]: <522127> <DBUG> |authmgr| {L2} Update role from logon to Red_Private for IP=N/A, MAC=a4:4e:31:41:ac:ac.
    Apr 21 13:35:52 authmgr[3954]: <522142> <DBUG> |authmgr| Setting default role to Red_Private for user a4:4e:31:41:ac:ac".
    Apr 21 13:35:52 authmgr[3954]: <522158> <DBUG> |authmgr| Role Derivation for user N/A-a4:4e:31:41:ac:ac- N/A Set AAA profile defaults.
    Apr 21 13:35:52 authmgr[3954]: <522234> <DBUG> |authmgr| Setting idle timer for user a4:4e:31:41:ac:ac to 300 seconds (idle timeout: 300 ageout: 0).
    Apr 21 13:35:52 authmgr[3954]: <522242> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac Station Created Update MMS: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
    Apr 21 13:35:52 authmgr[3954]: <522244> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac Station Deleted Update MMS
    Apr 21 13:35:52 authmgr[3954]: <522246> <DBUG> |authmgr| Idle timeout should be driven by STM for MAC a4:4e:31:41:ac:ac.
    Apr 21 13:35:52 authmgr[3954]: <522253> <DBUG> |authmgr| VDR - mac a4:4e:31:41:ac:ac derivation_type Initial Role Contained derived vlan 2039.
    Apr 21 13:35:52 authmgr[3954]: <522254> <DBUG> |authmgr| VDR - mac a4:4e:31:41:ac:ac rolename Red_Private fwdmode 0 derivation_type Initial Role Contained vp not present.
    Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Current VLAN updated.
    Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Current VLAN updated.
    Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Default VLAN.
    Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Initial Role Contained.
    Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 0 derivation_type Reset VLANs for Station up index 0.
    Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Current VLAN updated index 2.
    Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Current VLAN updated index 4.
    Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Default VLAN index 1.
    Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Initial Role Contained index 3.
    Apr 21 13:35:52 authmgr[3954]: <522260> <DBUG> |authmgr| "VDR - Cur VLAN updated a4:4e:31:41:ac:ac mob 0 inform 1 remote 0 wired 0 defvlan 2039 exportedvlan 0 curvlan 2039.
    Apr 21 13:35:52 authmgr[3954]: <522264> <DBUG> |authmgr| "MAC:a4:4e:31:41:ac:ac: Allocating UUID: 0xb6a55e00d998007c
    Apr 21 13:35:52 authmgr[3954]: <522287> <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac a4:4e:31:41:ac:ac bssid ac:a3:1e:88:5e:e2 vlan 2039 type 1 data-ready 0
    Apr 21 13:35:52 authmgr[3954]: <522290> <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac a4:4e:31:41:ac:ac
    Apr 21 13:35:52 authmgr[3954]: <522295> <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user a4:4e:31:41:ac:ac
    Apr 21 13:35:52 authmgr[3954]: <522296> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user a4:4e:31:41:ac:ac age 0 deauth_reason 13
    Apr 21 13:35:52 authmgr[3954]: <522301> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb6a51c00d998007b mac a4:4e:31:41:ac:ac name role Red_Private devtype wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8387 fwd-mode 0
    Apr 21 13:35:52 authmgr[3954]: <522301> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb6a55e00d998007c mac a4:4e:31:41:ac:ac name role Red_Private devtype wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8387 fwd-mode 0
    Apr 21 13:35:52 authmgr[3954]: <522303> <DBUG> |authmgr| Auth GSM : USER delete for mac a4:4e:31:41:ac:ac uuid 0xb6a51c00d998007b
    Apr 21 13:35:52 authmgr[3954]: <524124> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:a4:4e:31:41:ac:ac, pmkid_present:False, pmkid:N/A
    Apr 21 13:35:52 authmgr[3954]: <524141> <DBUG> |authmgr| clr_pmkcache_ft():987: MAC:a4:4e:31:41:ac:ac BSS:ac:a3:1e:88:5e:e2
    Apr 21 13:35:52 dhcpdwrap[3993]: <202527> <DBUG> |dhcpdwrap| |dhcp| RelayToClient: OFFER dest=10.227.49.13 client yiaddr=10.227.49.13 MAC=a4:4e:31:41:ac:ac
    Apr 21 13:35:52 dhcpdwrap[3993]: <202533> <DBUG> |dhcpdwrap| |dhcp| Relayed: DISCOVER server=10.233.147.170 giaddr=10.227.49.2 MAC=a4:4e:31:41:ac:ac
    Apr 21 13:35:52 dhcpdwrap[3993]: <202533> <DBUG> |dhcpdwrap| |dhcp| Relayed: DISCOVER server=10.234.211.170 giaddr=10.227.49.2 MAC=a4:4e:31:41:ac:ac
    Apr 21 13:35:52 dhcpdwrap[3993]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan13: REQUEST a4:4e:31:41:ac:ac Transaction ID:0x3657772b reqIP=10.227.49.13 Options 3d:01a44e3141acac 0c:6e696c61792d5448494e4b 51:0000006e696c61792d5448494e4b 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
    Apr 21 13:35:52 dhcpdwrap[3993]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan13: REQUEST a4:4e:31:41:ac:ac Transaction ID:0x3657772b reqIP=10.227.49.13 Options 3d:01a44e3141acac 0c:6e696c61792d5448494e4b 51:0000006e696c61792d5448494e4b 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
    Apr 21 13:35:52 dhcpdwrap[3993]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2039: REQUEST a4:4e:31:41:ac:ac Transaction ID:0x3657772b reqIP=10.227.49.13 Options 3d:01a44e3141acac 0c:6e696c61792d5448494e4b 51:0000006e696c61792d5448494e4b 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
    Apr 21 13:35:52 dhcpdwrap[3993]: <202541> <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x1015f vlan 2039 egress 0x7f7 src mac a4:4e:31:41:ac:ac
    Apr 21 13:35:52 dhcpdwrap[3993]: <202544> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan13: ACK a4:4e:31:41:ac:ac Transaction ID:0x3657772b clientIP=10.227.49.13
    Apr 21 13:35:52 dhcpdwrap[3993]: <202544> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2039: ACK a4:4e:31:41:ac:ac Transaction ID:0x3657772b clientIP=10.227.49.13
    Apr 21 13:35:52 mdns[4088]: <527000> <DBUG> |mdns| ag_mdns_get_token_list_for_mac 639 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
    Apr 21 13:35:52 mdns[4088]: <527000> <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 344 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
    Apr 21 13:35:52 mdns[4088]: <527000> <DBUG> |mdns| mdns_client_purge 1133 Purge mdns client, mac=a4:4e:31:41:ac:ac, del_client = 1
    Apr 21 13:35:52 mdns[4088]: <527004> <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:a4:4e:31:41:ac:ac
    Apr 21 13:35:52 stm[1058]: <501093> <NOTI> |AP WPLWNB-AP09A@10.227.146.92 stm| Auth success: a4:4e:31:41:ac:ac: AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
    Apr 21 13:35:52 stm[1058]: <501095> <NOTI> |AP WPLWNB-AP09A@10.227.146.92 stm| Assoc request @ 13:35:52.478247: a4:4e:31:41:ac:ac (SN 207): AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
    Apr 21 13:35:52 stm[1058]: <501100> <NOTI> |AP WPLWNB-AP09A@10.227.146.92 stm| Assoc success @ 13:35:52.479965: a4:4e:31:41:ac:ac: AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
    Apr 21 13:35:52 stm[3955]: <501000> <DBUG> |stm| Station a4:4e:31:41:ac:ac: Clearing state
    Apr 21 13:35:52 stm[3955]: <501100> <NOTI> |stm| Assoc success @ 13:35:52.507346: a4:4e:31:41:ac:ac: AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
    Apr 21 13:35:52 stm[3955]: <501211> <NOTI> |stm| stm_sta_assign_vlan 16959: VLAN: sta a4:4e:31:41:ac:ac, STM assigns MAC based vlan_id 2039
    Apr 21 13:37:14 authmgr[3954]: <522036> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac Station DN: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
    Apr 21 13:37:14 authmgr[3954]: <522234> <DBUG> |authmgr| Setting idle timer for user a4:4e:31:41:ac:ac to 300 seconds (idle timeout: 300 ageout: 0).
    Apr 21 13:37:14 authmgr[3954]: <522244> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac Station Deleted Update MMS
    Apr 21 13:37:14 authmgr[3954]: <522290> <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac a4:4e:31:41:ac:ac
    Apr 21 13:37:14 authmgr[3954]: <522296> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user a4:4e:31:41:ac:ac age 0 deauth_reason 27
    Apr 21 13:37:14 authmgr[3954]: <522301> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb6a55e00d998007c mac a4:4e:31:41:ac:ac name role Red_Private devtype wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8387 fwd-mode 0
    Apr 21 13:37:14 authmgr[3954]: <522303> <DBUG> |authmgr| Auth GSM : USER delete for mac a4:4e:31:41:ac:ac uuid 0xb6a55e00d998007c
    Apr 21 13:37:14 mdns[4088]: <527000> <DBUG> |mdns| ag_mdns_get_token_list_for_mac 639 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
    Apr 21 13:37:14 mdns[4088]: <527000> <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 344 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
    Apr 21 13:37:14 mdns[4088]: <527000> <DBUG> |mdns| mdns_client_purge 1133 Purge mdns client, mac=a4:4e:31:41:ac:ac, del_client = 1
    Apr 21 13:37:14 mdns[4088]: <527004> <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:a4:4e:31:41:ac:ac
    Apr 21 13:37:14 stm[3955]: <501000> <DBUG> |stm| Station a4:4e:31:41:ac:ac: Clearing state



  • 5.  RE: PSK user is not appearing in user_table

    EMPLOYEE
    Posted Apr 20, 2018 10:14 PM

    It says you are connecting to an SSID called "Red_Private" and getting a role of "Red_Private".

     

    Station Created Update MMS: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A

     

    User data downloaded to datapath, new Role=Red_Private

     

    You should check that configuration.  Feel free to open a TAC case here:  http://www.arubanetworks.com/support-services/contact-support/



  • 6.  RE: PSK user is not appearing in user_table

    Posted Apr 20, 2018 11:30 PM

    yah that is correct.. I tried to hide it but then it is too much work ..

     

    I will log a TAC case as same configuration on another site is working just fine. 

     

    on this site it dose not.