Wireless Access

Reply
Occasional Contributor II

PSK user is not appearing in user_table

Hi,

 

I have configured WPA2-AES PSK

wlan ssid-profile Private

   essid Home

   opmode wpa2-psk-aes

   wmm

   wmm-vo-dscp "8"

   wmm-vi-dscp "8"

   wmm-be-dscp "8"

   wmm-bk-dscp "8"

   wpa-passphrase "Student"

   ssid-enable

ip access-list session Private

user any udp 68  deny

  any any svc-dhcp  permit

  user   alias Private_IPs any  deny

  user   alias Internet_DNS_Servers svc-dns  permit

  user any svc-ike  permit

  user any svc-natt  permit

  user any svc-esp  permit

  user any svc-http  permit

  user any svc-https  permit

  any any svc-ftp  permit

 

user-role Private

 

 vlan 39

 access-list session global-sacl

 access-list session apprf-Private-sacl

 access-list session Private

 access-list session denyall_log

 

aaa profile "Private"

   initial-role "Private"

   authentication-dot1x "Private"

 

wlan virtual-ap "Private"

   aaa-profile "Private"

   ssid-profile "Private"

   vlan 39

   allowed-band g

   broadcast-filter all

   broadcast-filter arp

   deny-inter-user-traffic

   

Laptop authenticate fine and gets and IP address but on the controller shows client only in station-table and authentication NO.

 

Client does not move to user-table or it doese not show IP addresess on the GUI. 

 

However, Controller log shows client get and IP address and it authenticated. 

 

Any idea what could be the reason. 

 

Client can't pass any traffic but I think beacuse it is not showing in user table so controller don't know where to send the traffic. 

Guru Elite

Re: PSK user is not appearing in user_table

 user   alias Private_IPs any  deny

  user   alias Internet_DNS_Servers svc-dns  permit

 

If your DNS server is in your private range, you are denying access to it.  Change the order of the rules above.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: PSK user is not appearing in user_table

My DNS server is google DNS. 

 

issue is controller is not seeting user get an IP address or authenticated so it is not adding the user in user table. 

Occasional Contributor II

Re: PSK user is not appearing in user_table

some debug logs

 

Apr 21 13:35:52 authmgr[3954]: <522035> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac Station UP: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
Apr 21 13:35:52 authmgr[3954]: <522036> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac Station DN: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
Apr 21 13:35:52 authmgr[3954]: <522049> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac,IP=N/A User role updated, existing Role=logon/none, new Role=Red_Private/none, reason=Set AAA profile defaults
Apr 21 13:35:52 authmgr[3954]: <522050> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac,IP=N/A User data downloaded to datapath, new Role=Red_Private/85, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
Apr 21 13:35:52 authmgr[3954]: <522077> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac ingress 0x0x1015f (tunnel 351), u_encr 32, m_encr 32, slotport 0x0x20c3 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Apr 21 13:35:52 authmgr[3954]: <522127> <DBUG> |authmgr| {L2} Update role from logon to Red_Private for IP=N/A, MAC=a4:4e:31:41:ac:ac.
Apr 21 13:35:52 authmgr[3954]: <522142> <DBUG> |authmgr| Setting default role to Red_Private for user a4:4e:31:41:ac:ac".
Apr 21 13:35:52 authmgr[3954]: <522158> <DBUG> |authmgr| Role Derivation for user N/A-a4:4e:31:41:ac:ac- N/A Set AAA profile defaults.
Apr 21 13:35:52 authmgr[3954]: <522234> <DBUG> |authmgr| Setting idle timer for user a4:4e:31:41:ac:ac to 300 seconds (idle timeout: 300 ageout: 0).
Apr 21 13:35:52 authmgr[3954]: <522242> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac Station Created Update MMS: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
Apr 21 13:35:52 authmgr[3954]: <522244> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac Station Deleted Update MMS
Apr 21 13:35:52 authmgr[3954]: <522246> <DBUG> |authmgr| Idle timeout should be driven by STM for MAC a4:4e:31:41:ac:ac.
Apr 21 13:35:52 authmgr[3954]: <522253> <DBUG> |authmgr| VDR - mac a4:4e:31:41:ac:ac derivation_type Initial Role Contained derived vlan 2039.
Apr 21 13:35:52 authmgr[3954]: <522254> <DBUG> |authmgr| VDR - mac a4:4e:31:41:ac:ac rolename Red_Private fwdmode 0 derivation_type Initial Role Contained vp not present.
Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Current VLAN updated.
Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Current VLAN updated.
Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Default VLAN.
Apr 21 13:35:52 authmgr[3954]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for a4:4e:31:41:ac:ac vlan 2039 fwdmode 0 derivation_type Initial Role Contained.
Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 0 derivation_type Reset VLANs for Station up index 0.
Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Current VLAN updated index 2.
Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Current VLAN updated index 4.
Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Default VLAN index 1.
Apr 21 13:35:52 authmgr[3954]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user a4:4e:31:41:ac:ac vlan 2039 derivation_type Initial Role Contained index 3.
Apr 21 13:35:52 authmgr[3954]: <522260> <DBUG> |authmgr| "VDR - Cur VLAN updated a4:4e:31:41:ac:ac mob 0 inform 1 remote 0 wired 0 defvlan 2039 exportedvlan 0 curvlan 2039.
Apr 21 13:35:52 authmgr[3954]: <522264> <DBUG> |authmgr| "MAC:a4:4e:31:41:ac:ac: Allocating UUID: 0xb6a55e00d998007c
Apr 21 13:35:52 authmgr[3954]: <522287> <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac a4:4e:31:41:ac:ac bssid ac:a3:1e:88:5e:e2 vlan 2039 type 1 data-ready 0
Apr 21 13:35:52 authmgr[3954]: <522290> <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac a4:4e:31:41:ac:ac
Apr 21 13:35:52 authmgr[3954]: <522295> <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user a4:4e:31:41:ac:ac
Apr 21 13:35:52 authmgr[3954]: <522296> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user a4:4e:31:41:ac:ac age 0 deauth_reason 13
Apr 21 13:35:52 authmgr[3954]: <522301> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb6a51c00d998007b mac a4:4e:31:41:ac:ac name role Red_Private devtype wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8387 fwd-mode 0
Apr 21 13:35:52 authmgr[3954]: <522301> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb6a55e00d998007c mac a4:4e:31:41:ac:ac name role Red_Private devtype wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8387 fwd-mode 0
Apr 21 13:35:52 authmgr[3954]: <522303> <DBUG> |authmgr| Auth GSM : USER delete for mac a4:4e:31:41:ac:ac uuid 0xb6a51c00d998007b
Apr 21 13:35:52 authmgr[3954]: <524124> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:a4:4e:31:41:ac:ac, pmkid_present:False, pmkid:N/A
Apr 21 13:35:52 authmgr[3954]: <524141> <DBUG> |authmgr| clr_pmkcache_ft():987: MAC:a4:4e:31:41:ac:ac BSS:ac:a3:1e:88:5e:e2
Apr 21 13:35:52 dhcpdwrap[3993]: <202527> <DBUG> |dhcpdwrap| |dhcp| RelayToClient: OFFER dest=10.227.49.13 client yiaddr=10.227.49.13 MAC=a4:4e:31:41:ac:ac
Apr 21 13:35:52 dhcpdwrap[3993]: <202533> <DBUG> |dhcpdwrap| |dhcp| Relayed: DISCOVER server=10.233.147.170 giaddr=10.227.49.2 MAC=a4:4e:31:41:ac:ac
Apr 21 13:35:52 dhcpdwrap[3993]: <202533> <DBUG> |dhcpdwrap| |dhcp| Relayed: DISCOVER server=10.234.211.170 giaddr=10.227.49.2 MAC=a4:4e:31:41:ac:ac
Apr 21 13:35:52 dhcpdwrap[3993]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan13: REQUEST a4:4e:31:41:ac:ac Transaction ID:0x3657772b reqIP=10.227.49.13 Options 3d:01a44e3141acac 0c:6e696c61792d5448494e4b 51:0000006e696c61792d5448494e4b 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
Apr 21 13:35:52 dhcpdwrap[3993]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan13: REQUEST a4:4e:31:41:ac:ac Transaction ID:0x3657772b reqIP=10.227.49.13 Options 3d:01a44e3141acac 0c:6e696c61792d5448494e4b 51:0000006e696c61792d5448494e4b 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
Apr 21 13:35:52 dhcpdwrap[3993]: <202536> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2039: REQUEST a4:4e:31:41:ac:ac Transaction ID:0x3657772b reqIP=10.227.49.13 Options 3d:01a44e3141acac 0c:6e696c61792d5448494e4b 51:0000006e696c61792d5448494e4b 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
Apr 21 13:35:52 dhcpdwrap[3993]: <202541> <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x1015f vlan 2039 egress 0x7f7 src mac a4:4e:31:41:ac:ac
Apr 21 13:35:52 dhcpdwrap[3993]: <202544> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan13: ACK a4:4e:31:41:ac:ac Transaction ID:0x3657772b clientIP=10.227.49.13
Apr 21 13:35:52 dhcpdwrap[3993]: <202544> <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2039: ACK a4:4e:31:41:ac:ac Transaction ID:0x3657772b clientIP=10.227.49.13
Apr 21 13:35:52 mdns[4088]: <527000> <DBUG> |mdns| ag_mdns_get_token_list_for_mac 639 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
Apr 21 13:35:52 mdns[4088]: <527000> <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 344 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
Apr 21 13:35:52 mdns[4088]: <527000> <DBUG> |mdns| mdns_client_purge 1133 Purge mdns client, mac=a4:4e:31:41:ac:ac, del_client = 1
Apr 21 13:35:52 mdns[4088]: <527004> <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:a4:4e:31:41:ac:ac
Apr 21 13:35:52 stm[1058]: <501093> <NOTI> |AP WPLWNB-AP09A@10.227.146.92 stm| Auth success: a4:4e:31:41:ac:ac: AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
Apr 21 13:35:52 stm[1058]: <501095> <NOTI> |AP WPLWNB-AP09A@10.227.146.92 stm| Assoc request @ 13:35:52.478247: a4:4e:31:41:ac:ac (SN 207): AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
Apr 21 13:35:52 stm[1058]: <501100> <NOTI> |AP WPLWNB-AP09A@10.227.146.92 stm| Assoc success @ 13:35:52.479965: a4:4e:31:41:ac:ac: AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
Apr 21 13:35:52 stm[3955]: <501000> <DBUG> |stm| Station a4:4e:31:41:ac:ac: Clearing state
Apr 21 13:35:52 stm[3955]: <501100> <NOTI> |stm| Assoc success @ 13:35:52.507346: a4:4e:31:41:ac:ac: AP 10.227.146.92-ac:a3:1e:88:5e:e2-WPLWNB-AP09A
Apr 21 13:35:52 stm[3955]: <501211> <NOTI> |stm| stm_sta_assign_vlan 16959: VLAN: sta a4:4e:31:41:ac:ac, STM assigns MAC based vlan_id 2039
Apr 21 13:37:14 authmgr[3954]: <522036> <INFO> |authmgr| MAC=a4:4e:31:41:ac:ac Station DN: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A
Apr 21 13:37:14 authmgr[3954]: <522234> <DBUG> |authmgr| Setting idle timer for user a4:4e:31:41:ac:ac to 300 seconds (idle timeout: 300 ageout: 0).
Apr 21 13:37:14 authmgr[3954]: <522244> <DBUG> |authmgr| MAC=a4:4e:31:41:ac:ac Station Deleted Update MMS
Apr 21 13:37:14 authmgr[3954]: <522290> <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac a4:4e:31:41:ac:ac
Apr 21 13:37:14 authmgr[3954]: <522296> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user a4:4e:31:41:ac:ac age 0 deauth_reason 27
Apr 21 13:37:14 authmgr[3954]: <522301> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb6a55e00d998007c mac a4:4e:31:41:ac:ac name role Red_Private devtype wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8387 fwd-mode 0
Apr 21 13:37:14 authmgr[3954]: <522303> <DBUG> |authmgr| Auth GSM : USER delete for mac a4:4e:31:41:ac:ac uuid 0xb6a55e00d998007c
Apr 21 13:37:14 mdns[4088]: <527000> <DBUG> |mdns| ag_mdns_get_token_list_for_mac 639 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
Apr 21 13:37:14 mdns[4088]: <527000> <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 344 AirGroup user doesn't exist: mac=a4:4e:31:41:ac:ac
Apr 21 13:37:14 mdns[4088]: <527000> <DBUG> |mdns| mdns_client_purge 1133 Purge mdns client, mac=a4:4e:31:41:ac:ac, del_client = 1
Apr 21 13:37:14 mdns[4088]: <527004> <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:a4:4e:31:41:ac:ac
Apr 21 13:37:14 stm[3955]: <501000> <DBUG> |stm| Station a4:4e:31:41:ac:ac: Clearing state

Guru Elite

Re: PSK user is not appearing in user_table

It says you are connecting to an SSID called "Red_Private" and getting a role of "Red_Private".

 

Station Created Update MMS: BSSID=ac:a3:1e:88:5e:e2 ESSID=Red_Private VLAN=2039 AP-name=WPLWNB-AP09A

 

User data downloaded to datapath, new Role=Red_Private

 

You should check that configuration.  Feel free to open a TAC case here:  http://www.arubanetworks.com/support-services/contact-support/


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: PSK user is not appearing in user_table

yah that is correct.. I tried to hide it but then it is too much work ..

 

I will log a TAC case as same configuration on another site is working just fine. 

 

on this site it dose not. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: