At first, thanks for the reply.
I tried the debug command.
I cannot see the re-authentication after session timeout 120s
I can only see many rad-acct-int-update at the end of debug log
Please advise if any of my mis-configuration or version not support.
=======
Version
=======
00:24:6c:cb:63:e2# show ver
Aruba Operating System Software.
ArubaOS (MODEL: 105), Version 6.3.1.2-4.0.0.4
Website:
http://www.arubanetworks.comCopyright (c) 2002-2014, Aruba Networks, Inc.
Compiled on 2014-02-20 at 22:26:29 PST (build 42384) by p4build
AP uptime is 20 minutes 37 seconds
Reboot Time and Cause: unknown
================
Radius return AVP
================
Code: Access-Challenge response
AVP: l=6 t=Session-Timeout(27): 120
================
AP debug log
================
After AP startup, I user a mobile phone connect to the AP
There is only rad-acct-int-update found at the end of the log
00:24:6c:cb:63:e2# show ap debug auth-trace-buf
Auth Trace Buffer
-----------------
Jan 1 00:02:38 station-up * 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - - wpa2 aes
Jan 1 00:02:38 eap-id-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 1 5
Jan 1 00:02:38 eap-id-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 1 10 david
Jan 1 00:02:38 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 1 202
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 1 86
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 2 22
Jan 1 00:02:40 eap-nak -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 2 6
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 2 216
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 2 70
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 3 6
Jan 1 00:02:40 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 3 208
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 3 418
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 3 1090
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 4 1024
Jan 1 00:02:40 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 4 6
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 4 216
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 4 1086
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 5 1020
Jan 1 00:02:40 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 5 6
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 5 216
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 5 594
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 6 532
Jan 1 00:02:40 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 6 144
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 6 354
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 6 123
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 7 65
Jan 1 00:02:40 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 7 6
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 7 216
Jan 1 00:02:40 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 7 101
Jan 1 00:02:40 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 8 43
Jan 1 00:02:40 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 8 80
Jan 1 00:02:40 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 8 290
Jan 1 00:02:41 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 8 117
Jan 1 00:02:41 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 9 59
Jan 1 00:02:41 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 9 144
Jan 1 00:02:41 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 9 354
Jan 1 00:02:41 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 9 149
Jan 1 00:02:41 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 10 91
Jan 1 00:02:41 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 10 80
Jan 1 00:02:41 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 10 290
Jan 1 00:02:41 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 10 101
Jan 1 00:02:41 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 11 43
Jan 1 00:02:41 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 11 80
Jan 1 00:02:41 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 11 290
Jan 1 00:02:41 rad-accept <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22/MYRADIUS 11 167
Jan 1 00:02:41 eap-success <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 11 4
Jan 1 00:02:41 wpa2-key1 <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - 117
Jan 1 00:02:41 wpa2-key2 -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - 117
Jan 1 00:02:41 wpa2-key3 <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - 151
Jan 1 00:02:41 wpa2-key4 -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - 95
Jan 1 00:02:43 rad-acct-start -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - -
Jan 1 00:02:47 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - -
Jan 1 00:03:48 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - -
Jan 1 00:04:26 rad-acct-stop -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:22 - -
Jan 1 00:04:26 station-up * 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - - wpa2 aes
Jan 1 00:04:26 eap-id-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 1 5
Jan 1 00:04:26 eap-id-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 1 10 david
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 16 202
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 16 86
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 2 22
Jan 1 00:04:26 eap-nak -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 2 6
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 17 216
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 17 70
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 3 6
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 3 208
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 18 418
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 18 1090
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 4 1024
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 4 6
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 19 216
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 19 1086
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 5 1020
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 5 6
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 20 216
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 20 594
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 6 532
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 6 144
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 21 354
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 21 123
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 7 65
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 7 6
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 22 216
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 22 101
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 8 43
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 8 80
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 23 290
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 23 117
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 9 59
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 9 144
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 24 354
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 24 149
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 10 91
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 10 80
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 25 290
Jan 1 00:04:26 rad-resp <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 25 101
Jan 1 00:04:26 eap-req <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 11 43
Jan 1 00:04:26 eap-resp -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 11 80
Jan 1 00:04:26 rad-req -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 26 290
Jan 1 00:04:26 rad-accept <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a/MYRADIUS 26 167
Jan 1 00:04:26 eap-success <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a 11 4
Jan 1 00:04:26 wpa2-key1 <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - 117
Jan 1 00:04:26 wpa2-key2 -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - 135
Jan 1 00:04:26 wpa2-key3 <- 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - 151
Jan 1 00:04:26 wpa2-key4 -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - 95
Jan 1 00:04:26 rad-acct-start -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:04:48 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:05:49 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:06:51 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:07:52 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:08:52 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:09:53 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:10:53 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:11:54 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:12:54 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:13:54 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:14:54 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:15:54 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:16:54 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:17:55 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:18:55 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:19:55 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:20:55 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
Jan 1 00:21:55 rad-acct-int-update -> 48:5a:3f:06:8b:cb
00:24:6c:36:3e:2a - -
==============
Configuration
==============
00:24:6c:cb:63:e2# show run
version 6.3.1.0-4.0.0
virtual-controller-country HK
virtual-controller-key
d243340901b07769aa5c6e1bbb34226f9852b913f950884c2a
name Instant-CB:63:E2
terminal-access
clock timezone none 00 00
rf-band all
allow-new-aps
allowed-ap 00:24:6c:cb:63:e2
arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
mgmt-user admin 2e96ab7b029f698668a4fc7c790ca17b
wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit
wlan access-rule wired-instant
index 1
rule 10.166.20.238 255.255.255.255 match tcp 80 80 permit
rule 10.166.20.238 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan access-rule MYINSTANT
index 2
rule any any match any any any permit
wlan access-rule MYGUEST
index 3
rule any any match any any any permit
wlan ssid-profile MYINSTANT
enable
index 0
type employee
essid MYINSTANT
opmode wpa2-aes
max-authentication-failures 0
auth-server MYRADIUS
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
radius-reauth-interval 60
radius-accounting
radius-interim-accounting-interval 1
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile MYGUEST
enable
index 1
type guest
essid MYGUEST
opmode opensystem
max-authentication-failures 10
vlan guest
auth-server MYRADIUS
rf-band all
captive-portal internal
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
radius-reauth-interval 15
radius-accounting
radius-interim-accounting-interval 1
blacklist
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan auth-server MYRADIUS
ip 10.166.19.238
port 1812
acctport 1813
deadtime 1
key fc502016b2032e1d04699b5cfad9b69627ea139db33df707
nas-ip 10.166.18.158
nas-id MYINSTANT
rfc3576
cppm-rfc3576-port 5999
wlan captive-portal
background-color 13421772
banner-color 16750848
banner-text "Welcome to Guest Network"
terms-of-use "This network is not secure, and use is at your own risk"
use-policy "Please read terms and conditions before using Guest
Network"
authenticated
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https
blacklist-time 3600
auth-failure-blacklist-time 3600
ids
wireless-containment none
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
airgroupservice airprint
disable
description AirPrint
Confidential Communication - This e-mail (including any attachments) is confidential and may be
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the
information in it.