Wireless Access

last person joined: yesterday

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.

Back to discussions

Expand all | Collapse all

Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

Jump to Best Answer

This thread has been viewed 0 times

1. Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 06:36 AM

Reply Reply Privately
Hi all, I have upgraded our two A3400 to the latest OS6. We broadcast both a local bridged SSID (which works) and a tunneled SSID back to our office. This uses WPA2 Enterprise and the internal AAA database.

I can see the SSID but I just cannot connect to it. Any ideas?
2. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 06:40 AM

Reply Reply Privately
Turn on user debugging and see why...
3. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 06:45 AM

Reply Reply Privately
Is it from the CLI as I can only find AP debugging option?
4. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 06:46 AM

Reply Reply Privately
cli:

config t

logging level debugging user

After your user tries to connect, execute:

show log user 50
5. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 07:01 AM

Reply Reply Privately
How can I clear the logs and try again as it appears to be full of activity from another AP in another site. Can't see anything from my own laptop. THanks.
6. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 07:03 AM

Reply Reply Privately
@m0bov wrote:

How can I clear the logs and try again as it appears to be full of activity from another AP in another site. Can't see anything from my own laptop. THanks.

Okay. turn it off:

config t

logging level warning user

Then turn it on for JUST your mac address:

config t

logging level debug user-debug <your mac address>

Then, look at the debug for your mac:

show log user-debug 50
7. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 07:18 AM

Reply Reply Privately
6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501095: <NOTI> |stm| Assoc request @ 11:45:47.440174: 18:87:96:63:99:4a (SN 3419): AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501095: <NOTI> |AP nonsuch923@12.12.12.159 stm| Assoc request @ 11:45:47.387981: 18:87:96:63:99:4a (SN 3419): AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501100: <NOTI> |AP nonsuch923@12.12.12.159 stm| Assoc success @ 11:45:47.389091: 18:87:96:63:99:4a: AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501065: <DBUG> |stm| Client 18:87:96:63:99:4a moved from AP nonsuch912 to AP nonsuch923
Apr 12 11:45:47 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 11:45:47 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Received disassociation on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name nonsuch912 Group Nonsuch_APG BSSID 6c:f3:7f:49:75:91, phy g, VLAN 11
Apr 12 11:45:47 :500010: <NOTI> |mobileip| Station 18:87:96:63:99:4a, 255.255.255.255: Mobility trail, on switch 10.254.12.3, VLAN 11, AP nonsuch912, MIST/6c:f3:7f:49:75:91/g
Apr 12 11:45:47 :522036: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station DN: BSSID=6c:f3:7f:49:75:91 ESSID=MIST VLAN=11 AP-name=nonsuch912
Apr 12 11:45:47 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a ingress 0x13c3 (tunnel 835), u_encr 64, m_encr 64, slotport 0x1041 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 11:45:47 :522004: <DBUG> |authmgr| station free: bssid=6c:f3:7f:49:75:91, @=0x10ad994c
Apr 12 11:45:47 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a Send Station delete message to mobility
Apr 12 11:45:47 :501080: <NOTI> |stm| Deauth to sta: 18:87:96:63:99:4a: Ageout AP 12.12.12.147-6c:f3:7f:49:75:91-nonsuch912 STA has left and is deauthenticated
Apr 12 11:45:47 :501100: <NOTI> |stm| Assoc success @ 11:45:47.449869: 18:87:96:63:99:4a: AP 12.12.12.159-6c:f3:7f:49:75:61-nonsuch923
Apr 12 11:45:47 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 11:45:47 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Received association on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name nonsuch923 Group Nonsuch_APG BSSID 6c:f3:7f:49:75:61, phy g, VLAN 11
Apr 12 11:45:47 :500010: <NOTI> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Mobility trail, on switch 10.254.12.3, VLAN 11, AP nonsuch923, MIST/6c:f3:7f:49:75:61/g
Apr 12 11:45:47 :522035: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station UP: BSSID=6c:f3:7f:49:75:61 ESSID=MIST VLAN=11 AP-name=nonsuch923
Apr 12 11:45:47 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a ingress 0x12cd (tunnel 589), u_encr 64, m_encr 64, slotport 0x1041 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 11:45:47 :501105: <NOTI> |AP nonsuch912@12.12.12.147 stm| Deauth from sta: 18:87:96:63:99:4a: AP 12.12.12.147-6c:f3:7f:49:75:91-nonsuch912 Reason STA has left and is deauthenticated
Apr 12 11:45:47 :501000: <DBUG> |AP nonsuch912@12.12.12.147 stm| Station 18:87:96:63:99:4a: Clearing state
Apr 12 11:45:51 :501109: <NOTI> |AP grange4011@12.12.12.220 stm| Auth request: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011 auth_alg 0
Apr 12 11:45:51 :501095: <NOTI> |stm| Assoc request @ 11:45:51.281474: 7c:11:be:7f:2d:25 (SN 2146): AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501100: <NOTI> |stm| Assoc success @ 11:45:51.284691: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501065: <DBUG> |stm| Sending STA 7c:11:be:7f:2d:25 message to Auth and Mobility Unicast Encr WPA2 PSK AES Multicast Encr WPA2 PSK AES VLAN 0x1, wmm:0, rsn_cap:c
Apr 12 11:45:51 :500511: <DBUG> |mobileip| Station 7c:11:be:7f:2d:25, 0.0.0.0: Received association on ESSID: grangec Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name grange4011 Group Grange_APG BSSID 00:24:6c:17:2a:a0, phy g, VLAN 1
Apr 12 11:45:51 :522035: <INFO> |authmgr| MAC=7c:11:be:7f:2d:25 Station UP: BSSID=00:24:6c:17:2a:a0 ESSID=grangec VLAN=1 AP-name=grange4011
Apr 12 11:45:51 :500010: <NOTI> |mobileip| Station 7c:11:be:7f:2d:25, 0.0.0.0: Mobility trail, on switch 10.254.12.3, VLAN 1, AP grange4011, grangec/00:24:6c:17:2a:a0/g
Apr 12 11:45:51 :522004: <DBUG> |authmgr| MAC=7c:11:be:7f:2d:25 ingress 0x0 (vlan 0), u_encr 32, m_encr 32, slotport 0x1041 , type: remote, FW mode: 1, AP IP: 12.12.12.220
Apr 12 11:45:51 :522004: <DBUG> |authmgr| no users to cleanup
Apr 12 11:45:51 :501093: <NOTI> |AP grange4011@12.12.12.220 stm| Auth success: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501095: <NOTI> |AP grange4011@12.12.12.220 stm| Assoc request @ 11:45:50.939554: 7c:11:be:7f:2d:25 (SN 2146): AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:51 :501100: <NOTI> |AP grange4011@12.12.12.220 stm| Assoc success @ 11:45:50.944566: 7c:11:be:7f:2d:25: AP 12.12.12.220-00:24:6c:17:2a:a0-grange4011
Apr 12 11:45:53 :522004: <DBUG> |authmgr| wireless:0 dotx:0, keytype:9(static-wpa2-aes)
Apr 12 11:45:53 :522004: <DBUG> |authmgr| DeviceType Classification is set in aaa-profile
Apr 12 11:45:53 :522004: <DBUG> |authmgr| DeviceType from cache: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari
Apr 12 11:52:19 KERNEL(nonsuch913@10.64.153.6): RESTARTING ALL TX
(Aruba3400_HAMASTER) (config) #

My laptop is 08:11:96:d9:1a:64 but the AP should be 1.1.1. The Nonsuch APs are in a school which should be locked up. MIST is my global SSID.
8. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 07:19 AM

Reply Reply Privately
The command i used is below

(Aruba3400_HAMASTER) (config) #logging level debugging user-debug 08:11:96:D9:1A:64
9. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 09:13 AM

Reply Reply Privately
Ok here we go, this is an accurate event log:-

login as: admin
admin@10.254.12.6's password:
Last login: Fri Apr 12 12:08:57 2013 from 10.254.11.34

NOTICE
NOTICE -- This switch has active licenses that will expire in 26 days
NOTICE
NOTICE -- See 'show license' for details.
NOTICE
(HA_SLAVE) >en
Password:******
(HA_SLAVE) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(HA_SLAVE) (config) #logging level debugging use
(HA_SLAVE) (config) #logging level debugging user
(HA_SLAVE) (config) #logging level debugging ?
ap-debug                Debug an AP
network                 Network logs
security                Security logs
system                  System logs
user                    User logs
user-debug              Debug a User
wireless                Wireless logs
(HA_SLAVE) (config) #logging level debugging
% Incomplete command.
(HA_SLAVE) (config) #show log user 50
Apr 12 13:13:21 :501080: <NOTI> |stm| Deauth to sta: 18:87:96:63:99:4a: Ageout AP 10.254.11.52-00:0b:86:34:05:70-Annexe1.1.2_TechDesk STA has left and is deauthenticated
Apr 12 13:13:21 :501100: <NOTI> |stm| Assoc success @ 13:13:21.463963: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 13:13:21 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 13:13:21 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Received association on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name Annexe1.1.1 Group Annexe_APG BSSID d8:c7:c8:a7:e0:b0, phy g, VLAN 11
Apr 12 13:13:21 :500010: <NOTI> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Mobility trail, on switch 10.254.12.6, VLAN 11, AP Annexe1.1.1, MIST/d8:c7:c8:a7:e0:b0/g
Apr 12 13:13:21 :522036: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station DN: BSSID=00:0b:86:34:05:70 ESSID=MIST VLAN=11 AP-name=Annexe1.1.2_TechDesk
Apr 12 13:13:21 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a ingress 0x10b3 (tunnel 51), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
10. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 09:13 AM

Reply Reply Privately
Apr 12 13:13:21 :522004: <DBUG> |authmgr| station free: bssid=00:0b:86:34:05:70, @=0x1094ebf4
Apr 12 13:13:21 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a Send Station delete message to mobility
Apr 12 13:13:21 :522035: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station UP: BSSID=d8:c7:c8:a7:e0:b0 ESSID=MIST VLAN=11 AP-name=Annexe1.1.1
Apr 12 13:13:21 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a ingress 0x1190 (tunnel 272), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 13:13:21 :522004: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0, default_role:logon pDefRole:0x10841404
Apr 12 13:13:21 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:18:87:96:63:99:4a, pmkid_present:True, pmkid:e9 a7 f7 91 0d 78 08 23 7e 3f fe e8 27 1f d8 b1
Apr 12 13:13:21 :501105: <NOTI> |AP Annexe1.1.2_TechDesk@10.254.11.52 stm| Deauth from sta: 18:87:96:63:99:4a: AP 10.254.11.52-00:0b:86:34:05:70-Annexe1.1.2_TechDesk Reason STA has left and is deauthenticated
Apr 12 13:13:21 :501000: <DBUG> |AP Annexe1.1.2_TechDesk@10.254.11.52 stm| Station 18:87:96:63:99:4a: Clearing state
Apr 12 13:13:26 :522011: <INFO> |authmgr| MAC=00:00:00:00:00:00 IP=10.64.43.25 User idle timeout ignored: reason=internal user
Apr 12 13:13:31 :501102: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Disassoc from sta: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1 Reason STA has left and is disassociated
Apr 12 13:13:32 :501105: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Deauth from sta: 08:11:96:d9:1a:64: AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1 Reason Unspecified Failure
Apr 12 13:13:32 :501065: <DBUG> |AP Annexe1.1.1@10.254.11.223 stm| handle_deauth 4217: bssid d8:c7:c8:a7:e0:b8 dos_prev enabled, ignore deauth from sta 08:11:96:d9:1a:64
Apr 12 13:13:33 :501109: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Auth request: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1 auth_alg 0
Apr 12 13:13:33 :501065: <DBUG> |AP Annexe1.1.1@10.254.11.223 stm| remove_stale_sta 1748: client 18:87:96:63:99:4a not in stale hash table
Apr 12 13:13:33 :501093: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Auth success: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 13:13:33 :501095: <NOTI> |stm| Assoc request @ 13:13:33.165126: 18:87:96:63:99:4a (SN 1369): AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 13:13:33 :501095: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Assoc request @ 13:13:33.157878: 18:87:96:63:99:4a (SN 1369): AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 13:13:33 :501100: <NOTI> |stm| Assoc success @ 13:13:33.166452: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 13:13:33 :501100: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Assoc success @ 13:13:33.158834: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 13:13:33 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 13:13:33 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Received association on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name Annexe1.1.1 Group Annexe_APG BSSID d8:c7:c8:a7:e0:b0, phy g, VLAN 11
Apr 12 13:13:33 :522035: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station UP: BSSID=d8:c7:c8:a7:e0:b0 ESSID=MIST VLAN=11 AP-name=Annexe1.1.1
Apr 12 13:13:33 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a ingress 0x1190 (tunnel 272), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 13:13:33 :522004: <DBUG> |authmgr| MAC=18:87:96:63:99:4a, wired: 0, vlan:11 ingress:0x1190 (tunnel 272), ingress:0x1190 new_aaa_prof: GlobalMIST_AAA, stored profile: GlobalMIST_AAA stored wired: 0 stored essid: MIST, stored-ingress: 0x1190
Apr 12 13:13:33 :522004: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0, default_role:logon pDefRole:0x10841404
Apr 12 13:13:33 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:18:87:96:63:99:4a, pmkid_present:True, pmkid:e9 a7 f7 91 0d 78 08 23 7e 3f fe e8 27 1f d8 b1
Apr 12 13:13:36 :501109: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Auth request: 08:11:96:d9:1a:64: AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1 auth_alg 0
Apr 12 13:13:36 :501065: <DBUG> |AP Annexe1.1.1@10.254.11.223 stm| remove_stale_sta 1748: client 08:11:96:d9:1a:64 not in stale hash table
Apr 12 13:13:36 :501093: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Auth success: 08:11:96:d9:1a:64: AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1
Apr 12 13:13:36 :501095: <NOTI> |stm| Assoc request @ 13:13:36.260069: 08:11:96:d9:1a:64 (SN 3701): AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1
Apr 12 13:13:36 :501095: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Assoc request @ 13:13:36.252808: 08:11:96:d9:1a:64 (SN 3701): AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1
Apr 12 13:13:36 :501100: <NOTI> |stm| Assoc success @ 13:13:36.261007: 08:11:96:d9:1a:64: AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1
Apr 12 13:13:36 :501100: <NOTI> |AP Annexe1.1.1@10.254.11.223 stm| Assoc success @ 13:13:36.253658: 08:11:96:d9:1a:64: AP 10.254.11.223-d8:c7:c8:a7:e0:b8-Annexe1.1.1
Apr 12 13:13:36 :501065: <DBUG> |stm| Sending STA 08:11:96:d9:1a:64 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:3c
Apr 12 13:13:36 :500511: <DBUG> |mobileip| Station 08:11:96:d9:1a:64, 0.0.0.0: Received association on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name Annexe1.1.1 Group Annexe_APG BSSID d8:c7:c8:a7:e0:b8, phy a, VLAN 11
Apr 12 13:13:36 :522035: <INFO> |authmgr| MAC=08:11:96:d9:1a:64 Station UP: BSSID=d8:c7:c8:a7:e0:b8 ESSID=MIST VLAN=11 AP-name=Annexe1.1.1
Apr 12 13:13:36 :522004: <DBUG> |authmgr| MAC=08:11:96:d9:1a:64 ingress 0x1162 (tunnel 226), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Apr 12 13:13:36 :522004: <DBUG> |authmgr| MAC=08:11:96:d9:1a:64, wired: 0, vlan:11 ingress:0x1162 (tunnel 226), ingress:0x1162 new_aaa_prof: GlobalMIST_AAA, stored profile: GlobalMIST_AAA stored wired: 0 stored essid: MIST, stored-ingress: 0x1162
Apr 12 13:13:36 :522004: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0, default_role:logon pDefRole:0x10841404
Apr 12 13:13:36 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:08:11:96:d9:1a:64, pmkid_present:False, pmkid:N/A
Apr 12 13:13:36 :501114: <NOTI> |stm| Deauth from sta: e4:11:5b:93:11:f2: AP 10.10.12.154-00:0b:86:3d:c7:b0-Beddington16.1.3 Reason 255
Apr 12 13:13:36 :501065: <DBUG> |stm| handle_group_ageout_sta 8136: Send group ageout ack back to AP (10.64.61.7)
Apr 12 13:13:36 :501065: <DBUG> |AP Beddington16.1.3@10.10.12.154stm| group_resend_ageout_sta 8196: Resend ageout of client e4:11:5b:93:11:f2 to sw STM
(HA_SLAVE) (config) #
11. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 09:14 AM

Reply Reply Privately
Annexe is the AP next to me.
12. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 09:18 AM

Reply Reply Privately
You need to do this:

config t

logging level debug user-debug 18:87:96:63:99:4a

Then

show log user-debug 50

The logs you are showing have all clients, you need to show the logs from user-debug
13. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 09:19 AM

Reply Reply Privately
Is the client supposed to be on VLAN 11?
14. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 10:18 AM

Reply Reply Privately
Hi yes, the VLAN for our office is 11. The access point is showing as up and the local break out is working ok.

Local breakout uses WAP2 PSK, tunnel (MIST) uses WPA2 AES Enteprise.
15. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 10:21 AM

Reply Reply Privately
(HA_SLAVE) (config) #logging level debugging user-debug 18:87:96:63:99:4a

(HA_SLAVE) (config) #show log user-debug 50
(HA_SLAVE) (config) #show log user-debug 50
Apr 12 14:21:52 :501095: <NOTI> |stm| Assoc request @ 14:21:52.955119: 18:87:96:63:99:4a (SN 2217): AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 14:21:52 :501100: <NOTI> |stm| Assoc success @ 14:21:52.956122: 18:87:96:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 14:21:52 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0xb, wmm:1, rsn_cap:0
Apr 12 14:21:52 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0: Received association on ESSID: MIST Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name Annexe1.1.1 Group Annexe_APG BSSID d8:c7:c8:a7:e0:b0, phy g, VLAN 11
Apr 12 14:21:52 :522035: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station UP: BSSID=d8:c7:c8:a7:e0:b0 ESSID=MIST VLAN=11 AP-name=Annexe1.1.1
Apr 12 14:21:52 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:18:87:96:63:99:4a, pmkid_present:True, pmkid:e9 a7 f7 91 0d 78 08 23 7e 3f fe e8 27 1f d8 b1
(HA_SLAVE) (config) #
(HA_SLAVE) (config) #Apr 12 14:21:52 :501095: <NOTI> |stm| Assoc request @ 14:21:52.955119: 18:87:96:63:99:4a (SN 2217): AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
16. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 10:22 AM

Reply Reply Privately
Apr 12 14:22:39 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:18:87:96:                                                                             63:99:4a, pmkid_present:True, pmkid:e9 a7 f7 91 0d 78 08 23 7e 3f fe e8 27 1f d8                                                                              b1
Apr 12 14:22:51 :501095: <NOTI> |stm| Assoc request @ 14:22:51.422936: 18:87:9                                                                             6:63:99:4a (SN 2632): AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 14:22:51 :501100: <NOTI> |stm| Assoc success @ 14:22:51.424239: 18:87:9                                                                             6:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 14:22:51 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to                                                                              Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLA                                                                             N 0xb, wmm:1, rsn_cap:0
Apr 12 14:22:51 :522035: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station UP: BS                                                                             SID=d8:c7:c8:a7:e0:b0 ESSID=MIST VLAN=11 AP-name=Annexe1.1.1
Apr 12 14:22:51 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:18:87:96:                                                                             63:99:4a, pmkid_present:True, pmkid:e9 a7 f7 91 0d 78 08 23 7e 3f fe e8 27 1f d8                                                                              b1
Apr 12 14:22:51 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0:                                                                              Received association on ESSID: MIST Mobility service ON, HA Discovery on Associ                                                                             ation Off, Fastroaming Disabled, AP: Name Annexe1.1.1 Group Annexe_APG BSSID d8:                                                                             c7:c8:a7:e0:b0, phy g, VLAN 11
Apr 12 14:23:03 :501095: <NOTI> |stm| Assoc request @ 14:23:03.187711: 18:87:9                                                                             6:63:99:4a (SN 2718): AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 14:23:03 :501100: <NOTI> |stm| Assoc success @ 14:23:03.188973: 18:87:9                                                                             6:63:99:4a: AP 10.254.11.223-d8:c7:c8:a7:e0:b0-Annexe1.1.1
Apr 12 14:23:03 :501065: <DBUG> |stm| Sending STA 18:87:96:63:99:4a message to                                                                              Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLA                                                                             N 0xb, wmm:1, rsn_cap:0
Apr 12 14:23:03 :500511: <DBUG> |mobileip| Station 18:87:96:63:99:4a, 0.0.0.0:                                                                              Received association on ESSID: MIST Mobility service ON, HA Discovery on Associ                                                                             ation Off, Fastroaming Disabled, AP: Name Annexe1.1.1 Group Annexe_APG BSSID d8:                                                                             c7:c8:a7:e0:b0, phy g, VLAN 11
Apr 12 14:23:03 :522035: <INFO> |authmgr| MAC=18:87:96:63:99:4a Station UP: BS                                                                             SID=d8:c7:c8:a7:e0:b0 ESSID=MIST VLAN=11 AP-name=Annexe1.1.1
Apr 12 14:23:03 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:18:87:96:                                                                             63:99:4a, pmkid_present:True, pmkid:e9 a7 f7 91 0d 78 08 23 7e 3f fe e8 27 1f d8                                                                              b1
(HA_SLAVE) (config) #
17. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 10:24 AM

Reply Reply Privately
What is the output of "show auth-tracebuf"?
18. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 10:33 AM

Reply Reply Privately
(HA_SLAVE) (config) #
(HA_SLAVE) (config) #show auth-tracebuf
Warning: user-debug is enabled on one or more specific MAC addresses;
                                                                     only those MAC addresses appear in the trace buffer.
Auth Trace Buffer
-----------------

Apr 12 13:09:57 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:09:59 station-down           * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -
Apr 12 13:10:02 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 13:10:02 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:02 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:02 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:06 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:06 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:11 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:11 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:20 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 13:10:20 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:20 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:20 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:25 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:25 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:30 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:30 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:49 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 13:10:49 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:49 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:49 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:54 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:54 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:10:59 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:10:59 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:11:08 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 13:11:08 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:11:08 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:11:08 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:11:13 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:11:13 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:11:18 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:11:18 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:16 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 13:13:16 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:16 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:13:16 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:21 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:13:21 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:26 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:13:26 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:35 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 13:13:35 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:35 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:13:35 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:40 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:13:40 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:13:45 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 13:13:45 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 13:18:00 station-down           * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -
Apr 12 13:20:15 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b9                   -   -    wpa2 psk aes
Apr 12 13:20:15 station-data-ready     * 08:11:96:d9:1a:64 00:00:00:00:00:00                   11 -
Apr 12 13:20:15 wpa2-key1             <- 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b9                   -   117
Apr 12 13:20:15 wpa2-key2             -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b9                   -   119
Apr 12 13:20:15 wpa2-key3             <- 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b9                   -   151
Apr 12 13:20:15 wpa2-key4             -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b9                   -   95
Apr 12 14:06:32 station-down           * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b9                   -   -
Apr 12 14:10:39 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b1                   -   -    wpa2 psk aes
Apr 12 14:10:39 station-data-ready     * 08:11:96:d9:1a:64 00:00:00:00:00:00                   11 -
Apr 12 14:10:39 wpa2-key1             <- 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b1                   -   117
Apr 12 14:10:39 wpa2-key2             -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b1                   -   119
Apr 12 14:10:39 wpa2-key3             <- 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b1                   -   151
Apr 12 14:10:39 wpa2-key4             -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b1                   -   95
Apr 12 14:21:03 station-down           * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b1                   -   -
Apr 12 14:21:03 station-up             * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   -   -    wpa2 aes
Apr 12 14:21:03 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 14:21:03 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 14:21:03 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 14:21:08 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 14:21:08 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 14:21:13 eap-term-start        -> 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8/GlobalMIST_dot1x -   -
Apr 12 14:21:13 station-term-start     * 08:11:96:d9:1a:64 d8:c7:c8:a7:e0:b8                   11 -
Apr 12 14:21:52 station-up             * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   -   -    wpa2 aes
Apr 12 14:21:52 station-term-start     * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   11 -
Apr 12 14:22:04 station-up             * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   -   -    wpa2 aes
Apr 12 14:22:04 station-term-start     * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   11 -
Apr 12 14:22:16 station-up             * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   -   -    wpa2 aes
Apr 12 14:22:16 station-term-start     * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   11 -
Apr 12 14:22:27 station-up             * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   -   -    wpa2 aes
Apr 12 14:22:27 station-term-start     * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   11 -
Apr 12 14:22:39 station-up             * 18:87:96:63:99:4a d8:c7:c8:a7:e0:b0                   -   -    wpa2 aes
etc...

(HA_SLAVE) (config) #
19. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
Victor Fabian
Posted Apr 12, 2013 10:38 AM

Reply Reply Privately
Can you run the command again but just including the mac address of the device that is failing show auth- tracebuf | include <client mac>
20. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 10:40 AM

Reply Reply Privately
@vfabian wrote:

Can you run the command again but just including the mac address of the device that is failing show auth- tracebuf | include <client mac>

When you enable user-debug, ONLY the clients in user-debug show in the auth-tracebuf. That is reflected in his output above.
21. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
Victor Fabian
Posted Apr 12, 2013 11:05 AM

Reply Reply Privately
Thanks, Good to know
22. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database
Best Answer

2 Kudos
m0bov
Posted Apr 12, 2013 11:19 AM

Reply Reply Privately
SORTED!

We went to 802.1x Authentication Profile, went to the profile for our global SSID (MIST) and found that Termination Inner EAP-Type had NO ticks. So we ticked MSCHAPv2 and its all working. That's it!

Must be MSCHAP on the old verion and when we upgraded it just got zapped. Its all working now, we had to reboot the switches but how can I check I'm still not collecting loads of debug logs?

Thanks for all your help guys. :)
23. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 11:21 AM

Reply Reply Privately
Glad to hear you figured it out!

Make sure debugging is off:

config t

logging level warning user

no logging level user-debug <mac address>

Use "show logging level verbose" and "show debug" to ensure that user debugging is warning and no individual users are being debugged.
24. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 11:34 AM

Reply Reply Privately
Yep all shows warnings. Cheers again......phew!
25. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 10:38 AM

Reply Reply Privately
So you are using termination, which could means that the internal certificate on the controller might have changed during the upgrade. Delete the wireless profile on your device and try to recreate it.
26. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
Victor Fabian
Posted Apr 12, 2013 10:27 AM

Reply Reply Privately
Can you try using another VLAN ?

Where's that VLAN hosted ? Controller or Uplink ?
27. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
Victor Fabian
Posted Apr 12, 2013 10:08 AM

Reply Reply Privately
It looks like the device is not failing the authentication but not able to pick up an IP addresss .

Try doing the following :

(controller) #aaa test-server mschapv2 "name of the server" "username" "password"

Also when you are authenticating run the following command to see what's going on through the authentication process:

(controller) #show auth-tracebuf

Another thing you can try is enabling this logging too :

(controller) (config) #logging level debugging security subcat aaa

and then do a show log security 50 | include <client mac>

Share the output
28. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 07:21 AM

Reply Reply Privately
I am confused. Is it associating to an access point that it SHOULD not be connecting to?

Please give us the output of "show log user-debug 50". It looks like you gave the output of "show log user 50"
29. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
Victor Fabian
Posted Apr 12, 2013 06:54 AM

Reply Reply Privately
When you say internal , so it is hosted on the controller ?
Have you tried using the aaa test ?
What code are you running ?
30. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 06:58 AM

Reply Reply Privately
Yes its the internal AAA database, running 6.1.3.1. Not heard of the AAA test before. Thanks.
31. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 07:30 AM

Reply Reply Privately
@m0bov wrote:

Yes its the internal AAA database, running 6.1.3.1. Not heard of the AAA test before. Thanks.

Hold on. What did you upgrade from? Also 6.1.3.2 has 500 bug fixes; you should only upgrade to 6.1.3.2 and beyond....
32. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 07:38 AM

Reply Reply Privately
5.0.4.7 to 6.1.3.1

Our supplier does'nt show anything newer. I can ask though.
33. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 07:43 AM

Reply Reply Privately
Ok done the show log user-debug but its empty (
34. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 07:44 AM

Reply Reply Privately
Our supplier is getting me the later code so I'll report back once I have run that.
35. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
m0bov
Posted Apr 12, 2013 08:15 AM

Reply Reply Privately
Code updated but still the same.
36. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

0 Kudos
EMPLOYEE

cjoseph
Posted Apr 12, 2013 08:19 AM

Reply Reply Privately
Okay. We will need more details.

What code did you upgrade to?

Are you using WPA2-PSK on this network?

Is the Virtual AP tunneled? To what VLAN?

What provides DHCP to that VLAN?

Did you turn on debugging for that client? If so what is in the logs?

Wireless Access

Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

1. Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

2. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

3. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

4. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

5. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

6. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

7. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

8. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

9. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

10. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

11. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

12. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

13. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

14. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

15. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

16. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

17. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

18. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

19. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

20. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

21. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

22. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database Best Answer

23. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

24. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

25. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

26. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

27. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

28. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

29. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

30. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

31. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

32. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

33. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

34. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

35. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

36. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database

22. RE: Upgraded to OS6 from OS5 and now lost our tunneled SSID using WPA2 and AAA database
Best Answer