Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Users being put on VLAN that is not used on controller

This thread has been viewed 2 times

  • 1.  Users being put on VLAN that is not used on controller

    Posted May 01, 2013 03:02 PM

    Hello, 

     

    For some reason I have users being placed into the VLAN I have setup for BYOD even though I don't currently have that VLAN assigned to any active virtual ap.    Anyone ever seen this before? 

     

    Here is the debug log for the user -- this particular user should be put in VLAN 1004 not 1010.   Can't find where it's getting 1010 at.

     

    Debug UsersSearch

    Time Event Description

    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: No Mobility timeout, Mobility (only) station state will be deleted
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_MIP_TIMEOUT: current: MIP_PROXY_NO_MOBILITY_SERVICE, next: MIP_PROXY_DELETE_SIBYTE_BRIDGE
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Removed bridge entry for local station on vlan 1010; ingress interface: tunnel 76
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_BRIDGE, next: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE, next: MIP_PROXY_DELETE_VERIFY
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_REPLY_SUCCESS: current: MIP_PROXY_DELETE_VERIFY, next: MIP_PROXY_INIT
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: proxy mobile node deleted code 0x8 reason
    May 1 13:53:39mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Sending notification MIP_IGMP_CLIENT_LEAVE flags 0, roaming state No Mobility service, current vlan 1010 ingress tunnel 76 to pim
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Created mobility state for new station
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_NEW_STATION: current: MIP_PROXY_INIT, next: MIP_PROXY_INIT_L2
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_STATION_L2_MISS: current: MIP_PROXY_INIT_L2, next: MIP_PROXY_FIND_LOCATION
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Cannot find Home Agent; Mobility domain is misconfigured or station has an unexpected IP address
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: local VLAN not matching HAT
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_FIND_HA_FAILURE: current: MIP_PROXY_FIND_LOCATION, next: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Added bridge entry for local station on vlan 1010 to tunnel 76 data path flags PERMANENT, MOBILITY
    May 1 13:53:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE, next: MIP_PROXY_NO_MOBILITY_SERVICE
    May 1 13:53:42mobileipStation: e4:ce:8f:1d:59:4c, 10.0.13.37: HomeVlan: 1010 Current Vlan: 1010 roaming status: No Mobility service Proxy state: MIP_PROXY_NO_MOBILITY_SERVICE at line 2836
    May 1 13:55:09stmDisassoc from sta: e4:ce:8f:1d:59:4c: AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Reason STA has left and is disassociated
    May 1 13:55:09stmSending STA e4:ce:8f:1d:59:4c message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x3f2, wmm:1, rsn_cap:0
    May 1 13:55:09authmgrMAC=e4:ce:8f:1d:59:4c Station DN: BSSID=d8:c7:c8:17:29:38 ESSID=Frontenac Wireless Network VLAN=1010 AP-name=W-01 District Office
    May 1 13:55:09mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Received disassociation on ESSID: Frontenac Wireless Network Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name W-01 District Office Group Junior High BSSID d8:c7:c8:17:29:38, phy a, VLAN 1010
    May 1 13:55:09stmStation e4:ce:8f:1d:59:4c: Clearing state
    May 1 13:55:15stmAssoc request @ 13:55:15.384898: e4:ce:8f:1d:59:4c (SN 615): AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
    May 1 13:55:15stmsibyte_find_sta_vlan:5493 MAC - e4:ce:8f:1d:59:4c, VLAN - 3f2
    May 1 13:55:15stmAssoc success @ 13:55:15.389258: e4:ce:8f:1d:59:4c: AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
    May 1 13:55:15stmSending STA e4:ce:8f:1d:59:4c message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x3f2, wmm:1, rsn_cap:0
    May 1 13:55:15authmgrMAC=e4:ce:8f:1d:59:4c Station UP: BSSID=d8:c7:c8:17:29:38 ESSID=Frontenac Wireless Network VLAN=1010 AP-name=W-01 District Office
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Received association on ESSID: Frontenac Wireless Network Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name W-01 District Office Group Junior High BSSID d8:c7:c8:17:29:38, phy a, VLAN 1010
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Data ready message from auth default vlan 1010 assigned vlan 0, mobile assigned vlan 0
    May 1 13:55:15authmgrMAC=e4:ce:8f:1d:59:4c IP=0.0.0.0 User miss: ingress=0x10cc, VLAN=1010
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: DHCP FSM received event: RECEIVE_BOOTP_REQUEST current: PROXY_DHCP_INIT, next: PROXY_DHCP_FIND_TYPE
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP uses Requested IP Address from BOOTP REQUEST to identify client IP address
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Station has a stale IP address, will not proxy; trying to acquire a local address
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_NO_PROXY current: PROXY_DHCP_FIND_TYPE, next: PROXY_DHCP_NO_PROXY
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP REQUEST IPHdr Sip 0.0.0.0 Dip 255.255.255.255 Bootp Request ciaddr 0.0.0.0 yiaddr 0.0.0.0 siaddr 0.0.0.0 giaddr 0.0.0.0, DHCP options requested IP 10.0.13.37 serverID 0.0.0.0, transaction 0xb4420c32, action ==>> Forwarded on vlan 1010
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_BOOTP_REPLY current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_NO_PROXY
    May 1 13:55:15mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP ACK IPHdr Sip 10.0.0.101 Dip 10.0.13.37 Bootp Reply ciaddr 0.0.0.0 yiaddr 10.0.13.37 siaddr 10.0.0.101 giaddr 10.0.12.1, DHCP options requested IP 10.0.13.37 serverID 10.0.0.101, transaction 0xb4420c32, action ==>> Forwarded on vlan 1010
    May 1 13:55:20mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP completed.
    May 1 13:55:20mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_MIP_TIMEOUT current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_INIT
    May 1 13:55:20mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Deleting Proxy DHCP state with transaction 0xb4420c32
    May 1 13:55:37authmgrMAC=e4:ce:8f:1d:59:4c IP=0.0.0.0 User miss: ingress=0x10cc, VLAN=1010
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: DHCP FSM received event: RECEIVE_BOOTP_REQUEST current: PROXY_DHCP_INIT, next: PROXY_DHCP_FIND_TYPE
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP uses Requested IP Address from BOOTP REQUEST to identify client IP address
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Station has a stale IP address, will not proxy; trying to acquire a local address
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_NO_PROXY current: PROXY_DHCP_FIND_TYPE, next: PROXY_DHCP_NO_PROXY
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP REQUEST IPHdr Sip 0.0.0.0 Dip 255.255.255.255 Bootp Request ciaddr 0.0.0.0 yiaddr 0.0.0.0 siaddr 0.0.0.0 giaddr 0.0.0.0, DHCP options requested IP 10.0.13.37 serverID 0.0.0.0, transaction 0xb4420c33, action ==>> Forwarded on vlan 1010
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_BOOTP_REPLY current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_NO_PROXY
    May 1 13:55:37mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP ACK IPHdr Sip 10.0.0.101 Dip 10.0.13.37 Bootp Reply ciaddr 0.0.0.0 yiaddr 10.0.13.37 siaddr 10.0.0.101 giaddr 10.0.12.1, DHCP options requested IP 10.0.13.37 serverID 10.0.0.101, transaction 0xb4420c33, action ==>> Forwarded on vlan 1010
    May 1 13:55:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Proxy DHCP completed.
    May 1 13:55:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: DHCP FSM received event: RECEIVE_MIP_TIMEOUT current: PROXY_DHCP_NO_PROXY, next: PROXY_DHCP_INIT
    May 1 13:55:42mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Deleting Proxy DHCP state with transaction 0xb4420c33
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: No Mobility timeout, Mobility (only) station state will be deleted
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_MIP_TIMEOUT: current: MIP_PROXY_NO_MOBILITY_SERVICE, next: MIP_PROXY_DELETE_SIBYTE_BRIDGE
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Removed bridge entry for local station on vlan 1010; ingress interface: tunnel 76
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_BRIDGE, next: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE, next: MIP_PROXY_DELETE_VERIFY
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_REPLY_SUCCESS: current: MIP_PROXY_DELETE_VERIFY, next: MIP_PROXY_INIT
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: proxy mobile node deleted code 0x8 reason
    May 1 13:56:43mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Sending notification MIP_IGMP_CLIENT_LEAVE flags 0, roaming state No Mobility service, current vlan 1010 ingress tunnel 76 to pim
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Created mobility state for new station
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_NEW_STATION: current: MIP_PROXY_INIT, next: MIP_PROXY_INIT_L2
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_STATION_L2_MISS: current: MIP_PROXY_INIT_L2, next: MIP_PROXY_FIND_LOCATION
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Cannot find Home Agent; Mobility domain is misconfigured or station has an unexpected IP address
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: local VLAN not matching HAT
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_FIND_HA_FAILURE: current: MIP_PROXY_FIND_LOCATION, next: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Added bridge entry for local station on vlan 1010 to tunnel 76 data path flags PERMANENT, MOBILITY
    May 1 13:56:44mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE, next: MIP_PROXY_NO_MOBILITY_SERVICE
    May 1 13:56:44mobileipStation: e4:ce:8f:1d:59:4c, 10.0.13.37: HomeVlan: 1010 Current Vlan: 1010 roaming status: No Mobility service Proxy state: MIP_PROXY_NO_MOBILITY_SERVICE at line 2836
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: No Mobility timeout, Mobility (only) station state will be deleted
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_MIP_TIMEOUT: current: MIP_PROXY_NO_MOBILITY_SERVICE, next: MIP_PROXY_DELETE_SIBYTE_BRIDGE
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Removed bridge entry for local station on vlan 1010; ingress interface: tunnel 76
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_BRIDGE, next: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_DELETE_SIBYTE_HOME_BRIDGE, next: MIP_PROXY_DELETE_VERIFY
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_REPLY_SUCCESS: current: MIP_PROXY_DELETE_VERIFY, next: MIP_PROXY_INIT
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: proxy mobile node deleted code 0x8 reason
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Sending notification MIP_IGMP_CLIENT_LEAVE flags 0, roaming state No Mobility service, current vlan 1010 ingress tunnel 76 to pim
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Created mobility state for new station
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_NEW_STATION: current: MIP_PROXY_INIT, next: MIP_PROXY_INIT_L2
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_STATION_L2_MISS: current: MIP_PROXY_INIT_L2, next: MIP_PROXY_FIND_LOCATION
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Cannot find Home Agent; Mobility domain is misconfigured or station has an unexpected IP address
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: local VLAN not matching HAT
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_FIND_HA_FAILURE: current: MIP_PROXY_FIND_LOCATION, next: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Added bridge entry for local station on vlan 1010 to tunnel 76 data path flags PERMANENT, MOBILITY
    May 1 13:59:45mobileipStation e4:ce:8f:1d:59:4c, 10.0.13.37: Mobile IP PROXY finite state machine event RECEIVE_SIBYTE_SUCCESS: current: MIP_PROXY_CREATE_SIBYTE_BRIDGE_STALE, next: MIP_PROXY_NO_MOBILITY_SERVICE
    May 1 13:59:45mobileipStation: e4:ce:8f:1d:59:4c, 10.0.13.37: HomeVlan: 1010 Current Vlan: 1010 roaming status: No Mobility service Proxy state: MIP_PROXY_NO_MOBILITY_SERVICE at line 2836

     

     

     


  • 2.  RE: Users being put on VLAN that is not used on controller

    Posted May 01, 2013 03:06 PM

    Can you share the show ip mobile domain <domain name>, show vlan ?

     

    Do you have any derivation rules by any chance or assigning VLANs under the user-role ?



  • 3.  RE: Users being put on VLAN that is not used on controller

    Posted May 01, 2013 03:09 PM

    (Aruba3400-US) (config) #show ip mobile domain

    Mobility Domains:, 1 domain(s)
    ------------------------------

    Domain name default
    Home Agent Table, 3 subnet(s)
    subnet mask VlanId Home Agent Description
    --------------- --------------- ------ --------------- --------------------------------
    10.0.2.0 255.255.254.0 1002 10.0.0.2 Elementary
    10.0.4.0 255.255.254.0 1004 10.0.0.2 Junior High
    10.0.6.0 255.255.254.0 1006 10.0.0.2 High School

     

    I think when I setup the mobility stuff I thought it was for moving vlan to vlan.  Not controller to controller.    We only have one controller.



  • 4.  RE: Users being put on VLAN that is not used on controller

    Posted May 01, 2013 03:25 PM

     

    If you have one controller you shouldn't have to setup IP Mobility.

     

    Please read this:

     

    http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/Mobility.php

     

    Are you doing any user derivation ? or Applying VLANs under the user-role



  • 5.  RE: Users being put on VLAN that is not used on controller

    Posted May 01, 2013 03:32 PM

    These are the only user derivations rules I have setup -- 

     

    Rules-set: byod-rules

    Priority Attribute Operation Operand Action Value Total Hit New Hit Description Actions

    1dhcp-optionequals3d015c0a5bf6e779set roleAndroid-Device-Role5640Android Gala ... 
    2dhcp-optionequals3d013c438e21c253set roleAndroid-Device-Role00Android Device 
    3dhcp-optionequals3d018096b1529223set roleAndroid-Device-Role15420Android 
    4dhcp-optionstarts-with37017921030set roleAndroid-Device-Role40410Android 2.x 

     

    I disabled IP Mobility and ran a new debug -- 

     

    May 1 14:29:36stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied: AP Ageout
    May 1 14:29:36stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied; Internal Error
    May 1 14:29:45stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied: AP Ageout
    May 1 14:29:45stmDeauth to sta: e4:ce:8f:1d:59:4c: Ageout AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office Denied; Internal Error
    May 1 14:29:48stmAssoc request @ 14:29:48.826000: e4:ce:8f:1d:59:4c (SN 703): AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
    May 1 14:29:48stmAssoc success @ 14:29:48.829586: e4:ce:8f:1d:59:4c: AP 10.0.4.10-d8:c7:c8:17:29:38-W-01 District Office
    May 1 14:29:48stmSending STA e4:ce:8f:1d:59:4c message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x3f2, wmm:1, rsn_cap:0
    May 1 14:29:48authmgrMAC=e4:ce:8f:1d:59:4c Station UP: BSSID=d8:c7:c8:17:29:38 ESSID=Frontenac Wireless Network VLAN=1010 AP-name=W-01 District Office
    May 1 14:29:48authmgrMAC=e4:ce:8f:1d:59:4c,IP=N/A User data downloaded to datapath, new Role=authenticated/54, bw Contract=0/0,reason=UDR driven download
    May 1 14:29:48mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Received association on ESSID: Frontenac Wireless Network Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name W-01 District Office Group Junior High BSSID d8:c7:c8:17:29:38, phy a, VLAN 1010
    May 1 14:29:48mobileipStation e4:ce:8f:1d:59:4c, 0.0.0.0: Mobility trail, on switch 10.0.0.2, VLAN 1010, AP W-01 District Office, Frontenac Wireless Network/d8:c7:c8:17:29:38/a
    May 1 14:29:49authmgrMAC=e4:ce:8f:1d:59:4c IP=0.0.0.0 User miss: ingress=0x10cc, VLAN=1010
    May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c IP=10.0.13.37 User miss: ingress=0x10cc, VLAN=1010
    May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c,IP=0.0.0.0 User role updated, existing Role=authenticated/none, new Role=authenticated/authenticated, reason=First IP user created
    May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c IP=10.0.13.37 User entry added: reason=Sibtye
    May 1 14:29:52mdnsmdns_parse_auth_useradd_message 247 Auth User ADD: MAC:e4:ce:8f:1d:59:4c, IP:10.0.13.37, VLAN:1010, Role:authenticated Name: APName:W-01 District Office Type:1
    May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c,IP=10.0.13.37 User role updated, existing Role=authenticated/authenticated, new Role=authenticated/authenticated, reason=user role from UDR
    May 1 14:29:52authmgrMAC=e4:ce:8f:1d:59:4c,IP=10.0.13.37 User data downloaded to datapath, new Role=authenticated/54, bw Contract=0/0,reason=New user IP processing


  • 6.  RE: Users being put on VLAN that is not used on controller

    Posted May 01, 2013 03:56 PM

     

    can you show the config under the authenticated user-role ?

     

    Also show the VAP associated with this SSID: Frontenac Wireless ?

     

    I noticed that is applying this role based on a UDR :

     

    MAC=e4:ce:8f:1d:59:4c,IP=10.0.13.37 User role updated, existing Role=authenticated/authenticated, new Role=authenticated/authenticated, reason=user role from UDR

     

     



  • 7.  RE: Users being put on VLAN that is not used on controller

    Posted May 01, 2013 04:56 PM 
    Looking at the dump from the config it seems like some iPads/iPods are being redirected to VLAN 1010 based on a user derivation role.  So i'll double check the DHCP options I have entered.   I had originally played with one for apple devices but it took ipads, ipods and macbooks into account.  I just wanted ipods and ipads.


    Here are the virtual ap's --

    wlan virtual-ap "Elementary"
   aaa-profile "Frontenac Wireless Network-aaa_prof"
   ssid-profile "Frontenac Wireless Elementary"
   vlan 1002
   blacklist-time 0
   dynamic-mcast-optimization
   vlan-mobility
   preserve-vlan
   band-steering
   wmm-traffic-management-profile "Default 249"

    wlan virtual-ap "High School"
   aaa-profile "Frontenac Wireless Network-aaa_prof"
   ssid-profile "Frontenac Wireless High School"
   vlan 1006
   dynamic-mcast-optimization
   vlan-mobility
   preserve-vlan
   band-steering
   wmm-traffic-management-profile "Default 249"
!
wlan virtual-ap "Junior High"
   aaa-profile "Frontenac Wireless Network-aaa_prof"
   ssid-profile "Frontenac Wireless Junior High"
   vlan 1004
   blacklist-time 0
   dynamic-mcast-optimization
   vlan-mobility
   preserve-vlan
   band-steering
   wmm-traffic-management-profile "Default 249"
!