Airheads Community

last person joined: 8 hours ago

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.

Back to discussions

Expand all | Collapse all

Using default VLAN 0

This thread has been viewed 7 times

1. Using default VLAN 0

1 Kudos
doug.fsu
Posted Aug 02, 2017 10:57 AM

Reply Reply Privately
Got a very strange one, looking for any guidance or guesses.

Every 7.5 minutes, my Local Failover server is issuing these two syslog messages and I cannot figure out what is causing them:

CamLFO authmgr[2204]: <522028> <WARN> <CamLFO 128.186.255.254> MAC=cc:4e:24:17:b0:9b Assigned VLAN 2111 is not configured, using default VLAN 0
CamLFO authmgr[2204]: <522028> <WARN> <CamLFO 128.186.255.254> MAC=cc:4e:24:17:b0:9b Assigned VLAN 0 is not configured, using default VLAN 0

The MAC address belongs to the port on the switch that connects the controller to the network. It does not show up in my radius logs so it is not going through the normal authentication channel. Also, the "Assigned VLAN" value is not always 2111, it rotates somewhat randomly between a set of about 6 VLANs.

"show user-table" shows an empty user table but...

"show aaa state station cc:4e:24:17:b0:9b" shows...

Association count = 1, User count = 0

essid: " ", bssid: 01:80:c2:00:00:03 AP name/group: / PHY: wired, ingress=0x10001 (tunnel 1)
vlan default: 0, current: 0 vlan-how: 1
name: , role: FSUGuest_Logon (default:FSUGuest_Logon, cached:n/a, dot1x:n/a), role-how: 1, acl:92/0, age: 00:00:07
Authentication: No, status: not started, method: 0[], protocol: , server:
dot1xctx:1 sap:1
Flags: mba=0
AAA prof: FSU_wired_AAA_profile, Auth dot1x prof: , AAA mac prof: , def role: FSUGuest_Logon
ncfg flags udr 0, mac 0, dot1x 0, RADIUS interim accounting 0
Born: 1501683611 (Wed Aug 2 10:20:11 2017

That bssid is not the address of any of out APs, it belongs to the IEEE 802 reserved name for "Nearest non-TPMR Bridge Group Address"

"show auth-tracebuf" shows this:

Aug 2 10:27:42 station-up * cc:4e:24:17:b0:9b 01:80:c2:00:00:03 - - open system

"show log user-debug" shows:

Aug 2 10:20:13 :522078: <DBUG> |authmgr| MAC=cc:4e:24:17:b0:9b, wired: 1, vlan:2103 ingress:0x0x10001 (tunnel 1), ingress:0x0x10001 new_aaa_prof: FSU_wired_AAA_profile, stored profile: FSU_wired_AAA_profile stored wired: 1 stored essid: , stored-ingress: 0x0x10001
Aug 2 10:20:13 :522081: <DBUG> |authmgr| MAC=cc:4e:24:17:b0:9b, VLAN:2103 - Anchor(VLAN:0) exists. Do nothing for wired Non-clubbed User
Aug 2 10:27:42 :522015: <INFO> |authmgr| MAC=cc:4e:24:17:b0:9b IP=0.0.0.0 Remove Bridge Entry
Aug 2 10:27:42 :522134: <DBUG> |authmgr| user_rem_bridge_entry: deleting bridge entry for vlan 0 assigned_vlan 0.
Aug 2 10:27:42 :522152: <DBUG> |authmgr| station free: bssid=01:80:c2:00:00:03, @=0x0x11346edc.
Aug 2 10:27:42 :522292: <DBUG> |authmgr| Auth GSM : MAC_USER notify for mac cc:4e:24:17:b0:9b vlan 0
Aug 2 10:27:42 :522290: <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac cc:4e:24:17:b0:9b
Aug 2 10:27:42 :527004: <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:cc:4e:24:17:b0:9b
Aug 2 10:27:42 :522051: <INFO> |authmgr| MAC=cc:4e:24:17:b0:9b Clear Bridge Entry
Aug 2 10:27:42 :527000: <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 344 AirGroup user doesn't exist: mac=cc:4e:24:17:b0:9b
Aug 2 10:27:42 :527000: <DBUG> |mdns| ag_mdns_get_token_list_for_mac 639 AirGroup user doesn't exist: mac=cc:4e:24:17:b0:9b
Aug 2 10:27:42 :527000: <DBUG> |mdns| mdns_client_purge 1116 Purge mdns client, mac=cc:4e:24:17:b0:9b, del_client = 1
Aug 2 10:27:42 :522098: <DBUG> |authmgr| clear_bridge_entry_by_mac: clearing bridge entries for MAC cc:4e:24:17:b0:9b
Aug 2 10:27:42 :522303: <DBUG> |authmgr| Auth GSM : USER delete for mac cc:4e:24:17:b0:9b uuid 0x6077e60d43802218
Aug 2 10:27:42 :522304: <DBUG> |authmgr| Auth GSM : USER delete failed for mac cc:4e:24:17:b0:9b uuid 0x6077e60d43802218 result error_htbl_key_not_found
Aug 2 10:27:42 :522035: <INFO> |authmgr| MAC=cc:4e:24:17:b0:9b Station UP: BSSID=01:80:c2:00:00:03 ESSID=n/a VLAN=2107 AP-name=
Aug 2 10:27:42 :522077: <DBUG> |authmgr| MAC=cc:4e:24:17:b0:9b ingress 0x0x10001 (tunnel 1), u_encr 1, m_encr 1, slotport 0x0x1 wired, type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Aug 2 10:27:42 :522264: <DBUG> |authmgr| "MAC:cc:4e:24:17:b0:9b: Allocating UUID: 0x6078570d43802219
Aug 2 10:27:42 :522258: <DBUG> |authmgr| "VDR - Add to history of user user cc:4e:24:17:b0:9b vlan 0 derivation_type Reset VLANs for Station up index 0.
Aug 2 10:27:42 :522255: <DBUG> |authmgr| "VDR - set vlan in user for cc:4e:24:17:b0:9b vlan 2107 fwdmode 0 derivation_type Default VLAN.
Aug 2 10:27:42 :522028: <WARN> |authmgr| MAC=cc:4e:24:17:b0:9b Assigned VLAN 2107 is not configured, using default VLAN 0
Aug 2 10:27:42 :522255: <DBUG> |authmgr| "VDR - set vlan in user for cc:4e:24:17:b0:9b vlan 2107 fwdmode 0 derivation_type Current VLAN updated.
Aug 2 10:27:42 :522028: <WARN> |authmgr| MAC=cc:4e:24:17:b0:9b Assigned VLAN 2107 is not configured, using default VLAN 0
Aug 2 10:27:42 :522158: <DBUG> |authmgr| Role Derivation for user N/A-cc:4e:24:17:b0:9b- N/A Set AAA profile defaults.
Aug 2 10:27:42 :522142: <DBUG> |authmgr| Setting default role to FSUGuest_Logon for user cc:4e:24:17:b0:9b".
Aug 2 10:27:42 :522127: <DBUG> |authmgr| {L2} Update role from logon to FSUGuest_Logon for IP=N/A, MAC=cc:4e:24:17:b0:9b.
Aug 2 10:27:42 :522049: <INFO> |authmgr| MAC=cc:4e:24:17:b0:9b,IP=N/A User role updated, existing Role=logon/none, new Role=FSUGuest_Logon/none, reason=Set AAA profile defaults
Aug 2 10:27:42 :524141: <DBUG> |authmgr| clr_pmkcache_ft():987: MAC:cc:4e:24:17:b0:9b BSS:01:80:c2:00:00:03
Aug 2 10:27:42 :522287: <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac cc:4e:24:17:b0:9b bssid 01:80:c2:00:00:03 vlan 0 type 2 data-ready 0
Aug 2 10:27:42 :522254: <DBUG> |authmgr| VDR - mac cc:4e:24:17:b0:9b rolename FSUGuest_Logon fwdmode 0 derivation_type Initial Role Contained vp not present.
Aug 2 10:27:42 :522258: <DBUG> |authmgr| "VDR - Add to history of user user cc:4e:24:17:b0:9b vlan 0 derivation_type Reset Role Based VLANs index 1.
Aug 2 10:27:42 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:FSUGuest_Logon,pDefRole:0x0x109e36ac
Aug 2 10:27:42 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:cc:4e:24:17:b0:9b, pmkid_present:False, pmkid:N/A
Aug 2 10:27:42 :522028: <WARN> |authmgr| MAC=cc:4e:24:17:b0:9b Assigned VLAN 0 is not configured, using default VLAN 0
Aug 2 10:27:42 :522255: <DBUG> |authmgr| "VDR - set vlan in user for cc:4e:24:17:b0:9b vlan 0 fwdmode 0 derivation_type Current VLAN updated.
Aug 2 10:27:42 :522258: <DBUG> |authmgr| "VDR - Add to history of user user cc:4e:24:17:b0:9b vlan 0 derivation_type Current VLAN updated index 2.
Aug 2 10:27:42 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated cc:4e:24:17:b0:9b mob 0 inform 1 remote 0 wired 1 defvlan 0 exportedvlan 0 curvlan 0.
Aug 2 10:27:42 :522028: <WARN> |authmgr| MAC=cc:4e:24:17:b0:9b Assigned VLAN 0 is not configured, using default VLAN 0
Aug 2 10:27:42 :522255: <DBUG> |authmgr| "VDR - set vlan in user for cc:4e:24:17:b0:9b vlan 0 fwdmode 0 derivation_type Current VLAN updated.
Aug 2 10:27:42 :522258: <DBUG> |authmgr| "VDR - Add to history of user user cc:4e:24:17:b0:9b vlan 0 derivation_type Current VLAN updated index 3.
Aug 2 10:27:42 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated cc:4e:24:17:b0:9b mob 0 inform 1 remote 0 wired 1 defvlan 0 exportedvlan 0 curvlan 0.
Aug 2 10:27:42 :522128: <DBUG> |authmgr| download-L2: acl=92/0 role=FSUGuest_Logon, tunl=0x0x10001, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
Aug 2 10:27:42 :522050: <INFO> |authmgr| MAC=cc:4e:24:17:b0:9b,IP=N/A User data downloaded to datapath, new Role=FSUGuest_Logon/92, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=600
Aug 2 10:27:42 :522292: <DBUG> |authmgr| Auth GSM : MAC_USER notify for mac cc:4e:24:17:b0:9b vlan 0

"show log security" shows:

Aug 2 10:27:42 :124234: <DBUG> |authmgr| Tx message to Sibyte, blocking with ack, Opcode = 21, msglen = 136
Aug 2 10:27:42 :124234: <DBUG> |authmgr| Tx message to Sibyte, blocking with ack, Opcode = 17, msglen = 332 action = 1
Aug 2 10:27:42 :124004: <DBUG> |authmgr| vlan_alloc_update (vlan_alloc.c:153): Vlan Alloc failed: vlanid doesn't exist; vlan_id=0
Aug 2 10:27:42 :124225: <DBUG> |authmgr| auth_send_vlan_usage_to_stm Sending STM wired vlan info: vlan 0, status DOWN
Aug 2 10:27:42 :124090: <DBUG> |authmgr| Free macuser 0x0x11346edc and user 0x0x2cba9974 for mac cc:4e:24:17:b0:9b.
Aug 2 10:27:42 :124234: <DBUG> |authmgr| Tx message to Sibyte, blocking with ack, Opcode = 21, msglen = 136
Aug 2 10:27:42 :124004: <DBUG> |authmgr| Auth GSM: Num dev_id_cache entries aged = 0
Aug 2 10:27:42 :124091: <DBUG> |authmgr| station_check_license_limits: mac cc:4e:24:17:b0:9b encr-algo:1.
Aug 2 10:27:42 :124086: <DBUG> |authmgr| Create macuser 0x0x10a61d74 and user 0x0x2c727394.
Aug 2 10:27:42 :124004: <DBUG> |authmgr| logging role event for 0x2c727394: 0x11299d84,0x1, index 0
Aug 2 10:27:42 :124093: <DBUG> |authmgr| Called mac_station_new() for mac cc:4e:24:17:b0:9b.
Aug 2 10:27:42 :124004: <DBUG> |authmgr| station_add: SAP NOT found bssid 01:80:c2:00:00:03, mac cc:4e:24:17:b0:9b
Aug 2 10:27:42 :124103: <DBUG> |authmgr| Setting user cc:4e:24:17:b0:9b aaa profile to FSU_wired_AAA_profile, reason: ncfg_get_wired_aaa_prof.
Aug 2 10:27:42 :124103: <DBUG> |authmgr| Setting user cc:4e:24:17:b0:9b aaa profile to FSU_wired_AAA_profile, reason: ncfg_set_aaa_profile_defaults.
Aug 2 10:27:42 :124004: <DBUG> |authmgr| logging role event for 0x2c727394: 0x109e36ac,0x10003, index 1
Aug 2 10:27:42 :124209: <DBUG> |authmgr| handle_sta_up_dn:2741 Updating vlan usage for MAC=cc:4e:24:17:b0:9b with vlan 2107 apname
Aug 2 10:27:42 :124004: <DBUG> |authmgr| vlan_alloc_update (vlan_alloc.c:140): Vlan Alloc usage ; usage=2470 vlan 2107
Aug 2 10:27:42 :124004: <DBUG> |authmgr| user_download: User N/A Router Acl(0)
Aug 2 10:27:42 :124004: <DBUG> |authmgr| get_traffic_prio_from_role: |TC-PROF GET|: Profile Name (Default) Role name (FSUGuest_Logon) val(15)
Aug 2 10:27:42 :124004: <DBUG> |authmgr| user_download: |TC-PROF|: Role (FSUGuest_Logon) Traffic Prio(15)
Aug 2 10:27:42 :124234: <DBUG> |authmgr| Tx message to Sibyte, blocking with ack, Opcode = 164, msglen = 332 1 user messages bundled, actions = 17

We even did a packet capture on the switch port to seek out clues. The only thing that looked related to when those syslog messages were issued was an exchange of three ESP packets between this server and the Master server.

Has anybody got a thought on how to track down the source of these messages?
2. RE: Using default VLAN 0

0 Kudos
carlos.pena
Posted Aug 03, 2017 12:27 PM

Reply Reply Privately
Some similar happens to me in AOS 6.5.3.
Also, I could see the users trying to authenticate in show station-table but they do not get role nor ip.
3. RE: Using default VLAN 0

0 Kudos
doug.fsu
Posted Aug 03, 2017 04:05 PM

Reply Reply Privately
Those syslog messages are the result of a mismatch between the VLANs defined on the controller and the VLANs defined on the switchport. But the auth-tracebuf and log user-debug show an interesting set of messages that are independent of that mismatch. I hope to follow up on that in a separate post.
4. RE: Using default VLAN 0

0 Kudos
EMPLOYEE

Herman Robers
Posted Aug 04, 2017 05:20 AM

Reply Reply Privately
Make sure that all VLANs assigned to clients are configured on (each) the controller.

Make sure that all VLANs assigned to clients are either assigned to one or more (uplink) ports, or to a VLAN local on the controller.

Wireless Access

Using default VLAN 0

1. Using default VLAN 0

2. RE: Using default VLAN 0

3. RE: Using default VLAN 0

4. RE: Using default VLAN 0