manualshive.com logo in svg

Avaya WLAN Security Switch 2300 Series, Troubleshooting And Debug Manual, Page: 41 / 74

Share
Download
Avaya WLAN Security Switch 2300 Series Troubleshooting And Debug Manual Download Page 41

41

Avaya WLAN Security Switch 2300 Series Troubleshooting and Debug Guide

Debug trace walkthroughs

Dot1x level 10 trace of WPA/TKIP with local PEAP-MSCHAPv2

DOT1X Apr 11 20:45:37.685261 DEBUG DOT1X-CLIENT: new wireless client from 00:0d:54:98:99:6d on 
port 16, radio 2

DOT1X Apr 11 20:45:37.685308 DEBUG DOT1X-STATE: 00:0d:54:98:99:6d transition from NOTHING to 
CONNECTING

You will see this sort of message frequently. It informs you of the client’s changes in the 
802.1X state machine.

DOT1X Apr 11 20:45:37.685341 DEBUG DOT1X-STATS: 00:0d:54:98:99:6d, enters connecting --> 139

DOT1X Apr 11 20:45:37.685389 DEBUG DOT1X-CLIENT: 00:0d:54:98:99:6d associated with a WPA IE

The client is configured for WPA.

DOT1X Apr 11 20:45:37.685410 DEBUG DOT1X-CLIENT: TKIP cipher in IE

Using Tkip…

DOT1X Apr 11 20:45:37.685427 DEBUG DOT1X-CLIENT: 802.1X authentication in IE

And WPA is configured for 802.1X instead of PSK.

DOT1X Apr 11 20:45:37.685447 DEBUG 00:0d:54:98:99:6d didn't send a PMKID in her RSNIE

The client is not attempting to do an 802.11i fast-roam by sending a PMK ID in the 
association request. This

 

message is completely normal for WPA clients. WPA2 clients 

should (but don’t have to) send a PMK ID when they

 

associate.

DOT1X Apr 11 20:45:37.685475 DEBUG DOT1X-PACKET: setting id to networkid=slipshod-
tkip,nasid=nos-3.0,portid=16 in request

Summary of Contents for WLAN Security Switch 2300 Series

Page 1: ...Avaya WLAN 2300 7 1 Document Status Standard Document Number NN47250 700 Document Version 04 01 Avaya WLAN Security Switch 2300 Series Troubleshooting and Debug Guide ...

Page 2: ...RIZING OTHERS TO DO SO YOU ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING DOWNLOADING OR USING THE SOFTWARE HEREINAFTER REFERRED TO INTERCHANGEABLY AS YOU AND END USER AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC OR THE APPLICABLE AVAYA AFFILIATE AVAYA Copyright Except where expressly stated otherwise no use should be made of the Doc...

Page 3: ...ty 21 WMS service database corruption 22 Troubleshooting auto tune channel 23 Troubleshooting auto tune power 24 Data Rate Enforcement 25 Mobility Domain troubleshooting seed and secondary seed 27 RF Analysis 27 RF Visualization 27 Voice Monitoring 28 RfLink 28 Scheduled Reports and E mail 28 Unethered mesh AP unable to connect to portal AP 29 To verify the session is local switched 29 Local switc...

Page 4: ...Line Interface 39 The Dashboard Logs 40 Debug trace walkthroughs 41 Dot1x level 10 trace of WPA TKIP with local PEAP MSCHAPv2 41 Dot1x level 10 trace of dynamic WEP in pass thru 47 RADIUS level 10 trace of 802 1X pass thru authentication 52 SM level 10 trace of client connecting 57 SM level 10 trace of client tear down idle disconnect 65 Emergency Recovery Tree 71 ...

Page 5: ...ions and release notes directly from the Internet go to www avaya com support Getting product training Ongoing product training is available For more information or to register you can access the Web site at www avaya com support From this Web site you can locate the Training contacts link on the left hand navigation pane Getting help through an Avaya distributor or reseller If you purchased a ser...

Page 6: ...6 NN47250 700 Version 04 01 ...

Page 7: ...correctly This depends on being able to reproduce the problem of course If possible you should also load Ethereal onto the client and or servers involved in the problem area i e the DHCP server if client s aren t getting IP addresses In 4 0 the remote sniffing capability will help greatly with client problems on DAPs 4 Characterize the problem as specifically as possible and look for patterns Is t...

Page 8: ... displayed in the system and trace logs with some additional arguments show log buffer 10 show last 10 entries from system log newest entry first show log trace 10 show last 10 entries from trace log newest entry first show log trace 10 show last 10 entries from trace log newest entry last show log buffer matching AUTHORIZATION show all entries from system log containing the string AUTHORIZATION s...

Page 9: ...ario Sub Scenario Troubleshooting reference User Authentication Authorization Issues General Show sessions Show sessions network verbose Show sessions network session id Show dot1x clients Set trace sm level 7 mac addr mac addr Set trace dot1x level 5 mac addr mac addr 802 1X WPA Show dot1x stats Show dot1x clients Show dot1x config Set trace dot1x level 8 mac addr mac addr Web Portal Show crypto ...

Page 10: ...icant version Set trace sm level 7 mac addr mac addr Set trace dot1x level 8 mac addr mac addr Sticky client N A Check Client driver version and settings supplicant and over the air sniffer tracing Roaming decisions are made by the clients and the AP has no input into this decision Verify coverage via site survey Frequent roaming N A Check Client driver version and settings supplicant and over the...

Page 11: ...Run Ethereal on the DHCP server to verify receipt of packets from client Use snoop feature to verify DHCP packets entering leaving the AP AP DAP Issues General Show dap status terse Show dap status Show dap unconfigured Show dap counters Show dap etherstats Set trace dap DAP booting problems Ethernet sniff as close to the DAP as possible Verify spanning tree disabled on port DAP is connected to Ve...

Page 12: ...w rfdetect counters Active Scan Upgrade to REL 4 0 20 or newer Over the air tracing Disable Active scan to see if the problem follows the state L2 L3 Issues General Show fdb Show arp Show ip route Show Access control list ACL Show security acl info all Show security acl map acl name Show security acl resource usage Show security acl hits QOS Queuing on AP show dap qos stats WSS to WSS tunneling Sh...

Page 13: ...ks Show memory sum This should be run at regular intervals and then rapidly ahead of an anticipated crash For example if the WSS crashes every 5 days run this command once per day and then once every hour or two on the 5th day Crash file extraction review Dir Copy core file tftp ip file Capture the output of show tech Capture serial console output during crash if possible This is vital if the core...

Page 14: ...ys activity related to the WSS code which manages DAPs This includes moving DAPs Set trace dns level 10 Displays activity for the internal DNS client This includes information on how DNS is intercepted for Web Portal clients when they are initially bringing up the login page Set trace dot1x level 10 mac addr mac Primarily shows the client progressing through the 802 1X state machine but also inclu...

Page 15: ...raffic and gives specific details on image downloads and configuration packets sent to the AP Set trace web level 10 Sends information on web portal authentications to the trace log Show aaa Displays configuration information as well as the current timeout and up down status on configured RADIUS servers Show auto tune attributes Displays a table of the current auto tune values that the algorithm u...

Page 16: ...witch This is useful for verifying L2 forwarding paths through the switch Show fsm statistics Shows the amount of time the CPU has been spending in various portions of NOS s finite state machine When high CPU load is observed running this command at regular intervals will help narrow down which portions of the code are consuming the most CPU time Show ip https Displays IP addresses of clients that...

Page 17: ... Show security acl info all Displays all ACE entries and all ACLs Show security acl map acl name Displays what ACLs have been mapped to This is particularly per user ACLs Show security acl resource usage Displays general statistics and counters on ACL usage on the WSS Show sessions Lists all active sessions on the WSS Includes username IP address VLAN AP and radio Show sessions network session id ...

Page 18: ...eated visits to this URL over time are useful for monitoring memory leaks install dir conf services conf xml This is the service configuration file You can modify this file not recommended to change behavior of the service including which TCP port it binds to on startup This file also contains the WMS Service login information and configuration install dir log This directory contains the full logs...

Page 19: ...19 Avaya WLAN Security Switch 2300 Series Troubleshooting and Debug Guide ...

Page 20: ...see authorization failure messages indicating incorrect VLAN names and other common authorization failures in the system log buffer Turn on dot1x tracing level 10 restricted to one problem client s MAC address set trace dot1x level 10 mac 00 01 02 03 04 05 clear log trace Always start with DOT1X tracing regardless of whether or not the system is using 802 1X authentication This will show you the o...

Page 21: ...dius tracing to see a decode of the packets we are sending to radius If you see an authorization failure one of the radius attributes is incorrect not present or the VLAN the user is configured for is not available The system log message should indicate which attribute is present and what it is configured for Go through the configuration to find out if it s configured Pay close attention to the ca...

Page 22: ... This is especially important if the switch isn t leaving core files or if the corefiles aren t revealing much information about the crash Investigate possible causes Try undoing the most recent configuration changes to see if they are related to the crashing Attempt to identify what event is causing the crash this may not be possible on a production network TFTP the command_audi cur file from the...

Page 23: ...MS service as appropriate for your host operating system WMS should now show correct status for all equipment after the next polling cycle Troubleshooting auto tune channel Typical symptoms Intermittent client disconnects frequent channel changes Troubleshooting steps Verify that active scan is enabled Auto tune channel depends on active scan to build the neighbor lists If active scan is disabled ...

Page 24: ...e Manage menu in WMS to convert the dynamic settings to static configuration and disable the auto tune feature As of WSS Software version 4 0 21 the auto tune algorithm still does not take into consideration client connectivity when it decides to change channels Most customers value connectivity more than dynamic adaption of channels so Auto Tune channel should be used to set the initial channel s...

Page 25: ...be able to transmit to the Nth farthest AP For 802 11bg N 3 For 802 11a N 8 If the Nth AP has a low RSSI the radios power will be relatively high Disable the reach out functionality of Auto Tune The AP will attempt to increase power to improve a client s connectivity This behavior will tend to leave APs operating closer to maximum power If you want to disable this functionality you will need to ad...

Page 26: ...esets 0 Radio Recv Phy Err Ct 0 Transmit Retries 30469 Radio Adjusted Tx Pwr 18 Noise Floor 96 802 3 Packet Tx Ct 0 802 3 Packet Rx Ct 0 No Receive Descriptor 0 Invalid Rates 395 TxUniPkt TxMultiPkt TxUniByte TxMultiByte RxPkt RxByte UndcrptPk t UndcrptByte PhyErr 6 0 95964 311251 18476331 64275631 16931 866 0 0 0 110 9 0 0 0 0 0 3 0 0 0 3 12 0 1835 3925 195798 551573 2 0 0 0 1 18 0 0 0 0 0 1 0 0 ...

Page 27: ...er alarms if there are coverage hole high utilization rf interference alarms are not available then open a trouble ticket Before opening a trouble ticket collect the ZIP file that includes WMS logs and a snapshot of error message that may occur or have occurred To collect the ZIP file go to WMS menu and then to Help Report Problem and enter the stated information and save it The path information o...

Page 28: ...t is named as rfping This feature provides information on client session health by reporting RSSI SNR Round Trip Time retries and rate If WMS is reporting incorrectly compare to the CLI then collect the following information CLI command Syntax WSS2360 1 rfping session id session verbose or Syntax WSS2360 1 rfping mac mac address verbose Then compare with the WMS output that can be accessed through...

Page 29: ...feature 4 Check if unethered mesh AP has the correct SSID and pre shared key configured Command line show ap boot configuration ap num Verify that mesh is enabled Make sure SSID and pre shared key matches the mesh service profile properties configured on the switch Tip If available directly connect to 2360 for troubleshooting purposes 5 Check if untethered mesh AP received IP and WSS information S...

Page 30: ... default VLAN or a specific VLAN Check whether the vlan profile configuration complies with the boot configuration Syntax WSS show vlan profile Update the vlan profile Syntax WSS set vlan profile profile name vlan vlan name tag tag number If AP boots up from default VLAN then make sure this entry default none is present in the service profile If AP has boot configured on a specific VLAN then make ...

Page 31: ... need to verify the following General availability Password lost for Standard Web User Interface Password lost for the WLE2340 Admin User Examples I cannot log in to the system General availability If the user describes the problem as The WLE2340 does not come up or We browse to the Web UI for the WLE2340 and we get the Firefox message Server not Found then check for the following Verify IP Addres...

Page 32: ...pt to restart If the WLE2340 does not boot it can be defective Availability of CLI and unavailability of standard Web UI In this case it is most likely that the Controller has not started Enter the following Syntax show system status and verify that there are two java processes started If not restart the WLE2340 or the WLE2340 Availability of Disk Space If disk space is unavailable then there is i...

Page 33: ...shooting and Debug Guide Verify Admin User availability In this case return the system to the initial state having no users so that the first access of the Web UI gives you the form to create the first admin user and declare the password for that user ...

Page 34: ...t come up or We browse to the Web UI for the WLE2340 and get the Firefox message Server not Found Verify system availability for Administrative Web User Interface To verify the system availability do the following In the Web browser check if the Web UI shows up on port 443 Check the Administrative Web UI through SSL on port 8003 Check if the command line for the WLE2340 is available if neither Web...

Page 35: ... can run while the Agent is down which shows that the WLE2340 is up and running The WLE2340 cannot track anything without the Agent and sensors may appear down Check the Agent Status To check the agent status browse to the Configuration Agents page of the Web UI If the Agent status is red or disabled or white and inactive then restart the WLE2340 Check the Sensor IP Addresses If the IP addresses o...

Page 36: ... that they are listed with the correct IP address If they are not then disable them Disable snoop mode from the controller Then re enable snoop mode Check the Sensor Statistics You can look at statistics for the sensors with the show sensors command from the command line interface This gives the name IP address status operational a Boolean field the number of devices tracked by the sensor and a pa...

Page 37: ...ommon issue with Dashboard is the inability to connect to the WLE2340 despite having valid credentials The solution is to ping WLE2340 host name from the PC running the Dashboard to ping use windows command prompt and IP address at Windows hosts file C WINDOWS system32 drivers etc on the PC in which Dashboard is installed In this situation it is the case that there is a problem with forward or rev...

Page 38: ...ndividual Locales Once you select a Locale check the Layout Properties panel of the Layout Palette and verify that the name is selected in the drop down list If the name of the Locale is not selected in the drop down list then it means the locales have become unbound For instance this can happen if the WLE2340 changes IP addresses The solution is to re bind all Locales Fingerprints and Sensors by ...

Page 39: ...nce last reboot This information also shows on the landing page for the Administrative Web UI on port 8003 show system version Reports the version number of the system This information also shows on the first page for the Administrative Web UI on port 8003 show logs status Shows memory and processor information including average load and a process list show sensors Lists all sensors registered in ...

Page 40: ... available on the client machine In a Windows install these files can be found in the following path C Documents and Settings username dashboard dashboard var log show interface eth0 Shows network information for the appliance show serial number Displays the appliance serial number ...

Page 41: ...ng 139 DOT1X Apr 11 20 45 37 685389 DEBUG DOT1X CLIENT 00 0d 54 98 99 6d associated with a WPA IE The client is configured for WPA DOT1X Apr 11 20 45 37 685410 DEBUG DOT1X CLIENT TKIP cipher in IE Using Tkip DOT1X Apr 11 20 45 37 685427 DEBUG DOT1X CLIENT 802 1X authentication in IE And WPA is configured for 802 1X instead of PSK DOT1X Apr 11 20 45 37 685447 DEBUG 00 0d 54 98 99 6d didn t send a P...

Page 42: ... DEBUG DOT1X PACKET EAPoL START packet received from 00 0d 54 98 99 6d We received an EAPoL START packet from the client Clients MAY initiate 802 1X by sending this packet and Microsoft clients tend to always do this regardless of whether or not you ve sent them an EAP Identity request EAPOL Start packets do not have an EAP id value They are intended to kickstart the authenticator WSS so it sends ...

Page 43: ...s on the set authentication dot1x rules This configuration is very simple so it matches the first one If there were additional authentication rules in front of this one they would be displayed in order you would see does not match instead of matches The eap_type field is an internal number indicating which EAP type is configured on network access rule Eap_type 25 is PEAP MSCHAPv2 254 is pass throu...

Page 44: ...d DOT1X Apr 11 20 45 37 783715 DEBUG DOT1X PACKET EAPoL EAP packet of 1414 bytes w id 3 with retransmit set sent to 00 0d 54 98 99 6d This is the beginning of the transmission of the server certificate used for the outer encryption tunnel in PEAP From here the next several packets are the outer encryption processing Incidently if you look at the packets with a wireless sniffer you ll be able to se...

Page 45: ...arting This is the inner username In Microsoft clients the inner and outer names are always the same In other clients they can be different and the outer name is frequently anonymous or some variation therein DOT1X Apr 11 20 45 37 963797 DEBUG DOT1X asked to change name AVAYA tash at 00 0d 54 98 99 6d to AVAYAtash DOT1X Apr 11 20 45 37 963865 DEBUG DOT1X PACKET EAPoL EAP packet of 105 bytes w id 7...

Page 46: ...ing DOT1X Apr 11 20 45 37 985771 DEBUG DOT1X STATE AVAYA tash at 00 0d 54 98 99 6d is authorized No error message here everything was processed successfully If you wanted to see the authorization process you could turn on set trace authorization Generally you won t need to because warnings will be displayed in the syslog and trace log when a client fails due to authorization DOT1X Apr 11 20 45 37 ...

Page 47: ...ast key with index 1 to AP DOT1X Apr 11 20 45 38 010376 DEBUG DOT1X PACKET sending 32 byte unicast key with index 0 to AP Once the exchange is done we send the resulting keys down to the AP DOT1X Apr 11 20 45 38 032664 DEBUG DOT1X Sending message 1 of the Group Key Handshake DOT1X Apr 11 20 45 38 032698 DEBUG DOT1X PACKET EAPoL packet of 131 bytes without retransmit set sent to 00 0d 54 98 99 6d D...

Page 48: ...mer for 00 05 5d 88 d1 63 DOT1X Apr 11 20 33 04 824340 DEBUG DOT1X CLIENT glob AVAYA matches AVAYA jtran ssid avayawlan matches avayawlan eap_type 254 Like the previous trace this is a listing of the network access rules which don t match not shown in this example or match DOT1X Apr 11 20 33 04 828032 DEBUG DOT1X CLIENT EAP ID resp for AVAYA jtran at 00 05 5d 88 d1 63 doing PASSTHRU DOT1X Apr 11 2...

Page 49: ... for 30 seconds DOT1X Apr 11 20 33 04 961459 DEBUG DOT1X PACKET EAPoL EAP packet id 3 len 53 received from 00 05 5d 88 d1 63 DOT1X Apr 11 20 33 04 965135 DEBUG DOT1X PACKET Cancelling retrans timer for 00 05 5d 88 d1 63 DOT1X Apr 11 20 33 04 970242 DEBUG DOT1X CLIENT eapol_aaa_continue sess 0x1ceef94 00 05 5d 88 d1 63 forwarded to AAA DOT1X Apr 11 20 33 04 987167 DEBUG DOT1X CLIENT 00 05 5d 88 d1 ...

Page 50: ...t sent to 00 05 5d 88 d1 63 DOT1X Apr 11 20 33 05 149491 DEBUG DOT1X TIMEOUT set when_retrans timer for 30 seconds DOT1X Apr 11 20 33 05 158916 DEBUG DOT1X PACKET EAPoL EAP packet id 8 len 38 received from 00 05 5d 88 d1 63 DOT1X Apr 11 20 33 05 162580 DEBUG DOT1X PACKET Cancelling retrans timer for 00 05 5d 88 d1 63 DOT1X Apr 11 20 33 05 167624 DEBUG DOT1X CLIENT eapol_aaa_continue sess 0x1ceef94...

Page 51: ...nnection used for this user DOT1X Apr 11 20 33 05 220068 DEBUG setting nth client AVAYA jtran rekey period to 9 The rekey period refers to broadcast key rolling As each client is added this value is set to match the next switch wide rollover period DOT1X Apr 11 20 33 05 223596 DEBUG DOT1X PACKET sending 13 byte multicast key with index 3 to AP DOT1X Apr 11 20 33 05 227310 DEBUG DOT1X PACKET sendin...

Page 52: ...rv to sg1 W2k3 192 168 3 4 1812 1813 Select the RADIUS server to use with this authentication In this case it is W2k3 and is part of the server group sg1 AAA Jan 31 22 44 46 696357 DEBUG 1872 RADIUS set_rad_ident ident 196 local port 20003 Setup an internal identifier and open a local high port for transmission of RADIUS packets AAA Jan 31 22 44 46 696419 DEBUG 1872 RADIUS session EAP_LOGIN AAA Ja...

Page 53: ...AAA Jan 31 22 44 46 697902 DEBUG 1872 RADIUS Added IETF 61 RAD_ATTR_NAS_PORT_TYPE vlen 4 19 AAA Jan 31 22 44 46 697994 DEBUG 1872 RADIUS Added IETF 32 RAD_ATTR_NAS_IDENTIFIER vlen 7 AVAYA AAA Jan 31 22 44 46 698114 DEBUG 1872 RADIUS Added IETF 4 RAD_ATTR_NAS_IP_ADDRESS vlen 4 192 168 12 7 AAA Jan 31 22 44 46 698257 DEBUG 1872 RADIUS Added IETF 80 RAD_ATTR_EAP_MSG_AUTHENTICATOR vlen 16 0x0 Determin...

Page 54: ...22 44 46 699629 DEBUG 1872 RADIUS local ip addr is 192 168 12 7 IP interface packet is sent from AAA Jan 31 22 44 46 708717 DEBUG 1872 RADIUS REPLY 196 1812 192 168 3 4 20003 ACCESS_CHALLENGE len 76 WSS receives RADIUS Challenge packet from RADIUS server The packet is 76 bytes in length AAA Jan 31 22 44 46 708919 DEBUG 0 RADIUS Authenticator 0xb5 61 ad 8d 69 54 7b c4 6b c3 6b 18 89 68 f9 b1 AAA Ja...

Page 55: ...DEBUG 1872 RADIUS Force preferred dot1x srv sg1 W2k3 192 168 3 4 1812 1813 Force the WSS to use the same RADIUS server for all packets subsequent to the first AAA Jan 31 22 44 46 717403 DEBUG 1872 RADIUS Set srv to sg1 W2k3 192 168 3 4 1812 1813 AAA Jan 31 22 44 46 717464 DEBUG 1872 RADIUS set_rad_ident ident 197 local port 20003 AAA Jan 31 22 44 46 717522 DEBUG 1872 RADIUS session EAP_LOGIN AAA J...

Page 56: ...A Jan 31 22 44 46 869102 DEBUG 1872 RADIUS Call decode fn rad_dec_no_op AAA Jan 31 22 44 46 869156 DEBUG 1872 RADIUS rad_dec_no_op RAD_ATTR_EAP_MSG ignored AAA Jan 31 22 44 46 869231 DEBUG 1872 RADIUS Input 81 RAD_TUNNEL_PRIVATE_GROUP_ID vlen 8 vlan eng AAA Jan 31 22 44 46 869288 DEBUG 1872 RADIUS Call decode fn rad_dec_tunnel_private_group_id AAA Jan 31 22 44 46 869364 DEBUG 1872 RADIUS rad_dec_t...

Page 57: ...VKEY_ATTR len 32 The MS_MPPE Send and Receive key are sent to the dot1x process for use as keying material for encryption AAA Jan 31 22 44 46 870341 DEBUG 1872 RADIUS Input 25 RAD_ATTR_CLASS vlen 30 0x450504eb AAA Jan 31 22 44 46 870398 DEBUG 1872 RADIUS Call decode fn rad_dec_class AAA Jan 31 22 44 46 870472 DEBUG 1872 RADIUS 1872 rad_dec_class RAD_ATTR_CLASS set into smdb AAA Jan 31 22 44 46 870...

Page 58: ...o slot 1 means radio 1 which is the 802 11g radio in this AP Pay close attention to the session id when reading traces as it can be confusing when a client roams and there is an older session ID being torn down while a newer session id is coming up SM Jan 4 02 52 41 186337 DEBUG SM TRACE re associate request from device 2 SM Jan 4 02 52 41 186454 DEBUG SM 2 inserting IP 0 0 0 0 Inserting default v...

Page 59: ...M Jan 4 02 52 41 188453 DEBUG SM TRACE 2 added proc hist 484c132c 3 by wifi_association 2 total SM Jan 4 02 52 41 188529 DEBUG SM STATE 2 wifi_association bumps kill lock vector to ah SM Jan 4 02 52 41 188571 DEBUG SM ROAM 2 wifi_association bumps roam refcount to 1 More process hooks and locks SM Jan 4 02 52 43 203223 DEBUG SM 2 00 10 c6 5d ae ae i_smdb_set_ingress_filter NULL by set_smdb_from_au...

Page 60: ...LAN the client is configured for to the AP We use 802 1q tags to indicate each radio vlan combination and tunnel the tagged packets inside of TAPA These tags are created dynamically as needed and can be re used if additional clients are on the same radio and VLAN You can see the tags created in the output of the show vlans command from the CLI by looking for tags on AP ports or on DAP ports SM Jan...

Page 61: ... flags 28832ch to change state AUTHORIZED ACTIVE by sm_handle_authorized SM Jan 4 02 52 43 209151 DEBUG SM EVENT 2 sending sm active to fsm sm central fsm Changing state again and more notifications to the SM state machine SM Jan 4 02 52 43 209199 DEBUG SM EVENT 2 sending aaa sm notify to fsm net igmp Notify IGMP that there is a new client SM Jan 4 02 52 44 208859 DEBUG SM ROAM got RE_ASSO_CONF fo...

Page 62: ... associate response 0 to 00 0b 0e 2f 6d 00 for client 00 0b 7d 26 9d d7 SM Jan 4 02 52 49 161256 DEBUG 20 04 00 01 00 02 00 03 00 5a 00 00 3c 00 00 0b SM Jan 4 02 52 49 161340 DEBUG 0e 2f 6d 03 00 0b 7d 26 9d d7 00 0b 0e 2f 6d 03 SM Jan 4 02 52 49 161390 DEBUG 00 00 3c 00 00 0b 0e 2f 6d 03 00 0b 7d 26 9d d7 SM Jan 4 02 52 49 161440 DEBUG 00 0b 0e 2f 6d 03 20 03 11 00 0a 00 00 08 73 6c SM Jan 4 02 ...

Page 63: ...BUG SM ROAM 3 wifi_association bumps roam refcount to 1 SM Jan 4 02 52 49 469541 DEBUG SM_STATE localid 3 setting recv key of 32 bytes SM Jan 4 02 52 49 469618 DEBUG SM_STATE localid 3 setting send key of 32 bytes Generating the encryption keys This did not occur with the previous authentication because this one is WPA TKIP while the previous one was static WEP SM Jan 4 02 52 49 470703 DEBUG SM 3 ...

Page 64: ... vport i f 2049 vlan default tag 2 2 SM Jan 4 02 52 49 528297 DEBUG SM EVENT 3 enabled forwarding for 00 0b 7d 26 9d d7 going ACTIVE SM Jan 4 02 52 49 528389 DEBUG SM STATE 3 mac 00 0b 7d 26 9d d7 flags 28812ch to change state AUTHORIZED ACTIVE by sm_handle_authorized SM Jan 4 02 52 49 528460 DEBUG SM EVENT 3 sending sm active to fsm sm central fsm SM Jan 4 02 52 49 528508 DEBUG SM EVENT 3 sending...

Page 65: ...has transmitted a broadcast packet that we can snoop ARP request to find it s IP address so SM is noting the IP address This IP will show up in the output of show sessions network SM Jan 4 02 53 04 810810 DEBUG SM EVENT 3 rssi 71 rate 96 idle 0 secs SM Jan 4 02 53 04 810903 DEBUG SM EVENT 3 idle timer 164896 left reset to 180000 ms SM Jan 4 02 53 04 811107 DEBUG SM EVENT 2 rssi 56 rate 22 idle 7 s...

Page 66: ... 01 01 36 677248 DEBUG SM EVENT 13 sending sm killing to fsm sm central fsm SM Feb 02 01 01 36 677293 DEBUG SM EVENT 13 sending aaa sm notify to fsm net igmp SM Feb 02 01 01 36 677336 DEBUG SM EVENT 13 sending net dot1x eapol dying to fsm net dot1x eapol Let other processes in NOS know that the client s session is being torn down SM Feb 02 01 01 36 677491 DEBUG SM TRACE 13 added proc hist 485a9cac...

Page 67: ... because lock 000ch Still waiting for all cleanup processes to return SM Feb 02 01 01 36 680603 DEBUG SM TRACE 13 added proc hist 485a9bac 4 by eapol_kill_client 8 total SM Feb 02 01 01 36 680670 DEBUG SM STATE 13 eapol_kill_client clearing kill lock lock vector now 4h Heard back from another cleanup process SM Feb 02 01 01 36 680721 DEBUG SM STATE 13 not deleting from smdb because lock 0004h Stil...

Page 68: ...Feb 02 01 01 36 687556 DEBUG 13 deleting ref count history 1138870896 release_killing_lock by AAA do_kill_processing final stats 1138870896 release_killing_lock by eapol_kill_client 1138870896 release_killing_lock by sm_handle_killing_session 1138870896 dont_clear_killing_lock by aaa_sm_notification not roam out and SL_AAA set 1138870669 set_killing_lock by AAA new session 1138870669 release_killi...

Page 69: ...history of 112 bytes 485a662c SM Feb 02 01 01 36 688418 DEBUG SM TRACE 13 freed proc history 485a662c SM Feb 02 01 01 36 688455 DEBUG sm_sys_free sys_freeing a sm sm_process_history of 112 bytes 485a9bac SM Feb 02 01 01 36 688502 DEBUG SM TRACE 13 freed proc history 485a9bac SM Feb 02 01 01 36 688538 DEBUG sm_sys_free sys_freeing a sm sm_process_history of 112 bytes 485a9c2c SM Feb 02 01 01 36 688...

Page 70: ... sys_freeing a sm sm_process_history of 112 bytes 485a68ac SM Feb 02 01 01 36 689040 DEBUG SM TRACE 13 freed proc history 485a68ac SM Feb 02 01 01 36 689077 DEBUG sm_sys_free sys_freeing a sm sm_process_history of 112 bytes 484ab42c SM Feb 02 01 01 36 689124 DEBUG SM TRACE 13 freed proc history 484ab42c Release all processes involved in session ...

Page 71: ...71 Avaya WLAN Security Switch 2300 Series Troubleshooting and Debug Guide Emergency Recovery Tree ...

Page 72: ...72 NN47250 700 Version 04 01 ...

Page 73: ...73 Avaya WLAN Security Switch 2300 Series Troubleshooting and Debug Guide ...

Page 74: ...74 NN47250 700 Version 04 01 ...

Reviews:

No comments