VLAN assignment through Radius stopped working after updating AP121 to HiveOS 6.5r3 Honolulu.2530

  • 2
  • Question
  • Updated 2 years ago
I accidentally updated my APs to HiveOS 6.5r3 Honolulu.2530 and now my Clients are stuck with the default Profile ( which is an isolated registration vlan ) even if they are authenticated.

If i downgrade to HiveOS 6.4r1g.2138 it's working again.

I did not find any hints in the release notes of several versions regarding any change in behavior related to profile/vlan assignment. And i did not find the release notes for HiveOS 6.5r3 Honolulu.2530 ???

Hivemanager is v6.6r1

Regards 
Dennis
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 2
Photo of Sjoerd de Jong

Sjoerd de Jong, Employee

  • 97 Posts
  • 20 Reply Likes
Hello,

Do you push clients to a vlan by specifying the VLAN option in the NPS Network Policy? (assuming you are using NPS).

Or do you use the method to assign users to a user profile, using a user profile attribute? (which makes the user profile push the user to a VLAN).
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Adding to Sjoerd's question, what RADIUS attributes are you sending back in the Access-Accept?
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
Hi,

i'm using PacketFence ( www.packetfence.org ).
These are my settings in HiveManager:


And this is one of the user profiles:


And the Radius Request and Accept :

Access-Request Id 69    172.26.21.131:37141 -> 172.16.1.161:1812        +201.459        Service-Type = Call-Check        NAS-Port-Type = Wireless-802.11
        User-Name = "806c1bc0ac2c"
        Calling-Station-Id = "80-6C-1B-C0-AC-2C"
        Called-Station-Id = "F0-9C-E9-34-C3-18:Besucher"
        MS-CHAP-Challenge = 0x3180ad162e6d0c4ed3e30d0de094c810
        MS-CHAP2-Response = 0x9800c9bf4d3c9032e2ac1e1fd8875b180c8d00000000000000005e9b9e6a7c1db06144fc2120017ef264cef681d0a1c527f8
        Vendor-26928-Attr-212 = 0x46302d39432d45392d33342d43332d303000
        NAS-Port = 0
        NAS-IP-Address = 172.26.21.131
        NAS-Identifier = "AH-34c300"
Access-Accept Id 69     172.16.1.161:1812 -> 172.26.21.131:37141        +201.572
        Tunnel-Private-Group-Id:0 = "32"
        Tunnel-Type:0 = GRE
        Tunnel-Medium-Type:0 = IPv4
This worked like a charm for the last year.


regards 

Dennis
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
It looks like you need to untick "Assign user profiles based on values returned in the following RADIUS attribute". This is probably a configuration issue therefore.

For documentation, see: https://mega.nz/#!mtd0UaTD!s25Kk1bZkEtMvOIqlnsTeAZx5fY67FjmQcVPQ1QljiQ
(Edited)
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
Following the documentation i have to tick that setting... and it was/is working with those settings. Only by upgrading to the newer HiveOS Firmware i run into problems...
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
The first screenshot somehow got mangeled up..

The Attribute is set like this.
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
Ok, then the document should really be made clearer.
I missed that one sentence that indicates that the rest of the document only applies if using the Filter-ID method. :)
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
I will try both ways with the newer firmware.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The supporting version of HiveManager for HiveOs 6.5r3 is 6.6r3 so you should upgrade that also.

I agree with you that the documentation ought to be improved.
(Edited)
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
Ok.. i'll update and see what happens :)
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
And thanks of course ! :)
Photo of Darren

Darren

  • 3 Posts
  • 0 Reply Likes
Hi Dennis,
We are trying to implement PacketFence with AeroHive at our school.  Any chance I could pick your brain for assistance.  I have the PF portal showing on Wi-Fi and all seems to authenticate OK, but I cannot get the logged in device to move to any VLAN.  Thanks in advance. dmorgan at oundleschool dot org dot uk
Darren
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Same questions apply... What are you sending to the APs in the RADIUS Access-Accept? Are you using CoA? If so, what are you sending?

How have you configured things in HM-NG?

Are you using SNMP for the integration at all?
(Edited)
Photo of erSitzt

erSitzt

  • 11 Posts
  • 0 Reply Likes
Could you do this with the IP of your AeroHive AP when you authenticate and post the Access-Accept ?

radsniff -f "host xxx.xxx.xxx.xxx"

For PacketFence related stuff you can email me at charlesdarw at gmx dot de.

regards 
Dennis
(Edited)
Photo of Darren

Darren

  • 3 Posts
  • 0 Reply Likes
Hi,
The radsniff command came back empty (so something isn't getting through to the AP I assume.  I've added the logs from PacketFence and the AP below (AP is 192.168.214.9, Laptop is IT-Mobile with MAC 60:57:18:94:4D:A0. AP Firmware is HiveOS 6.4r1a.2103);

The output from the packetfence log is:
[root@localhost ~]# radsniff -f "host 192.168.214.9"^C
[root@localhost ~]# tail /usr/local/pf/logs/packetfence.log -n 50
Jan 18 12:27:42 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 18 12:27:42 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Username was defined "605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 18 12:27:42 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] PID: "smith.f", Status: reg Returned VLAN: 1, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 18 12:27:42 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9) Returning ACCEPT with Role: OS_Pupils (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 18 12:27:42 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with VLAN: 1 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 18 12:28:49 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] DesAssociating mac on switch (192.168.214.9) (pf::api::desAssociate)
Jan 18 12:28:49 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] deauthenticating (pf::Switch::radiusDisconnect)
Jan 18 12:28:49 httpd.webservices(2022) INFO: Memory configuration is not valid anymore for key interfaces::management_network in local cached_hash (pfconfig::cached::is_valid)
Jan 18 12:28:49 httpd.aaa(1986) INFO: Memory configuration is not valid anymore for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Jan 18 12:28:49 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz request: from switch_ip => (192.168.214.9), connection_type => Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:a8), mac => [60:57:18:94:4d:a0], port => 0, username => "605718944da0" (pf::radius::authorize)
Jan 18 12:28:49 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jan 18 12:28:49 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9) Returning ACCEPT with Role: registration (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 18 12:28:49 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with VLAN: 120 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 18 12:29:47 httpd.aaa(1986) INFO: Memory configuration is not valid anymore for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Jan 18 12:29:55 httpd.webservices(2022) INFO: oldip (192.168.120.227) and newip (192.168.214.131) are different for 60:57:18:94:4d:a0 - closing iplog entry (pf::api::update_iplog)
Jan 18 12:29:55 httpd.webservices(2022) INFO: Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:29:56 httpd.webservices(2022) INFO: Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:29:56 httpd.webservices(2022) INFO: Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:00 httpd.portal(28358) INFO: [ mac:80:c1:6e:41:e4:54 ip:192.168.120.208 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:00 httpd.portal(28358) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:00 httpd.portal(28358) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] redirected to authentication page on default portal (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:09 httpd.portal(28360) WARN: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [OS_Staff] No entries found (0) with filter (sAMAccountName=smith.f) from OU=Oundle,DC=oundleschool,DC=local on 192.168.100.42:389 (pf::Authentication::Source::LDAPSource::authenticate)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [OS_Pupils] Authentication successful for smith.f (pf::Authentication::Source::LDAPSource::authenticate)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Authentication successful for smith.f in source OS_Pupils (AD) (pf::authentication::authenticate)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Successfully authenticated smith.f/192.168.120.227/60:57:18:94:4d:a0 (captiveportal::PacketFence::Controller::Authenticate::authenticationLogin)
Jan 18 12:30:09 httpd.portal(28360) WARN: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] is currentlog connected at (192.168.214.9) ifIndex 0 in VLAN 120 (pf::enforcement::_should_we_reassign_vlan)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] Username was defined "605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] PID: "smith.f", Status: reg Returned VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] VLAN reassignment required (current VLAN = 120 but should be in VLAN 214) (pf::enforcement::_should_we_reassign_vlan)
Jan 18 12:30:09 httpd.portal(28360) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] [60:57:18:94:4d:a0] switch port is (192.168.214.9) ifIndex unknown connection type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation)
Jan 18 12:30:09 httpd.portal(29500) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:09 httpd.portal(29500) INFO: [ mac:60:57:18:94:4d:a0 ip:192.168.120.227 ] Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:10 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] DesAssociating mac on switch (192.168.214.9) (pf::api::desAssociate)
Jan 18 12:30:10 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0] deauthenticating (pf::Switch::radiusDisconnect)
Jan 18 12:30:10 httpd.webservices(2022) INFO: Memory configuration is not valid anymore for key interfaces::management_network in local cached_hash (pfconfig::cached::is_valid)
Jan 18 12:30:10 httpd.aaa(1986) INFO: Memory configuration is not valid anymore for key config::Switch in local cached_hash (pfconfig::cached::is_valid)
Jan 18 12:30:10 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz request: from switch_ip => (192.168.214.9), connection_type => Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:a8), mac => [60:57:18:94:4d:a0], port => 0, username => "605718944da0" (pf::radius::authorize)
Jan 18 12:30:10 httpd.aaa(1986) INFO: Instantiate profile default (pf::Portal::ProfileFactory::instantiate)
Jan 18 12:30:10 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Connection type is WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 18 12:30:10 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Username was defined "605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 18 12:30:10 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] PID: "smith.f", Status: reg Returned VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 18 12:30:10 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9) Returning ACCEPT with Role: OS_Pupils (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 18 12:30:10 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with VLAN: 214 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)


The AP (192.168.214.9);

2016-01-18 12:30:10 info    kernel: [qos]: add qos user 6057:1894:4da0 idx 192 uppid 1
2016-01-18 12:30:10 info    kernel: [mesh]: set proxy : 6057:1894:4da0 4018:b183:1d80 wifi1.1 flag 0x1c03
2016-01-18 12:30:10 info    amrp2: set proxy route: 6057:1894:4da0 -> 4018:b183:1d80 ifp wifi1.1 upid 120 flag 0x1c03 monitor(0/0) pkt/sec ok
2016-01-18 12:30:10 info    amrp2: receive event <STA join>: 6057:1894:4da0 (ip 192.168.120.227) associate wifi1.1 upid 120 vlan 214 flag 0x00000001
2016-01-18 12:30:10 info    ah_auth: ah_rt_sta_add: 6057:1894:4da0(ip=192.168.120.227), username  on wifi1.1
2016-01-18 12:30:10 info    ah_auth: [Auth]STA(6057:1894:4da0) login to SSID(wifi1.1) by user_name=
2016-01-18 12:30:10 notice  ah_auth: authentication OK, username '605718944da0', service (unknown)
2016-01-18 12:30:10 info    ah_auth: rc_send_server: rc=0
2016-01-18 12:30:10 info    ah_auth: rc_send_server: rc_check_reply: rc=0
2016-01-18 12:30:10 info    ah_auth: out interface is mgt0, nas IP is mgt0 IP
2016-01-18 12:30:10 info    ah_auth: [Auth]: receive driver notification[0x8c03, IWEVREGISTERED] for Sta[6057:1894:4da0] at Hapd[4018:b183:1da8, wifi1.1]
2016-01-18 12:30:10 info    amrp2: receive event STA leave: 6057:1894:4da0 de-associate wifi1.1 upid 120 vlan 120 flag 0x00000000
2016-01-18 12:30:10 info    ah_auth: station_new_status_trap_force: ah_dcd_get_radio_one_sta(6057:1894:4da0) failed
2016-01-18 12:30:10 info    ah_auth: ah_rt_sta_del: 6057:1894:4da0
2016-01-18 12:30:10 info    ah_auth: Notify driver to deauth 6057:1894:4da0 from wifi1.1
2016-01-18 12:30:10 info    ah_auth: Try to disassoc 6057:1894:4da0 from 4018:b183:1da8(wifi1.1) for ssid PFPublic because auth receives COA disconnect message
2016-01-18 12:30:10 info    ah_auth: out interface is mgt0, nas IP is mgt0 IP
2016-01-18 12:30:03 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:30:00 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:30:00 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:29:55 info    ah_auth: ah_rt_sta_update_hostname: 6057:1894:4da0(hostname=IT-Mobile)
2016-01-18 12:29:55 info    ah_auth: ah_rt_sta_update_ip: 6057:1894:4da0(ip=192.168.120.227)
2016-01-18 12:29:55 info    ah_auth: Station 6057:1894:4da0 ip 192.168.214.131 username n/a hostname IT-Mobile OS n/a, flag = DHCP
2016-01-18 12:29:55 notice  ah_auth: Station 6057:1894:4da0 is authenticated to 4018:b183:1da8 thru SSID PFPublic vid 120
2016-01-18 12:29:55 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:29:55 info    kernel: [qos]: add qos user 6057:1894:4da0 idx 192 uppid 1
2016-01-18 12:29:55 info    kernel: [mesh]: set proxy : 6057:1894:4da0 4018:b183:1d80 wifi1.1 flag 0x1c03
2016-01-18 12:29:55 info    amrp2: set proxy route: 6057:1894:4da0 -> 4018:b183:1d80 ifp wifi1.1 upid 120 flag 0x1c03 monitor(0/0) pkt/sec ok
2016-01-18 12:29:55 info    amrp2: receive event <STA join>: 6057:1894:4da0 (ip 192.168.214.131) associate wifi1.1 upid 120 vlan 120 flag 0x00000000
2016-01-18 12:29:55 info    ah_auth: ah_rt_sta_add: 6057:1894:4da0(ip=192.168.214.131), username  on wifi1.1
2016-01-18 12:29:55 info    ah_auth: [Auth]STA(6057:1894:4da0) login to SSID(wifi1.1) by user_name=
2016-01-18 12:29:55 info    ah_auth: [Auth]: receive driver notification[0x8c03, IWEVREGISTERED] for Sta[6057:1894:4da0] at Hapd[4018:b183:1da8, wifi1.1]
2016-01-18 12:29:52 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:29:52 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:29:41 info    kernel: [mesh]: _proxy_fdb_delete: sta 4cb1:99c9:c9a6, convert up-attr 1 to profile id failed
2016-01-18 12:29:34 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:29:32 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:29:32 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:29:30 info    kernel: [mesh]: set proxy : 4cb1:99c9:c9a6 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:29:30 info    amrp2: set proxy route: 4cb1:99c9:c9a6 -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:29:20 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:29:17 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:29:17 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:59 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:28:57 info    amrp2: receive event STA leave: 6057:1894:4da0 de-associate wifi1.1 upid 120 vlan 120 flag 0x00000001
2016-01-18 12:28:57 info    ah_auth: station_new_status_trap_force: ah_dcd_get_radio_one_sta(6057:1894:4da0) failed
2016-01-18 12:28:57 info    ah_auth: station_new_status_trap_force: ah_dcd_get_radio_one_sta(6057:1894:4da0) failed
2016-01-18 12:28:57 info    ah_auth: ah_rt_sta_del: 6057:1894:4da0
2016-01-18 12:28:57 info    ah_auth: sta 6057:1894:4da0 is disassociated from 4018:b183:1da8(wifi1.1) in driver
2016-01-18 12:28:57 info    ah_auth: [Auth]: receive driver notification[0x8c04, IWEVEXPIRED] for Sta[6057:1894:4da0] at Hapd[4018:b183:1da8, wifi1.1]
2016-01-18 12:28:56 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:56 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:28:49 info    kernel: [qos]: add qos user 6057:1894:4da0 idx 192 uppid 1
2016-01-18 12:28:49 info    kernel: [mesh]: set proxy : 6057:1894:4da0 4018:b183:1d80 wifi1.1 flag 0x1c03
2016-01-18 12:28:49 info    amrp2: set proxy route: 6057:1894:4da0 -> 4018:b183:1d80 ifp wifi1.1 upid 120 flag 0x1c03 monitor(0/0) pkt/sec ok
2016-01-18 12:28:49 info    amrp2: receive event <STA join>: 6057:1894:4da0 (ip 192.168.214.131) associate wifi1.1 upid 120 vlan 120 flag 0x00000001
2016-01-18 12:28:49 info    ah_auth: ah_rt_sta_add: 6057:1894:4da0(ip=192.168.214.131), username  on wifi1.1
2016-01-18 12:28:49 info    ah_auth: [Auth]STA(6057:1894:4da0) login to SSID(wifi1.1) by user_name=
2016-01-18 12:28:49 notice  ah_auth: authentication OK, username '605718944da0', service (unknown)
2016-01-18 12:28:49 info    ah_auth: rc_send_server: rc=0
2016-01-18 12:28:49 info    ah_auth: rc_send_server: rc_check_reply: rc=0
2016-01-18 12:28:49 info    ah_auth: out interface is mgt0, nas IP is mgt0 IP
2016-01-18 12:28:49 info    ah_auth: [Auth]: receive driver notification[0x8c03, IWEVREGISTERED] for Sta[6057:1894:4da0] at Hapd[4018:b183:1da8, wifi1.1]
2016-01-18 12:28:49 info    amrp2: receive event STA leave: 6057:1894:4da0 de-associate wifi1.1 upid 120 vlan 1 flag 0x00000001
2016-01-18 12:28:49 info    ah_auth: station_new_status_trap_force: ah_dcd_get_radio_one_sta(6057:1894:4da0) failed
2016-01-18 12:28:49 info    ah_auth: ah_rt_sta_del: 6057:1894:4da0
2016-01-18 12:28:49 info    ah_auth: Notify driver to deauth 6057:1894:4da0 from wifi1.1
2016-01-18 12:28:49 info    ah_auth: Try to disassoc 6057:1894:4da0 from 4018:b183:1da8(wifi1.1) for ssid PFPublic because auth receives COA disconnect message
2016-01-18 12:28:49 info    ah_auth: out interface is mgt0, nas IP is mgt0 IP
2016-01-18 12:28:47 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:28:46 info    kernel: [mesh]: _proxy_fdb_delete: sta 3075:127c:4054, convert up-attr 1 to profile id failed
2016-01-18 12:28:46 info    kernel: [mesh]: _proxy_fdb_delete: sta 5c97:f399:12e2, convert up-attr 1 to profile id failed
2016-01-18 12:28:45 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:28:45 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:42 info    kernel: [mesh]: _proxy_fdb_delete: sta 4cb1:99c9:c9a6, convert up-attr 1 to profile id failed
2016-01-18 12:28:39 info    amrp2: set proxy route: 5c97:f399:12e2 -> 08ea:4425:4ac0 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:39 info    kernel: [mesh]: set proxy : 5c97:f399:12e2 08ea:4425:4ac0 n/a flag 0x1402
2016-01-18 12:28:36 info    kernel: [mesh]: set proxy : 4cb1:99c9:c9a6 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:28:36 info    amrp2: set proxy route: 4cb1:99c9:c9a6 -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:27 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:28:25 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:28:25 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:15 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:28:13 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:28:13 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:28:06 info    ah_auth: ah_rt_sta_update_hostname: 6057:1894:4da0(hostname=IT-Mobile)
2016-01-18 12:28:06 info    ah_auth: ah_rt_sta_update_ip: 6057:1894:4da0(ip=192.168.214.131)
2016-01-18 12:28:06 info    ah_auth: Station 6057:1894:4da0 ip 192.168.120.227 username n/a hostname IT-Mobile OS n/a, flag = DHCP
2016-01-18 12:28:06 notice  ah_auth: Station 6057:1894:4da0 is authenticated to 4018:b183:1da8 thru SSID PFPublic vid 1
2016-01-18 12:28:01 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:27:58 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:27:58 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:27:53 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:27:53 info    capwap: CAPWAP receive kevent AH_KEVENT_ITK_NOTIFY, eventid = 14, size = 41
2016-01-18 12:27:48 info    kernel: [mesh]: _proxy_fdb_delete: sta 4cb1:99c9:c9a6, convert up-attr 1 to profile id failed
2016-01-18 12:27:45 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:27:45 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:27:42 info    kernel: [qos]: add qos user 6057:1894:4da0 idx 192 uppid 1
2016-01-18 12:27:42 info    kernel: [mesh]: set proxy : 6057:1894:4da0 4018:b183:1d80 wifi1.1 flag 0x1c03
2016-01-18 12:27:42 info    amrp2: set proxy route: 6057:1894:4da0 -> 4018:b183:1d80 ifp wifi1.1 upid 120 flag 0x1c03 monitor(0/0) pkt/sec ok
2016-01-18 12:27:42 info    amrp2: receive event <STA join>: 6057:1894:4da0 (ip 192.168.120.227) associate wifi1.1 upid 120 vlan 1 flag 0x00000001
2016-01-18 12:27:42 info    ah_auth: ah_rt_sta_add: 6057:1894:4da0(ip=192.168.120.227), username  on wifi1.1
2016-01-18 12:27:42 info    ah_auth: [Auth]STA(6057:1894:4da0) login to SSID(wifi1.1) by user_name=
2016-01-18 12:27:42 notice  ah_auth: authentication OK, username '605718944da0', service (unknown)
2016-01-18 12:27:42 info    ah_auth: rc_send_server: rc=0
2016-01-18 12:27:42 info    ah_auth: rc_send_server: rc_check_reply: rc=0
2016-01-18 12:27:42 info    kernel: [mesh]: set proxy : 4cb1:99c9:c9a6 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:27:42 info    amrp2: set proxy route: 4cb1:99c9:c9a6 -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:27:42 info    ah_auth: out interface is mgt0, nas IP is mgt0 IP
2016-01-18 12:27:42 info    ah_auth: [Auth]: receive driver notification[0x8c03, IWEVREGISTERED] for Sta[6057:1894:4da0] at Hapd[4018:b183:1da8, wifi1.1]
2016-01-18 12:27:42 info    amrp2: receive event STA leave: 6057:1894:4da0 de-associate wifi1.1 upid 120 vlan 120 flag 0x00000001
2016-01-18 12:27:42 info    ah_auth: station_new_status_trap_force: ah_dcd_get_radio_one_sta(6057:1894:4da0) failed
2016-01-18 12:27:42 info    ah_auth: ah_rt_sta_del: 6057:1894:4da0
2016-01-18 12:27:42 info    ah_auth: Notify driver to deauth 6057:1894:4da0 from wifi1.1
2016-01-18 12:27:42 info    ah_auth: Try to disassoc 6057:1894:4da0 from 4018:b183:1da8(wifi1.1) for ssid PFPublic because auth receives COA disconnect message
2016-01-18 12:27:42 info    ah_auth: out interface is mgt0, nas IP is mgt0 IP
2016-01-18 12:27:30 info    ah_auth: ah_rt_sta_update_hostname: 6057:1894:4da0(hostname=IT-Mobile)
2016-01-18 12:27:30 info    ah_auth: ah_rt_sta_update_ip: 6057:1894:4da0(ip=192.168.120.227)
2016-01-18 12:27:28 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:27:26 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:27:26 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:27:22 info    ah_dcd: get track-ip trigger access console request: cancel.
2016-01-18 12:27:20 info    kernel: [mesh]: _proxy_fdb_delete: sta 60a3:7d2b:62de, convert up-attr 1 to profile id failed
2016-01-18 12:27:17 info    kernel: [mesh]: set proxy : 60a3:7d2b:62de 08ea:4425:5600 n/a flag 0x1402
2016-01-18 12:27:17 info    amrp2: set proxy route: 60a3:7d2b:62de -> 08ea:4425:5600 ifp N/A upid 1 flag 0x1402 monitor(0/0) pkt/sec ok
2016-01-18 12:27:15 info    ah_auth: ah_rt_sta_update_hostname: 6057:1894:4da0(hostname=IT-Mobile)
2016-01-18 12:27:15 info    ah_auth: ah_rt_sta_update_ip: 6057:1894:4da0(ip=192.168.120.227)
Photo of Darren

Darren

  • 3 Posts
  • 0 Reply Likes
HI,
I've finally worked out the issue.  It was to do with VLAN tagging (isn't it always!)  Had to put the AP's on a separate management VLAN, and then tag the pupil VLAN to the port the AP was plugged into.  Many thanks for all your assistance.
Darren